Suricata 8.0.0 rc1 Release Notes
We are pleased to announce our first release candidate of the Suricata 8.0 release! We have reached a feature freeze point for Suricata 8 and will primarily focus on addressing feedback, bugs, and documentation tickets until the release of Suricata 8.0.0, planned for July 8, 2025.
Here are the main highlights since the release of Suricata-8.0.0 beta1.
Suricata major releases also require a significant amount of joint effort from our community, and we appreciate all your work in continuing to improve and make Suricata better. 
Download: https://www.openinfosecfoundation.org/download/suricata-8.0.0-rc1.tar.gz
Signature: https://www.openinfosecfoundation.org/download/suricata-8.0.0-rc1.tar.gz.sig
All tickets for Suricata 8.0.0-rc1: 8.0.0-rc1 - Suricata - Open Information Security Foundation
Check the Suricata 8.0.0 Roadmap: https://roadmap.suricata.io/
Highlights
Suricata Lib
The Suricata library API is set for Suricata 8. There have been many changes (adding SC prefix) to functions and data structures. There should be no changes to the API/ABI between now and the final release (unless absolutely necessary).
Protocols
- Multicast DNS (mDNS)
Detection Improvements
- New rule keywords for:
- mime/email
- Ftp
- Pgsql
- TCP: tcp.wscale
- mDNS
- New transform: luaxform;
- Data JSON for datasets: Enrich alerts using metadata in datasets
- Entropy keyword
Output
- TLS (log extensions), entropy (triggered by keyword), and more.
Firewall Mode (experimental)
- Added pre_flow and pre_stream hooks to be able to drop packets before state updates
- Misc improvements and fixes
Lua
The conversion of the Lua API to Lua library style imports has been completed. All documented Lua functions have been ported over. See 18.3. Lua Libraries — Suricata 8.0.0-rc1 documentation for the list of libraries.
Deployments/ Performance
The threading.cpu-affinity configuration now supports per-interface definitions (interface-specific-cpu-set), enabling precise CPU pinning in multi-NUMA systems by aligning worker threads with the NUMA node of each NIC. When built with the hwloc library, Suricata can automatically assign threads using the new autopin feature, selecting CPU cores from the NUMA node where the interface resides, up to the number of threads specified per interface. These enhancements apply across all supported capture methods, including DPDK and AF-PACKET.
How you can help
Testing
If your work depends on Suricata as a rule-writer, integrator, output consumer, or any other way, please reserve some time to test the main features that could impact you.
We’re eager to hear your feedback, especially in time to address any necessary fixes before the release of Suricata 8.0.0.
Feedback
Feedback on bugs, unexpected behavior changes, broken logs, missing documentation, or more is super welcome.
If you are a library user or a potential library user, please check out the example of library usage. Does it, along with enhancements to dynamic registration of callbacks, meet your needs?
Please share use cases or reports, preferably on Redmine: Issues - Suricata - Open Information Security Foundation.
Special thanks
Major contributors to Suricata 8.0.0-rc1 were:
- Eric Leblond
- Alice Akaki
Complete list of contributors for 8.0.0-rc1:
James, Jason Taylor, Pierre Chifflier, Richard McConnell, Coverity, Outreachy, OSS-Fuzz.
SuriCon
This year’s Suricata Community Conference will happen in Montreal, Canada, from November 19 to 21.
Our conference is a great place to present exciting work or research done with Suricata.
Come share yours with us! The Call for Talks has been extended, but not for long! Call for Talks – SURICON.
Sponsors are welcome! Check conference details, sponsorship opportunities, and more at https://suricon.net/.
About Suricata
Suricata is a high-performance Network Threat Detection, IDS, IPS, and Network Security Monitoring engine. Open-source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors, and the community.
Don’t want to miss news about the release? Stay up-to-date with the latest around Suricata releases, community finds, and SuriCon with the Suricata quarterly newsletter: https://newsletter.suricata.io/.