From 6af634b19b36891d282c628a155345f9b37cbed9 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Thu, 12 Mar 2026 19:13:20 -0300 Subject: [PATCH] release: 8.0.4; update changelog --- ChangeLog | 47 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- rust/Cargo.lock.in | 12 ++++++------ rust/sys/src/sys.rs | 2 +- 4 files changed, 55 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index e8c9358414..10fa79462a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,50 @@ +8.0.4 -- 2026-03-12 + +Security #8364: stream: quadratic complexity in stream inspection (8.0.x backport)(HIGH - CVE 2026-31933) +Security #8306: krb5: internal request/response buffering leads to quadratic complexity (8.0.x backport)(HIGH - CVE 2026-31932) +Security #8297: detect/ssl: null deref with tls.alpn keyword (8.0.x backport)(HIGH - CVE 2026-31931) +Security #8295: http2: unbounded number of http2 frames per transaction (8.0.x backport)(CRITICAL - CVE 2026-31935) +Security #8293: smtp/mime: quadratic complexity while looking for url strings (8.0.x backport)(HIGH - CVE 2026-31934) +Security #8287: krb5: TCP parser never advances past the first record in a multi-record segment (8.0.x backport) +Bug #8371: dpdk: "auto" in mempool size undercalculates the mempool size for Rx/Tx descriptors (8.0.x backport) +Bug #8369: ldap: add ldap.rules file (8.0.x backport) +Bug #8367: ndpi: crashing in StorageGetById() (8.0.x backport) +Bug #8362: http2: detection should use a better architecture than the Vec escaped (8.0.x backport) +Bug #8357: ldap: abandon request incorrectly handled (8.0.x backport) +Bug #8326: hs: harden cache manipulation (8.0.x backport) +Bug #8317: ldap: no invalid_data event in case of invalid request (8.0.x backport) +Bug #8312: firewall: af-packet IPS mode overwrites firewall mode (8.0.x backport) +Bug #8309: plugins/ndpi: SIGSEGV in DetectnDPIProtocolPacketMatch (8.0.x backport) +Bug #8280: build: when documentation tools are install, make dist attempt to install files to prefix (8.0.x backport) +Bug #8268: Double log rotation with rotation flag/interval (8.0.x backport) +Bug #8260: lib: examples fail with debug validation as they create threads after threads are sealed (8.0.x backport) +Bug #8252: dpdk: (x)stats are only accessible before port stop (8.0.x backport) +Bug #8249: lua: calling metatable garbage collector with nil from a script leadsd to a null pointer dereference (8.0.x backport) +Bug #8244: hyperscan: coverity warning on stat path check (8.0.x backport) +Bug #8230: detect/app-layer-event: alert generated for the wrong packet (8.0.x backport) +Bug #8219: base64: base64_data with relative match after base64_decode:relative fails (8.0.x backport) +Bug #8207: firewall: loading rules only through yaml fails (8.0.x backport) +Bug #8167: utils-spm-hs: missing deallocators on hs_compile failure (8.0.x backport) +Bug #8164: decode/ipv6: set invalid event for wrong ip version (8.0.x backport) +Bug #7982: detect/tls: zero characters in keywords such as alt name are mishandled (8.0.x backport) +Optimization #8343: conf: stream.depth is unlimited when absent from the suricata.yaml +Optimization #8299: stream/tcp: flag 1st seen pkt w stream established (8.0.x backport) +Feature #8323: hs: add pruning stats details of removal reason (8.0.x backport) +Feature #8316: firewall: support iprep in firewall mode (8.0.x backport) +Feature #8235: rules/transform: add gunzip transform (8.0.x backport) +Feature #8233: nfs: log detailed response for versions other than v3 (8.0.x backport) +Feature #7893: hyperscan: support cache invalidation and removal (8.0.x backport) +Task #8270: rust: suppress nugatory RUSTSEC-2026-0009 for time crate (8.0.x backport) +Task #8194: psl: crate should be updated on every release (8.0.x backport) +Task #8159: build-scopes: add QA or SIMULATION mode (8.0.x backport) +Task #8097: libsuricata: add live example usage of the Suricata library (8.0.x backport) +Documentation #8331: doc: explain dcerpc.opnum doesn't support operators >,<,!,= (8.0.x backport) +Documentation #8263: doc/userguide: fix within-distance pointer graphics in payload-keywords doc (8.0.x backport) +Documentation #8240: isdataat: document different semantics between absolute and relative modes (8.0.x backport) +Documentation #8217: rules/endswith: doc wrong for offset/distance/within warning (8.0.x backport) +Documentation #8114: doc: remove mention of suricata-7 in latest docs (8.0.x backport) +Documentation #7932: devguide: add a chapter about Suricata's exception policies (8.0.x backport) + 8.0.3 -- 2026-01-09 Security #8202: http: quadratic complexity in headers parsing over multiple packets (8.0.x backport)(HIGH - CVE 2026-22263) diff --git a/configure.ac b/configure.ac index 667b5a49ac..802bfe6fa2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ - AC_INIT([suricata],[8.0.4-dev]) + AC_INIT([suricata],[8.0.4]) m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes]) AC_CONFIG_HEADERS([src/autoconf.h]) AC_CONFIG_SRCDIR([src/suricata.c]) diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in index 11895656c8..b8d9ef51e7 100644 --- a/rust/Cargo.lock.in +++ b/rust/Cargo.lock.in @@ -1512,7 +1512,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "suricata" -version = "8.0.4-dev" +version = "8.0.4" dependencies = [ "aes", "aes-gcm", @@ -1565,7 +1565,7 @@ dependencies = [ [[package]] name = "suricata-derive" -version = "8.0.4-dev" +version = "8.0.4" dependencies = [ "proc-macro-crate", "proc-macro2", @@ -1575,7 +1575,7 @@ dependencies = [ [[package]] name = "suricata-htp" -version = "8.0.4-dev" +version = "8.0.4" dependencies = [ "base64", "brotli", @@ -1601,11 +1601,11 @@ dependencies = [ [[package]] name = "suricata-sys" -version = "8.0.4-dev" +version = "8.0.4" [[package]] name = "suricatactl" -version = "8.0.4-dev" +version = "8.0.4" dependencies = [ "clap", "once_cell", @@ -1616,7 +1616,7 @@ dependencies = [ [[package]] name = "suricatasc" -version = "8.0.4-dev" +version = "8.0.4" dependencies = [ "clap", "home", diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index 1f1f8ec93b..51696877db 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -1,6 +1,6 @@ // This file is automatically generated. Do not edit. -pub const SC_PACKAGE_VERSION: &[u8; 10] = b"8.0.4-dev\0"; +pub const SC_PACKAGE_VERSION: &[u8; 6] = b"8.0.4\0"; pub type __intmax_t = ::std::os::raw::c_long; pub type intmax_t = __intmax_t; #[repr(u32)]