Suricata

So far, with default 6.0.x conf,

1. Running master w 6.0.x conf throws no errors.
2. Running s-v tests w 6.0.x conf only fails tests for features and items that were not implemented in 6.

Just found out that protocol specific options have to be explicitly enabled in 6.0.x but not in master. For example,

     smtp:
       enabled: yes 
       raw-extraction: no
       mime:
         decode-mime: yes 
         decode-base64: yes 
         decode-quoted-printable: yes

If the above mime section does not exist in a suricata.yaml of 6.0.x, every setting would be set to false. This goes against the warnings that we currently generate for the behavior described in https://redmine.openinfosecfoundation.org/issues/4744 (according to which if a protocol section does not exist, it is auto enabled in 6.0.x but would be auto disabled starting 7.0.x)

We should hint on those expected warnings and how the proper config change would look like:

: decode-erspan: ERSPAN Type I is no longer configurable and it is always enabled; ignoring configuration setting.
W: runmodes: eve module 'ikev2' has been replaced by 'ike'

We already have most covered in https://docs.suricata.io/en/latest/upgrade.html#upgrading-6-0-to-7-0 but I would do a last review based on the latest commits. I would also add the ERSPAN Type I thing, the ike part is already included in the guide.
I have no big objections against 7.0.1 but would still make sure all relevant upgrade notes are already in the docs for 7.0.0 that people might run into

Can you submit a PR for it?

https://github.com/OISF/suricata/pull/9213