Skip to content

Commit

Permalink
release: 7.0.3; update changelog
Browse files Browse the repository at this point in the history
  • Loading branch information
inashivb committed Feb 8, 2024
1 parent ce9b903 commit be68bbc
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 4 deletions.
68 changes: 68 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,71 @@
7.0.3 -- 2024-02-08

Security #6717: http2: evasion by splitting header fields over frames (7.0.x backport)
Security #6657: detect: heap use after free with http.request_header keyword (7.0.x backport)
Security #6540: http1: configurable limit for maximum number of live transactions per flow (7.0.x backport)
Security #6539: mqtt pcap with anomalies takes too long to process (7.0.x backport)
Security #6536: pgsql: quadratic complexity leads to over consumption of memory (7.0.x backport)
Security #6533: http1: quadratic complexity from infinite folded headers (7.0.x backport)
Security #6532: SMTP: quadratic complexity from unbounded number of transaction per flow (7.0.x backport)
Security #6531: http2: quadratic complexity in find_or_create_tx not bounded by max-tx (7.0.x backport)
Bug #6711: rules: failed rules after a skipped rule are recorded as skipped, not failed (7.0.x backport)
Bug #6700: detect/requires: assertion failed !(ret == -4) (7.0.x backport)
Bug #6697: dpdk: Analyze hugepage allocation on startup more thoroughly (7.0.x backport)
Bug #6688: log-pcap: crash with suricata.yaml setting max-file to 1 (7.0.x backport)
Bug #6665: eve/smtp: attachment filenames not logged (7.0.x backport)
Bug #6662: content-inspect: FN on negative distance (7.0.x backport)
Bug #6636: stats: flows with a detection-only alproto not accounted in this protocol (7.0.x backport)
Bug #6635: Profiling takes much longer to run than it used to (7.0.x backport)
Bug #6620: Endace: timestamp fixes (7.0.x backport)
Bug #6616: detect/analyzer: misrepresenting negative distance value (7.0.x backport)
Bug #6596: SCTIME_ADD_SECS() macro zeros out ts.usec part (7.0.x backport)
Bug #6595: SCTIME_FROM_TIMESPEC() creates incorrect timestamps (7.0.x backport)
Bug #6558: HTTP/2 - http.response_line has leading space (7.0.x backport)
Bug #6556: Invalid registration of prefiltering in stream size (7.0.x backport)
Bug #6535: http.header, http.header.raw and http.request_header buffers not populated when malformed header value exists (7.0.x backport)
Bug #6521: pgsql: u16 overflow found by oss-fuzz w/ quadfuzz (7.0.x backport)
Bug #6508: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL (7.0.x backport)
Bug #6479: HTTP/2 - when userinfo is in the :authority pseudo header it breaks http.host
Bug #6448: detect: flow:established,not_established considered as valid even if it can never match
Bug #6438: eve filetype plugins: file type plugins do not de-initialize properly
Bug #6436: host: ip rep prevents tag/threshold/hostbits cleanup
Bug #6435: packetpool: fix single packet return logic
Bug #6423: detect-filesize no longer supports units in value
Bug #6420: dns/eve: an empty format section results in no response details being logged
Bug #6294: http2/brotli: subtract with overflow found by sydr-Fuzz
Bug #6292: Flow manager stuck forever on race condition for return stack
Bug #6278: add a hint if user/group name is not set
Bug #6272: dpdk: big mempool leads to an error with suricatasc unix socket
Bug #4623: byte_jump with negative post_offset value fails at the end of the buffer
Feature #6614: transformation - strip_pseudo_headers (7.0.x backport)
Feature #6613: support case insensitive testing of HTTP header name existence (7.0.x backport)
Feature #6612: New Transformation: to_lowercase (7.0.x backport)
Feature #6524: rules: "requires" keyword representing the minimum version of suricata to support the rule (7.0.x backport)
Feature #6507: HTTP/2 - app-layer-event and normalization when userinfo is in the :authority pseudo header for the http.host header (7.0.x backport)
Feature #6425: HTTP/2 - new app-layer-event when `:authority` and `host` headers do not match
Task #6606: flash decompression: update/remove deprecation warnings (7.0.x backport)
Task #6604: pgsql: don't log password msg if password disabled (7.0.x backport)
Task #6581: pgsql: add cancel request message (7.0.x backport)
Task #6564: doc: document file.data (7.0.x backport)
Task #6534: runmodes: remove reference to auto modes (7.0.x backport)
Task #6523: libhtp 0.5.46 (7.0.x backport)
Task #6345: Convert unittests to new FAIL/PASS API - util-misc.c
Task #6339: Convert unittests to new FAIL/PASS API - detect-tcp-window.c
Task #6332: Convert unittests to new FAIL/PASS API - detect-bytetest.c
Task #6329: Convert unittests to new FAIL/PASS API - flow-bit.c
Task #6328: Convert unittests to new FAIL/PASS API - detect-bytejump.c
Documentation #6699: remove references in docs mentioning prehistoric Suricata versions (7.0.x backport)
Documentation #6631: Fix byte_test examples (7.0.x backport)
Documentation #6594: docs: fix broken bulleted list style on rtd (7.0.x backport)
Documentation #6513: userguide: update tls eve-log fields 'not_before' and 'not_after' (7.0.x backport)
Documentation #6511: userguide: document "tag" keyword (7.0.x backport)
Documentation #6504: userguide: explain what flow_id is (7.0.x backport)
Documentation #6383: misc: improve code documentation
Documentation #6371: spelling error in the docs
Documentation #5720: Install: Be consistent with use of the "sudo"
Documentation #5473: doc: upgrade guide for upgrading from 6 to 7
Documentation #4584: Rust doc: add docstring to rust module files

7.0.2 -- 2023-10-18

Security #6306: mime: quadratic complexity in MimeDecAddEntity
Expand Down
6 changes: 3 additions & 3 deletions configure.ac
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
AC_INIT([suricata],[7.0.3-dev])
AC_INIT([suricata],[7.0.3])
m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
AC_CONFIG_HEADERS([src/autoconf.h])
AC_CONFIG_SRCDIR([src/suricata.c])
Expand Down Expand Up @@ -1575,12 +1575,12 @@
echo
exit 1
fi
PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.45],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.46],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
if test "$libhtp_minver_found" = "no"; then
PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
if test "$libhtp_devver_found" = "no"; then
echo
echo " ERROR! libhtp was found but it is neither >= 0.5.45, nor the dev 0.5.X"
echo " ERROR! libhtp was found but it is neither >= 0.5.46, nor the dev 0.5.X"
echo
exit 1
fi
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@
# Format:
#
# name {repo} {branch|tag}
libhtp https://github.com/OISF/libhtp 0.5.x
libhtp https://github.com/OISF/libhtp 0.5.46
suricata-update https://github.com/OISF/suricata-update 1.3.0

0 comments on commit be68bbc

Please sign in to comment.