Merge pull request #15732 from Security-Onion-Solutions/hotfix/2.4.211

Hotfix 2.4.211
Merge pull request #15731 from Security-Onion-Solutions/hf211
2026-04-08 05:42:10 +02:00 · 2026-04-07 13:19:57 -04:00 · 2026-04-07 11:38:52 -04:00 · 2026-04-07 11:27:57 -04:00 · 2026-04-06 14:29:00 -04:00 · 2026-04-06 14:26:25 -04:00
5 changed files with 26 additions and 16 deletions
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,17 +1,17 @@
-### 2.4.211-20260312 ISO image released on 2026/03/12
+### 2.4.211-20260407 ISO image released on 2026/04/07


 ### Download and Verify

-2.4.211-20260312 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso
+2.4.211-20260407 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260407.iso
 
-MD5: 7082210AE9FF4D2634D71EAD4DC8F7A3  
-SHA1: F76E08C47FD786624B2385B4235A3D61A4C3E9DC  
-SHA256: CE6E61788DFC492E4897EEDC139D698B2EDBEB6B631DE0043F66E94AF8A0FF4E  
+MD5: 35ECDD0BC10E56874D9F5725CA6C5888  
+SHA1: 30CE6CB0ED0059A3260368E4F296B8DBA381F9CD  
+SHA256: 185D8CF49CD3BFDD8876B8DDE48343DA90804B0C0EC3EADF0AD90D29C55E72B7  

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260407.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260407.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260407.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.211-20260312.iso.sig securityonion-2.4.211-20260312.iso
+gpg --verify securityonion-2.4.211-20260407.iso.sig securityonion-2.4.211-20260407.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 11 Mar 2026 03:05:09 PM EDT using RSA key ID FE507013
+gpg: Signature made Mon 06 Apr 2026 02:58:51 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-
+20260407
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -10,7 +10,7 @@
 {%   from 'suricata/map.jinja' import SURICATAMERGED %}
 {%   from 'bpf/suricata.map.jinja' import SURICATABPF, SURICATA_BPF_STATUS, SURICATA_BPF_CALC %}

-{%   if GLOBALS.pcap_engine in ["SURICATA", "TRANSITION"] %}
+{%   if GLOBALS.pcap_engine == "SURICATA" %}
 {%     from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS, PCAP_BPF_CALC %}
 # BPF compilation and configuration
 {%     if PCAPBPF and not PCAP_BPF_STATUS %}
--- a/salt/suricata/map.jinja
+++ b/salt/suricata/map.jinja
@@ -11,9 +11,19 @@
 {# before we change outputs back to list, enable pcap-log if suricata is the pcapengine #}
 {% if GLOBALS.pcap_engine in ["SURICATA", "TRANSITION"] %}

-{%   from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS %}
-{%   if PCAPBPF and PCAP_BPF_STATUS %}
-{%     do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
+{%   if GLOBALS.pcap_engine == "SURICATA" %}
+{%     from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS %}
+{%     if PCAPBPF and PCAP_BPF_STATUS %}
+{%       do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
+{%     endif %}
+{%   elif GLOBALS.pcap_engine == "TRANSITION" %}
+{%     import_yaml 'bpf/defaults.yaml' as BPFDEFAULTS %}
+{%     set BPFMERGED = salt['pillar.get']('bpf', BPFDEFAULTS.bpf, merge=True) %}
+{%     import 'bpf/macros.jinja' as MACROS %}
+{{     MACROS.remove_comments(BPFMERGED, 'pcap') }}
+{%     if BPFMERGED.pcap %}
+{%       do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': BPFMERGED.pcap|join(" ")}) %}
+{%     endif %}
 {%   endif %}

 {%   set PCAP = salt['pillar.get']('pcap', {'enabled': false}) %}
--- a/sigs/securityonion-2.4.211-20260407.iso.sig
+++ b/sigs/securityonion-2.4.211-20260407.iso.sig
Author	SHA1	Message	Date
Mike Reeves	55af7eb541	Merge pull request #15732 from Security-Onion-Solutions/hotfix/2.4.211 Hotfix 2.4.211	2026-04-07 13:19:57 -04:00
Mike Reeves	ece7cdac04	Merge pull request #15731 from Security-Onion-Solutions/hf211 2.4.211 hotfix	2026-04-07 11:38:52 -04:00
Mike Reeves	b63d5e4c83	2.4.211 hotfix	2026-04-07 11:27:57 -04:00
Mike Reeves	0f97249009	Merge pull request #15726 from Security-Onion-Solutions/cherry-pick/suricata-bpf-hotfix-2.4.211 Cherry-pick suricata bpf fix and HOTFIX update	2026-04-06 14:29:00 -04:00
Josh Patterson	043feee4c0	update HOTFIX	2026-04-06 14:26:25 -04:00
Josh Patterson	c3707dc814	fix suricata bpf for transition mode	2026-04-06 14:26:25 -04:00