mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Merge branch 'topic/timw/7.1-news-updates'
* topic/timw/7.1-news-updates: Add note about various dependency updates [nomail] [skip ci] NEWS additions for v7.1 [nomail] [skip ci]
This commit is contained in:
Tim Wojtulewicz
commit
98ec627404
3 changed files with 30 additions and 5 deletions
6
CHANGES
6
CHANGES
|
|
@ -1,3 +1,9 @@
|
|||
7.1.0-dev.790 | 2024-12-12 11:33:01 -0700
|
||||
|
||||
* Add note about various dependency updates [nomail] [skip ci] (Tim Wojtulewicz, Corelight)
|
||||
|
||||
* NEWS additions for v7.1 [nomail] [skip ci] (Tim Wojtulewicz, Corelight)
|
||||
|
||||
7.1.0-dev.787 | 2024-12-12 14:45:39 +0100
|
||||
|
||||
* Pre-compute the node topics for all pool entries. (Justin Azoff, Corelight)
|
||||
|
|
|
|||
27
NEWS
27
NEWS
|
|
@ -30,6 +30,18 @@ Breaking Changes
|
|||
New Functionality
|
||||
-----------------
|
||||
|
||||
- The following dependencies have had updates:
|
||||
|
||||
- The bundled version of Spicy was updated to 1.12.0. See
|
||||
https://github.com/zeek/spicy/releases/tag/v1.12.0 for notes on what's new
|
||||
with Spicy.
|
||||
|
||||
- The bundled version of c-ares has been updated to v1.34.2, which required
|
||||
some updates to Zeek's internal DNS resolver due to changes in the c-ares
|
||||
API. At least version v1.28.0 is now required to build Zeek.
|
||||
|
||||
- Python 3.9 is now required for Zeek and all of it's associated subprojects.
|
||||
|
||||
- IP-based connections that were previously not logged due to using an unknown
|
||||
IP protocol (e.g. not TCP, UDP, or ICMP) now appear in conn.log. All conn.log
|
||||
entries have a new ``ip_proto`` column that indicates the numeric IP protocol
|
||||
|
|
@ -119,8 +131,8 @@ New Functionality
|
|||
analyzer used for processing the packet when the event is raised. The
|
||||
``unknown_protocol.log`` file was extended to include this information.
|
||||
|
||||
- The MySQL analyzer now generates a ``mysql_user_change()`` event when
|
||||
the user changes mid-session via the ``COM_USER_CHANGE`` command.
|
||||
- The MySQL analyzer now generates a ``mysql_user_change()`` event when the user
|
||||
changes mid-session via the ``COM_USER_CHANGE`` command.
|
||||
|
||||
- The DNS analyzer was extended to support TKEY RRs (RFC 2390). A corresponding
|
||||
``dns_TKEY`` event was added.
|
||||
|
|
@ -182,6 +194,12 @@ New Functionality
|
|||
The analyzer is currently mostly interesting if you want to experiment with
|
||||
SSL; we do not yet recommend to enable it in normal Zeek deployments.
|
||||
|
||||
- The majority of the metrics reported via stats.log are also now reported via
|
||||
the Telemetry framework, and are visible in the output passed to Prometheus.
|
||||
|
||||
- A new weird ``DNS_unknown_opcode`` was added to the DNS analyzer to report
|
||||
when it receives opcodes that it cannot process.
|
||||
|
||||
Changed Functionality
|
||||
---------------------
|
||||
|
||||
|
|
@ -226,8 +244,9 @@ Changed Functionality
|
|||
Previously, ``network_time()`` was used. This matters if ``Broker::publish()``
|
||||
is called within scheduled events or called within remote events.
|
||||
|
||||
Removed Functionality
|
||||
---------------------
|
||||
- The SSL analyzer now reports the correct version when an SSLv2 client hello is
|
||||
used. Zeek previously always reported these as v2, even when the v2 client
|
||||
hello indicated support for a later version of SSL.
|
||||
|
||||
Deprecated Functionality
|
||||
------------------------
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
7.1.0-dev.787
|
||||
7.1.0-dev.790
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue