Projects / Snort / Releases

All releases of Snort

  •  22 Jan 2012 21:32
Avatar

    Release Notes: This release adds new alerts for HTTP (undefined methods and HTTP 0.9 simple requests), updates the Stream preprocessor in TCP session tracking to avoid re-queuing retransmitted data which was already flushed, and adds various tweaks for PAF flushing and other fixes.

    •  17 Dec 2011 07:24
    Avatar

      Release Notes: This release added SCADA (DNP3 and Modbus) preprocessors, and GTP decoding and preprocessor. The HTTP preprocessor now normalizes HTTP responses that include JavaScript-escaped data in the HTTP response body. A number of fixes and improvements have been added as well.

      •  29 Aug 2011 06:56
      Avatar

        Release Notes: This release introduces a number of new capabilities, updates, and improvements over the previous version, including major preprocessor and rule option features and fixes.

        •  08 Apr 2011 03:23
        Avatar

          Release Notes: Lots of bugfixes and minor new features were added.

          •  11 Feb 2011 04:16
          Avatar

            Release Notes: The Razorback "Snort as a Collector" (SaaC) dynamic preprocessor was added. This is for experimental use only. False positives in HTTP traffic were fixed, which were caused by large HTTP chunks split across two packets. Several updates were made to the Snort manual and READMEs. A false positive on Stream5 rule 129:15, caused by a RST following a FIN, was fixed.

            •  22 Dec 2010 03:58
            Avatar

              Release Notes: An issue was fixed where "uricontent" didn't behave correctly with "depth", "offset", "distance", and "within" modifiers. Overlapping flags in the Shared Object rule API were fixed. Error checking was improved for invalid combinations of "depth", "offset", "distance", and "within" modifiers in rules. Rules that mix relative and non-relative options on the same content will now cause errors. The documentation was updated to fix some inconsistencies.

              •  04 Dec 2010 05:57
              Avatar

                Release Notes: The HTTP Inspect "server_flow_depth" option is now applied once per HTTP session, instead of once per packet. Issues with the handling of TCP urgent data, with using file_data:mime within shared library rules, with TCP reassembly of single packets, and with DAQ building were fixed.

                •  02 Nov 2010 19:16
                Avatar

                  Release Notes: This release fixes maximum flowbits configuration parsing to specify the number of bits in accordance with the Snort manual, rather than the number of bytes. If you have 'config flowbits_size' in your snort.conf, double check that it has the correct setting. It fixes a packet size issue with the IPQ and NFQ DAQs. It fixes an issue with Stream5 overlap limit processing. It updates the version of LibPCRE bundled with the Windows installer. This update fixes a bug that caused some PCRE matches to fail on Windows.

                  •  04 Oct 2010 23:02
                  Avatar

                    Release Notes: This release added a feature-rich IPS mode, including improvements to Stream, a Data Acquisition API (DAQ) that supports many different packet access methods, and a new 'byte_extract' rule option that allows extracted values to be used in subsequent rule options for isdataat, byte_test, byte_jump, and content distance/within/depth/offset. Two new rule options were added to support Base64 decoding of certain pieces of data and inspection of the Base64 data via subsequent rule options. A new pattern matcher that supports Intel's Quick Assist Technology for improved performance on supported hardware platforms was added.

                    •  22 Jul 2010 21:18
                    Avatar

                      Release Notes: This release fixes installer packages to include the correct version of the sensitive data preprocessor for Linux and Windows. It eliminates false positives when using fast_pattern:only and having only one HTTP content in the pattern matcher. It addresses false positives in the FTP preprocessor with string format verification. It also addresses issue with handling of response codes to data transfer commands where the response code didn't contain a message.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.