Thursday, October 6, 2011

Snort Release Notes

As mentioned on Twitter yesterday, we will be releasing Snort today.  I'll have an additional post when it is released along with the accompanying VRT rule release.

In the meantime here are the release notes:

2011-10-05 - Snort
[*] New Additions
  * Added the ability to use shared memory (linux only) for the
    experimental IP reputation preprocessor. See README.reputation for details.

  * Added a Unix control socket (linux only), used to issue commands to
    running Snort processes. Currently, it is only used by the IP
    Reputation preprocessor for communication regarding the shared memory.
    See the Snort Manual and the tools/control directory for more details.

[*] Improvements
  * Improved HTTP Inspect and rule processing for both raw compress
    and zlib deflated data. Expanded coverage of normalization for
    Unicode encoded data.

  * Updated HTTP Inspect PAF support to better handle HTTP 1.1 responses.