[Snort-users] [Snort-sigs] [Snort-devel] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword

Joel Esler (jesler) jesler at ...589...
Mon Dec 9 17:22:25 EST 2013


On Dec 9, 2013, at 5:06 PM, lists at ...14939...<mailto:lists at ...14939...> wrote:

On 12/09/2013 01:09 PM, Joel Esler (jesler) wrote:
2.9.4.1 is EOL.  2.9.4.6 is the last version supported in the 2.9.4.x tree.

Sounds reasonable, the world moves forward and previous deficiencies are
corrected in newly released versions.  Ch0de, backport a patch to 2.9.4.1 and
I'm certain many embedded device owners will be happy if you build the binaries
for 'em too (eps military ones).  Otherwise there has been some significant
oversight in product selection and deployment that isn't solely shouldered by
Cisco/Sourcefire/Snort.

Yes.  We don’t back port patches, from patch versions to previous patch versions.  That’s the point of a patch version. :)  In fact we generally don’t back port patches at all, we have patch versions, otherwise we’ll have versions of Snort out there with this patch in it and this other one but not this third patch.  We do things this way so we can understand when a customer is at version “x.x.x.x”, they have a particular set of functionality.  Furthermore when we speak of “supported version” we’re speaking of rules support.

The developers really only work on the next version.  They aren’t working on 2.9.5.6 anymore (since it’s been published), they are working on 2.9.6.0, so if you file a bug against 2.9.5.6 and we fix it, it’ll be fixed in 2.9.6.0, unless it’s critical enough to warrant a 2.9.5.7 version.  We make that call during development.

We have beta’ed 2.9.6.0, which means, upon release of 2.9.6.0, 2.9.4.6 will have 90 days of rules support.  This EOL cycle is not expected to change under Cisco for the time being.

--
Joel Esler
AEGIS Intelligence Lead
OpenSource Manager
Vulnerability Research Team


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131209/b2f1deb9/attachment.html>


More information about the Snort-users mailing list