v8.1.1

We would like to thank Siavash Tahmureszadeh for their contribution to this release.

This release fixes the following security issues:

Zeek's HTTP analyzer can be tricked into interpreting Transfer-Encoding or Content-Length headers set in MIME entities within HTTP bodies and change the analyzer behavior. This can be used to hide HTTP requests from analysis. Due to the fact that these packets can be received from remote hosts, this is a DoS risk. The fix is to only process the headers from the outermost MIME entity, which causes all internal entities to be parsed.

This release fixes the following bugs:

A missing state check was added to the finalize_redis hook in the Redis analyzer. This was needed for rare cases where that hook got called and the rest of the analyzer had never been invoked, leading to Zeek throwing an error because the state didn't exist yet.
A bug was fixed when attempting to append a vector to itself that would cause an infinite loop.
A minor update was added to the documentation to better describe how what versions of docs we keep available on the website.
A memory leak was fixed that occurred when looping over tables while running Zeek with ZAM enabled.
The upgraded library used for paraglob in Zeek 8.1.0 exposed an issue with handling very large data sets. This was fixed via better initialization of the library when creating the paraglob objects.
Zeek now requires ZeroMQ 4.3.0 or later due to some missing API features in earlier versions.

We would like to thank Siavash Tahmureszadeh for their contribution to this release.

This release fixes the following security issues:

Zeek's HTTP analyzer can be tricked into interpreting Transfer-Encoding or Content-Length headers set in MIME entities within HTTP bodies and change the analyzer behavior. This can be used to hide HTTP requests from analysis. Due to the fact that these packets can be received from remote hosts, this is a DoS risk. The fix is to only process the headers from the outermost MIME entity, which causes all internal entities to be parsed.

This release fixes the following bugs:

A missing state check was added to the finalize_redis hook in the Redis analyzer. This was needed for rare cases where that hook got called and the rest of the analyzer had never been invoked, leading to Zeek throwing an error because the state didn't exist yet.
A bug was fixed when attempting to append a vector to itself that would cause an infinite loop.
A minor update was added to the documentation to better describe how what versions of docs we keep available on the website.
A memory leak was fixed that occurred when looping over tables while running Zeek with ZAM enabled.
The upgraded library used for paraglob in Zeek 8.1.0 exposed an issue with handling very large data sets. This was fixed via better initialization of the library when creating the paraglob objects.
Zeek now requires ZeroMQ 4.3.0 or later due to some missing API features in earlier versions.

zeek