path: root/docbook/release-notes.asciidoc

= Wireshark wireshark-version:[] Release Notes
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc

== What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

== What's New

=== Bug Fixes

The following vulnerabilities have been fixed:

* ws-salink:2016-01[]
+
DLL hijacking vulnerability.
//(ws-buglink:XXXX[])
cve-idlink:2016-2521[]
// Fixed in master: 4a79cf2
// Fixed in master-2.0: b33f4c8
// Fixed in master-1.12: f8d67cf

* ws-salink:2016-02[]
+
ASN.1 BER dissector crash.
(ws-buglink:11828[])
cve-idlink:2016-2522[]
// Fixed in master: 9b2f3f7
// Fixed in master-2.0: 1942c8a

* ws-salink:2016-03[]
+
DNP dissector infinite loop.
(ws-buglink:11938[])
cve-idlink:2016-2523[]
// Fixed in master: 260afe1
// Fixed in master-2.0: 0cc86bb
// Fixed in master-1.12: 0ca7445

* ws-salink:2016-04[]
+
X.509AF dissector crash.
(ws-buglink:12002[])
cve-idlink:2016-2524[]
// Fixed in master: 5a8020a
// Fixed in master-2.0: 1f4977b

* ws-salink:2016-05[]
+
HTTP/2 dissector crash.
(ws-buglink:12077[])
cve-idlink:2016-2525[]
// Fixed in master: 3fe16e1
// Fixed in master-2.0: 22a24bc

* ws-salink:2016-06[]
+
HiQnet dissector crash.
(ws-buglink:11983[])
cve-idlink:2016-2526[]
// Fixed in master: 69a679c
// Fixed in master-2.0: 325fb1a

* ws-salink:2016-07[]
+
3GPP TS 32.423 Trace file parser crash.
(ws-buglink:11982[])
cve-idlink:2016-2527[]
// Fixed in master: 140aad0
// Fixed in master-2.0: 10d4c85

* ws-salink:2016-08[]
+
LBMC dissector crash.
(ws-buglink:11984[])
cve-idlink:2016-2528[]
// Fixed in master: 1c090e9
// Fixed in master-2.0: 32fc1bc

* ws-salink:2016-09[]
+
iSeries file parser crash.
(ws-buglink:11985[])
cve-idlink:2016-2529[]
// Fixed in master: 96d585a
// Fixed in master-2.0: 83dd13c

* ws-salink:2016-10[]
+
RSL dissector crash.
(ws-buglink:11829[])
cve-idlink:2016-2530[]
cve-idlink:2016-2531[]
// Fixed in master: 2930d31, de65fd6
// Fixed in master-2.0: aba3635, 0865707
// Fixed in master-1.12: f899e8a, 08d1876

* ws-salink:2016-11[]
+
LLRP dissector crash.
(ws-buglink:12048[])
cve-idlink:2016-2532[]
// Fixed in master: 4a2cd6c
// Fixed in master-2.0: 38a01c8
// Fixed in master-1.12: 74085a5

* ws-salink:2016-12[]
+
Ixia IxVeriWave file parser crash.
(ws-buglink:11795[])
//cve-idlink:2015-XXXX[]
// Fixed in master: e395633, 40fe88d
// Fixed in master-2.0: 5124ebb, 14ee62e

* ws-salink:2016-13[]
+
IEEE 802.11 dissector crash.
(ws-buglink:11818[])
//cve-idlink:2015-XXXX[]
// Fixed in master: 8276a88
// Fixed in master-2.0: 6c91f52

* ws-salink:2016-14[]
+
GSM A-bis OML dissector crash.
(ws-buglink:11825[])
//cve-idlink:2015-XXXX[]
// Fixed in master: c31425f
// Fixed in master-2.0: 9bc329b
// Fixed in master-1.12: 1d5f600

* ws-salink:2016-15[]
+
ASN.1 BER dissector crash.
(ws-buglink:12106[])
//cve-idlink:2015-XXXX[]
// Fixed in master: 55b5b7c
// Fixed in master-2.0: 271b10d
// Fixed in master-1.12: c43f94f

* ws-salink:2016-16[]
+
SPICE dissector large loop.
(ws-buglink:12151[])
//cve-idlink:2015-XXXX[]
// Fixed in master: 48de5c5
// Fixed in master-2.0: ddeba68

* ws-salink:2016-17[]
+
NFS dissector crash.
//(ws-buglink:xxxxx[])
//cve-idlink:2015-XXXX[]
// Fixed in master: f897899
// Fixed in master-2.0: 20304a4

* ws-salink:2016-18[]
+
ASN.1 BER dissector crash.
(ws-buglink:11822[])
//cve-idlink:2015-XXXX[]
// Fixed in master: 9ff932b
// Fixed in master-2.0: 307bbd2
// Fixed in master-1.12: 8f7a26e

The following bugs have been fixed:

//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* cve-idlink:2016-7000[]
//* Wireshark insists on calling you on your land line which is keeping you from abandoning it for cellular. (ws-buglink:0000[])
// cp /dev/null /tmp/buglist.txt ; for bugnumber in `git log --stat v2.0.2rc0..| grep ' Bug:' | cut -f2 -d: | sort -n -u ` ; do gen-bugnote $bugnumber; pbpaste >> /tmp/buglist.txt; done

* HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP streams" option is enabled. (ws-buglink:9848[])

* Questionable calling of ethernet dissector by encapsulating protocol dissectors. (ws-buglink:9933[])

* [Qt & Legacy & probably TShark too] Delta Time Conversation column is empty. (ws-buglink:11559[])

* extcap: abort when validating capture filter for DLT 147. (ws-buglink:11656[])

* Missing columns in Qt Flow Graph. (ws-buglink:11710[])

* Interface list doesn't show well when the list is very long. (ws-buglink:11733[])

* Unable to use saved Capture Filters in Qt UI. (ws-buglink:11836[])

* extcap: Capture interface options snaplen, buffer and promiscuous not being used. (ws-buglink:11865[])

* Improper RPC reassembly (ws-buglink:11913[])

* GTPv1 Dual Stack with one static and one Dynamic IP. (ws-buglink:11945[])

* Wireshark 2.0.1 MPLS dissector not decoding payload when control word is present in pseudowire. (ws-buglink:11949[])

* "...using this filter" turns white (not green or red). Plus dropdown arrow does nothing. (ws-buglink:11950[])

* EIGRP field eigrp.ipv4.destination does not show the correct destination. (ws-buglink:11953[])

* tshark -z conv,type[,filter] swapped frame / byte values from / to columns. (ws-buglink:11959[])

* The field name nstrace.tcpdbg.tcpack should be nstrace.tcpdbg.tcprtt. (ws-buglink:11964[])

* 6LoWPAN IPHC traffic class not decompressed correctly. (ws-buglink:11971[])

* Crash with snooping NFS file handles. (ws-buglink:11972[])

* 802.11 dissector fails to decrypt some broadcast messages. (ws-buglink:11973[])

* Wireshark hangs when adding a new profile. (ws-buglink:11979[])

* Issues when closing the application with a running capture without packets. (ws-buglink:11981[])

* New Qt UI lacks ability to step through multiple TCP streams with Analyze > Follow > TCP Stream. (ws-buglink:11987[])

* GTK: plugin_if_goto_frame causes Access Violation if called before capture file is loaded. (ws-buglink:11989[])

* Wireshark 2.0.1 crash on start. (ws-buglink:11992[])

* Wi-Fi 4-way handshake 4/4 is displayed as 2/4. (ws-buglink:11994[])

* ACN: acn.dmx.data has incorrect type. (ws-buglink:11999[])

* editcap packet comment won't add multiple comments. (ws-buglink:12007[])

* DICOM Sequences no longer able to be expanded. (ws-buglink:12011[])

* Wrong TCP stream when port numbers are reused. (ws-buglink:12022[])

* SSL decryption fails in presence of a Client certificate. (ws-buglink:12042[])

* LUA: TVBs backing a data source is freed too early. (ws-buglink:12050[])

* PIM: pim.group filter have the same name for IPv4 and IPv6. (ws-buglink:12061[])

* Failed to parse M3AP IE (TNL information). (ws-buglink:12070[])

* Wrong interpretation of Instance ID value in OSPFv3 packet. (ws-buglink:12072[])

* MP2T Dissector does parse RTP properly in 2.0.1. (ws-buglink:12099[])

* editcap does not adjust time for frames with absolute timestamp 0 < t < 1 secs. (ws-buglink:12116[])

* Guard Interval is not consistent between Radiotap & wlan_radio. (ws-buglink:12123[])

* Calling dumpcap -i- results in access violation. (ws-buglink:12143[])

* Qt: Friendly Name and Interface Name columns should not be editable. (ws-buglink:12146[])

* PPTP GRE call ID not always decoded. (ws-buglink:12149[])

* Interface list does not show device description anymore. (ws-buglink:12156[])

* Find Packet does not highlight the matching tree item or packet bytes. (ws-buglink:12157[])

* "total block length ... is too large" error when opening pcapng file with multiple SHB sections. (ws-buglink:12167[])

* http.request.full_uri is malformed if an HTTP Proxy is used. (ws-buglink:12176[])

* SNMP dissector fails at msgSecurityParameters with long length encoding. (ws-buglink:12181[])

Windows installers and PortableApps(R) packages are now dual signed using SHA-1 and SHA-256
in order to comply with
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx[Microsoft Authenticode policy].
Windows 7 and Windows Server 2008 R2 users should ensure that
https://support.microsoft.com/en-us/kb/3123479[update 3123479] is installed.
Windows Vista and Windows Server 2008 users should ensure that
https://support.microsoft.com/en-us/kb/2763674[hotfix 2763674] is installed.

=== New and Updated Features

There are no new features in this release.

//=== Removed Dissectors

=== New File Format Decoding Support

There are no new file formats in this release.

=== New Protocol Support

There are no new protocols in this release.


=== Updated Protocol Support

--sort-and-group--
6LoWPAN
ACN
ASN.1 BER
BATADV
DICOM
DNP3
DOCSIS INT-RNG-REQ
E100
EIGRP
GSM A DTAP
GSM SMS
GTP
HiQnet
HTTP
HTTP/2
IEEE 802.11
IKEv2
InfiniBand
IPv4
IPv6
LBMC
LLRP
M3AP
MAC LTE
MP2T
MPLS
NFS
NS Trace
OSPF
PIM
PPTP
RLC LTE
RoHC
RPC
RSL
SNMP
SPICE
SSL
TCP
TRILL
VXLAN
WaveAgent
X.509AF
--sort-and-group--

=== New and Updated Capture File Support

//There is no new or updated capture file support in this release.
--sort-and-group--
3GPP TS 32.423 Trace
iSeries
Ixia IxVeriWave
pcap
pcapng
--sort-and-group--

=== New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.

== Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the https://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.

== Known Problems

Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])

The BER dissector might infinitely loop.
(ws-buglink:1516[])

Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814[])

Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])

Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option.
(ws-buglink:4035[])

Hex pane display issue after startup.
(ws-buglink:4056[])

Packet list rows are oversized.
(ws-buglink:4357[])

Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])

The 64-bit version of Wireshark will leak memory on Windows when the display
depth is set to 16 bits (ws-buglink:9914[])

Wireshark should let you work with multiple capture files. (ws-buglink:10488[])

Dell Backup and Recovery (DBAR) makes many Windows applications crash,
including Wireshark. (ws-buglink:12036[])

== Getting Help

Community support is available on https://ask.wireshark.org/[Wireshark's
Q&A site] and on the wireshark-users mailing list. Subscription
information and archives for all of Wireshark's mailing lists can be
found on https://www.wireshark.org/lists/[the web site].

Official Wireshark training and certification are available from
http://www.wiresharktraining.com/[Wireshark University].

== Frequently Asked Questions

A complete FAQ is available on the
https://www.wireshark.org/faq.html[Wireshark web site].