Release Notes: This release removes proxy information from HTTP URI searching so that the URI matches are just on the actual URI, making offsets work as expected. It addresses an issue when logging of packet data via unified2 when alerting on a packet with multiple HTTP PDUs. It will continue to search for patterns within the HTTP URI until the end of the URI.
Release Notes: This release updates file processing for partial HTTP content and MIME attachments, adds the new configuration option max_attribute_services_per_host and improves memory usage within attribute tables, handles excessive overlaps in frag3, adds Stream API updates to return a session key for a session, reduces false positives for TCP window slam events, updates to provide better encoding for TCP packets generated for "respond and react", and disables non-ethernet decoders by default (for performance reasons).
Release Notes: This release fixes a check for TCP RST flags to prevent sending resets to reset packets with inline and active responses, updates hashing for internal storage of rule options for 64bit platforms when checking uniqueness to remove duplicate copies in memory and addresses some small memory leaks from parsing snort.conf. Please note that 22.214.171.124 and later packages are signed with a new PGP key (which is signed with the previous key).
Release Notes: Updates to the flowbit rule option, dcerpc2, and reputation preprocessors. A new dynamic output plugin architecture API. Various updates and improvements to http_inspect, SMTP mempool allocations, and email attachment processing. pflog v4 support has been added to packet decoders. Logging of multiple unified2 alerts with reassembled packets has been fixed. Compiler warning cleanup across multiple platforms. All database output support has been removed.
Release Notes: This release adds new alerts for HTTP (undefined methods and HTTP 0.9 simple requests), updates the Stream preprocessor in TCP session tracking to avoid re-queuing retransmitted data which was already flushed, and adds various tweaks for PAF flushing and other fixes.
Release Notes: This release introduces a number of new capabilities, updates, and improvements over the previous version, including major preprocessor and rule option features and fixes.
Release Notes: An issue was fixed where "uricontent" didn't behave correctly with "depth", "offset", "distance", and "within" modifiers. Overlapping flags in the Shared Object rule API were fixed. Error checking was improved for invalid combinations of "depth", "offset", "distance", and "within" modifiers in rules. Rules that mix relative and non-relative options on the same content will now cause errors. The documentation was updated to fix some inconsistencies.
Release Notes: The HTTP Inspect "server_flow_depth" option is now applied once per HTTP session, instead of once per packet. Issues with the handling of TCP urgent data, with using file_data:mime within shared library rules, with TCP reassembly of single packets, and with DAQ building were fixed.
Release Notes: This release fixes maximum flowbits configuration parsing to specify the number of bits in accordance with the Snort manual, rather than the number of bytes. If you have 'config flowbits_size' in your snort.conf, double check that it has the correct setting. It fixes a packet size issue with the IPQ and NFQ DAQs. It fixes an issue with Stream5 overlap limit processing. It updates the version of LibPCRE bundled with the Windows installer. This update fixes a bug that caused some PCRE matches to fail on Windows.
Release Notes: A problem was fixed with the target based/attribute table and false positives for rules that don't have service metadata. The target based/attribute table's compatability with older versions of bison was fixed and it no longer exits when exceeding the configured limit on attribute table reload. Stream5 was updated to better handle out-of-sequence server responses that contain data when not doing server-side reassembly. Configurable limits were added on the amount of data queued for a single connection.