[Snort-devel] Snort++ build 217 is now available on snort.org!

Snort Releases snortreleases at ...835...
Mon Oct 31 13:35:37 EDT 2016

Snort++ build 217 is now available on snort.org!  This is the latest monthly
update available for download.  You can also get the latest updates from 
(snortadmin/snort3) which is updated weekly.

DAQ Changes:

* updated DAQ - you *must* use DAQ 2.2.1
* build: remove lingering libDAQ #ifdefs
* expected: push expected flow information through the DAQ module
* add libDAQ version to snort -V output


* add inspector events from http_inspect to appid
* add build configuration for thread sanitizer
* added module trace facility
* add support http file upload processing and process decode/detection 
* add rev to rule latency logs

* port dce_udp fragments
* port block malware over ftp for clients/servers that support REST command
* port dce_udp packet processing
* port sip changes to avoid using NAT ip when calculating callid
* port dce_udp autodetect and session creation
* update appid to 2983

Bug Fixes:

* fix appid error messages
* fix flow reinitialization after expiration
* fix release of blocked flow
* fix 129:16 false positive
* fix various unit test leaks
* fix -Wmaybe-uninitialized issues
* fix related to appid name with space and SSL position
* fix various appid patterns and counts
* fix fast pattern selection
* fix file hash pruning issue
* fix rate_filter action config and apply_to clean up
* fix static analysis issues
* fix analyzer/pig race condition
* fix explicit obfuscation disable not working
* fix ftp_data: Gracefully handle cleared flow data
* fix LuaJIT rule option memory leak of plugin name
* fix various appid issues - initial port is nearing completion
* fix http_inspect event 119:66
* fix ac_full initialization performance
* fix stream_tcp left overlap on hpux, solaris
* fix/remove 129:5 ("bad segment") events
* file_mempool: fix initializing total pool size
* fix bpf includes
* fix builds for OpenSolaris

Other Changes:

* build: clean up some ICC warnings
* change search_engine.debug_print_fast_pattern to show_fast_patterns
* overhaul appid for multiple threads, memory leaks, and coding style
* expected: expected cache revamp and related bugfixes
* ftp_data: add expected data consumption to set service name and fix bugs
* defaults: update FTP default config based on Snort2's hardcoded one
* rename default_snort_manual.* to snort_manual.*
* build docs only by explicit target (make html|pdf|text)
* update default manuals to build 213
* tolerate more spaces in ip lists
* change default latency actions to none
* deleted non-functional extra decoder for i4l_rawip

Please submit bugs, questions, and feedback to bugs at ...835... or the
Snort-Users mailing list.

Happy Snorting!
The Snort Release Team

More information about the Snort-devel mailing list