Thursday, August 10, 2017

2.9.11.0 beta has been released!

Join us as we welcome Snort 2.9.11.0 to the family, in beta form!


Right off the bat, you will notice that we are going from 2.9.9.0 to 2.9.11.0, skipping over 2.9.10.0. Just to clarify, 2.9.10.0 was an internal only release. We decided not to ship it to the public because timing of back to back 2.9.10 and 2.9.11 releases, and thought it would be better for the community to just release one instead of two. All 2.9.10 features and fixes are in 2.9.11, so you're not missing anything, just making it easier on the community.


We will be modifying the EOL slightly, as we are going to be keeping versions around a little longer. We aren't quite sure what this will look like yet, but rest assured we will be updating the blog when we do.


Here's some release notes:


  • New additions
    • Changes to eliminate Snort restart when there are changes to the memory allocated for preprocessors, by releasing unused or least recently used memory when needed.



  • Improvements
    • Enhanced RTSP metadata parsing to match the user-agent field to detect RTSP traffic over Windows Media.
    • Performance improvement when SYN rate limit has reached and drop is configured as next action
    • Control-socket and side-channel support for FreeBSD platform.
    • Fixed an issue where IoQ driver was getting into bad state due to non-graceful exit.
    • Fixed issue in file signature lookup for retransmitted FTP packet.
    • Enhanced the processing of SIP/RTP future flows without ignoring them.
    • Changes made in PDF/SWF decompression by adding boundary to the size of the decompressed data.
    • Added a null check to prevent copy unless debugHostIp is configured in AppId.
    • Fixed issue where FTP file type block doesn't work for retried download.
    • Resolved issue where Snort is inappropriately handling traffic for which AppId was creating future flow.
    • Performance improvements for SIP/RTP audio and video data flow in AppId.
    • Performance and stability improvements in FTP preprocessor like incorrect referencing of ftp_data_session after its pruned.
    • Stability improvement by resolving valgrind reported issues in AppId.
    • Improved flushing mechanism for HTTP POST header.



Check out Snort 2.9.11.0, available for download on our site.