[Snort-users] snort-1.9.0 is released!

twig les twigles at ...131...
Fri Oct 4 11:11:02 EDT 2002


I'm not ready to upgrade immediately (happily snorting
with 1.8.7 in a production environment).  How long
will the 1.8.x signatures be maintained?

--- Chris Green <cmg at ...1935...> wrote:
> The Snort team is proud to announce the availability
> of version 1.9.0
> of Snort available for download at
> http://www.snort.org
> 
> http://www.snort.org/dl/snort-1.9.0.tar.gz
> http://www.snort.org/dl/snort-1.9.0.tar.gz.asc (gpg)
> 
> This release is the culmination of lots of bug
> fixing and
> new features from many developers including
> 
> Roman Danyliw, Glenn Mansfield Keeni, Abe Katsuhisa,
> Marty Roesch,
> Brian Caswell, Andrew Baker, Jed Haile, Jason
> Larsen, Dragos, Dan
> Roelker, Marc Norton, Chris Reid, Jeff Nathan, Phil
> Wood, Dave
> Goldsmith, Andreas Ostling (to whom I own : above
> the O), Andrew
> Hintz, everyone who submits bug reports and tests
> and submits
> signatures or signature descriptions.
> 
> A list of major changes include:
> 
> - reorganized code tree ( finally declared stable )
> - portscan2 / conversation introduction
> - picking up state on sessions is more forgiving of
> odder flag
>   combinations throughout snort as a whole
> - the flow keyword to indicate "from_server" or
> "to_server"
> - snortdb schema 1.06
> - perf stats
> - flexresp fixes so that it's on the OTN instead of
> the RTN
> - icmp formatting fixes
> - telnet negotiation handles the telnet EAC
> character
> - URI related bug fixed where a HTTP rule would
> alert on bogus traffic
>   ( thanks to qru for test case )
> - works with net-snmp
> - Stream4 supports asynchronous_link's ( great if
> you have to do IDS
>   without being able to combine both sides of an
> ethernet tap or split
>   routing )
> - the decoder creates alerts for packets it doesn't
> understand ( save
>   this and submit them as BUGS or events )
>    config disable_decode_alerts to disable this
> feature
> - LOTS of new rules
> 
>   flags: A+ is not how we will ever mark a session
> as "established"
>          ever again.
> - dsize check gains min<>max range support
> - checksum functions inlined and obscure endianess
> related bug
> 
> Release Notes:
> 
> - Only libnet 1.0 supported for flexresp
> - HP-UX is not a supported platform. 
> 
> Thanks for your patience and support. The SNORT_1_9
> branch of CVS is
> now marked as the stable branch for bug fixing and
> minor features
> only.
> 
> The HEAD branch is where development will commence. 
> Please note this
> as people who have deemed the beta';s of 1.9 good
> enough for
> production use that the place you need to track has
> changed.
> 
> The command to grab a new copy via from is:
> 
> cvs
>
-d:pserver:anonymous at cvs.snort.sourceforge.net:/cvsroot/snort
> \
>    co -r SNORT_1_9 -d snort-1.9  snort
> 
> -- 
> Chris Green <cmg at ...1935...>
> Eschew obfuscation.
> 

> ATTACHMENT part 2 application/pgp-signature 



=====
-----------------------------------------------------------
Heavy metal made me do it.                        
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com




More information about the Snort-users mailing list