Update CHANGES, VERSION, and NEWS for 7.0.2 release

zeek · Sep 23, 2024 · 270429b · 270429b
1 parent 815001f
commit 270429b
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 1 deletion.
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,30 @@
+7.0.2 | 2024-09-23 12:01:55 -0700
+
+  * pop3: Remove unused headers (Arne Welzel, Corelight)
+
+    (cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
+
+  * pop3: Prevent unbounded state growth (Arne Welzel, Corelight)
+
+    The cmds list may grow unbounded due to the POP3 analyzer being in
+    multiLine mode after seeing `AUTH` in a Redis connection, but never
+    a `.` terminator. This can easily be provoked by the Redis ping
+    command.
+
+    This adds two heuristics: 1) Forcefully process the oldest commands in
+    the cmds list and cap it at max_pending_commands. 2) Start raising
+    analyzer violations if the client has been using more than
+    max_unknown_client_commands commands (default 10).
+
+    (cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
+
+  * btest/pop3: Add somewhat more elaborate testing (Arne Welzel, Corelight)
+
+    PCAP taken from here: https://tranalyzer.com/tutorial/pop and reference
+    added to Traces/README.
+
+    (cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
+
 7.0.1-6 | 2024-09-23 10:01:55 -0700
 
   * Remove core.negative-time btest (Tim Wojtulewicz, Corelight)

diff --git a/NEWS b/NEWS
@@ -3,6 +3,23 @@ This document summarizes the most important changes in the current Zeek
 release. For an exhaustive list of changes, see the ``CHANGES`` file
 (note that submodules, such as Broker, come with their own ``CHANGES``.)
 
+Zeek 7.0.2
+==========
+
+This release fixes the following security issues:
+
+- The POP3 parser has been hardened to avoid unbounded state growth in the
+  face of one-sided traffic capture or when enabled for non-POP3 traffic.
+  Concretely, the Redis protocol's AUTH mechanism enables the POP3 analyzer
+  for such connections through DPD.
+
+This release fixes the following bugs:
+
+- Support for SASL+SPNEGO+NTLMSSP was added to the LDAP analyzer.
+
+- Telemetry callbacks are now handled via Zeek instead of depending on the
+  prometehus-cpp library to handle them.
+
 Zeek 7.0.1
 ==========
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-7.0.1-6
+7.0.2