Open Information Security Foundation

06/22/2026

JI 05:50 PM Suricata Security #8600 (Closed): windows: unquoted LocalSystem service ImagePath

Jason Ish

JI 05:49 PM Suricata Security #8665 (Closed): windows: unquoted LocalSystem service ImagePath (7.0.x backport)

Jason Ish

06/18/2026

JI 10:01 PM Suricata Bug #8662 (Resolved): ftp: can't proceed past banner in firewall mode

Jason Ish

JI 10:01 PM Suricata Bug #8663 (Resolved): ftp: ftpdata_command never matches in firewall mode for active ftp

Jason Ish

JI 04:05 PM Suricata Support #8082: Support: What APIs should be used for Suricata as a library in runmode=live

Philippe Antoine wrote in #note-12:
> Jason, do you have something ?
Assuming you mean something for #8095, no. I haven't started on that yet. Jason Ish

06/16/2026

JI 08:02 PM Suricata Bug #8664 (In Progress): ftp: support data channel for list, nlst, mlsd, appe, stou

Currently, FTP only provides data channel support for STOR and RETR, but there are other commands that use it, most notably directory listing. Jason Ish

JI 04:54 PM Suricata Bug #8663 (In Review): ftp: ftpdata_command never matches in firewall mode for active ftp

Pull request: https://github.com/OISF/suricata/pull/15656 Jason Ish

JI 04:44 PM Suricata Bug #8663 (Closed): ftp: ftpdata_command never matches in firewall mode for active ftp

The ftpdata_command limits which direction of the flow it will match on, which matches passive ftp, but it will never match in active mode. Visible in firewall mode which is more strict than the threat detection rules. Jason Ish

JI 04:54 PM Suricata Bug #8662 (In Review): ftp: can't proceed past banner in firewall mode

Pull request: https://github.com/OISF/suricata/pull/15656 Jason Ish

JI 04:41 PM Suricata Bug #8662 (Closed): ftp: can't proceed past banner in firewall mode

FTP starts with a banner from the server, which results in a to-client only transaction, but won't be inspected without to-server data. Jason Ish