[Oisf-users] Suricata 2.1beta4 Available!

Victor Julien victor at inliniac.net
Fri May 8 15:02:14 UTC 2015

The OISF development team is proud to announce Suricata 2.1beta4. This
is the fourth beta release for the upcoming 2.1 version. It should be
considered a development snapshot for the 2.1 branch.

Get the new release here:

*New features*

Feature #1448: xbits support
Feature #336: Add support for NETMAP to Suricata.
Feature #885: smtp file_data support
Feature #1394: Improve TCP reuse support
Feature #1445: Suricata does not work on pfSense/FreeBSD interfaces
using PPPoE
Feature #1447: Ability to reject ICMP traffic
Feature #1410: add alerts to EVE's drop logs


Optimization #1014: app layer reassembly fast-path
Optimization #1377: flow manager: reduce (try)locking
Optimization #1403: autofp packet pool performance problems
Optimization #1409: http pipeline support for stateful detection
Bug #1314: http-events performance issues

*Bug fixes*

Bug #1340: null ptr dereference in Suricata v2.1beta2 (output-json.c:347)
Bug #1352: file list is not cleaned up
Bug #1358: Gradual memory leak using reload (kill -USR2 $pid)
Bug #1366: Crash if default_packet_size is below 32 bytes
Bug #1378: stats api doesn't call thread deinit funcs
Bug #1384: tcp midstream window issue (master)
Bug #1388: pcap-file hangs on systems w/o atomics support (master)
Bug #1392: http uri parsing issue (master)
Bug #1393: CentOS 5.11 build failures
Bug #1398: DCERPC traffic parsing issue (master)
Bug #1401: inverted matching on incomplete session
Bug #1402: When re-opening files on HUP (rotation) always use the append
Bug #1417: no rules loaded - latest git - rev e250040
Bug #1425: dead lock in de_state vs flowints/flowvars
Bug #1426: Files prematurely truncated by detection engine even though
force-md5 is enabled
Bug #1429: stream: last_ack update issue leading to stream gaps
Bug #1435: EVE-Log alert payload option loses data
Bug #1441: Local timestamps in json events
Bug #1446: Unit ID check in Modbus packet error
Bug #1449: smtp parsing issue
Bug #1451: Fix list-keywords regressions
Bug #1463: modbus parsing issue

*Special thanks*

We'd like to thank the following people and corporations for their
contributions and feedback:

- Kostya Kortchinsky of the Google Security Team
- the Yahoo Pentest Team
- Giuseppe Longo
- Alexander Gozman
- Ken Steele
- Andreas Moe
- David Diallo
- David Cannings
- David Maciejak
- Pierre Chifflier
- Tom DeCanio
- Zachary Rasmor
- Aleksey Katargin
- FireEye
- Emerging Threats
- AFL project
- Coverity Scan
- Travis Green
- Darien Huss
- Greg Siemon
- Alessandro Guido
- Antti Tönkyrä
- Ray Ruvinskiy
- Eduardo Arada
- Michael Rash

*Known issues & missing features*

In a beta release like this things may not be as polished yet. So please
handle with care. That said, if you encounter issues, please let us
know! As always, we are doing our best to make you aware of continuing
development and items within the engine that are not yet complete or
optimal.  With this in mind, please notice the list we have included of
known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues. See
for a discussion and time line for the major issues.

*Training & Support*

Need help installing, updating, validating and tuning Suricata? We have
trainings coming up. Paris in July, Barcelona in November: see

For support options also see http://suricata-ids.org/support/

*About Suricata*

Suricata is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF). Suricata is
developed by the OISF, its supporting vendors and the community.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list