Welcome to the Zeek Newsletter.
In this Issue:
- TL;DR
- Development Updates
- Zeek in the Community
- Zeek in the Enterprise
- Friends of Zeek
- Upcoming Events
- Zeek Package Updates
- Get Involved
[TL;DR]
Zeek 7.0.6 and 7.1.1 are here, and news about 7.2 appears below.
If you’re reading this on publication day, 2 Apr 2025, there is a Zeek community call today. There is no need to register. Here is the Zoom link:
https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09
Development Updates
Tim released Zeek versions 7.0.6 and 7.1.1.
https://download.zeek.org/zeek-7.0.6.tar.gz
https://download.zeek.org/zeek-7.1.1.tar.gz
See the release notes for details of the addressed bugs and security issues:
https://github.com/zeek/zeek/releases/tag/v7.0.6
https://github.com/zeek/zeek/releases/tag/v7.1.1
Binary packages for the new releases will also be available shortly:
https://github.com/zeek/zeek/wiki/Binary-Packages
For more information on release cadence, see:
https://github.com/zeek/zeek/wiki/Release-Cadence
Christian wrote:
We’re three months into the Zeek 7.2 development cycle, so now is a good time to share an update about ongoing development and our planned timeline for the Zeek’s next feature release.
We recently merged two of the biggies planned for this release: the new storage framework
https://github.com/zeek/zeek/pull/4163
and WebSocket support
https://github.com/zeek/zeek/pull/4199
native to Zeek.
Both features continue our multi-release effort of reducing the Broker library to a “mere” topic-based pub/sub layer, enabling us to treat it as one of several available backend implementations. Our first alternative cluster backend, powered by ZeroMQ, has continued to mature in this release cycle and looks increasingly promising. Documentation and other items are still in flight, and you can track them in our 7.2 project board.
https://github.com/orgs/zeek/projects/21
We’re planning to fork the 7.2 release branch and release the first release candidate, RC1, on April 18. If you’re currently working on contributions that you’d like to see in 7.2, we encourage you to submit pull requests soon to allow us time to review & iterate. Once RC1 is out, we encourage everyone to try it out and send feedback.
Absent major hiccups, we’re planning to release 7.2 a bit over two weeks later, on May 8. We look forward to walking you through the new features of this release in more detail at that time. Release planning for Zeek 8, our next LTS release due in the summer, will happen shortly thereafter.
If you’re running Zeek clusters in production and would like to help us test our release candidates on a regular basis, we’d very much like to hear from you. While our test suites cover much of Zeek’s functionality, we always rely on Zeek users and the testing subgroup for the final go-ahead for a release. If you’d like to join our testing subgroup, please get in touch on Slack
In our Zeek community call
on the first Wednesday of each month, we regularly report on feature development. We encourage you to join and ask questions! These calls are also available for later viewing on our YouTube channel.
https://www.youtube.com/zeekurity
Zeek in the Community
Seth published a new version of Malcolm. Please see the project site for details:
The Security Onion project released a new version. Please see the project blog for details:
https://blog.securityonion.net/
Zeek in the Enterprise
The recording of the 19 March webinar, Integrating ML Analysis with Zeek with Dubem Nwoji, is live here:
https://youtube.com/live/YTnyeyrFWdE
Friends of Zeek
The Suricata project released version 7.0.10. Visit their site for details:
Upcoming Events
The next Zeek Community Call is scheduled for 2 April at 1 pm ET. There is no need to register. Here is the Zoom link:
https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09
The next Training Group Call is 11 Apr at 12 noon ET. Here is the Zoom link:
https://ESnet.zoom.us/j/6445948648
Meeting ID: 644 594 8648
Passcode: Rockon!
Zeek Package Updates
Changes to packages are available via this search:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
The https://packages.zeek.org site reported the last 5 updates as of today:
1/28/25, 4:14 AM shodan-zeek
1/27/25, 9:20 PM ja4
1/24/25, 3:25 PM zeek-spicy-wireguard
1/24/25, 3:23 PM zeek-spicy-ipsec
1/24/25, 3:21 PM zeek-spicy-openvpn
Get Involved
If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.
Here is an invitation to the Slack channel:
https://join.slack.com/t/zeekorg/shared_invite/zt-12z1pjy93-zuVGuT1BF~yUJJvERxhp7g
Stay up to date by joining the Zeek Discourse:
Subscribe to our YouTube channel:
https://youtube.com/c/Zeekurity
Follow us on Mastodon:
https://infosec.exchange/@zeek
The old mailing list archives now redirect to this site:
https://community.zeek.org/archives/list/zeek@lists.zeek.org/
If you’d like to read the Leadership Team meeting notes, they are here:
https://github.com/zeek/zeek/wiki/LT-Meeting-Notes
Follow us on LinkedIn:
https://www.linkedin.com/company/zeekurity
To search LinkedIn for jobs mentioning Zeek skills, use this query:
https://www.linkedin.com/jobs/search/?keywords=zeek
See you next time!