Snort 184.108.40.206 has been releasedPlease join us as we welcome SNORTⓇ 220.127.116.11 to the family!
Some release notes on this latest version:
- Parsing HTTP CONNECT to extract the tunnel IP and port information.
- Alerting and dechunking for chunked encoding in HTTP1.0 request and response.
- Fixed an issue where, if we have a junk line before HTTP response header, the header was wrongly parsed.
- Fixed GZIP evasions where an HTTP response with content-encoding:gzip contains a body that has a GZIP-related anomaly.
- Fixed an issue in certain scenarios where a BitTorrent pattern is seen only on the third packet of the session, causing us to miss our client detection.
- SMB improvements for file detection and processing.
We'd like to thank the following members of the Snort community for reporting issues and submitting code to the project:
- Anuj Patel
- David Binderman
- Stephan Zeisbarg
As always, we welcome feedback and community participation in Snort on the snort-users mailing list.