v6.2.1
-
A crash with ICMP packets involving errant length checking was fixed. Thank
you to Ronny Barkan from Microsoft for reporting this issue. -
When a shadow file is empty/missing during rotation, Zeek aborts with an error
message, but if the shadow file was empty, it will still be there after the
restart. This results in an endless restart loop. This has been corrected to
overwrite the existing shadow file, using the default file extension and
post processing function. -
A new function
remove_exclude
was added to thePacketFilter
framework
which can be used to remove a previously added exclude filter by name. -
A new option
--localversion
was added to theconfigure
script. This
option allows a caller to add custom strings to the end of the Zeek version
reported byzeek -v
.