Latest Downloads
The latest releases of YAF 2.x are listed below.
See also pre-releases of YAF 3.x and all YAF releases.
RPM Downloads
You can also find RPMs of YAF releases starting from 2.16.2 in our Yum repository.
YAF Release 2.19.3, 2026-May-28
Downloads
(SHA256=6b03bc3d25495c01d8d8020b00a908ef1ed28b6edf78f631618208d81e809b30)
Changelog
- Fixed an issue that made RPM installs of YAF 2.19.x unable to load plugin modules.
YAF Release 2.19.2, 2026-May-14
Downloads
(SHA256=dbe9413ce366c0ea2a104d45d86b21f5518f0d3b5c210c9a5c0d109642fea6a7)
Changelog
- Fixed a file handle leak when reading PCAPNG capture files.
YAF Release 2.18.5, 2026-May-14
Downloads
(SHA256=0c2d6eace71a4ec1ee5a1e046d4a9017db0553869ae6212469e3a3ae05dc8ad9)
Changelog
- Fixed a file handle leak when reading PCAPNG capture files.
YAF Release 2.19.1, 2026-Apr-23
Downloads
(SHA256=d2bab3eab2a227eaeedc8624c69dfb77a7ba314d02c3f050cbb829e7ccf66271)
Changelog
- Fixed potential file corruption when multiple YAF processes are using --lock --rotate and writing to the same directory, where one process could remove another's lock file and permit a third process to write simultaneously to the first process's output file.
- Improved run-time error messages when using --caplist.
- Improved the documentation for --pcap and options related to creating pcap files, and improved the command-line checks for these options.
- Reduced the memory used by dpacketplugin for non-(TCP,UDP) flows when --protocol-payload is given.
- Fixed an error where the --pcap-meta-file would sometimes record the input file name instead of the output file when when creating rolling pcap files and --caplist was used.
- Fixed memory corruption in 2.19.0 if --uniflow is used when dpacketplugin is active.
- Fixed a compilation error in 2.19.0 when Spread support is enabled.
- Stopped YAF from putting Tombstone records in a separate IPFIX message.
YAF Release 2.18.4, 2026-Apr-23
Downloads
(SHA256=291e0cc0e51d2c3637a2fe639947bfd8b17be09670d9fabd865d31cfe7601975)
Changelog
- Made the enforcement of the maximum flow-table size more aggressive.
- Fixed potential file corruption when multiple YAF processes are using --lock --rotate and writing to the same directory, where one process could remove another's lock file and permit a third process to write simultaneously to the first process's output file.
YAF Release 2.18.3, 2026-Mar-26
Downloads
(SHA256=4cee46b11371fc5b7b76044c7efadb1e30043e699eb0d8d1aa4f1ca6436e8cdd)
Changelog
- Fixed an error since YAF-2.17.0 when using --uniflow that caused an assertion error (or memory corruption if asserts were disabled) during deep packet inspection.
YAF Release 2.19.0, 2026-Feb-26
Downloads
(SHA256=74b4a52f9265571efbf490ec5c27581f3c69f8c85bd691695d75aa815c266d25)
Changelog
- Upgrading: There are multiple changes to yafApplabelRules.conf.
- Upgrading: Application labeling support now requires PCRE2, version 10.32 or later.
- Added a new "port" statement to yafApplabelRules.conf to detect application protocols that may appear on multiple ports.
- Added option --filter-file to read a packet filtering expression from a file.
- Added option --protocol-payload to enable capturing payload for non-(TCP,UDP) records.
- Made the enforcement of the maximum flow-table size more aggressive.
- Allow environment variables to modify the conditions that trigger when the flow-table is flushed.
- Changed YAF's PCRE requirement to PCRE2, which is required for application labeling.
- Made substantial internal changes to deep packet inspection.
YAF Release 2.18.2, 2025-Dec-11
Downloads
(SHA256=b2324e6c5468e4748e59d9f33312decc8e72cc9ee51e927cd7e77b3d3584d909)
Changelog
- Fixed a bug resulting in the Fragments flag in flowAttributes falsely being true for nearly every flow.
YAF Release 2.18.1, 2025-Nov-21
Downloads
(SHA256=eebab530828deed9628c0d25e3ef663ec36a5dd992603f50fdf5824e19a30dea)
Changelog
- Fixed a memory leak and potential crash when full cert export is enabled.
Visit Release History for older releases.
