Binary packages for the new version are currently building and will be available
in the next hours at https://bro.org/download/packages.html.
This is a security release that fixes an integer overflow in code generated by binpac. This issue can be used by remote attackers to crash Bro (i.e. a DoS attack). There also is a possibility this can be exploited in other ways.
This bug was found by Philippe Antoine of Catena cyber. A CVE will be assigned to this bug.
Bro 2.5.3 does not contain any other changes. We urge everyone to update their installation as quickly as possible.