Wednesday, July 16, 2014

Snort 2.9.6.2 is now available!

Snort 2.9.6.2 is now available on Snort.org at https://www.snort.org/downloads!

Snort 2.9.6.2 includes changes for the for the following:

[*] New additions
* Added the ability to specify additional custom 'x-forwarder-for' http field names.
A new http inspection configuration element is used to specify a set of
field names and their respective precedence order.

* Added cache flow timeout for IP.

[*] Improvements
* Fixed handling of ICMPv6 traffic.

* Fixed inline stream reassembly during file processing.

* Addressed race condition issue with Perfmon stats file rollover.

See the Release Notes and ChangeLog for more details!

Please submit bugs, questions, and feedback to bugs@snort.org

Happy Snorting!
The Snort Release Team

4 comments:

  1. I have been trying to download the source code for 2.9.6.2 but I get what looks like the same issue that occurred with the ruleset downloads last week.

    "ERROR: cannot verify www.snort.org's certificate, [...]
    Self-signed certificate encountered"

    The website itself works fine, the problem only appears when trying to download using wget from the command prompt.

    ReplyDelete
    Replies
    1. We'll look into the issue, in the meantime, you can pass wget --no-check-certificate.

      Delete
    2. Any update on the wget / "Self-signed certificate encountered" issue? CentOS 5, wget 1.11.4. Also, just built wget 12.1, same error..

      Delete
    3. It turns out there are two issues here:

      1) The wget version we use (wget-1.11.4-3.el5_8.2.x86_64.rpm) )does not correctly use the Certificate's Subject Alternative Names (www.snort.org vs snort.org). This is fixed in wget-1.12-1.11.x86_64.rpm from CentOS. I built it from source.
      2) The CA cert bundle we are using does not recognize the root CA of snort's new cert. This worked for me:

      http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/

      Delete