Open Information Security Foundation

11/14/2024

08:33 AM Suricata Bug #7394: ldap: support starttls with tls upgrade

https://github.com/OISF/suricata/pull/12119 Victor Julien

08:33 AM Suricata Bug #7394 (In Review): ldap: support starttls with tls upgrade

Add support for starttls and switch the flow over to TLS. Victor Julien

08:21 AM Suricata Bug #7392: Verdict output reports "drop" when rejected

At least in IPS mode, a reject is a drop + reject. Since the reject is a best effort thing, the drop is what we think... Victor Julien

11/12/2024

08:04 AM Suricata Bug #7390 (Assigned): byte_extract: issue with saved 'name' in distance keyword

@presto can you create a Suricata Verify test for this at https://github.com/OISF/suricata-verify Victor Julien

11/07/2024

02:11 PM Suricata Optimization #5672 (Resolved): smb: avoid unbounded hash maps

https://github.com/OISF/suricata/pull/12087 Victor Julien

01:39 PM Suricata Optimization #7371 (New): smb: events/counters for caches getting full

When LruCache was introduced in the smb state, it introduced a mechanism to automatically evict the oldest entries. H... Victor Julien

11/05/2024

10:51 AM Suricata Task #6706 (Rejected): build-info: remove obsolete "rust support" line (7.0.x backport)

I don't see this as something we need to backport. Victor Julien

10:47 AM Suricata Feature #7114: from_base64: allow matching on decode error

After more discussion, we think an event based approach may make more sense. Question is how.
One way would be to ... Victor Julien

11/04/2024

08:56 PM Suricata Bug #7369: xbits noalert does not appear to function, and syntax documentation is ambiguous.

In general, flowbits:noalert; is identical to just @noalert;@, so stand-alone. If xbits:noalert would work, it would ... Victor Julien

04:43 PM Suricata Security #7300: log: too big record lead to invalid json

Additional thoughts: current 10MiB is very large and should probably be reduced. Also should perhaps be configurable.... Victor Julien