Suricata 4.0.3 available!


We are pleased to announce Suricata 4.0.3.  This is regular bug fix release fixing various issues.

Note: this release was first released as 4.0.2, but due to a packaging mistake it contained the wrong branch.


  • Feature #2245: decoder for ieee802.1AH traffic
  • Bug #798: stats.log in yaml config – append option – missing
  • Bug #891: detect-engine.profile does not err out in incorrect values – suricata.yaml
  • Bug #961: max pending packets variable parsing
  • Bug #1185: napatech: cppcheck warning
  • Bug #2215: Lost events writing to unix socket
  • Bug #2230: valgrind memcheck – 4.0.0-dev (rev 1180687)
  • Bug #2250: detect: mixing byte_extract and isdataat leads to FP & FN
  • Bug #2263: content matches disregarded when using dns_query on udp traffic
  • Bug #2274: ParseSizeString in util-misc.c: Null-pointer dereference
  • Bug #2275: ConfGetInt in conf.c: NULL-pointer dereference
  • Bug #2276: conf: NULL-pointer dereference in CoredumpLoadConfig
  • Bug #2293: rules: depth < content rules not rejected
  • Bug #2324: segfault in http_start (4.0.x)
  • Bug #2325: Suricata segfaults on ICMP and flowint check (4.0.x)


Special thanks

Danny Browning, Harley H, Travis Green, Wolfgang Hotwagner, Edward Fjellskål

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.