This release fixes the following security issue:
-
Fix null-pointer dereference when encountering an invalid
enum
name in a
config/input file that tries to read it into aset[enum]
. For those
that have such an input feed whose contents may come from external/remote
sources, this is a potential DoS vulnerability.
Reminder: Zeek 3.0.x is a Long-Term Support (LTS) release, receiving bug fixes until at least May 2021 (estimate of 2 months after 4.0.0 release).