Deprecation Policy

Suricata has many features, and some of those features become less valuable after a period of time. This document describes how to deal with removal of major features.

Supported Features

The deprecation policy only applies to supported features. For features that are not officially supported by the OISF team, no guarantees are given. Such features may break or get removed without warning.

Grace Period

When a feature is to be removed, it will be announced on this page and on the mailing lists. That starts a grace period where the feature will continue to be supported. After 18 months, the feature will be removed in the first major release.

The grace period will be 18 months by default. In some cases a longer or shorter grace period can be used.

Deprecated Features

• outputs
  • eve dns v1 records
    • reason: superseded by v2
    • announced: November 2020
    • removal: May 2022
    • ticket: https://redmine.openinfosecfoundation.org/issues/4137
  • independent json logs covered by eve (alert-json-log, dns-json-log, etc)
    • reason: redundant, use multiple eve instances instead
    • announced: Sep 2019
    • removal: May 2020
    • ticket:  https://redmine.openinfosecfoundation.org/issues/3178
    • removed in 6.0rc1
  • unified2 – legacy binary format
    • reason: superseded by eve.alert
    • announced: December 2017
    • removal: December 2019
    • grace period of 2 years to give existing users & integrators time to adapt
    • ticket: https://redmine.openinfosecfoundation.org/issues/2385
    • removed in 6.0beta1
  • drop.log (drop-log)
    • reason superseded by eve.drop
    • announced: February 2019
    • removal: June 2020
    • ticket: https://redmine.openinfosecfoundation.org/issues/2381
    • removed in 6.0beta1
  • filestore v1
    • reason: superseded by filestore v2
    • announced: May 2019
    • removal: June 2020
    • grace period of 1 year as v2 is stable for quite some time already
    • ticket: https://redmine.openinfosecfoundation.org/issues/2959
    • removed in 6.0beta1
  • dns.log – the text DNS log
    • reason: superseded by eve.dns
    • announced: December 2017
    • removal: June 2019
    • ticket: https://redmine.openinfosecfoundation.org/issues/2297
    • removed in 5.0beta1
  • files-json.log (file-log)
    • reason: superseded by eve.fileinfo
    • announced: December 2017
    • removal: December 2018
    • grace period of 12 months as the eve.fileinfo is also in JSON and has been available for a long time
    • ticket: https://redmine.openinfosecfoundation.org/issues/2376
    • removed in 5.0beta1
• rule keywords
  • ssh.* keywords
    • reason: superseded by faster and more expressive matching logic
    • announced: December 2017
    • removal: June 2019
    • ticket: https://redmine.openinfosecfoundation.org/issues/2377
    • removed in 8.0beta1
• architecture / hardware
  • Tile / Tilera
    • reason: unmaintained, untested and very likely broken
    • announced: December 2017
    • removal: December 2018
    • ticket: https://redmine.openinfosecfoundation.org/issues/2379
    • removed in 5.0beta1
  • CUDA
    • reason: unmaintained, untested and certainly broken
    • announced: December 2017
    • removal: February 2018 (with 4.1 release)
    • short grace period as it’s already broken an no-one has stepped up to help
    • ticket: https://redmine.openinfosecfoundation.org/issues/2382

Changelog

• 2017/12/19: initial version adding dns.log, files-json.log, ssh.*, tilera, CUDA.
• 2017/12/20: added unified2.
• 2019/05/09: update after removing dns.log, files-json.log and Tilera support. Add filestore v1.
• 2019/02/18: drop.log added
• 2019/09/19: add independent json loggers
• 2020/08/07: updated for 6.0beta1 release
• 2020/10/15: updated for 6.0 release