# 7.0.0-rc2 06/15/2023 * Bug #3147: scan-build warning for mime decoder * Bug #3148: scan-build warnings for ac implementations * Bug #3149: scan-build warnings in radix implementation * Bug #3150: scan-build warnings for detect address handling * Bug #3151: scan-build warning for detect port handling * Bug #3152: scan-build warning for detect sigordering * Task #4051: Convert unittests to new FAIL/PASS API: detect-lua.c * Task #4067: http2: overload existing http keywords to support http/2 * Optimization #4378: file.data: split mpm per app_proto * Bug #4529: Not keyword matches in Kerberos requests * Bug #4578: perf shows excessive time in IPOnlyMatchPacket * Bug #4759: TCP DNS query not found when tls filter is active * Bug #4952: scan-build: Access to field 'de_state' results in a dereference of a null pointer * Bug #5017: counters: tcp.syn, tcp.synack, tcp.rst depend on flow * Bug #5261: rust: reconsider bundling Cargo.lock * Bug #5270: Flow hash table collision and flow state corruption between different capture interfaces * Bug #5320: Key collisions in HTTP JSON eve-logs * Bug #5437: 'unseen' http midstream packets with TCP FIN flag set * Task #5474: test: review how 7 works with config from 5 and 6 * Bug #5498: flowworker: Assertion in CheckWorkQueue * Bug #5526: tcp: Assertion failed: (!((last_ack_abs < left_edge && StreamTcpInlineMode() == 0 && !f->ffr && ssn->state < TCP_CLOSED))) * Bug #5541: Unexpected behavior of `endswith` in combination with negated content matches * Optimization #5544: tls keywords: increase code coverage and update documentation (if need be) * Bug #5563: stream: issue with stream debug tracking of memuse * Documentation #5596: doc/optimization: move 'suricata.git/doc/userguide/convert.py' to Python3 * Bug #5621: security.limit-noproc: disabled if not provided in the configuration file * Bug #5627: windows: windivert build broken * Task #5628: github-ci: add windows + windivert build * Bug #5667: Enable rule profiling via socket * Feature #5717: rfb: add frame support * Optimization #5718: time: compact alternative to struct timeval * Bug #5740: content: within and distance lengths should be bounded * Task #5741: rust/src/rfb/* add more unittests * Feature #5746: http.connection - allow in server response * Bug #5770: smb: no consistency check between NBSS length and length field for some SMB operations * Bug #5780: HTTP/2 - FN when matching on multiple http2.header contents * Bug #5783: smb: wrong endian conversion when parse NTLM Negotiate Flags * Feature #5784: detect: allow cross buffer inspection on multi-buffer matches * Bug #5786: smb: possible evasion with trailing nbss data * Bug #5789: output api: int handling issue * Bug #5799: detect: sigs using DETECT_SM_LIST_PMATCH can break other signatures * Bug #5802: ips: txs still logged for dropped flow * Feature #5803: github-ci: Add netmap as a Github Action * Bug #5808: http2: leak with range files * Bug #5818: time: integer comparison with different signs * Bug #5819: SMTP does not handle LF post line limit properly * Feature #5822: yaml: set suricata version in generated config * Bug #5823: smtp: config and built-in defaults mismatch * Bug #5825: stream.midstream: if enabled breaks exception policy * Bug #5833: tcp/regions: use after free error * Bug #5834: tcp/regions: list corruption * Bug #5835: debug: segv on enabling debugging output * Bug #5836: output: abort triggered on no permission test * Bug #5843: tcp/stream: session reuse on tcp flows w/o sessions * Feature #5849: dpdk: add virtio-pmd support * Bug #5850: frames: Assertion failed: buffer initialized * Bug #5855: af-xdp: may fail to build on Linux systems with kernel older than 5.11 * Bug #5856: stream: SYN/ACK timestamp checking blocks valid traffic * Documentation #5857: docs: refactor DPDK documentation * Documentation #5858: docs: add list of supported NICs in DPDK mode * Documentation #5859: docs: add build instructions for DPDK capture interface * Bug #5862: netmap: packet stalls * Bug #5866: detect: multi-tenancy crash * Bug #5867: false-positive drop event_types possible on passed packets * Bug #5875: stream/ips: dropping spurious retransmissions times out connections * Feature #5876: eve: add stream tcp logging * Bug #5877: stream: connections time out too early * Bug #5881: stream: overlap with different data false positive * Bug #5883: mime: debug assertion on fuzz input * Documentation #5884: docs: update CentOS names according to their new conventions * Bug #5885: base64_decode not populating up to an invalid character * Bug #5900: UBSAN: undefined shift in DetectByteMathDoMatch * Bug #5905: invalid bsize and distance rule being loaded by suricata * Bug #5907: tcp: failed assertion ASSERT: !(ssn->state != TCP_SYN_SENT) * Bug #5909: http2: quadratic complexity when reducing dynamic headers table size * Bug #5917: http: libhtp errors on multiple 100 continue response * Task #5918: libhtp 0.5.43 * Bug #5919: flow/manager: fix unhandled division by 0 (prealloc: 0) * Bug #5923: dpdk: change in NUMA-determining API * Bug #5924: AF_XDP compile error * Bug #5925: dpdk: VMXNET3 fails to configure * Bug #5927: smtp: quadratic complexity for tx iterator with linked list * Bug #5929: fast_pattern assignment of specific content in combination with urilen results in FN * Bug #5931: http2: urilen not supported * Bug #5936: dpdk: Release mempool only after the device closes * Feature #5937: dpdk: Improve DPDK version checking * Task #5939: config: deprecate multiple "include" statements at the same level * Bug #5940: exception/policy: flow action doesn't fall back to packet action when there's no flow * Security #5945: byte_math: Division by zero possible. * Bug #5952: http: multipart data is not filled up to request.body-limit * Bug #5955: af-packet: duplicate packets when sniffing on loopback interface * Bug #5957: bpf: postpone IPS check after IPS runmode is determined from the configuration file * Optimization #5959: detect using uninitialized engine mode * Bug #5960: Postpone setting of master exception policy * Documentation #5962: documentation: mention the use of http1 in rule protocol * Bug #5963: dpdk: handle packets splitted in multiple segments * Task #5965: tracking: Improving DPDK capture interface and docs * Bug #5968: flowworker: per packet flow housekeeping can process too many flows * Bug #5969: detect: reload can stall if flow housekeeping takes too long * Bug #5971: libhtp: differential fuzzing with rust version: only trim spaces at headers names end * Feature #5975: Add support for 'inner' PF_RING clustering modes * Bug #5978: stream/reassembly: memcap exception policy incorrectly applied * Bug #5979: rust: update sawp dependencies to avoid future compile issues * Bug #5981: smtp: Long DATA line post boundary is capped at 4k Bytes * Task #5983: libhtp 0.5.44 * Bug #5989: smtp: any command post a long command gets skipped * Task #5991: rust: der-parser 8.2.0 * Task #5992: rust: snmp-parser 0.9.0 * Task #5993: rust: x509-parser 0.15 * Bug #5998: exception/policy: make work with simulated flow memcap * Bug #6006: dpdk: query eth stats only by the first worker * Bug #6008: smb: wrong offset when parse SMB_COM_WRITE_ANDX record * Bug #6019: smtp: fuzz debug assertion trigger * Bug #6021: af-packet: reload not occurring until packets are seen * Bug #6025: detect: allow bsize 0 for existing empty buffers * Optimization #6036: pgsql: remove unused Kerb5 auth message * Bug #6038: TCP resets have incorrect len, nh in IPv6 * Bug #6041: ASSERT: !(sb->region.buf_offset != 0) * Bug #6043: detect: multi-tenancy fails to start * Bug #6046: runmode/unix-socket: http range memory leak * Bug #6053: smtp: long line discard logic should be separate for server and client * Bug #6054: ftp: long line discard logic should be separate for server and client * Bug #6057: rust/jsonbuilder: better handling of memory allocation errors * Bug #6060: IP Datasets not supported from suricata.yaml * Bug #6062: flow: memory leaks at shutdown * Bug #6064: dpdk: detect reload stuck if there are no packets * Bug #6066: Memory Corruption in util-streaming-buffer * Feature #6085: detect: set explicit rule types * Bug #6086: Decode-events of IPv6 packets are not triggered * Bug #6087: FTP bounce detection doesn't work for big-endian platforms * Bug #6089: suricata --list-keywords does not work with debug validation * Bug #6093: flow: occasional sudden spike in flow.memuse * Feature #6099: dpdk: add support for bonding interface * Optimization #6100: mqtt: quadratic complexity in get_tx_by_pkt_id * Bug #6103: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks * Bug #6109: exception/policy: reject changes flow action in IDS mode * Bug #6117: tcp regions streaming buffer: assert failed (!((region->stream_offset == sbb->offset && region->buf_offset > sbb->len))), function StreamingBufferSBBGetData * Security #6118: datasets: absolute path in rules can overwrite arbitrary files * Bug #6120: streaming-buffer: exceeds limit when downloading large file with file-store enabled * Security #6122: lua: flag to disable lua support * Security #6123: datasets: flag to disable rules containing a state or save dataset * Security #6129: dcerpc: max-tx config parameter, also for UDP * Bug #6132: suricata-update: dump-sample-configs: configuration files not found * Bug #6137: SNMP: version is logged from state, instead of from transaction * Bug #6170: streaming-buffer: exceeds limit when downloading large file with file-store enabled and inspecing file_data content