doc: update changelog and readme on yara 4.5 update

vthib · Feb 16, 2024 · 89224d8 · 89224d8
1 parent e68dde7
commit 89224d8
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+Yara 4.5:
+
+- New Warning on unknown escape sequences in regexes. See [PR #68](https://github.com/vthib/boreal/pull/68).
+  This warning is however more broad than the YARA one.
+- Do not report strings whose name starts with `_` as unused.
+- Add `pe.export_details[*].rva` field.
+- `math.count` and `math.percentage` now returns an undefined value when given a
+  value outside the `[0; 255]` range.
+- Imported dlls are ignored if the dll name is longer than 255 bytes.
+- Fix endianness issue in `macho.magic` field, see the [Yara fix](https://github.com/VirusTotal/yara/pull/2041).
+- Always expose `pe.is_signed` as long as the `authenticode` feature is enabled.
+
 ## [0.4.0] - 2024-02-11
 
 This release introduces process memory scanning, implemented on Windows, Linux and macOS. In addition,

diff --git a/boreal-parser/README.md b/boreal-parser/README.md
@@ -14,4 +14,4 @@ evaluation of YARA rules.
 
 ### YARA version supported
 
-All features available in the 4.2 version of YARA are handled.
+All features available in the 4.5 version of YARA are handled.
diff --git a/boreal/README.md b/boreal/README.md
@@ -19,7 +19,7 @@ The main goals of the project are:
 
 ## Features
 
-* Full compatibility with YARA 4.3 and [most modules](#modules). Any existing rule can be used as is.
+* Full compatibility with YARA 4.5 and [most modules](#modules). Any existing rule can be used as is.
 * Avoid scanning for strings when not required, greatly reducing execution time on carefully crafted
   rules. See [no scan optimization](#no-scan-optimization).
 * Protection against any untrusted inputs, be it rules or scanned bytes. Ill-crafted rules or inputs should never
@@ -82,9 +82,6 @@ on boreal and YARA to guarantee the exact same behavior.
 There are however, some exceptions to this compatibility:
 
 * Evaluation bugs. Boreal may not suffer from some of them, or may has already fixed some of them.
-  For example, there are many bugs that are already fixed in boreal and YARA, but have not yet
-  been released by YARA, so even though boreal supports YARA 4.3, some bugs are fixed in boreal
-  and not in YARA.
 
 * Overflows or underflows. Those are not specified by YARA and in fact, signed overflows is UB in
   itself. Behavior of evaluations on overflows/underflows is no longer UB in boreal, but is