diff --git a/CHANGES b/CHANGES index 20f90d3851..645cf998f3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +7.1.0-dev.790 | 2024-12-12 11:33:01 -0700 + + * Add note about various dependency updates [nomail] [skip ci] (Tim Wojtulewicz, Corelight) + + * NEWS additions for v7.1 [nomail] [skip ci] (Tim Wojtulewicz, Corelight) + 7.1.0-dev.787 | 2024-12-12 14:45:39 +0100 * Pre-compute the node topics for all pool entries. (Justin Azoff, Corelight) diff --git a/NEWS b/NEWS index 3c6a78443f..fee004e09a 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,18 @@ Breaking Changes New Functionality ----------------- +- The following dependencies have had updates: + + - The bundled version of Spicy was updated to 1.12.0. See + https://github.com/zeek/spicy/releases/tag/v1.12.0 for notes on what's new + with Spicy. + + - The bundled version of c-ares has been updated to v1.34.2, which required + some updates to Zeek's internal DNS resolver due to changes in the c-ares + API. At least version v1.28.0 is now required to build Zeek. + + - Python 3.9 is now required for Zeek and all of it's associated subprojects. + - IP-based connections that were previously not logged due to using an unknown IP protocol (e.g. not TCP, UDP, or ICMP) now appear in conn.log. All conn.log entries have a new ``ip_proto`` column that indicates the numeric IP protocol @@ -119,8 +131,8 @@ New Functionality analyzer used for processing the packet when the event is raised. The ``unknown_protocol.log`` file was extended to include this information. -- The MySQL analyzer now generates a ``mysql_user_change()`` event when - the user changes mid-session via the ``COM_USER_CHANGE`` command. +- The MySQL analyzer now generates a ``mysql_user_change()`` event when the user + changes mid-session via the ``COM_USER_CHANGE`` command. - The DNS analyzer was extended to support TKEY RRs (RFC 2390). A corresponding ``dns_TKEY`` event was added. @@ -182,6 +194,12 @@ New Functionality The analyzer is currently mostly interesting if you want to experiment with SSL; we do not yet recommend to enable it in normal Zeek deployments. +- The majority of the metrics reported via stats.log are also now reported via + the Telemetry framework, and are visible in the output passed to Prometheus. + +- A new weird ``DNS_unknown_opcode`` was added to the DNS analyzer to report + when it receives opcodes that it cannot process. + Changed Functionality --------------------- @@ -226,8 +244,9 @@ Changed Functionality Previously, ``network_time()`` was used. This matters if ``Broker::publish()`` is called within scheduled events or called within remote events. -Removed Functionality ---------------------- +- The SSL analyzer now reports the correct version when an SSLv2 client hello is + used. Zeek previously always reported these as v2, even when the v2 client + hello indicated support for a later version of SSL. Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index 3fb0cc6dec..d22a1ac427 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -7.1.0-dev.787 +7.1.0-dev.790