release: version 1.1.15 - Fix ALPN detection for malformed TLS extensions
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
- FIX: ALPN (tls_alpn) not appearing in logs for packets with truncated extensions - Add sanitizeTLSRecord fallback in extractTLSExtensions (tlsparse/parser.go) - Mirrors sanitization already present in fingerprint/engine.go - ALPN now correctly extracted even when ParseClientHello fails on raw payload - Bump version to 1.1.15 in main.go and packaging/rpm/ja4sentinel.spec Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
@ -3,7 +3,7 @@
|
||||
%if %{defined build_version}
|
||||
%define spec_version %{build_version}
|
||||
%else
|
||||
%define spec_version 1.1.12
|
||||
%define spec_version 1.1.15
|
||||
%endif
|
||||
|
||||
Name: ja4sentinel
|
||||
@ -123,6 +123,26 @@ fi
|
||||
|
||||
%changelog
|
||||
|
||||
* Thu Mar 05 2026 Jacquin Antoine <rpm@arkel.fr> - 1.1.15-1
|
||||
- FIX: ALPN not appearing in logs for packets with truncated/malformed TLS extensions
|
||||
- Add sanitization fallback in extractTLSExtensions (same as fingerprint engine)
|
||||
- ALPN (tls_alpn) now correctly extracted even when ParseClientHello fails on raw payload
|
||||
|
||||
* Thu Mar 05 2026 Jacquin Antoine <rpm@arkel.fr> - 1.1.14-1
|
||||
- FIX: Handle ClientHellos with truncated extension data (extension data truncated)
|
||||
- Sanitize malformed extensions by trimming to last complete extension before retry
|
||||
- Fingerprints (JA4/JA3) now generated even for slightly malformed ClientHellos
|
||||
- Added unit tests for extension sanitization and truncated extension handling
|
||||
|
||||
* Thu Mar 05 2026 Jacquin Antoine <rpm@arkel.fr> - 1.1.13-1
|
||||
- FIX: BPF filter uses 'tcp dst port' instead of 'tcp port' to capture client-to-server traffic only
|
||||
- FIX: SYN packet handling — detect SYN before payload-length check, create flow with IP/TCP metadata
|
||||
- FIX: SynToCHMs timing now uses SYN timestamp instead of first data packet timestamp
|
||||
- FIX: Fragmented ClientHello uses flow metadata from SYN instead of last fragment's packet metadata
|
||||
- FIX: TCP reassembly sequence tracking — detect retransmissions (skip) and gaps (drop flow)
|
||||
- Added TLS 1.3 supported_versions test coverage (verified library already handles it correctly)
|
||||
- 9 new unit tests for SYN handling, TCP reassembly, TLS 1.3, and fragmentation metadata
|
||||
|
||||
* Thu Mar 05 2026 Jacquin Antoine <rpm@arkel.fr> - 1.1.12-1
|
||||
- FIX: Remove JA4SENTINEL_LOG_LEVEL env override (architecture violation, log_level YAML-only)
|
||||
- FIX: Add yaml struct tags to Config/AppConfig/OutputConfig (yaml.v3 does not fall back to json tags)
|
||||
|
||||
Reference in New Issue
Block a user