[Oisf-announce] Suricata 3.1RC1 is out

Victor Julien victor at inliniac.net
Tue Jun 7 14:29:48 UTC 2016


We're happy to announce Suricata 3.1RC1. The plan is to release the
stable within a few weeks, so please help us test this release!

Lots of improvements on the performance side:

Hyperscan integration for MPM and SPM. If installed, Hyperscan is now
the default. See
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Hyperscan

Rewrite of the detection engine, simplifying rule grouping. This reduces
memory usage and startup time in many scenarios.

Packet capture got a lot of love:
- AF_PACKET support for tpacketv3
- NETMAP usability improvements, especially on FreeBSD

A new keyword 'tls_sni' was added, including MPM support. It allows
matching on the TLS SNI field.

This release also bundles libhtp 0.5.20, in which we address a number of
issues Steffen Ullrich of HTTP Evader reported.

Other than that, lots of cleanups and optimizations:
- locking has been much simplified
- TCP and IPv6 decoder optimizations
- unittest cleanups
- AFL fuzzing options were added

Have a look at the full changelog:
https://github.com/inliniac/suricata/blob/master/ChangeLog


*Get the release here:*
http://www.openinfosecfoundation.org/download/suricata-3.1RC1.tar.gz


*Special thanks*

Intel Corporation, FireEye, Stamus Networks, NorCert, ANSSI,
AFL project, CoverityScan

Mats Klepsland, Andreas Moe, Justin Viiret, Zachary Rasmor
Aleksey Katargin, Alexander Gozman, Arturo Borrero Gonzalez
David Diallo, Torgeir Natvig, Steffen Ullrich


*Known issues & missing features*

In a release candidate like this things may not be as polished yet. So
please handle with care. That said, if you encounter issues, please let
us know! As always, we are doing our best to make you aware of
continuing development and items within the engine that are not yet
complete or optimal.  With this in mind, please notice the list we have
included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.


*SuriCon 2.0*

Join us in Washington, D.C. November 9-11 for the 2nd Suricata User
Conference. http://suricon.net/


*Training & Support*

Need help installing, updating, validating and tuning Suricata? We have
trainings coming up. September 12-16 in Paris, November 7 & 8 in
Washington, D.C.: see http://suricata-ids.org/training/

For support options also see http://suricata-ids.org/support/


*About Suricata*

Suricata is a high performance Network Threat Detection, IDS, IPS and
Network Security Monitoring engine. Open Source and owned by a community
run non-profit foundation, the Open Information Security Foundation
(OISF). Suricata is developed by the OISF, its supporting vendors and
the community.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------



More information about the Oisf-announce mailing list