[Discussion] Suricata 1.0.2 released

Victor Julien victor at inliniac.net
Wed Sep 8 14:19:28 UTC 2010


The OISF development team is proud to announce Suricata 1.0.2, the
second maintenance release for Suricata 1.0, the Open Source Intrusion
Detection and Prevention engine.

Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-1.0.2.tar.gz

New features

- Added an SSH application layer module, improving performance and accuracy
- Added two new SSH rule keywords: "ssh.protoversion" and
"ssh.softwareversion"
- Added support for missing HTTP related PCRE modifiers /H, /M and /C
(bug #220)

Improvements

- Fixed several TCP stream engine evasion issues found by Judy Novak
from G2, Inc.
- Improved accuracy of the http_client_body keyword
- Improved dropping of packets in IPS mode when a signature matches in
the reassembled stream or the application layer
- Improved error reporting if the engine runs out of memory in the
initialization stage
- Fixed a reported segv in the HTTP method detection keyword (bug #231)
- Several smaller issues were fixed

Because of the TCP evasions that are fixed upgrading is highly recommended.


Known issues & missing features

As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.
-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Discussion mailing list