Download Latest Version v7.2.2 source code.tar.gz (29.8 MB)
Email in envelope

Get an email when there's a new version of Zeek

Home / v7.0.9
Name Modified Size InfoDownloads / Week
Parent folder
zeek-7.0.9.tar.gz.asc 2025-07-21 833 Bytes
0
zeek-7.0.9.tar.gz 2025-07-21 96.0 MB
0
README.md 2025-07-21 1.5 kB
0
v7.0.9 source code.tar.gz 2025-07-21 30.2 MB
0
v7.0.9 source code.zip 2025-07-21 34.0 MB
0
Totals: 5 Items   160.1 MB 0

We would like to thank @cccs-jsjm, @edoardomich, and the Canadian Cyber Defence Collective for their contributions to this release.

This release fixes the following security issue:

  • Very large log records can cause Zeek to overflow memory and potentially crash. Due to the possibility of building these log records with packets from remote hosts, this is a DoS risk. The fix adds additional length checking when serializing log data for writing to logging streams. This can be controlled via a new Log::max_log_record_size redefinable constant, and reports a new log_record_too_large weird if the limitation is reached for any individual log entry. There is an also a new log-writer-discarded-writes metric that tracks when this limitation is reached.

This release fixes the following bugs:

  • The response to BDAT LAST was never recognized by the SMTP analyzer, resulting in the BDAT LAST commands not being logged in a timely fashion and receiving the wrong status. Zeek now correctly reports these commands.

  • The Docker images for zeek 7.0 releases now include the net-tools (for iproute2) package to silience a warning from zeekctl. They also now include the procps package (for top) to ensure the zeekctl top command works correctly.

  • The ZeekJS submodule was updated to v0.18.0. This version fixes a compilation error with debug builds and GCC 15.1, as well as adding future support for Node v24.

Source: README.md, updated 2025-07-21