Home page logo

snort logo Snort mailing list archives

Re: [Emerging-Sigs] Snort Now Available
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 09:33:04 -0400

Support for rules are current version minus one.

Once we move to a new "x.x" release, we aren't going to update the previous

We went to 2.9.0, which means that 2.8.* aren't going to get patches back

2.9.0 uses a different stream model than 2.8.*, so back porting the update
would be a monumental undertaking.


On Wed, Nov 3, 2010 at 9:25 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>wrote:

I guess I'm confused here ... I thought "support" for Snort was
current version and current version minus 1.  What you say says
"support" is current version and current version minus zero.  When did
this happen?

-L0rd C.

On Tue, Nov 2, 2010 at 5:34 PM, Steven Sturges
<steve.sturges () sourcefire com> wrote:
There was an issue in that HTTP inspect wasn't correctly handling
raw vs. stream reassembled packets when looking at HTTP response
data.  This fix is included in 2901 -- refer to ChangeLog (changes
to hi_client.c/hi_server.c).

As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x
is no longer supported.  When there is a new "3 digit" release no
further patches are made to the previous version of Snort.

On 11/1/2010 1:05 PM, L0rd Ch0de1m0rt wrote:
Hello. Does this release fix the issue where the HTTP pre-processor
wasn't properly examining reassembled data across fragmented packets?
(I don't know the exact cause of the bug - maybe it was the other way
around and Stream5 wasn't properly doing the reassebly.)  It was
announced that there would be a patch for that issue, just want to see
if this is it.  If so, when can we expect the patch be
released? is still supported, right?


-L0rd C.

On Mon, Nov 1, 2010 at 11:45 AM, Snort Releases <
snortreleases () snort org> wrote:
Snort is now available on snort.org, at

2.9.0 RC & later packages are signed with a new PGP key
(that is signed with the previous key).

Snort addresses the following:

 * Fixed maximum flowbits configuration parsing to specify the number
   of bits in accordance with the Snort manual, rather than number of
   bytes.  If you have 'config flowbits_size' in your snort.conf,
   double check that it has the correct setting.

 * Fixed a packet size issue with the IPQ and NFQ DAQs.

 * Fixed issue with Stream5 overlap limit processing.

 * Updated the version of LibPCRE bundled with the Windows installer.
   This update fixes a bug that caused some PCRE matches to fail
   on Windows.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to
snort-beta () sourcefire com 

Happy Snorting!
The Snort Release Team

Nokia and AT&T present the 2010 Calling All Innovators-North America
Create new apps & games for the Nokia N8 for consumers in  U.S. and
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi
Snort-devel mailing list
Snort-devel () lists sourceforge net

Emerging-sigs mailing list
Emerging-sigs () emergingthreats net

Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and

Joel Esler
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
Snort-devel mailing list
Snort-devel () lists sourceforge net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]