Thursday, June 23, 2016

Snort++ Build 201 Available Now

Snort++ build 201 is now available on snort.org.  This is the latest monthly update available for download.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Enhancements:

  • add configure --enable-hardened-build
  • add configure --pie (position independent executable)
  • add new_http_inspect alert for loss of sync
  • add peg counts for new_http_inspect
  • add peg counts for sd_pattern
  • add file_log inspector to log file events
  • add filename support to file daq
  • update file processing configuration
  • add high availability support for udp and icmp
  • add support for safe C library
  • add new http_inspect alerts abusive content-length and transfer-encodings
  • add \b matching to sensitive data
  • add obfuscation for sensitive data
  • add support for unprivileged operation
  • convert legacy allocations to memory manager for better memory profiling
  • add double-decoding to new_http_inspect
  • add obfuscation support for cmg and unified2
Bug Fixes:
  • various snort2lua updates and fixes
  • fix default prime tables for internal hash functions
  • fix new_http_inspect bounds issues
  • miscellaneous cmake and auto tools build fixes
  • add / update unit tests
  • fix additional memory leaks
  • fix compiler warnings
  • fix static analysis issues
  • fix handling of bpf file failures
  • fix link with dynamic DAQ
  • fix multi-DAQ instance configuration
  • prevent profiler double counting on recursion
Other Changes:
  • initial appid port - in progress
  • continued porting of dce_rpc - smb transaction processing
  • openssl is now a mandatory dependency
  • DAQ 2.1 has many updates - see the ChangeLog for details
Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team