[Snort-devel] Snort 2.9.8 RC Now Available

Snort Releases snortreleases at ...835...
Thu Oct 8 13:22:36 EDT 2015

Snort is now available on snort.org at
http://www.snort.org/downloads in the Snort Stable Release section.

2015-08-28 - Snort 2.9.8_rc

[*] New additions
  *  SMBv2/SMBv3 support for file inspection.

  *  Port override for metadata service in IPS rules.

  *  AppID Lua detector performance profiling.

  *  Perfmon dumps stats at fixed intervals from absolute time.

  *  New preprocessor alert (18:120) to detect SSH tunneling over HTTP

  *  New config option |disable_replace| to disable replace rule option.

  *  New Stream configuration |log_asymmetric_traffic| to control 
logging to syslog.

  *  New shell script in tools to create simple Lua detectors for AppID.

[*] Improvements
  *  sfip_t refactored to use struct in6_addr for all ip addresses.

  *  Post-detection callback for preprocessors.

  *  AppID support for multiple server/client detectors evaluating on 
same flow.

  *  AppID API for DNS packets.

  *  Memory optimizations throughout.

  *  Support sending UDP active responses.

  *  Fix perfmon tracking of pruned packets.

  *  Stability improvements for AppID.

  *  Stability improvements for Stream6 preprocessor.

  *  Added improved support to block malware in FTP preprocessor.

  *  Added support to differentiate between active and passive FTP 

  *  Improvements done in Stream6 preprocessor to avoid having duplicate 
packets in the DAQ retry queue.

  *  Resolved an issue where reputation config incorrectly displayed 
'blacklist' in priority field even though 'whitelist' option was configured.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs at ...2256...

Happy Snorting!
The Snort Release Team

More information about the Snort-devel mailing list