Tuesday, March 27, 2012

Snort 2.9.2.2 has been released!

Snort 2.9.2.2 is now available on snort.org, at https://www.snort.org/downloads in the Latest Release section.

2.9.0 RC & later packages are signed with a new PGP key (that is signed with the previous key).

Snort 2.9.2.2 includes changes for the following:

* Updates to HTTP Inspect to handle normalization with large number of directories, eliminate false positives when chunks span multiple packets, and remove the upper limit on the gzip memcap.

* Update stream handling for TCP session cleanup with RSTs and other TCP state tracking.

* Update for active responses to fragmented IPv6 traffic and to the react page configuration.

* Updates to SIP preprocessor to limit false positives.

* Update for correct logging in unified2 when interface is passive.

* Add stats for SMTP preprocessor at termination.

* State tracking improvements to SMB processing in the dcerpc2 preprocessor when missing packets on a session.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.