[Discussion] Suricata 1.3rc1 Available!

Victor Julien victor at inliniac.net
Fri Jun 29 18:36:45 UTC 2012


The OISF development team is proud to announce Suricata 1.3rc1, the
first (and hopefully only) release candidate for Suricata 1.3. This
release improves stability and accuracy, in addition to adding a few new
exciting features.

Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-1.3rc1.tar.gz

The new release comes with a number of important improvements and fixes.

New features

- http_user_agent keyword for matching on the HTTP User-Agent header
- experimental live rule reload by sending a USR2 signal (#279)
- AF_PACKET BPF support (#449)
- AF_PACKET live packet loss counters (#441)
- Rule analyzer (#349)
- add pcap workers runmode for use with libpcap wrappers that support
load balancing, such as  Napatech's or Myricom's
- negated filemd5 matching, allowing for md5 whitelisting

Improvements

- signatures with depth and/or offset are now checked against packets in
addition to the stream (#404)
- http_cookie keyword now also inspects "Set-Cookie" header (#479)
- filemd5 keyword no longer depends on log-file output module (#447)
- http_raw_header keyword inspects original header line terminators (#475)
- deal with double encoded URI (#464)

Fixes

- improved SMB/SMB2/DCERPC robustness
- ICMPv6 parsing fixes
- improve HTTP body inspection
- stream.inline accuracy issues fixed (#339)
- general stability fixes (#482, #486)
- missing unittests added (#471)
- "threshold.conf not found" error made more clear (#446)
- IPS mode segment logging for Unified2 improved

Known issues & missing features

This is a "release candidate"-quality release so the stability should be
good although unexpected corner cases might happen. If you encounter
one, please let us know!

As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------





More information about the Discussion mailing list