Release Notes: This release fixes installer packages to include the correct version of the sensitive data preprocessor for Linux and Windows. It eliminates false positives when using fast_pattern:only and having only one HTTP content in the pattern matcher. It addresses false positives in the FTP preprocessor with string format verification. It also addresses issue with handling of response codes to data transfer commands where the response code didn't contain a message.
Release Notes: This release adds many new features and fixes, including file capture and storage, file type identification, and updates to SMTP, POP, and IMAP.
Release Notes: This release fixed an issue with the SMTP preprocessor and the ignore_tls_data configuration correctly stopping inspection after an SMTP session is encrypted. All rule evaluation (as opposed to just rules with fast patterns) is now disabled for packets on a previously blocked session. The perfmon preprocessor now writes stats as soon as both the time and packet count criteria are met. The same restrictions are enforced on relative PCRE for HTTP buffers from shared library rules as already existed with text rules.
Release Notes: This release adds many bugfixes, additions, and improvements.
Release Notes: This release removes proxy information from HTTP URI searching so that the URI matches are just on the actual URI, making offsets work as expected. It addresses an issue when logging of packet data via unified2 when alerting on a packet with multiple HTTP PDUs. It will continue to search for patterns within the HTTP URI until the end of the URI.
Release Notes: This release updates file processing for partial HTTP content and MIME attachments, adds the new configuration option max_attribute_services_per_host and improves memory usage within attribute tables, handles excessive overlaps in frag3, adds Stream API updates to return a session key for a session, reduces false positives for TCP window slam events, updates to provide better encoding for TCP packets generated for "respond and react", and disables non-ethernet decoders by default (for performance reasons).