mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Update CHANGES, VERSION, and NEWS for 7.0.2 release
This commit is contained in:
Tim Wojtulewicz
parent
815001f2aa
commit
270429bfea
3 changed files with 45 additions and 1 deletions
27
CHANGES
27
CHANGES
|
|
@ -1,3 +1,30 @@
|
|||
7.0.2 | 2024-09-23 12:01:55 -0700
|
||||
|
||||
* pop3: Remove unused headers (Arne Welzel, Corelight)
|
||||
|
||||
(cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
|
||||
|
||||
* pop3: Prevent unbounded state growth (Arne Welzel, Corelight)
|
||||
|
||||
The cmds list may grow unbounded due to the POP3 analyzer being in
|
||||
multiLine mode after seeing `AUTH` in a Redis connection, but never
|
||||
a `.` terminator. This can easily be provoked by the Redis ping
|
||||
command.
|
||||
|
||||
This adds two heuristics: 1) Forcefully process the oldest commands in
|
||||
the cmds list and cap it at max_pending_commands. 2) Start raising
|
||||
analyzer violations if the client has been using more than
|
||||
max_unknown_client_commands commands (default 10).
|
||||
|
||||
(cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
|
||||
|
||||
* btest/pop3: Add somewhat more elaborate testing (Arne Welzel, Corelight)
|
||||
|
||||
PCAP taken from here: https://tranalyzer.com/tutorial/pop and reference
|
||||
added to Traces/README.
|
||||
|
||||
(cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
|
||||
|
||||
7.0.1-6 | 2024-09-23 10:01:55 -0700
|
||||
|
||||
* Remove core.negative-time btest (Tim Wojtulewicz, Corelight)
|
||||
|
|
|
|||
17
NEWS
17
NEWS
|
|
@ -3,6 +3,23 @@ This document summarizes the most important changes in the current Zeek
|
|||
release. For an exhaustive list of changes, see the ``CHANGES`` file
|
||||
(note that submodules, such as Broker, come with their own ``CHANGES``.)
|
||||
|
||||
Zeek 7.0.2
|
||||
==========
|
||||
|
||||
This release fixes the following security issues:
|
||||
|
||||
- The POP3 parser has been hardened to avoid unbounded state growth in the
|
||||
face of one-sided traffic capture or when enabled for non-POP3 traffic.
|
||||
Concretely, the Redis protocol's AUTH mechanism enables the POP3 analyzer
|
||||
for such connections through DPD.
|
||||
|
||||
This release fixes the following bugs:
|
||||
|
||||
- Support for SASL+SPNEGO+NTLMSSP was added to the LDAP analyzer.
|
||||
|
||||
- Telemetry callbacks are now handled via Zeek instead of depending on the
|
||||
prometehus-cpp library to handle them.
|
||||
|
||||
Zeek 7.0.1
|
||||
==========
|
||||
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
7.0.1-6
|
||||
7.0.2
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue