The following vulnerabilities have been fixed:
wnpa-sec-2024-14 FiveCo RAP dissector infinite loop. Issue 20176.
wnpa-sec-2024-15 ECMP dissector crash. Issue 20214.
The following bugs have been fixed:
CIP I/O is not detected by "enip" filter anymore. Issue 19517.
Fuzz job issue: fuzz-2024-09-03-7550.pcap. Issue 20041.
OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in DOFObjectID_Create_Unmarshal. Issue 20065.
JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000. Issue 20066.
Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring. Issue 20082.
PTP analysis loses track of message associations in case of sequence number resets. Issue 20099.
USB CCID: response packet in case SetParameters command is unsupported is flagged as malformed. Issue 20107.
dumpcap crashes when run from TShark with a capture filter. Issue 20108.
SRT dissector: The StreamID (SID) in the handshake extension is displayed without regarding the control characters and with NUL as terminating. Issue 20113.
Ghost error message on POP3 packets. Issue 20124.
Building against c-ares 1.34 fails. Issue 20125.
D-Bus is not optional anymore. Issue 20126.
macOS Intel DMGs aren’t fully notarized. Issue 20129.
Incorrect name for MLD Capabilities and Operations Present flag in dissection of MLD Capabilities for MLO wifi-7 capture. Issue 20134.
CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet] Issue 20142.
Wi-Fi: 256 Block Ack (BA) is not parsed properly. Issue 20156.
BACnet ReadPropertyMultiple request Maximum allowed recursion depth reached. Issue 20159.
Statistics→I/O Graph crashes when using simple moving average. Issue 20163.
HTTP2 body decompression fails on DATA with a single padded frame. Issue 20167.
Compiler warning for ui/tap-rtp-common.c (ignoring return value) Issue 20169.
SIP dissector bug due to "be-route" param in VIA header. Issue 20173.
Coredump after trying to open 'Follow TCP stream' Issue 20174.
Protobuf JSON mapping error. Issue 20182.
Display filter "!stp.pvst.origvlan in { vlan.id }" causes a crash (Version 4.4.1) Issue 20183.
Extcap plugins shipped with Wireshark Portable are not found in version 4.4.1. Issue 20184.
IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame. Issue 20187.
Wireshark 4.4.1 does not decode RTCP packets. Issue 20188.
Qt: Display filter sub-menu can only be opened on the triangle, not the full name. Issue 20190.
Qt: Changing the display filter does not update the Conversations or Endpoints dialogs. Issue 20191.
MODBUS Dissector bug. Issue 20192.
Modbus dissector bug - Field Occurence and Layer Operator modbus.bitval field. Issue 20193.
Wireshark crashes when a field is dragged from packet details towards the find input. Issue 20204.
Lua DissectorTable("") : set ("10,11") unexpected behavior in locales with comma as decimal separator. Issue 20216.
The TCP dissector no longer falls back to using the client port as a criterion for selecting a payload dissector when the server port does not select a payload dissector (except for port 20, active FTP). This behavior can be changed using the "Client port dissectors" preference.
Display filters now correctly handle floating point conversion errors.
The Lua API now has better support for comma-separated ranges in different locales.
The TShark syntax for dumping only fields with a certain prefix has changed
from -G fields prefix to -G fields,prefix. This allows tshark -G fields
to again support also specifying the configuration profile to use.
There are no new protocols in this release.
ARTNET, ASN.1 PER, BACapp, BT BR/EDR, CQL, DOF, ECMP, ENIP, FiveCo RAP, Frame, FTDI FT, HSRP, HTTP/2, ICMPv6, IEEE 802.11, MBTCP, MMS, MPEG PES, PN-DCP, POP, ProtoBuf, PTP, RPC, RTCP, SIP, SRT, Syslog, TCP, UMTS RLC, USB CCID, Wi-SUN, and ZigBee ZCL
BLF
There is no updated file format support in this release.