From 6de20c63d4c3835122b65aeadacefabd3a7634b1 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 13 Jan 2026 16:20:57 -0500
Subject: [PATCH 1/4] Update VERSION

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index 86df31761..4f09e82ad 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.4.200
+2.4.201

From 3fb153c43e75bcf804458ab9ed458f4e97b061ac Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 13 Jan 2026 16:41:39 -0500
Subject: [PATCH 2/4] Add support for version 2.4.201 upgrades

---
 salt/manager/tools/sbin/soup | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 06fdbd70f..87de5baf0 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -427,6 +427,7 @@ preupgrade_changes() {
     [[ "$INSTALLEDVERSION" == 2.4.170 ]] && up_to_2.4.180
     [[ "$INSTALLEDVERSION" == 2.4.180 ]] && up_to_2.4.190
     [[ "$INSTALLEDVERSION" == 2.4.190 ]] && up_to_2.4.200
+    [[ "$INSTALLEDVERSION" == 2.4.200 ]] && up_to_2.4.201
     true
 }
 
@@ -459,6 +460,7 @@ postupgrade_changes() {
     [[ "$POSTVERSION"  == 2.4.170 ]] && post_to_2.4.180
     [[ "$POSTVERSION"  == 2.4.180 ]] && post_to_2.4.190
     [[ "$POSTVERSION"  == 2.4.190 ]] && post_to_2.4.200
+    [[ "$POSTVERSION"  == 2.4.200 ]] && post_to_2.4.201
     true
 }
 
@@ -645,6 +647,11 @@ post_to_2.4.200() {
   POSTVERSION=2.4.200
 }
 
+post_to_2.4.201() {
+  echo "Nothing to apply"
+  POSTVERSION=2.4.201
+}
+
 repo_sync() {
   echo "Sync the local repo."
   su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
@@ -1317,6 +1324,12 @@ so-yaml.py removelistitem /etc/salt/master file_roots.base /opt/so/rules/nids
 
 }
 
+up_to_2.4.201() {
+  echo "Nothing to do for 2.4.201"
+
+  INSTALLEDVERSION=2.4.201
+}
+
 determine_elastic_agent_upgrade() {
   if [[ $is_airgap -eq 0 ]]; then
     update_elastic_agent_airgap

From e4225d6e9b0929d7f1eadde1d2da1f975b467252 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Thu, 15 Jan 2026 10:40:21 -0500
Subject: [PATCH 3/4] 2.4.201

---
 DOWNLOAD_AND_VERIFY_ISO.md                  |  22 ++++++++++----------
 sigs/securityonion-2.4.201-20260114.iso.sig | Bin 0 -> 566 bytes
 2 files changed, 11 insertions(+), 11 deletions(-)
 create mode 100644 sigs/securityonion-2.4.201-20260114.iso.sig

diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md
index a8d270efc..30da22f2f 100644
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,17 +1,17 @@
-### 2.4.200-20251216 ISO image released on 2025/12/16
+### 2.4.201-20260114 ISO image released on 2026/1/15
 
 
 ### Download and Verify
 
-2.4.200-20251216 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.200-20251216.iso
+2.4.201-20260114 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.201-20260114.iso
  
-MD5: 07B38499952D1F2FD7B5AF10096D0043  
-SHA1: 7F3A26839CA3CAEC2D90BB73D229D55E04C7D370  
-SHA256: 8D3AC735873A2EA8527E16A6A08C34BD5018CBC0925AC4096E15A0C99F591D5F  
+MD5: 20E926E433203798512EF46E590C89B9  
+SHA1: 779E4084A3E1A209B494493B8F5658508B6014FA  
+SHA256: 3D10E7C885AEC5C5D4F4E50F9644FF9728E8C0A2E36EBB8C96B32569685A7C40  
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.200-20251216.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.201-20260114.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.200-20251216.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.201-20260114.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.200-20251216.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.201-20260114.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.200-20251216.iso.sig securityonion-2.4.200-20251216.iso
+gpg --verify securityonion-2.4.201-20260114.iso.sig securityonion-2.4.201-20260114.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Mon 15 Dec 2025 05:24:11 PM EST using RSA key ID FE507013
+gpg: Signature made Wed 14 Jan 2026 05:23:39 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
diff --git a/sigs/securityonion-2.4.201-20260114.iso.sig b/sigs/securityonion-2.4.201-20260114.iso.sig
new file mode 100644
index 0000000000000000000000000000000000000000..6a24a3e25055a7f06111a049e52bdf319a337774
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j-41gSkXz6^6dp_W8^5Ma0dP;e6k0%>R$YXAxf5PT3|
zxBgIY6Oqgh|8r4Nn&}D$Wwsi^mnzhuFBRZ7fQ<wA7?WHhkBtwY@eMn?8SsF*#5lg6
zV^Hi7f2y@x^tzS0;!dCIF4naH8l94X_Xr)P&1-*_SPzmDr$GRt2q(YESSlyGrG~nO
zbU?!mm?K5(Vv?PFRGqMo>PT9375+PBk_k?eJ)j_j_E2Eu-ZNsb?G{BUXR*Niea0r`
zLogeB+K=(w&ZFFamtOE`9ncxqdsk_?rsMc=T${hDb~-_$JLK%mebq)5JJV6CKGfN!
zawd}y0~^sfM?~Fgd1u(p^WWH&$~r-=BFSe~MjFj1{C4$eDGsNmglO`N`L+ZoGRH2+
zKBy^_*t5@)Zzt?d8T-zAK!@R6@#e}xcOT%?*3D2ypNJJOCr=icHD*FOfixqf0fxcP
z#uPluPUwJ{QlrGp@2<Rj4A*t#=+ytFe^!OJeo_mqg#JGK$LzG1&D~-s+&{?#cZTLl
z3$bD}D(GPR?}WZ}X4Jn<%K10EV%KVc9K#sDjJh1L4!GmNKd6sA5<r1&n380}ZLSC%
z8Lr+CLai+UaGJsc&8;yzvl=hw3g_8}5hg6>))2MIDP77VI^Jp*s~H9)J|uDPYwC&d
z@H^qsS9fZ$)^qSTy}ZcB?Y|G?P~LgVGsWsWUjXrRov2Kn=>~LJsdF*u86k1Q;w>G%
EFy~zqZ~y=R

literal 0
HcmV?d00001


From 0da0788e6bca21f176d223c5cc5034beb787ea26 Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Thu, 15 Jan 2026 14:56:36 -0500
Subject: [PATCH 4/4] move function to be with the rest of its friends

---
 salt/manager/tools/sbin/soup | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 95af55903..1a6223558 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -942,6 +942,12 @@ up_to_2.4.200() {
   INSTALLEDVERSION=2.4.200
 }
 
+up_to_2.4.201() {
+  echo "Nothing to do for 2.4.201"
+
+  INSTALLEDVERSION=2.4.201
+}
+
 up_to_2.4.210() {
   # Elastic Update for this release, so download Elastic Agent files
   determine_elastic_agent_upgrade
@@ -1345,12 +1351,6 @@ so-yaml.py removelistitem /etc/salt/master file_roots.base /opt/so/rules/nids
 
 }
 
-up_to_2.4.201() {
-  echo "Nothing to do for 2.4.201"
-
-  INSTALLEDVERSION=2.4.201
-}
-
 determine_elastic_agent_upgrade() {
   if [[ $is_airgap -eq 0 ]]; then
     update_elastic_agent_airgap