Snort 2.9.4 is now available on snort.org, at
https://www.snort.org/downloads in the Latest Release section.
************
Please note:
2.9.3.1 & later packages are signed with a new PGP key
(that key is signed with the previous key).
************
Snort 2.9.4 includes changes for the following:
[*] New additions
* Consolidation of IPv6 -- now only a single build supports both
IPv4 & IPv6, and removal of the IPv4 "only" code paths.
* File API and improvements to file processing for HTTP downloads
and email attachments via SMTP, POP, and IMAP to facilitate
broader file support
* Use of address space ID for tracking Frag & Stream connections
when it is available with the DAQ
* Logging of packet data that triggers PPM for post-analysis via
Snort event
* Decoding of IPv6 with PPPoE
* Added an API call to add a service to a host in the attribute table.
Remove the unused live attribute update code.
[*] Improvements
* Update to Stream5 PAF for handling gaps in the sequence numbers of
packets being reassembled.
* Selection of the Stream TCP policy based on the server rather than
the destination of first packet seen by Snort
* Allow disabling of global thresholds via a count of -1
* Prevent blocking duplicate SYNs when using inline normalization
* Add SSLv3 backwards compatibility support for SSLv2 ClientHello
messages
* Allow active responses to packets without data (eg, a TCP SYN)
* Changed logic of option evaluations for shared library rules that
use a custom evaluation function to match that of the builtin logic
when the NOT_FLAG is used. The 'NOT' matching now happens within
each of the individual rule option evaluation functions.
* Updated SMTP preprocessor to better handle commands that have
corresponding data on a subsequent line to reduce false positives.
3 commands fall into this category - X-EXPS, XEXCH50, and BDAT.
* Improve support for encapsulated & tunneling protocols to block or
fastpath a connection within the tunnel rather applying that to
the whole tunnel.
Please see the Release Notes and ChangeLog for more details.
Please submit bugs, questions, and feedback to bugs@snort.org.
Happy Snorting!
The Snort Release Team
