1include::attributes.adoc[] 2:stylesheet: ws.css 3:linkcss: 4:copycss: {stylesheet} 5 6= Wireshark {wireshark-version} Release Notes 7// Asciidoctor Syntax Quick Reference: 8// https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/ 9 10== What is Wireshark? 11 12Wireshark is the world’s most popular network protocol analyzer. 13It is used for troubleshooting, analysis, development and education. 14 15== What’s New 16 17// The Windows installers now ship with Npcap 1.31. 18// They previously shipped with Npcap 1.10. 19 20// The Windows installers now ship with USBPcap 1.5.X.0. 21// They previously shipped with USBPcap 1.5.4.0. 22 23// The Windows installers now ship with Qt 5.15.2. 24// They previously shipped with Qt 5.12.1. 25 26=== Bug Fixes 27 28The following vulnerabilities have been fixed: 29 30* wssalink:2021-17[] 31RTMPT dissector infinite loop. 32wsbuglink:17745[]. 33cveidlink:2021-4185[]. 34// Fixed in master: 80ebcc90bc 35// Fixed in release-3.6: 614184a7df 36// Fixed in release-3.4: 36c3ff8596 37// CVSS AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 38// CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') 39// * Fuzz job crash output: fuzz-2021-11-23-8582.pcap wsbuglink:17745[]. 40// * Fuzz job crash output: fuzz-2021-11-25-10735.pcap wsbuglink:17749[]. 41 42* wssalink:2021-18[] 43BitTorrent DHT dissector infinite loop. 44wsbuglink:17754[]. 45cveidlink:2021-4184[]. 46// Fixed in master: ebcba787a0 47// Fixed in release-3.6: 6f90eb902e 48// Fixed in release-3.4: ddd4114305 49// CVSS AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 50// CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') 51// * Fuzz job crash output: fuzz-2021-11-29-6844.pcap wsbuglink:17754[]. 52 53* wssalink:2021-19[] 54pcapng file parser crash. 55wsbuglink:17755[]. 56cveidlink:2021-4183[]. 57// Fixed in master: fcf945f747 58// Fixed in release-3.6: 05cda2ad64 59// Fixed in release-3.4: n/a 60// CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 61// CWE-126 62// * heap-buffer-overflow in pcapng_process_options wsbuglink:17755[]. 63 64* wssalink:2021-20[] 65RFC 7468 file parser infinite loop. 66wsbuglink:17801[]. 67cveidlink:2021-4182[]. 68// Fixed in master: b3215d99ca 69// Fixed in release-3.6: 918ca332e8 70// Fixed in release-3.4: 33ff19e11f 71// CVSS AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 72// CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') 73// * Freeze on opening an incomplete RFC 7468 file wsbuglink:17801[]. 74 75* wssalink:2021-21[] 76Sysdig Event dissector crash. 77// wsbuglink:xxxxx[]. 78cveidlink:2021-4181[]. 79// Fixed in master: c22b8bcb5f 80// Fixed in release-3.6: a09a47036b 81// Fixed in release-3.4: d2436f19a3 82// CVSS AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 83// CWE-126: Buffer Over-read 84 85* wssalink:2021-22[] 86Kafka dissector infinite loop. 87wsbuglink:17811[]. 88// cveidlink:2021-xxxx[]. 89// Fixed in master: x 90// Fixed in release-3.6: x 91// Fixed in release-3.4: n/a 92// CVSS AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 93// CWE-834: Excessive Iteration 94 95The following bugs have been fixed: 96 97//* wsbuglink:5000[] 98//* wsbuglink:6000[Wireshark bug] 99//* cveidlink:2014-2486[] 100//* Wireshark keeps banging out random chords on your piano and yelling “LIPS LIKE SUGUAR, SUGAR KISSES” because it was funny that one time at a party. 101 102* Allow sub-second timestamps in hexdumps wsbuglink:15562[]. 103 104* GRPC: An unnecessary empty Protobuf tree item is displayed if the GRPC message body length is 0 wsbuglink:17675[]. 105 106* Can't install "ChmodBPF.pkg" or "Add Wireshark to the system path.pkg" on M1 MacBook Air Monterey without Rosetta 2 wsbuglink:17757[]. 107 108* TECMP: LIN Payload is cut off by 1 byte wsbuglink:17760[]. 109 110* Wireshark crashes if a 64 bit field of type BASE_CUSTOM is applied as a column wsbuglink:17762[]. 111 112* Command line option "-o console.log.level" causes wireshark and tshark to exit on start wsbuglink:17763[]. 113 114* Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture wsbuglink:17764[]. 115 116* Unable to build without tshark wsbuglink:17766[]. 117 118* IEEE 802.11 action frames are not getting parsed and always seen as malformed wsbuglink:17767[]. 119 120* IEC 60870-5-101 link address field is 1 byte, but should have configurable length of 0,1 or 2 bytes wsbuglink:17775[]. 121 122* dfilter: 'tcp.port not in {1}' crashes Wireshark wsbuglink:17785[]. 123 124=== New and Updated Features 125 126* The 'console.log.level' preference was removed in Wireshark 3.6.0. 127This release adds an '-o console.log.level:' backward-compatibilty option on the CLI that maps to the new logging sub-system. 128Note that this does not have bitmask semantics and does not correspond to any actual preference. 129It is just a transition mechanism for users that were relying on this CLI option and will be removed in the future. 130To see the new diagnostic output options consult the manpages or the output of '--help'. 131 132// === Removed Features and Support 133 134// === Removed Dissectors 135 136=== New Protocol Support 137 138There are no new protocols in this release. 139 140=== Updated Protocol Support 141 142// Add one protocol per line between the -- delimiters. 143// ag -A1 '(define PSNAME|proto_register_protocol[^_])' $(git diff --name-only v3.4.9.. | ag packet- | sort -u) 144[commaize] 145-- 146ANSI A I/F 147AT 148BitTorrent DHT 149FF 150GRPC 151IEC 101/104 152IEEE 802.11 153IEEE 802.11 Radiotap 154IPsec 155Kafka 156QUIC 157RTMPT 158RTSP 159SRVLOC 160Sysdig Event 161TECMP 162-- 163 164=== New and Updated Capture File Support 165 166// There is no new or updated capture file support in this release. 167// Add one file type per line between the -- delimiters. 168[commaize] 169-- 170BLF 171RFC 7468 172-- 173 174=== New File Format Decoding Support 175 176There is no new or updated file format support in this release. 177// Add one file type per line between the -- delimiters. 178// [commaize] 179// -- 180// -- 181 182 183// === New and Updated Capture Interfaces support 184 185//_Non-empty section placeholder._ 186 187// === Major API Changes 188 189== Getting Wireshark 190 191Wireshark source code and installation packages are available from 192https://www.wireshark.org/download.html. 193 194=== Vendor-supplied Packages 195 196Most Linux and Unix vendors supply their own Wireshark packages. 197You can usually install or upgrade Wireshark using the package management system specific to that platform. 198A list of third-party packages can be found on the 199https://www.wireshark.org/download.html[download page] 200on the Wireshark web site. 201 202== File Locations 203 204Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. 205These locations vary from platform to platform. 206You can use menu:Help[About Wireshark,Folders] or `tshark -G folders` to find the default locations on your system. 207 208== Getting Help 209 210The User’s Guide, manual pages and various other documentation can be found at 211https://www.wireshark.org/docs/ 212 213Community support is available on 214https://ask.wireshark.org/[Wireshark’s Q&A site] 215and on the wireshark-users mailing list. 216Subscription information and archives for all of Wireshark’s mailing lists can be found on 217https://www.wireshark.org/lists/[the web site]. 218 219Bugs and feature requests can be reported on 220https://gitlab.com/wireshark/wireshark/-/issues[the issue tracker]. 221 222// Official Wireshark training and certification are available from 223// https://www.wiresharktraining.com/[Wireshark University]. 224 225== Frequently Asked Questions 226 227A complete FAQ is available on the 228https://www.wireshark.org/faq.html[Wireshark web site]. 229