Skip to content

v6.3.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 04 May 22:57
· 79 commits to main since this release
v6.3.1
0663f9c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Installation Instructions | 5.x -> 6.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from Arkime 5 or earlier

Support Arkime's ongoing development! Become a GitHub Sponsor!

✨ What's new 6.3.1 ✨

Capture

  • #3940 Fix ISAKMP parser on UDP/4500 (NAT-T) misparsed ESP packets without the non-ESP marker

Viewer

  • #3942 Fix hiding packets when we shouldn't

✨ What's new 6.3.0 ✨

BREAKING

  • #3911 ArkimeParserBuf_t.buf is now a heap-allocated pointer (uint8_t *buf[2]). You must use pb->bufSize[which] instead of sizeof(pb->buf[which])

All

  • #3920 Log more information on role failures

Capture

  • #3910 Corrupt UDP packets could have invalid byte counts
  • #3910 TCP DNS packets might not be parsed correctly depending on segmentation
  • #3911, #3913 TCP sequence wrapping tests and improvements
  • #3912 Fix IKEv2 encryption/hash parsing
  • #3913 Fix WISE plugin skipping fields after array-typed fields
  • #3913 Fix S3 listing deadlock when bucket/prefix is empty
  • #3914 Fix ASN.1 OID decoding of first arc per X.690
  • #3916 Improved NTP and IS-IS parsing
  • #3917 Improved LUA ip handling
  • #3917 Add DHCPv6 relay parsing
  • #3917 Improved SMB parsing of share/filename
  • #3917 Improved SNMP GetBulkRequest parsing
  • #3917 Extract VNI from GENEVE tunnels
  • #3918 scheme http no longer requires a port (defaults to 80/443)
  • #3918 fix SNMP sessions showing up as LDAP too
  • #3919 Remove ftp protocol if we are sure smtp
  • #3923 Packets with more than 8 VLANs marked as corrupt
  • #3923 UDP packets enforce length correctly
  • #3924, #3930 Remove trailing slash from wiseURL
  • #3927 Cap IMAP/SMTP/HTTP Header buffer lengths
  • #3932 Skip byte-based UDP classifiers on UDP/53 to avoid DNS false-matches
  • #3933 Reassemble TLS ClientHello across multiple QUIC Initial packets
  • #3935 Validate QUIC packet lengths

Cont3xt

  • #3928 Threatstream: ignore per-user host override unless user/key also per-user
  • #3928 csvjson: add 60s timeout and 1GB content/body limits on remote feed loads

Viewer

  • #3898 show error msg in spiview when All selected but not allowed
  • #3906 add copy button to History Elasticsearch Query section
  • #3908 fix download entire pcap missing filename
  • #3921 Fix Cap Restart graph markers, Session Detail labels slider width, Field Actions dropdown, Stats Shrink Index, and shortcut ($) autocomplete in search expression
  • #3928 Cap /api/sessions/summary length parameter at 1000
  • #3931 Remove last manualQuery option which wasn't implemented
  • #3934 Fix not handling sessions correctly with no PCAP

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. A libssl version error means that most likely the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2026. The EL 8 builds will stop in May 2026, please upgrade.

Assets 28
Loading