[Oisf-users] Suricata 4.0.0-rc1 ready for testing!

Victor Julien victor at inliniac.net
Wed Jun 28 15:53:08 UTC 2017

We are proud to announce that the first release candidate for the
upcoming *Suricata 4.0.0* is ready for your testing. Since the beta1
release we've received much valuable feedback, leading to lots of fixed

Notable changes: initial merge of Pierre Chiffliers Rust parsers work.
This uses external Rust parser 'crates' and is enabled by using
--enable-rust-experimental. This is even more experimental than
--enable-rust, so use with care. Initially this adds a NTP parser.

The NFS parser adds support for catching up after packet loss, adds UDP
support and basic NFSv2 support.

EVE was extended to optionally log the HTTP request and/or response
bodies. Also new in EVE, the (partial) flow record is added to alert

We're aiming for a final 4.0.0 release one month from now. If needed a
rc2 release may be added to the schedule. Please help us test!

Get the release from


Feature #2095: eve: http body in alert event
Feature #2131: nfs: implement GAP support
Feature #2156: Add app_proto or partial flow entry to alerts
Feature #2163: ntp parser
Feature #2164: rust: external parser crate support
Bug #1930: Segfault when event rule is invalid
Bug #2038: validate app-layer API use
Bug #2109: asn1: keyword memleak
Bug #2141: 4.0.0-dev (rev 8ea9a5a) segfault
Bug #2143: Bypass cause missing alert on packets only signatures
Bug #2144: rust: panic in dns/tcp
Bug #2148: rust/dns: panic on malformed rrnames
Bug #2153: starttls 'tunnel' packet issue - nfq_handle_packet error -1
Bug #2154: Dynamic stack overflow in payload printable output
Bug #2155: AddressSanitizer double-free error
Bug #2157: Compilation Issues Beta 4.0
Bug #2158: Suricata v4.0.0-beta1 dns_query; segmentation fault
Bug #2159: http: 2221028 triggers on underscore in hostname
Bug #2160: openbsd: pcap with raw datalink not supported
Bug #2161: libhtp 0.5.25
Bug #2165: rust: releases should include crate dependencies (cargo-vendor)

*Special thanks*

Pierre Chifflier, Selivanov Pavel, Giuseppe Longo


Developer Training in Cork, Ireland. September 11 to 15:
Hosted by FireEye.

User Training at SuriCon 2017, in Prague:


Come meet the Suricata community and development team to discuss all
things Suricata at the third edition of the annual Suricata Conference.
SuriCon 2017 will be in November in Prague: https://suricon.net

*About Suricata*

Suricata is a high performance Network Threat Detection, IDS, IPS and
Network Security Monitoring engine. Open Source and owned by a community
run non-profit foundation, the Open Information Security Foundation
(OISF). Suricata is developed by the OISF, its supporting vendors and
the community.
Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list