v1.1.17

• Expanded Immune dataset documentation with performance evaluations and bottleneck analysis.
• Improve horizontal, vertical, and ICMP portscan detection logic and speed.
• Improved handling of high-throughput traffic.
• Optimize profiler architecture: backpressure, dynamic worker scaling, true multiprocessing.
• Reduce false positives for "public IPs outside of localnet" evidence.
• Reduce the number of duplicate port scan evidence by using a log scale.
• Speed up Github CI testing.
• Speed up Slips processing and reduce RAM usage.
• Suppress duplicate “unknown port” evidence for every scanned port when a portscan is detected.
• Fix the evidence button in the Web UI.

v1.1.16

• Add an alerts visualiser web interface for TAXII servers.
• Change the usage of the -g option; now Slips requires the interface name to monitor when using -g.
• Drop support for the dynamic reloading of the whitelist.
• Evidence handler and whitelist speedup by using bloom filters.
• Fix false positive evidence on connection to IP outside local network when the IP is multicast.
• Fix P2P unable to connect to the Redis database when using -m.
• Fix problem reporting evidence when Slips is monitoring one interface.
• Handle Slips and iptables failovers when running Slips as an access point in the Raspberry Pi.

v1.1.15

• Support monitoring two interfaces when Slips is running as an access point.
• Improve running slips on a growing zeek directory (using -g): Slips can now detect the used interface, host IP and gateway IP.

v1.1.14

• Security Patch for CVE-2025-49844: Force use of Redis version 8.2.2

v1.1.13

• Add detection for DNS answers of malicious DNS queries.
• Add support for Zeek v8.0.0.
• Speed up evidence processing in Slips.
• Update Python dependencies.

v1.1.12

• Better filtering of attacks in the ARP poisoner filter.
• Cache ARP scan results to avoid flooding the network with ARP packets.
• Exclude poisoning the gateway using the ARP poisoner.
• Increase the delay between ARP poisoning attempts to avoid flooding the network.
• Local P2P trust model improvements.

v1.1.11

• Fix the local P2P trust model.
• Fix SQLite cursor errors.
• Avoid setting an alert about own IP and other Slips peers when ARP poisoning attackers.

v1.1.10

• Add support for unblocking attackers using IPtables after a probation period.
• Add support for blocking attackers using ARP poisoning.
• Improve how the gateway IP and MAC are detected.
• Support running Slips as an AP to block attackers in the RPI.

v1.1.9

• Add bootstrapping node mode for the global P2P. Thanks to @d-strat
• Add support for ARM64 architecture in Docker images.
• Fix issues getting domain registrants.
• Fix the "Database is locked" SQLite error.
• Fix the issue of Slips hanging when shutting down.
• Ignore URLs when found in threat intelligence feeds.
• Improve handling of Zeek tab-separated log files. Logs from Zeek old versions are now read correctly.
• Optimize IP Info module.
• Print flows processed per minute in the stats printed to the CLI.
• Support reading labeled Zeek logs and using their labels in Slips modules.

v1.1.8

• Fix SQLite database errors.
• Fix CPU and RAM profilers.
• Fix the issue with AsyncModules not shutting down gracefully.