Suricata Newsletter for June 2026

Welcome

Hello, and welcome to the June 2026 edition of the Suricata Newsletter!

Please consider subscribing to this newsletter by email. To do so, head on over to https://newsletter.suricata.io/ and enter your email address.

Message from OISF’s President, Kelley Misata

As we head into summer, the OISF team is in a wildly productive rhythm. We’re pushing hard on everything ahead while also making sure everyone takes some well-deserved time to recharge and enjoy the summer months. Both matter - because at the heart of Suricata is this team and our community.

A few things to highlight since March. The team has been out and visible - from RSA and the Cyber Risk Alliance Summit in Boston, to FOSS events in India, security conferences in Brazil, and more. Wherever we show up, we bring Suricata stickers and good conversations about where open source network security is headed. If you’re heading to Black Hat this August, reach out, we’ll be there too!

We are thrilled to welcome Aviatrix as our newest consortium member! Aviatrix brings deep expertise in cloud networking, and having them in the Suricata ecosystem is genuinely exciting. Their membership is a direct investment in Suricata and the community, and a reminder of why building this consortium matters. Welcome, Aviatrix, we’re so glad you’re here!

On the team front, we’re moving towards growth! Following our time together in Salzburg this spring, we’re looking to add more developers to keep pace with the demands on Suricata development - more to come on that soon. And speaking of Salzburg, as many who know us, there is nothing quite like getting this team in the same room. It’s where the big ideas happen, where the roadmap takes shape, and yes, where a few beers are enjoyed along the way. That time together is not a luxury; it’s essential to the health of this project and the code the world depends on.

AI is on everyone’s minds - and ours too. We’ve been listening to what our consortium members and the broader open source community are working through, and we’re doing our own work: updating policies, revisiting contribution agreements, and watching what others are figuring out. We’ll be reaching out and letting folks know when and what changes you need to be aware of. We don’t have all the answers yet. What I can tell you is where we stand - embracing what AI makes possible while keeping humans in the loop. Innovation driven by responsible governance.

Message from Suricata Lead Developer, Victor Julien

We’re really starting to see some of the effects of AI (LLM). First, we see it in the volume of security reports. Where previously we found most issues ourselves through the OSS-Fuzz program, now the majority come in as reports through our reporting channel. It’s clear that these reports are created with the help of AI tooling. Some of the reports are really good and valuable, while others are less severe or we see them as plain bugs. The increased volume is forcing us to change our processes to avoid too much strain on the team, so bear with us while we sort things out.

As a result, we’ve seen more security issues fixed in the last releases and we expect that this trend will continue. So it’s even more important today to stay current and install the latest patch releases.

Another area where we see AI change things is in contributions. Both in Suricata and Suricate-Verify we see a higher volume of PRs. Here too we’re updating our policies to deal with the load.

Another thing to mention is that Suricata 7 is reaching end-of-life status soon. The upcoming 7.0.17 is the last release we have planned. With the increased volume in security reports, it is extra important to migrate to Suricata 8 without delay.

Finally, as a team we’re working hard to improve the Firewall mode. Many of the improvements are backported to 8, but if you’re interested in experimenting with the main branch is the place to be. Other than it being an exciting feature, it is also very helpful in finding blind spots and weaknesses in the general code base. A default drop mode is quite unforgiving. The fixes towards those issues benefit IDS and IPS modes as well.

SuriCon

• The call for talks is over. As usual, we received an exciting number of submissions that have us hyped for the presentations, and are assembling the line-up. Thank you all, and stay tuned for the agenda!
• Tickets are still available, including the SuriCon + 2-day training discounted bundle. Pick one of our 3 training sessions, and enjoy the most of a Suricata-immersion week. See https://suricon.net for more information.
  • We also want to acknowledge past-SuriCon attendees: if you’ve been to a SuriCon in the past, you should have received an email with a 10% discount valid until August 1st. Don’t miss out! (And if yours hasn’t reached you, message us at suricon@oisf.net and we’ll sort it out.)
• Thanks to OPNsense, Léargas, Catena Cyber, Corelight, Stamus Networks, ENEA, and AWS for already sponsoring!
• There is still time to sponsor: help us make SuriCon great for our community!

Release Announcements

On May 19, 2026, Suricata 8.0.5 and 7.0.16 were released, fixing several security issues. Please upgrade as soon as possible. See the release announcement at https://forum.suricata.io/t/suricata-8-0-5-and-7-0-16-released.

Note that Suricata 7.0 will be end of life this July. Please see our EOL Policy for more details.

Recent Suricata and OISF Blog Posts

• Suricata Keyword Highlight: subslice by Jeff Lucovsky.

Upcoming Events and Webinars

• Members of the Suricata team will be presenting at Black Hat Arsenal this August:
  • Suricata 8: Discover the Difference in Network Detection on Wednesday, August 5th, with Peter Manev, Jeff Lucovsky, and Lukáš Šišmiš.
  • Suricata Turbo: Let Your NIC Drop the Flows Suricata Won’t Miss on Thursday, August 6th, with Lukáš Šišmiš.
• Juliana will be volunteering at BSides Porto, on June 27. If you’re around, come say hi, grab a few stickers, and talk about meeting again in Lisbon!

Recent Webinars and Events

• In March’s issue of the Suricata Newsletter, we reported that the OISF’s own Shivani had given a talk at FOSSAsia Summit 2026. The video is now available! See https://www.youtube.com/watch?v=BR6yephaXjs
• Victor Julien presented “Suricata: 10 years later” at NLUUG Spring Conference 2026, on May 7. Watch the recording: https://www.youtube.com/watch?v=TyjGVdVe8lE

Development News

The team is hard at work on Suricata 9.0. In the last few months, the following new features and capabilities have been merged:

• Lots of enhancements to firewall mode, too many to list!
• LLMNR protocol support
• SCTP enhancements
• Dataset subdomain matching
• New subslice transform, see Suricata Keyword Highlight: subslice
• More Rust bindings to Suricata life-cycle callbacks

There is still time to give your feedback on what you’d like to see in Suricata 9.0. Let us know in the forum or on our issue tracker.

Our security policy has also received an update, commit 68c9b63831d611e7dca223692db3228fe860d553.

And as noted in the message from Victor Julien, we are actively working on policies and guidelines around the usage of AI.

In the Community

• Experimental ICAP support using libsuricata: Update on ICAP integration proposal: Working implementation of SSLproxy (icap branch) & icapsuricata (libsuricata service)

Special Thanks

Contributors: alinse-pltzr, Eric Leblond, Sergey Pinaev

Bug and security reports: Alexey Monastyrskiy, Alexandre de Oliveira, Ben Jackson, Léopold Ouairy, Michael Dickenson, NebuSec, Nils Eiling (@C4S3), Olu Adeleke, Pablo Ruiz (@pruiz), Sebastián Alba (@Sebasteuo), Sergey Pinaev, Sreejith Gopinath, Tarun Yadav, Trail of Bits in collaboration with Anthropic, wooseokdotkim, Xiaojin Peng, Yash Datre

Please Stay Connected

• Mastodon
• Bluesky
• YouTube
• LinkedIn
• Discord