[Snort-users] Snort 2.9.4 Now Available

Weir, Jason jason.weir at ...14916...
Tue Dec 4 13:16:07 EST 2012


It is Joel - much thanks for the quick turnaround..

-J

> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...]
> Sent: Tuesday, December 04, 2012 1:11 PM
> To: Weir, Jason
> Cc: snort-team at ...1935...; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort 2.9.4 Now Available
> 
> It should be there now.
> 
> On Dec 4, 2012, at 12:37 PM, "Weir, Jason" <jason.weir at ...14916...>
wrote:
> 
> > Thanks Joel - maybe part of the pre-release procedures then  ;)
> >
> > -J
> >
> >> -----Original Message-----
> >> From: Joel Esler [mailto:jesler at ...1935...]
> >> Sent: Tuesday, December 04, 2012 12:29 PM
> >> To: Weir, Jason
> >> Cc: snort-team at ...1935...; snort-users at lists.sourceforge.net
> >> Subject: Re: [Snort-users] Snort 2.9.4 Now Available
> >>
> >> It is.  It's just number 12 or so on my list
> >>
> >>
> >> On Dec 4, 2012, at 12:20 PM, "Weir, Jason" <jason.weir at ...14916...>
> > wrote:
> >>
> >>> Joel,
> >>>
> >>> Any idea when http://labs.snort.org/snort/2940/ will exist and be
> >>> populated?
> >>>
> >>> Might want to make this part of your build or release procedures
as
> > this
> >>> always seems to be an afterthought..
> >>>
> >>> Thanks,
> >>> Jason
> >>>
> >>>> -----Original Message-----
> >>>> From: Snort Releases [mailto:snortreleases at ...950...]
> >>>> Sent: Monday, December 03, 2012 3:11 PM
> >>>> To: snort-users at lists.sourceforge.net
> >>>> Subject: [Snort-users] Snort 2.9.4 Now Available
> >>>>
> >>>> Snort 2.9.4 is now available on snort.org, at
> >>>> http://www.snort.org/snort-downloads/ in the Latest Release
> > section.
> >>>>
> >>>> ************
> >>>> Please note:
> >>>> 2.9.3.1 & later packages are signed with a new PGP key
> >>>> (that key is signed with the previous key).
> >>>> ************
> >>>>
> >>>> Snort 2.9.4 includes changes for the following:
> >>>>
> >>>> [*] New additions
> >>>>
> >>>> * Consolidation of IPv6 -- now only a single build supports both
> >>>>   IPv4 & IPv6, and removal of the IPv4 "only" code paths.
> >>>>
> >>>> * File API and improvements to file processing for HTTP downloads
> >>>>   and email attachments via SMTP, POP, and IMAP to facilitate
> >>>>   broader file support
> >>>>
> >>>> * Use of address space ID for tracking Frag & Stream connections
> >>>>   when it is available with the DAQ
> >>>>
> >>>> * Logging of packet data that triggers PPM for post-analysis via
> >>>>   Snort event
> >>>>
> >>>> * Decoding of IPv6 with PPPoE
> >>>>
> >>>> * Added an API call to add a service to a host in the attribute
> >>> table.
> >>>>   Remove the unused live attribute update code.
> >>>>
> >>>> [*] Improvements
> >>>>
> >>>> * Update to Stream5 PAF for handling gaps in the sequence numbers
> > of
> >>>>   packets being reassembled.
> >>>>
> >>>> * Selection of the Stream TCP policy based on the server rather
> > than
> >>>>   the destination of first packet seen by Snort
> >>>>
> >>>> * Allow disabling of global thresholds via a count of -1
> >>>>
> >>>> * Prevent blocking duplicate SYNs when using inline normalization
> >>>>
> >>>> * Add SSLv3 backwards compatibility support for SSLv2 ClientHello
> >>>>   messages
> >>>>
> >>>> * Allow active responses to packets without data (eg, a TCP SYN)
> >>>>
> >>>> * Changed logic of option evaluations for shared library rules
> > that
> >>>>   use a custom evaluation function to match that of the builtin
> >>> logic
> >>>>   when the NOT_FLAG is used.  The 'NOT' matching now happens
> > within
> >>>>   each of the individual rule option evaluation functions.
> >>>>
> >>>> * Updated SMTP preprocessor to better handle commands that have
> >>>>   corresponding data on a subsequent line to reduce false
> > positives.
> >>>>   3 commands fall into this category - X-EXPS, XEXCH50, and BDAT.
> >>>>
> >>>> * Improve support for encapsulated & tunneling protocols to block
> > or
> >>>>   fastpath a connection within the tunnel rather applying that to
> >>>>   the whole tunnel.
> >>>>
> >>>> Please see the Release Notes and ChangeLog for more details.
> >>>>
> >>>> Please submit bugs, questions, and feedback to bugs at ...10585...
> >>>>
> >>>> Happy Snorting!
> >>>> The Snort Release Team





More information about the Snort-users mailing list