Release Notes: This release fixed an issue with the SMTP preprocessor and the ignore_tls_data configuration correctly stopping inspection after an SMTP session is encrypted. All rule evaluation (as opposed to just rules with fast patterns) is now disabled for packets on a previously blocked session. The perfmon preprocessor now writes stats as soon as both the time and packet count criteria are met. The same restrictions are enforced on relative PCRE for HTTP buffers from shared library rules as already existed with text rules.
Release Notes: This release adds many bugfixes, additions, and improvements.
Release Notes: Consolidation of IPv6, file API and improvements to file processing, use of address space ID for tracking Frag & Stream connections, logging of packet data that triggers PPM for post-analysis, decoding of IPv6 with PPPoE, and more.
Release Notes: Updates to the flowbit rule option, dcerpc2, and reputation preprocessors. A new dynamic output plugin architecture API. Various updates and improvements to http_inspect, SMTP mempool allocations, and email attachment processing. pflog v4 support has been added to packet decoders. Logging of multiple unified2 alerts with reassembled packets has been fixed. Compiler warning cleanup across multiple platforms. All database output support has been removed.
Release Notes: The GTP preprocessor was updated to better handle GTPv1 data. The DNP3 preprocessor now has stricter packet checking. Checking in the reassembly buffer was improved. PCRE rule option processing was fixed to prevent issues seen with libpcre 8.30 and certain rules. dcerpc2 no longer aborts reassembly if the target-based protocol is undefined.
Release Notes: Updates to HTTP Inspect, stream handling for TCP session cleanup with RSTs and other TCP state tracking, active responses to fragmented IPv6 traffic and to the react page configuration, and SIP preprocessor and state tracking improvements to SMB processing in the dcerpc2 preprocessor when missing packets on a session.
Release Notes: The Razorback "Snort as a Collector" (SaaC) dynamic preprocessor was added. This is for experimental use only. False positives in HTTP traffic were fixed, which were caused by large HTTP chunks split across two packets. Several updates were made to the Snort manual and READMEs. A false positive on Stream5 rule 129:15, caused by a RST following a FIN, was fixed.
Release Notes: This release fixes installer packages to include the correct version of the sensitive data preprocessor for Linux and Windows. It eliminates false positives when using fast_pattern:only and having only one HTTP content in the pattern matcher. It addresses false positives in the FTP preprocessor with string format verification. It also addresses issue with handling of response codes to data transfer commands where the response code didn't contain a message.
Release Notes: Updates to HTTP Inspect to allow server-specific configurations to normalize the HTTP header and/or cookies. Updates to HTTP Inspect to support gzip decompression across multiple packets. A new Sensitive Data preprocessor that performs detection of Personally Identifiable Information (PII). A new pattern matcher and related configurations. An update to use WinPcap 4.1.1 for Win32 platforms.