diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/release-notes.adoc | 132 |
1 files changed, 36 insertions, 96 deletions
diff --git a/doc/release-notes.adoc b/doc/release-notes.adoc index 137c591b..1a169499 100644 --- a/doc/release-notes.adoc +++ b/doc/release-notes.adoc @@ -22,54 +22,20 @@ If you or your organization would like to contribute or become a sponsor, please If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows you will need to https://www.wireshark.org/download.html[download and install] Wireshark {wireshark-version} or later by hand. -The following vulnerabilities have been fixed: - -* wssalink:2024-07[] -MONGO and ZigBee TLV dissector infinite loops. -wsbuglink:19726[]. -cveidlink:2024-4854[]. -// Fixed in master: 38c0efcee8, 9ab952b964 -// Fixed in release-4.2: e9965fe303, cb267b4e52 -// Fixed in release-4.0: dd5b3b36d3e -// Fixed in release-3.6: 40ed7e814bc -// CVSS AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H -// CWE-835 -// * Fuzz job crash: fuzz-2024-03-30-7212.pcap. wsbuglink:19726[]. - -* wssalink:2024-08[] -The editcap command line utility could crash when chopping bytes from the beginning of a packet. -wsbuglink:19724[]. -cveidlink:2024-4853[]. -// Fixed in master: 7c744e7933 -// Fixed in release-4.2: 3911c7b7d2 -// Fixed in release-4.0: c10a98d2669 -// Fixed in release-3.6: 683166c81bc -// CVSS AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L -// CWE-762 -// * The "handle_chopping" function in "editcap.c:2595" has a heap overflow vulnerability. wsbuglink:19724[]. - -* wssalink:2024-09[] -The editcap command line utility could crash when injecting secrets while writing multiple files. -wsbuglink:19782[]. -cveidlink:2024-4855[]. -// Fixed in master: be3550b3b1 -// Fixed in release-4.2: 32bde22d9b -// Fixed in release-4.0: f6cb547426d -// Fixed in release-3.6: xxx -// CVSS AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L -// CWE-416 -// * The "wtap_block_foreach_option" function on wiretap/file_access.c:2693 has a SEGV vulnerability. wsbuglink:19784[]. - -// * wssalink:2024-10[] -// Foo dissector {crash,infinite loop,memory leak}. -// wsbuglink:xxx[]. +A regression in the TCP Stream Graph "Time Sequence (tcptrace)" receive window line behavior introduced in 4.2.5 and 4.0.15 has been fixed. wsbuglink:19846[] + +The following vulnerability has been fixed: + +* wssalink:2024-10[] +SPRT dissector crash. +wsbuglink:19559[]. // cveidlink:2024-xxx[]. -// Fixed in master: xxx -// Fixed in release-4.2: xxx -// Fixed in release-4.0: xxx -// Fixed in release-3.6: xxx +// Fixed in master: 8e5f8de883 +// Fixed in release-4.2: cef77b8fed +// Fixed in release-4.0: cc67f836c0 // CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H -// CWE-125 +// CWE-824 +// * SPRT parser crash. wsbuglink:19559[]. The following bugs have been fixed: @@ -78,25 +44,16 @@ The following bugs have been fixed: //* cveidlink:2014-2486[] //* Wireshark grabs your ID at 3 am, goes to Waffle House, and insults people. -* Flow Graph scrolls in the wrong direction vertically when pressing Up/Down. wsbuglink:12932[]. -* TCP Stream Window Scaling not working in version 2.6.1 and later. wsbuglink:15016[]. -* TCP stream graphs (Window scaling) axis display is confusing. wsbuglink:17425[]. -* LUA get_dissector does not give the correct dissector under 32-bit version. wsbuglink:18367[]. -* Lua: Segfault when registering a field or expert info twice. wsbuglink:19194[]. -* SSH can not decrypt when KEX is curve25519-sha256@libssh.org. wsbuglink:19240[]. -* Wireshark crash related to Lua `DissectorTable.heuristic_new()` wsbuglink:19603[]. -* MATE fails to extract HTTP2 User-Agent header. wsbuglink:19619[]. -* Fuzz job issue: fuzz-2024-02-29-7169.pcap. wsbuglink:19679[]. -* Fuzz job issue: fuzz-2024-03-02-7158.pcap. wsbuglink:19684[]. -* Problem to Decode 5GC-N7 HTTP for payload Application/JSON. wsbuglink:19723[]. -* Copying data as C String produces incorrect string. wsbuglink:19735[]. -* Incorrect decoding of supported Tx HE-MCS. wsbuglink:19737[]. -* reordercap: Fix packet reordering with multiple IDB's not at the beginning of a pcapng file. wsbuglink:19740[]. -* Wrong EPB lengths written if existing pcapng file has epb_hash options. wsbuglink:19766[]. -* On Windows, Export Displayed Packets dialog does not have "include depended upon packets" checkbox. wsbuglink:19772[]. -* vnd.3gpp.sms binary payload NOT decoded inside HTTP2 5GC. wsbuglink:19773[]. -* NAS 5G message container dissection. wsbuglink:19793[]. -* Incorrect interpretation of algorithm name in packet-tls-utils.c. wsbuglink:19801[]. +* RADIUS dissector's dictionary loading broken in many ways. wsbuglink:6466[]. +* 3.4 -> 3.6.5 ASCII display is broken on CentOS 7. wsbuglink:18096[]. +* Funnel/Lua: Closing child window disconnects buttons of parent. wsbuglink:18386[]. +* Lua detection fails with Alpine Linux: missing: LUA_LIBRARIES. wsbuglink:19841[]. +* vnd.3gpp.5gnas payloads of type SMS not decoded inside HTTP2 5GC. wsbuglink:19845[]. +* TCP Stream Graphs green sliding window line not displayed correctly. wsbuglink:19846[]. +* Wireshark window doesn't fully fit on screen on small resolutions and can't be resized properly on Russian language. wsbuglink:19861[]. +* Wireshark started from command line doesn't set gui.fileopen_remembered_dir correctly on Windows. wsbuglink:19891[]. +* Wireshark expects wrong length for DHCP Relay Agent Information Source Port Suboption. wsbuglink:19909[]. +* SIP P-Access-Network-Info header not correctly decoded. wsbuglink:19917[]. === New and Updated Features @@ -117,36 +74,19 @@ There are no new protocols in this release. // ag -A1 '(define PSNAME|proto_register_protocol[^_])' $(git diff --name-only v4.2.5.. | ag packet- | sort -u) [commaize] -- -5co_legacy -5co_rap -BT Mesh -CQL -DOCSIS MAC MGMT +DHCP E.212 -EPL -FC FZS -GQUIC -GRPC -GSM RP -HTTP2 -ICMPv6 -IEEE 1905 -IEEE 802.11 -IPARS -JSON-3GPP -LAPD -LLDP -MATE -MONGO -NAS 5GS -NR-RRC -PER -PFCP -PTP -QUIC -SSH -TIPC -ZBD +MySQL +NAS-5GS +ProtoBuf +RADIUS +RLC-LTE +PKT CCC +RTP +SIP +SPRT +Thrift +Wi-SUN -- === New and Updated Capture File Support @@ -155,8 +95,7 @@ ZBD // Add one file type per line between the -- delimiters. [commaize] -- -BLF -pcapng +log3gpp -- === Updated File Format Decoding Support @@ -178,6 +117,7 @@ There is no updated file format support in this release. This document only describes the changes introduced in Wireshark {wireshark-version}. You can find release notes for prior versions at the following locations: +* https://www.wireshark.org/docs/relnotes/wireshark-4.2.5.html[Wireshark 4.2.5] * https://www.wireshark.org/docs/relnotes/wireshark-4.2.4.html[Wireshark 4.2.4] * https://www.wireshark.org/docs/relnotes/wireshark-4.2.3.html[Wireshark 4.2.3] * https://www.wireshark.org/docs/relnotes/wireshark-4.2.2.html[Wireshark 4.2.2] |