diff --git a/ChangeLog b/ChangeLog index 8936246191..ef78771fb4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,39 @@ +8.0.2 -- 2025-11-05 + +Security #8066: lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer (8.0.x backport)(HIGH - CVE 2025-64344) +Security #8059: eve/http: stack overflow on large file transfers (8.0.x backport)(MODERATE - CVE 2025-64331) +Security #8058: util/swf: stack overflow on larger compressed data (8.0.x backport)(LOW - CVE 2025-64332) +Security #8057: eve/http: stack overflow from big content type (8.0.x backport)(HIGH - CVE 2025-64333) +Security #8022: eve/alert: heap buffer overflow on verdict (8.0.x backport)(MODERATE - CVE 2025-64330) +Security #7981: http: unbounded memory growth for decompression (8.0.x backport)(CRITICAL - CVE 2025-64334) +Security #7960: detect/entropy: null deref when used with base64_data (8.0.x backport)(HIGH - CVE 2025-64335) +Security #8064: unix-socket: use after free if client command is too long (8.0.x backport) +Bug #8076: snmp: detection-only setting is broken (8.0.x backport) +Bug #8053: python/Makefile: too open file permissions for defaults.py (8.0.x backport) +Bug #8034: flow/timeouts: yaml configured values unused for bypassed (8.0.x backport) +Bug #8020: tls: certificate SAN is freed in case of any error (8.0.x backport) +Bug #8016: detect/ip.src: does not load with lua transform (8.0.x backport) +Bug #8007: anomaly/ether_type: always logged as big endian (8.0.x backport) +Bug #8005: pcap-log: bpf-filter not applied when using multi mode (8.0.x backport) +Bug #7998: detect: replace keyword leaks memory (8.0.x backport) +Bug #7992: http2: wrong parsing of go away frames error code (8.0.x backport) +Bug #7990: dpdk: compile warning ‘rte_eth_bond_members_get’ is deprecated (8.0.x backport) +Bug #7976: dpdk: CPU exclude logic is broken (8.0.x backport) +Bug #7974: detect/files: signatures using file keywords on udp only app protos fail (8.0.x backport) +Bug #7961: mime: incorrect decoding of quoted-printable text attachments (8.0.x backport) +Bug #7943: runmode/dpdk: dpdk_vars initialized to NULL for any livedev (8.0.x backport) +Bug #7940: decoder/vxlan: packet drops with non-zero reserved fields (8.0.x backport) +Bug #7923: output/json: invalid IKE logs (8.0.x backport) +Bug #7911: eve/alert: incorrect verdict with pass + alert rule (8.0.x backport) +Bug #7910: lua/http: null dereference in accessor functions (8.0.x backport) +Feature #8072: flow: midstream exception policy "reject-both" support (8.0.x backport) +Task #7985: ci: Add multi-tenant test (8.0.x backport) +Task #7978: github/actions: add DPDK 23.11 build (8.0.x backport) +Task #5472: tracking: upgrading from 7 to 8 +Documentation #7917: userguide: add section for rule hooks (8.0.x backport) +Documentation #7916: userguide: document tx scoped xbits (8.0.x backport) +Documentation #7914: devguide: Add Eve Output Plugins (8.0.x backport) + 8.0.1 -- 2025-09-15 Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if tls.subjectaltname contains zero(HIGH - CVE 2025-59150) diff --git a/configure.ac b/configure.ac index d903cf055d..bae263eb94 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ - AC_INIT([suricata],[8.0.2-dev]) + AC_INIT([suricata],[8.0.2]) m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes]) AC_CONFIG_HEADERS([src/autoconf.h]) AC_CONFIG_SRCDIR([src/suricata.c]) diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in index 9178ffd568..7e8e78a6e1 100644 --- a/rust/Cargo.lock.in +++ b/rust/Cargo.lock.in @@ -1500,7 +1500,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "suricata" -version = "8.0.2-dev" +version = "8.0.2" dependencies = [ "aes", "aes-gcm", @@ -1552,7 +1552,7 @@ dependencies = [ [[package]] name = "suricata-derive" -version = "8.0.2-dev" +version = "8.0.2" dependencies = [ "proc-macro-crate", "proc-macro2", @@ -1562,7 +1562,7 @@ dependencies = [ [[package]] name = "suricata-htp" -version = "8.0.2-dev" +version = "8.0.2" dependencies = [ "base64", "brotli", @@ -1588,11 +1588,11 @@ dependencies = [ [[package]] name = "suricata-sys" -version = "8.0.2-dev" +version = "8.0.2" [[package]] name = "suricatactl" -version = "8.0.2-dev" +version = "8.0.2" dependencies = [ "clap", "once_cell", @@ -1603,7 +1603,7 @@ dependencies = [ [[package]] name = "suricatasc" -version = "8.0.2-dev" +version = "8.0.2" dependencies = [ "clap", "home", diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index 5c809709db..c33c1512f8 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -1,6 +1,6 @@ // This file is automatically generated. Do not edit. -pub const SC_PACKAGE_VERSION: &[u8; 10] = b"8.0.2-dev\0"; +pub const SC_PACKAGE_VERSION: &[u8; 6] = b"8.0.2\0"; pub type __intmax_t = ::std::os::raw::c_long; pub type intmax_t = __intmax_t; #[repr(u32)]