Projects / Snort / Releases / 2.9.0.2

Version 2.9.0.2 of Snort

Avatar

Release Notes: The HTTP Inspect "server_flow_depth" option is now applied once per HTTP session, instead of once per packet. Issues with the handling of TCP urgent data, with using file_data:mime within shared library rules, with TCP reassembly of single packets, and with DAQ building were fixed.

Other releases

  •  25 Jan 2014 23:32
Avatar

Release Notes: This release adds many new features and fixes, including file capture and storage, file type identification, and updates to SMTP, POP, and IMAP.

  •  17 Sep 2013 08:35
Avatar

Release Notes: This release fixed an issue with the SMTP preprocessor and the ignore_tls_data configuration correctly stopping inspection after an SMTP session is encrypted. All rule evaluation (as opposed to just rules with fast patterns) is now disabled for packets on a previously blocked session. The perfmon preprocessor now writes stats as soon as both the time and packet count criteria are met. The same restrictions are enforced on relative PCRE for HTTP buffers from shared library rules as already existed with text rules.

  •  03 Jul 2013 19:10
Avatar

Release Notes: This release adds many bugfixes, additions, and improvements.

  •  10 Apr 2013 22:23
Avatar

Release Notes: This release removes proxy information from HTTP URI searching so that the URI matches are just on the actual URI, making offsets work as expected. It addresses an issue when logging of packet data via unified2 when alerting on a packet with multiple HTTP PDUs. It will continue to search for patterns within the HTTP URI until the end of the URI.

  •  06 Mar 2013 02:28
Avatar

Release Notes: This release updates file processing for partial HTTP content and MIME attachments, adds the new configuration option max_attribute_services_per_host and improves memory usage within attribute tables, handles excessive overlaps in frag3, adds Stream API updates to return a session key for a session, reduces false positives for TCP window slam events, updates to provide better encoding for TCP packets generated for "respond and react", and disables non-ethernet decoders by default (for performance reasons).

Screenshot

Project Spotlight

cwwav

A program to generate Morse code sound files from text.

Screenshot

Project Spotlight

YAGF

A graphical frontend for the Cuneiform OCR tool.