Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available

[Joel Esler <jesler () sourcefire com>]

Support for rules are current version minus one.

Once we move to a new "x.x" release, we aren't going to update the previous
version.

We went to 2.9.0, which means that 2.8.* aren't going to get patches back
ported.

2.9.0 uses a different stream model than 2.8.*, so back porting the update
would be a monumental undertaking.

J

On Wed, Nov 3, 2010 at 9:25 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>wrote:

> I guess I'm confused here ... I thought "support" for Snort was
> current version and current version minus 1.  What you say says
> "support" is current version and current version minus zero.  When did
> this happen?
>
> -L0rd C.
>
> On Tue, Nov 2, 2010 at 5:34 PM, Steven Sturges
> <steve.sturges () sourcefire com> wrote:
> > There was an issue in that HTTP inspect wasn't correctly handling
> > raw vs. stream reassembled packets when looking at HTTP response
> > data.  This fix is included in 2901 -- refer to ChangeLog (changes
> > to hi_client.c/hi_server.c).
> >
> > As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x
> > is no longer supported.  When there is a new "3 digit" release no
> > further patches are made to the previous version of Snort.
> >
> > On 11/1/2010 1:05 PM, L0rd Ch0de1m0rt wrote:
> > > Hello. Does this release fix the issue where the HTTP pre-processor
> > > wasn't properly examining reassembled data across fragmented packets?
> > > (I don't know the exact cause of the bug - maybe it was the other way
> > > around and Stream5 wasn't properly doing the reassebly.)  It was
> > > announced that there would be a patch for that issue, just want to see
> > > if this is it.  If so, when can we expect the 2.8.6.1 patch be
> > > released?  2.8.6.1 is still supported, right?
> > >
> > > Thanks!
> > >
> > > -L0rd C.
> > >
> > > On Mon, Nov 1, 2010 at 11:45 AM, Snort Releases <
> snortreleases () snort org> wrote:
> > > > Snort 2.9.0.1 is now available on snort.org, at
> > > > http://www.snort.org/snort-downloads/.
> > > >
> > > > 2.9.0 RC & later packages are signed with a new PGP key
> > > > (that is signed with the previous key).
> > > >
> > > > Snort 2.9.0.1 addresses the following:
> > > >
> > > >  * Fixed maximum flowbits configuration parsing to specify the number
> > > >    of bits in accordance with the Snort manual, rather than number of
> > > >    bytes.  If you have 'config flowbits_size' in your snort.conf,
> > > >    double check that it has the correct setting.
> > > >
> > > >  * Fixed a packet size issue with the IPQ and NFQ DAQs.
> > > >
> > > >  * Fixed issue with Stream5 overlap limit processing.
> > > >
> > > >  * Updated the version of LibPCRE bundled with the Windows installer.
> > > >    This update fixes a bug that caused some PCRE matches to fail
> > > >    on Windows.
> > > >
> > > > Please see the Release Notes and ChangeLog for more details.
> > > >
> > > > Please submit bugs, questions, and feedback to
> snort-beta () sourcefire com.
> > > > Happy Snorting!
> > > > The Snort Release Team
> ------------------------------------------------------------------------------
> > > > Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> > > > Create new apps & games for the Nokia N8 for consumers in  U.S. and
> Canada
> > > > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> > > > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi
> Store
> > > > http://p.sf.net/sfu/nokia-dev2dev
> > > > _______________________________________________
> > > > Snort-devel mailing list
> > > > Snort-devel () lists sourceforge net
> > > > https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and
> Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html



-- 
Joel Esler
302-223-5974

------------------------------------------------------------------------------
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
http://p.sf.net/sfu/hpdev2dev-nov

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel