Latest Downloads

The latest releases of YAF 2.x are listed below.

See also pre-releases of YAF 3.x and all YAF releases.

RPM Downloads

You can also find RPMs of YAF releases starting from 2.16.2 in our Yum repository.

YAF Release 2.18.2, 2025-Dec-11

Downloads

yaf-2.18.2.tar.gz (2.2MiB)

(SHA256=b2324e6c5468e4748e59d9f33312decc8e72cc9ee51e927cd7e77b3d3584d909)

Changelog

  • Fixed a bug resulting in the Fragments flag in flowAttributes falsely being true for nearly every flow.

YAF Release 2.17.3, 2025-Dec-11

Downloads

yaf-2.17.3.tar.gz (2.2MiB)

(SHA256=499d860ed6038295785add991de74f39ed14d741c01cb002824d3f3a713e7be2)

Changelog

  • Fixed a bug resulting in the Fragments flag in flowAttributes falsely being true for nearly every flow.

YAF Release 2.16.5, 2025-Dec-11

Downloads

yaf-2.16.5.tar.gz (2.2MiB)

(SHA256=7e3a7fdbc2f5e249d47806e930062dd0fe61e9e66c245c358de9c19d21edc87b)

Changelog

  • Fixed a bug resulting in the Fragments flag in flowAttributes falsely being true for nearly every flow.

YAF Release 2.15.4, 2025-Dec-11

Downloads

yaf-2.15.4.tar.gz (2.2MiB)

(SHA256=0ec141d489d0e4b993dcd43218051aa3043f2f0a1c545b4f699b36840bc65a2e)

Changelog

  • Fixed a bug resulting in the Fragments flag in flowAttributes falsely being true for nearly every flow.

YAF Release 2.18.1, 2025-Nov-21

Downloads

yaf-2.18.1.tar.gz (2.2MiB)

(SHA256=eebab530828deed9628c0d25e3ef663ec36a5dd992603f50fdf5824e19a30dea)

Changelog

  • Fixed a memory leak and potential crash when full cert export is enabled.

YAF Release 2.17.2, 2025-Nov-14

Downloads

yaf-2.17.2.tar.gz (2.2MiB)

(SHA256=e40f343b58fdf878e5983307f81f45953e77eec229855021b8e4658936012537)

Changelog

  • Fixed a memory leak and potential crash when full cert export is enabled.
  • Fixed the accuracy of NNTP application labeling that caused several records to be mistakenly identified as NNTP.
  • Fixed issues where temporary files for decompressed PCAP files were not always removed, and improved error reporting when decompression fails.

YAF Release 2.18.0, 2025-Oct-9

Downloads

yaf-2.18.0.tar.gz (2.2MiB)

(SHA256=2aeec41d7540b593d72fbd89b082bc6f1832e3a114b8335249a6d5c24b7e2377)

Changelog

  • Added the capability to determine the application label of an active flow and modify the amount of payload based on the result. Use options --applabel-max-payload to set the amount of payload to store for an appLabel and --applabel-check-early to enable early appLabel detection.
  • Stopped the installation of yaf.conf into /etc which overwrote any previous file.
  • Improved the yaf.conf file and the start-up files for both systemd and SysV init.d-style control. Reference copies of the start-up files are now installed under $prefix/share/yaf.
  • Added counts of flows opened and the reasons flows were closed to the log file in both periodic messages and at shutdown, and reformatted those messages.
  • Added a periodic log message that provides counts since the previous periodic message.
  • Added the command line used to invoke yaf to the log file.
  • Added appLabel and DPI support Microsoft DNS-related protocols for LLMNR and MDNS.
  • Fixed an issue where some DNS records were not identified as such due to using newer RRTYPE values.
  • Fixed the accuracy of NNTP application labeling that caused several records to be mistakenly identified as NNTP.
  • Fixed issues where temporary files for decompressed PCAP files were not always removed, and improved error reporting when decompression fails.

YAF Release 2.17.1, 2025-Aug-5

Downloads

yaf-2.17.1.tar.gz (2.2MiB)

(SHA256=2d361f602d04ff16cb4c6ffca31f0ba32a55ee4bf87e30a2d2d64fc13b81442e)

Changelog

  • Fixed a bug in SMTP DPI due to an uninitialized template.

YAF Release 2.17.0, 2025-Jul-24

Downloads

yaf-2.17.0.tar.gz (2.2MiB)

(SHA256=99a9e8651bcee516a20ddca093d248c5cda3890c5561b2dfd893c4414a0ed52b)

Changelog

  • Added the ability for yaf to capture TLS DPI when a standard STML, IMAP, or POP3 connection uses STARTTLS or its equivalent (mid-encryption within the connection).
  • Changed IMAP DPI support to be a C plugin. The IMAP settings in yafApplabelRules.conf and yafDPIRules.conf have changed.
  • Modified yaf not to capture any payload included with TCP RST packets.
  • Added messages to yaf's log that show its version number, process ID, and up-time. They are written on startup, at shutdown, and when SIGUSR1 is received.
  • Updated the periodic log messages written when yaf sends a stats packet to include the current and peak flow table sizes.
  • Added a log message that yaf writes when it receives a shutdown signal.
  • Fixed issues that prevented yaf reading libpcap data from a named pipe.
  • Updated yafscii to print timestamps using microsecond precision.

Visit Release History for older releases.