suricata-8.0.0

suricata-8.0.0

[Adolf Belka]

Hi all,

I have done a patch submission for suricata-7.0.11 as there were a couple of CVE fixes for that.

However suricata-8.0.0 has been released. I have built it and installed it and confirmed that it is working as expected and that testing it with an alert blocked the traffic access and logged the information.

The question I have is should I submit a patch to update suricata to 8.0.0 in CU197 or wait for next to become CU198?

Regards,

Adolf.

Re: suricata-8.0.0

[Michael Tremer]

Hello Adolf,

This is great news.

Regarding to where this is going, I don’t know…

Generally I would say we should release as early as possible. However, the bottleneck that we currently have is that there is very limited test feedback. Since we already have OpenVPN in the next release, I would agree that this might be enough.

You can submit the patch no matter what and we can decide where to merge it later.

-Michael

> On 22 Jul 2025, at 16:52, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi all,
> 
> I have done a patch submission for suricata-7.0.11 as there were a couple of CVE fixes for that.
> 
> However suricata-8.0.0 has been released. I have built it and installed it and confirmed that it is working as expected and that testing it with an alert blocked the traffic access and logged the information.
> 
> The question I have is should I submit a patch to update suricata to 8.0.0 in CU197 or wait for next to become CU198?
> 
> Regards,
> 
> Adolf.
> 

Re: suricata-8.0.0

[Michael Tremer]

If we want to create a big IPS update, there is a new release of vector scan available, too:

  https://github.com/VectorCamp/vectorscan/releases/tag/vectorscan%2F5.4.12

-Michael

> On 22 Jul 2025, at 16:54, Michael Tremer <michael.tremer@ipfire.org> wrote:
> 
> Hello Adolf,
> 
> This is great news.
> 
> Regarding to where this is going, I don’t know…
> 
> Generally I would say we should release as early as possible. However, the bottleneck that we currently have is that there is very limited test feedback. Since we already have OpenVPN in the next release, I would agree that this might be enough.
> 
> You can submit the patch no matter what and we can decide where to merge it later.
> 
> -Michael
> 
>> On 22 Jul 2025, at 16:52, Adolf Belka <adolf.belka@ipfire.org> wrote:
>> 
>> Hi all,
>> 
>> I have done a patch submission for suricata-7.0.11 as there were a couple of CVE fixes for that.
>> 
>> However suricata-8.0.0 has been released. I have built it and installed it and confirmed that it is working as expected and that testing it with an alert blocked the traffic access and logged the information.
>> 
>> The question I have is should I submit a patch to update suricata to 8.0.0 in CU197 or wait for next to become CU198?
>> 
>> Regards,
>> 
>> Adolf.
>> 
> 

Re: suricata-8.0.0

[Adolf Belka]

On 22/07/2025 17:56, Michael Tremer wrote:
> If we want to create a big IPS update, there is a new release of vector scan available, too:
> 
>    https://github.com/VectorCamp/vectorscan/releases/tag/vectorscan%2F5.4.12

I will submit a patch for this.

> 
> -Michael
> 
>> On 22 Jul 2025, at 16:54, Michael Tremer <michael.tremer@ipfire.org> wrote:
>>
>> Hello Adolf,
>>
>> This is great news.
>>
>> Regarding to where this is going, I don’t know…
>>
>> Generally I would say we should release as early as possible. However, the bottleneck that we currently have is that there is very limited test feedback. Since we already have OpenVPN in the next release, I would agree that this might be enough.
>>
>> You can submit the patch no matter what and we can decide where to merge it later.

patch has been submitted.

Regards,

Adolf.

>>
>> -Michael
>>
>>> On 22 Jul 2025, at 16:52, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>
>>> Hi all,
>>>
>>> I have done a patch submission for suricata-7.0.11 as there were a couple of CVE fixes for that.
>>>
>>> However suricata-8.0.0 has been released. I have built it and installed it and confirmed that it is working as expected and that testing it with an alert blocked the traffic access and logged the information.
>>>
>>> The question I have is should I submit a patch to update suricata to 8.0.0 in CU197 or wait for next to become CU198?
>>>
>>> Regards,
>>>
>>> Adolf.
>>>
>>
> 
> 

Re: suricata-8.0.0

[Michael Tremer]

Thank you!

> On 22 Jul 2025, at 18:01, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> 
> 
> On 22/07/2025 17:56, Michael Tremer wrote:
>> If we want to create a big IPS update, there is a new release of vector scan available, too:
>>   https://github.com/VectorCamp/vectorscan/releases/tag/vectorscan%2F5.4.12
> 
> I will submit a patch for this.
> 
>> -Michael
>>> On 22 Jul 2025, at 16:54, Michael Tremer <michael.tremer@ipfire.org> wrote:
>>> 
>>> Hello Adolf,
>>> 
>>> This is great news.
>>> 
>>> Regarding to where this is going, I don’t know…
>>> 
>>> Generally I would say we should release as early as possible. However, the bottleneck that we currently have is that there is very limited test feedback. Since we already have OpenVPN in the next release, I would agree that this might be enough.
>>> 
>>> You can submit the patch no matter what and we can decide where to merge it later.
> 
> patch has been submitted.
> 
> Regards,
> 
> Adolf.
> 
>>> 
>>> -Michael
>>> 
>>>> On 22 Jul 2025, at 16:52, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>> 
>>>> Hi all,
>>>> 
>>>> I have done a patch submission for suricata-7.0.11 as there were a couple of CVE fixes for that.
>>>> 
>>>> However suricata-8.0.0 has been released. I have built it and installed it and confirmed that it is working as expected and that testing it with an alert blocked the traffic access and logged the information.
>>>> 
>>>> The question I have is should I submit a patch to update suricata to 8.0.0 in CU197 or wait for next to become CU198?
>>>> 
>>>> Regards,
>>>> 
>>>> Adolf.