# 6.0.0beta1 08/06/2020 * Feature #641: Flowbits group for ORing * Optimization #749: pcre 8.32 introduces JIT pcre_jit_exec(...) * Optimization #947: dynamic allocation of thread queues * Feature #962: Can I log the mac address of the source? * Optimization #1038: Flow Queue should be a stack * Feature #1274: ssh events * Feature #1807: Cisco HDLC Decoder * Feature #1947: HTTP2 decoder * Feature #2015: eve: add fileinfo in alert * Feature #2196: Add flow_id to the file extracted .meta file * Feature #2311: math on extracted values * Feature #2312: http: parsing for async streams * Feature #2363: pcap: read directories recursively * Task #2381: deprecate: 'drop' log output * Feature #2385: deprecate: unified2 * Bug #2506: filestore v1: with stream-depth not null, files are never truncated * Feature #2524: Allow user to choose the reject iface * Bug #2525: Add VLAN support to reject feature * Feature #2553: support 'by_both' in threshold rule keyword * Bug #2639: Alert for tcp rules with established without 3whs * Feature #2694: thresholding: feature parity between global and per-rule options * Feature #2698: hassh and hasshServer for ssh fingerprinting * Bug #2726: writing large number of json events on high speed traffic results in packet drops * Bug #2737: Invalid memory read on malformed rule with Lua script * Optimization #2779: Convert DCE_RPC from C to Rust * Optimization #2845: Counters for kernel_packets decreases at times without restart * Feature #2859: Oss-fuzz integration * Task #2959: deprecate: filestore v1 * Optimization #2977: replace asn1 parser with rust based implementation * Bug #3053: Replace atoi with StringParse* for better error handling * Bug #3078: flow-timeout: check that 'emergency' settings are < normal settings * Bug #3096: random failures on sip and http-evader suricata-verify tests * Bug #3107: Thread counter setting ignored within affinity section * Bug #3108: Calculation of threads in autofp mode is wrong * Task #3128: nom 5 * Task #3167: convert all _Bool use to bool * Bug #3188: Use FatalError wherever possible * Feature #3199: transformation should be able to take options * Feature #3200: pcre: allow operation as transform * Optimization #3234: dns app-layer c vs rust cleanup * Task #3255: rdp: enable by default * Task #3256: sip: enable by default * Bug #3265: Dropping privileges does not work with NFLOG * Bug #3282: --list-app-layer-protos only uses default suricata.yaml location. * Bug #3283: bitmask option of payload-keyword byte_test not working * Feature #3293: eve: per thread output files * Optimization #3308: rust: use cbindgen to generate bindings * Task #3331: Rust: Move to 2018 Edition * Feature #3332: Dynamic Loadable Module/Plugin Support * Documentation #3335: doc: add ipv4.hdr and ipv6.hdr * Bug #3339: Missing community ID in smb, rdp, tftp, dhcp * Task #3344: devguide: setup sphinx * Bug #3378: ftp: asan detects leaks of expectations * Task #3408: FTP should place constraints on filename lengths * Task #3409: SMTP should place restraints on variable length items (e.g., filenames) * Feature #3422: GRE ERSPAN Type 1 Support * Bug #3435: afl: Compile/make fails on openSUSE Leap-15.1 * Bug #3441: alerts: missing rdp and snmp metadata * Feature #3444: app-layer: signal stream engine about expected data size * Feature #3445: Convert SSH parser to Rust * Bug #3451: gcc10: compilation failure unless -fcommon is supplied * Task #3460: autotools: check autoscan output * Bug #3463: Faulty signature with two threshold keywords does not generate an error and never match * Bug #3465: build-info and configure wrongly display libnss status * Bug #3468: BUG_ON(strcasecmp(str, "any") in DetectAddressParseString * Bug #3476: datasets: Dataset not working in unix socket mode * Bug #3483: SIP: Input not parsed when header values contain trailing spaces * Bug #3486: Make Rust probing parsers optional * Bug #3489: rule parsing: memory leaks * Bug #3490: Segfault when facing malformed SNMP rules * Bug #3496: defrag: asan issue * Feature #3501: Add RFB parser * Bug #3504: http.header.raw prematurely truncates in some conditions * Bug #3509: Behavior for tcp fastopen * Task #3515: GRE ERSPAN Type 1 Support configuration * Bug #3517: Convert DER parser to Rust * Bug #3519: FTP: Incorrect ftp_memuse calculation. * Bug #3522: TCP Fast Open - Bypass of stateless alerts * Bug #3523: Suricata does not log alert metadata info when running in unix-socket mode * Bug #3525: Kerberos vulnerable to TCP splitting evasion * Bug #3529: rust: smb compile warnings * Bug #3532: Skip over ERF_TYPE_META records * Optimization #3538: dns: use app-layer incomplete support * Optimization #3539: rdp: use app-layer incomplete support * Optimization #3541: applayertemplate: use app-layer incomplete support * Feature #3546: Teredo port configuration * Bug #3547: file logging: complete files sometimes marked 'TRUNCATED' * Feature #3549: Add MQTT parser * Task #3564: dcerpc: support GAP recovery * Bug #3565: ssl/tls: ASAN issue in SSLv3ParseHandshakeType * Bug #3566: rules: minor memory leak involving pcre_get_substring * Bug #3567: rules/bsize: memory issue during parsing * Bug #3568: rules: bad rule leads to memory exhaustion * Bug #3569: fuzz: memory leak in bidir rules * Bug #3570: rfb: invalid AppLayerResult use * Bug #3583: rules: missing 'consumption' of transforms before pkt_data would lead to crash * Bug #3584: rules: crash on 'internal'-only keywords * Bug #3586: rules: bad address block leads to stack exhaustion * Bug #3593: Stack overflow when parsing ERF file * Bug #3594: rules: memory leaks in pktvar keyword * Bug #3595: sslv3: asan detects leaks * Bug #3615: Protocol detection evasion by packet splitting * Feature #3626: implement from_end byte_jump keyword * Bug #3628: Incorrect ASN.1 long form length parsing * Bug #3630: Recursion stack-overflow in parsing YAML configuration * Bug #3631: FTP response buffering against TCP stream * Bug #3632: rules: memory leaks on failed rules * Feature #3635: datasets: add 'dataset-remove' unix command * Bug #3638: TOS IP Keyword not triggering an alert * Bug #3640: coverity: leak in fast.log setup error path * Bug #3641: coverity: data directory handling issues * Bug #3642: RFB parser wrongly handles incomplete data * Bug #3643: Libhtp request: extra whitespace interpreted as dummy new request * Bug #3654: Rules reload with Napatech can hang Suricata UNIX manager process * Optimization #3655: default to c11 standard * Bug #3657: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow * Feature #3661: validate strip_whitespace content before loading a rule * Bug #3662: Signature with an IP range creates one IPOnlyCIDRItem by IP address * Bug #3677: Segfault on SMTP TLS * Bug #3680: Dataset reputation invalid value logging * Bug #3683: rules: memory leak on bad rule * Bug #3687: Null dereference in DetectEngineSignatureIsDuplicate * Bug #3689: Protocol detection evasion by packet splitting on enip/nfs * Bug #3690: eve.json windows timestamp field has "Eastern Daylight Time" appended to timestamp * Feature #3693: DCERPC multi tx support * Feature #3694: DCERPC logging support * Bug #3699: smb: post-GAP file handling * Bug #3700: nfs: post-GAP file handling * Optimization #3708: Convert SSH logging to JsonBuilder * Optimization #3709: Convert DNP3 logging to JsonBuilder * Optimization #3710: Convert SMTP logging to JsonBuilder * Optimization #3711: Convert NFS logging to JsonBuilder * Optimization #3712: Convert SMB logging to JsonBuilder * Optimization #3713: Convert RFB logging to JsonBuilder * Optimization #3714: Convert FTP logging to JsonBuilder * Optimization #3715: Convert RDP logging to JsonBuilder * Optimization #3716: Use uuid crate wherever possible in smb rust parser * Bug #3720: Incorrect handling of ASN1 relative_offset keyword * Bug #3732: filemagic logging resulting in performance hit * Feature #3733: Add unix socket support in redis logging * Bug #3749: redis: Reconnect is invalid in batch mode * Bug #3750: redis: no or delayed data in low speed network * Optimization #3754: Convert KRB to JsonBuilder * Optimization #3755: Convert IKEv2 to JsonBuilder * Optimization #3756: Convert SNMP to JsonBuilder * Optimization #3757: Convert Netflow to JsonBuilder * Feature #3760: datasets: distinguish between 'static' and 'dynamic' sets * Optimization #3764: Convert TFTP to JsonBuilder * Optimization #3765: Convert Templates to JsonBuilder * Optimization #3773: DNP3 CRC disabled when fuzzing * Bug #3779: Exit on signature with invalid transform pcrexform * Bug #3782: Once Suricata enters emergency mode it doe not recover properly * Bug #3783: Stack overflow in DetectFlowbitsAnalyze * Bug #3802: Rule filename mutation when reading file hash files from a directory other than the default-rule-directory * Bug #3808: pfring: compile warnings * Bug #3814: Coverity scan issue -- null pointer deref in ftp logger * Bug #3815: Coverity scan issue -- control flow issue ftp logger * Bug #3817: Coverity scan issue -- resource leak in filestore output logger * Bug #3818: Coverity scan issue -- null pointer deref in detect engine * Bug #3820: ssh: invalid use to 'AppLayerResult::incomplete` * Bug #3821: Memory leak in signature parsing with keyword rfb.secresult * Bug #3822: Rust panic at DCERPC signature parsing * Feature #3823: conditional logging: tx log filtering * Optimization #3838: Convert 'vars' (metadata logging) to JsonBuilder * Optimization #3839: Convert profiling rule match dumps to JsonBuilder * Bug #3840: Integer overflow in DetectContentPropagateLimits leading to unintended signature behavior * Bug #3841: Heap-buffer-overflow READ 8 ยท DetectGetLastSMByListId * Bug #3851: Invalid DNS incomplete result * Bug #3855: mqtt: coverity static analysis issues