Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.3rc1.tar.gz
The new release comes with a number of important improvements and fixes.
- http_user_agent keyword for matching on the HTTP User-Agent header
- experimental live rule reload by sending a USR2 signal (#279)
- AF_PACKET BPF support (#449)
- AF_PACKET live packet loss counters (#441)
- Rule analyser (#349)
- add pcap workers runmode for use with libpcap wrappers that support load balancing, such as Napatech's or Myricom's
- negated filemd5 matching, allowing for md5 white listing
- signatures with depth and/or offset are now checked against packets in addition to the stream (#404)
- http_cookie keyword now also inspects "Set-Cookie" header (#479)
- filemd5 keyword no longer depends on log-file output module (#447)
- http_raw_header keyword inspects original header line terminators (#475)
- deal with double encoded URI (#464)
- improved SMB/SMB2/DCERPC robustness
- ICMPv6 parsing fixes
- improve HTTP body inspection
- stream.inline accuracy issues fixed (#339)
- general stability fixes (#482, #486)
- missing unittests added (#471)
- "threshold.conf not found" error made more clear (#446)
- IPS mode segment logging for Unified2 improved
Known issues & missing features
This is a "release candidate"-quality release so the stability should be good although unexpected corner cases might happen. If you encounter one, please let us know!
As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
|< Prev||Next >|