Snort 220.127.116.11 includes the following updates and improvements:
* Added new alerts for HTTP (undefined methods & HTTP 0.9 simple requests).
* Updates to the Stream preprocessor in TCP session tracking to avoid re-queuing retransmitted data that was already flushed. Also various tweaks for PAF flushing.
* Updates to the reputation preprocessor to handle shared memory switching.
* Updates to the SCADA preprocessors in their handling of PAF flushing and Modbus request/response length checking. Also tweaks in alerts for reserved DNP3 functions.
* Updates to flowbit groups to always use the group when some rules refer to a flow group while others do not refer to a group for the same flowbit.
* Updates to GTP preprocessor to check invalid extension header length for GTPv1.
* Updates to sfrt library, used in reputation preprocessor and target based configuration, when calculating memory allocated and support for IPv6.
It is now available at https://www.snort.org/downloads in the Latest Release section.