[Snort-devel] Snort 2.9.11.0 has been released!

Snort Releases snortreleases at snort.org
Wed Oct 11 12:28:29 EDT 2017


Please join the Snort team as we welcome the addition of Snort 2.9.11.0 
to general availability!

Snort 2.9.11.0 can be downloaded from the usual location on Snort.org 
<https://www.snort.org/downloads>.

Below are the release notes:


Snort 2.9.11
[*] New additions


Changes to eliminate Snort restart when there are changes to the memory 
allocated for preprocessors, by releasing unused or least recently used 
memory when needed.
Added support for storing filenames in Unicode for SMB protocol.
Added implementation of hostPortCache versioning for unknown flows in 
AppID to detect and block BitTorrent.


[*] Improvements


Enhanced RTSP metadata parsing to match the user-agent field to detect 
RTSP traffic over Windows Media.
Performance improvement when SYN rate limit has reached and drop is 
configured as next action
Control-socket and side-channel support for FreeBSD platform.
Fixed issue in file signature lookup for retransmitted FTP packet.
Enhanced the processing of SIP/RTP future flows without ignoring them.
Changes made in PDF/SWF decompression by adding boundary to the size of 
the decompressed data.
Added a null check to prevent copy unless debugHostIp is configured in 
AppId.
Fixed issue where FTP file type block doesn't work for retried download.
Resolved issue where Snort is inappropriately handling traffic for which 
AppId was creating future flow.
Performance improvements for SIP/RTP audio and video data flow in AppId.
Performance and stability improvements in FTP preprocessor like 
incorrect referencing of ftp_data_session after its pruned.
Stability improvement by resolving valgrind reported issues in AppId.
Improved flushing mechanism for HTTP POST header.
Added changes to display AppId for IPv6 unified events.
Fixed issues with printing of messages for out-of-order packets.
Fixed issue in increment of detection filter counter when rule is used 
in multiple configurations.
Fixed dynamic preprocessor compilation failure in OpenBSD platform.
Added changes to improve performance of ipvar list comparison.
Enhanced SMTP client detection by allowing line folding and all 
authentication methods.

As always, join the conversation over on the Snort-Users list 
<https://www.snort.org/community> for any installation or upgrade 
assistance!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20171011/5084c4ac/attachment.html>


More information about the Snort-devel mailing list