Project

General

Profile

7.0.0-rc2

closed

06/15/2023

100%

145 issues   (145 closed — 0 open)

Issues by
Bug

105/105
Feature

11/11
Optimization

6/6
Task

12/12
Documentation

6/6
Security

5/5
Related issues
Bug #3147: scan-build warning for mime decoder Actions
Bug #3148: scan-build warnings for ac implementations Actions
Bug #3149: scan-build warnings in radix implementation Actions
Bug #3150: scan-build warnings for detect address handling Actions
Bug #3151: scan-build warning for detect port handling Actions
Bug #3152: scan-build warning for detect sigordering Actions
Bug #4529: Not keyword matches in Kerberos requests Actions
Bug #4578: perf shows excessive time in IPOnlyMatchPacket Actions
Bug #4759: TCP DNS query not found when tls filter is active Actions
Bug #4952: scan-build: Access to field 'de_state' results in a dereference of a null pointer Actions
Bug #5017: counters: tcp.syn, tcp.synack, tcp.rst depend on flow Actions
Bug #5261: rust: reconsider bundling Cargo.lock Actions
Bug #5270: Flow hash table collision and flow state corruption between different capture interfaces Actions
Bug #5320: Key collisions in HTTP JSON eve-logs Actions
Bug #5437: 'unseen' http midstream packets with TCP FIN flag set Actions
Bug #5498: flowworker: Assertion in CheckWorkQueue Actions
Bug #5526: tcp: Assertion failed: (!((last_ack_abs < left_edge && StreamTcpInlineMode() == 0 && !f->ffr && ssn->state < TCP_CLOSED))) Actions
Bug #5541: Unexpected behavior of `endswith` in combination with negated content matches Actions
Bug #5563: stream: issue with stream debug tracking of memuse Actions
Bug #5621: security.limit-noproc: disabled if not provided in the configuration file Actions
Bug #5627: windows: windivert build broken Actions
Bug #5667: Enable rule profiling via socket Actions
Bug #5740: content: within and distance lengths should be bounded Actions
Bug #5770: smb: no consistency check between NBSS length and length field for some SMB operations Actions
Bug #5780: HTTP/2 - FN when matching on multiple http2.header contents Actions
Bug #5783: smb: wrong endian conversion when parse NTLM Negotiate Flags Actions
Bug #5786: smb: possible evasion with trailing nbss data Actions
Bug #5789: output api: int handling issue Actions
Bug #5799: detect: sigs using DETECT_SM_LIST_PMATCH can break other signatures Actions
Bug #5802: ips: txs still logged for dropped flow Actions
Bug #5808: http2: leak with range files Actions
Bug #5818: time: integer comparison with different signs Actions
Bug #5819: SMTP does not handle LF post line limit properly Actions
Bug #5823: smtp: config and built-in defaults mismatch Actions
Bug #5825: stream.midstream: if enabled breaks exception policy Actions
Bug #5833: tcp/regions: use after free error Actions
Bug #5834: tcp/regions: list corruption Actions
Bug #5835: debug: segv on enabling debugging output Actions
Bug #5836: output: abort triggered on no permission test Actions
Bug #5843: tcp/stream: session reuse on tcp flows w/o sessions Actions
Bug #5850: frames: Assertion failed: buffer initialized Actions
Bug #5855: af-xdp: may fail to build on Linux systems with kernel older than 5.11 Actions
Bug #5856: stream: SYN/ACK timestamp checking blocks valid traffic Actions
Bug #5862: netmap: packet stalls Actions
Bug #5866: detect: multi-tenancy crash Actions
Bug #5867: false-positive drop event_types possible on passed packets Actions
Bug #5875: stream/ips: dropping spurious retransmissions times out connections Actions
Bug #5877: stream: connections time out too early Actions
Bug #5881: stream: overlap with different data false positive Actions
Bug #5883: mime: debug assertion on fuzz input Actions
Bug #5885: base64_decode not populating up to an invalid character Actions
Bug #5900: UBSAN: undefined shift in DetectByteMathDoMatch Actions
Bug #5905: invalid bsize and distance rule being loaded by suricata Actions
Bug #5907: tcp: failed assertion ASSERT: !(ssn->state != TCP_SYN_SENT) Actions
Bug #5909: http2: quadratic complexity when reducing dynamic headers table size Actions
Bug #5917: http: libhtp errors on multiple 100 continue response Actions
Bug #5919: flow/manager: fix unhandled division by 0 (prealloc: 0) Actions
Bug #5923: dpdk: change in NUMA-determining API Actions
Bug #5924: AF_XDP compile error Actions
Bug #5925: dpdk: VMXNET3 fails to configure Actions
Bug #5927: smtp: quadratic complexity for tx iterator with linked list Actions
Bug #5929: fast_pattern assignment of specific content in combination with urilen results in FN Actions
Bug #5931: http2: urilen not supported Actions
Bug #5936: dpdk: Release mempool only after the device closes Actions
Bug #5940: exception/policy: flow action doesn't fall back to packet action when there's no flow Actions
Bug #5952: http: multipart data is not filled up to request.body-limit Actions
Bug #5955: af-packet: duplicate packets when sniffing on loopback interface Actions
Bug #5957: bpf: postpone IPS check after IPS runmode is determined from the configuration file Actions
Bug #5960: Postpone setting of master exception policy Actions
Bug #5963: dpdk: handle packets splitted in multiple segments Actions
Bug #5968: flowworker: per packet flow housekeeping can process too many flows Actions
Bug #5969: detect: reload can stall if flow housekeeping takes too long Actions
Bug #5971: libhtp: differential fuzzing with rust version: only trim spaces at headers names end Actions
Bug #5978: stream/reassembly: memcap exception policy incorrectly applied Actions
Bug #5979: rust: update sawp dependencies to avoid future compile issues Actions
Bug #5981: smtp: Long DATA line post boundary is capped at 4k Bytes Actions
Bug #5989: smtp: any command post a long command gets skipped Actions
Bug #5998: exception/policy: make work with simulated flow memcap Actions
Bug #6006: dpdk: query eth stats only by the first worker Actions
Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record Actions
Bug #6019: smtp: fuzz debug assertion trigger Actions
Bug #6021: af-packet: reload not occurring until packets are seen Actions
Bug #6025: detect: allow bsize 0 for existing empty buffers Actions
Bug #6038: TCP resets have incorrect len, nh in IPv6 Actions
Bug #6041: ASSERT: !(sb->region.buf_offset != 0) Actions
Bug #6043: detect: multi-tenancy fails to start Actions
Bug #6046: runmode/unix-socket: http range memory leak Actions
Bug #6053: smtp: long line discard logic should be separate for server and client Actions
Bug #6054: ftp: long line discard logic should be separate for server and client Actions
Bug #6057: rust/jsonbuilder: better handling of memory allocation errors Actions
Bug #6060: IP Datasets not supported from suricata.yaml Actions
Bug #6062: flow: memory leaks at shutdown Actions
Bug #6064: dpdk: detect reload stuck if there are no packets Actions
Bug #6066: Memory Corruption in util-streaming-buffer Actions
Bug #6086: Decode-events of IPv6 packets are not triggered Actions
Bug #6087: FTP bounce detection doesn't work for big-endian platforms Actions
Bug #6089: suricata --list-keywords does not work with debug validation Actions
Bug #6093: flow: occasional sudden spike in flow.memuse Actions
Bug #6103: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks Actions
Bug #6109: exception/policy: reject changes flow action in IDS mode Actions
Bug #6117: tcp regions streaming buffer: assert failed (!((region->stream_offset == sbb->offset && region->buf_offset > sbb->len))), function StreamingBufferSBBGetData Actions
Bug #6120: streaming-buffer: exceeds limit when downloading large file with file-store enabled Actions
Bug #6132: suricata-update: dump-sample-configs: configuration files not found Actions
Bug #6137: SNMP: version is logged from state, instead of from transaction Actions
Bug #6170: streaming-buffer: exceeds limit when downloading large file with file-store enabled and inspecing file_data content Actions
Feature #5717: rfb: add frame support Actions
Feature #5746: http.connection - allow in server response Actions
Feature #5784: detect: allow cross buffer inspection on multi-buffer matches Actions
Feature #5803: github-ci: Add netmap as a Github Action Actions
Feature #5822: yaml: set suricata version in generated config Actions
Feature #5849: dpdk: add virtio-pmd support Actions
Feature #5876: eve: add stream tcp logging Actions
Feature #5937: dpdk: Improve DPDK version checking Actions
Feature #5975: Add support for 'inner' PF_RING clustering modes Actions
Feature #6085: detect: set explicit rule types Actions
Feature #6099: dpdk: add support for bonding interface Actions
Optimization #4378: file.data: split mpm per app_proto Actions
Optimization #5544: tls keywords: increase code coverage and update documentation (if need be) Actions
Optimization #5718: time: compact alternative to struct timeval Actions
Optimization #5959: detect using uninitialized engine mode Actions
Optimization #6036: pgsql: remove unused Kerb5 auth message Actions
Optimization #6100: mqtt: quadratic complexity in get_tx_by_pkt_id Actions
Task #4051: Convert unittests to new FAIL/PASS API: detect-lua.c Actions
Task #4067: http2: overload existing http keywords to support http/2 Actions
Task #5474: test: review how 7 works with config from 5 and 6 Actions
Task #5628: github-ci: add windows + windivert build Actions
Task #5741: rust/src/rfb/* add more unittests Actions
Task #5918: libhtp 0.5.43 Actions
Task #5939: config: deprecate multiple "include" statements at the same level Actions
Task #5965: tracking: Improving DPDK capture interface and docs Actions
Task #5983: libhtp 0.5.44 Actions
Task #5991: rust: der-parser 8.2.0 Actions
Task #5992: rust: snmp-parser 0.9.0 Actions
Task #5993: rust: x509-parser 0.15 Actions
Documentation #5596: doc/optimization: move 'suricata.git/doc/userguide/convert.py' to Python3 Actions
Documentation #5857: docs: refactor DPDK documentation Actions
Documentation #5858: docs: add list of supported NICs in DPDK mode Actions
Documentation #5859: docs: add build instructions for DPDK capture interface Actions
Documentation #5884: docs: update CentOS names according to their new conventions Actions
Documentation #5962: documentation: mention the use of http1 in rule protocol Actions
Security #5945: byte_math: Division by zero possible. Actions
Security #6118: datasets: absolute path in rules can overwrite arbitrary files Actions
Security #6122: lua: flag to disable lua support Actions
Security #6123: datasets: flag to disable rules containing a state or save dataset Actions
Security #6129: dcerpc: max-tx config parameter, also for UDP Actions

Also available in: TXT