Release Notes: This release adds new alerts for HTTP (undefined methods and HTTP 0.9 simple requests), updates the Stream preprocessor in TCP session tracking to avoid re-queuing retransmitted data which was already flushed, and adds various tweaks for PAF flushing and other fixes.
Release Notes: This release introduces a number of new capabilities, updates, and improvements over the previous version, including major preprocessor and rule option features and fixes.
Release Notes: Lots of bugfixes and minor new features were added.
Release Notes: The Razorback "Snort as a Collector" (SaaC) dynamic preprocessor was added. This is for experimental use only. False positives in HTTP traffic were fixed, which were caused by large HTTP chunks split across two packets. Several updates were made to the Snort manual and READMEs. A false positive on Stream5 rule 129:15, caused by a RST following a FIN, was fixed.
Release Notes: An issue was fixed where "uricontent" didn't behave correctly with "depth", "offset", "distance", and "within" modifiers. Overlapping flags in the Shared Object rule API were fixed. Error checking was improved for invalid combinations of "depth", "offset", "distance", and "within" modifiers in rules. Rules that mix relative and non-relative options on the same content will now cause errors. The documentation was updated to fix some inconsistencies.
Release Notes: The HTTP Inspect "server_flow_depth" option is now applied once per HTTP session, instead of once per packet. Issues with the handling of TCP urgent data, with using file_data:mime within shared library rules, with TCP reassembly of single packets, and with DAQ building were fixed.
Release Notes: This release fixes maximum flowbits configuration parsing to specify the number of bits in accordance with the Snort manual, rather than the number of bytes. If you have 'config flowbits_size' in your snort.conf, double check that it has the correct setting. It fixes a packet size issue with the IPQ and NFQ DAQs. It fixes an issue with Stream5 overlap limit processing. It updates the version of LibPCRE bundled with the Windows installer. This update fixes a bug that caused some PCRE matches to fail on Windows.
Release Notes: This release added a feature-rich IPS mode, including improvements to Stream, a Data Acquisition API (DAQ) that supports many different packet access methods, and a new 'byte_extract' rule option that allows extracted values to be used in subsequent rule options for isdataat, byte_test, byte_jump, and content distance/within/depth/offset. Two new rule options were added to support Base64 decoding of certain pieces of data and inspection of the Base64 data via subsequent rule options. A new pattern matcher that supports Intel's Quick Assist Technology for improved performance on supported hardware platforms was added.
Release Notes: This release fixes installer packages to include the correct version of the sensitive data preprocessor for Linux and Windows. It eliminates false positives when using fast_pattern:only and having only one HTTP content in the pattern matcher. It addresses false positives in the FTP preprocessor with string format verification. It also addresses issue with handling of response codes to data transfer commands where the response code didn't contain a message.