[Discussion] Suricata 1.3beta2 Available!

Victor Julien victor at inliniac.net
Fri Jun 8 16:44:24 UTC 2012


The OISF development team is proud to announce Suricata 1.3beta2. This
is the second beta release for the upcoming 1.3 version. Focus has been
on stabilizing the code base after the big changes from the beta1 release.

  116 files changed, 3610 insertions(+), 1801 deletions(-)

Release should be much more stable and should be approaching release
candidate quality.

Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-1.3beta2.tar.gz


New features

- Experimental support for matching on large lists of known file MD5
checksums

Improvements

- Improved performance for file_data, http_server_body and
http_client_body keywords.
- Improvements to HTTP handling: multipart parsing, gzip decompression.
- Byte_extract can support negative offsets now (#445).
- Support for PF_RING 5.4 added. Many thanks to Chris Wakelin (#459).
- HOME_NET and EXTERNAL_NET and the other vars are now checked for
common errors (#454).
- Improved error reporting when using too long address strings (#451).
- MD5 calculation improvements for daemon mode and other cases (#449).
- File inspection scripts: Added Syslog action for logging to local
syslog. Thanks to Martin Holste.
- Rule parser is made more strict.
- Unified2 output overhaul, logging individual segments in more cases.

Fixes

- detection_filter keyword accuracy problem was fixed (#453).
- Don't inspect cookie header with http header (#461).
- Crash with a rule with two byte_extract keywords (#456).
- SSL parser fixes. Thanks to Chris Wakelin for testing the patches! (#476)
- Accuracy issues in HTTP inspection fixed. Thanks to Rmkml (#452).
- Improve escaping of some characters in logs (#418).
- Checksum calculation bugs fixed.
- IPv6 parsing issues fixed. Thanks to Michel Saborde.
- Endace DAG issues fixed. Thanks to Jason Ish from Endace.
- Various OpenBSD related fixes.
- Fixes for bugs found by Coverity source code analyzer.

Credits

We'd like to thank the following people and corporations for their
contributions and feedback:

Michel Saborde
Rmkml
Chris Wakelin
Martin Holste
Coverity source code analyzer
Jason Ish, Endace

Known issues & missing features

In a beta release like this things may not be as polished yet. So please
handle with care. That said, if you encounter issues, please let us
know! As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Discussion mailing list