Project

General

Profile

1.3.1

closed

08/21/2012

Bug fix release for 1.3 branch

100%

15 issues   (15 closed — 0 open)

Upgrading Suricata 1.3 to Suricata 1.3.1

Suricata 1.3.1 is a small update over 1.3, so there have been few visible changes.

HTTP double decoding

In 1.3 Suricata double decoded the complete URI in any case. For 1.3.1 this has been changed. The decoding now again depends on the selected server personality. To enable double decoding again 2 per server options were added:

double-decode-path: <yes|no>
double-decode-query: <yes|no>

Both default to "no".

Example config:

libhtp:
   default-config:
     personality: IDS
     request-body-limit: 3072
     response-body-limit: 3072
     double-decode-path: yes
     double-decode-query: no

For a discussion about this see tickets #464 and #504.

Time tracking
Estimated time 18.00 hours
Issues by
Bug

15/15
Related issues
Bug #460: rule_perf.log not incrementing correctly Actions
Bug #464: Suricata http request double encoded null byte FN Actions
Bug #466: ticks macro not serializing Actions
Bug #495: rule analyzer: sig misreported as packet inspecting Actions
Bug #496: rule analyzer: depth/offset warning makes no sense for tcp-pkt sig Actions
Bug #497: rule-analyzer depth/offset warnings not counted Actions
Bug #498: rule reload: set thread name Actions
Bug #499: setting value to host-os-policy.bsd-right fails Actions
Bug #502: windows build broken Actions
Bug #504: path normalization won't happen if uri is double encoded. Actions
Bug #505: http_cookie and depth/offset question please Actions
Bug #508: Suricata FN on http_header or http_user_agent Actions
Bug #510: max pending packets variable - prevents Suricata from stopping Actions
Bug #513: yaml parsing -- line number wrong Actions
Bug #523: stream: invalid stream event when suricata sees 3whs ACK, but server doesn't Actions

Also available in: TXT