[Snort-devel] Snort 2.9.8 Now Available
snortreleases at ...835...
Mon Nov 30 14:30:30 EST 2015
Snort 2.9.8 is now available on snort.org at
http://www.snort.org/downloads in the Snort Stable Release section.
2015-11-17 - Snort 22.214.171.124
[*] New additions
* SMBv2/SMBv3 support for file inspection.
* Port override for metadata service in IPS rules.
* AppID Lua detector performance profiling.
* Perfmon dumps stats at fixed intervals from absolute time.
* New preprocessor alert (120:18) to detect SSH tunneling over HTTP
* New config option|disable_replace| to disable replace rule option.
* New Stream configuration|log_asymmetric_traffic| to control logging to syslog.
* New shell script in tools to create simple Lua detectors for AppID.
* sfip_t refactored to use struct in6_addr for all ip addresses.
* Post-detection callback for preprocessors.
* AppID support for multiple server/client detectors evaluating on same flow.
* AppID API for DNS packets.
* Memory optimizations throughout.
* Support sending UDP active responses.
* Fix perfmon tracking of pruned packets.
* Stability improvements for AppID.
* Stability improvements for Stream6 preprocessor.
* Added improved support to block malware in FTP preprocessor.
* Added support to differentiate between active and passive FTP connections.
* Improvements done in Stream6 preprocessor to avoid having duplicate packets
in the DAQ retry queue.
* Resolved an issue where reputation config incorrectly displayed 'blacklist' in
priority field even though 'whitelist' option was configured.
* Added support for multiple expected sessions created per packet
* Active response now supports MPLS
Please submit bugs, questions, and feedback tobugs at ...835... or the
Snort-Users mailing list.
The Snort Release Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel