Pull request #4894: build: generate and tag 3.9.5.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.5.0 to master

Squashed commit of the following:

commit 53c1e55430e2903cd0b7ff0f43b66209d183ddb7
Author: Priyanka Gurudev <prbg@cisco.com>
Date:   Wed Sep 3 21:40:01 2025 -0400

    build: generate and tag 3.9.5.0

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 54d7c2d5392bc14d8310699866fac885e58daf50..1eb67a0c50913ff7fbda8f46b5372e7b4a16a98a 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ project (snort CXX C)
 
 set (VERSION_MAJOR 3)
 set (VERSION_MINOR 9)
 
 set (VERSION_MAJOR 3)
 set (VERSION_MINOR 9)

-set (VERSION_PATCH 4)
+set (VERSION_PATCH 5)

 set (VERSION_SUBLEVEL 0)
 set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
 
 set (VERSION_SUBLEVEL 0)
 set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
 

diff --git a/ChangeLog.md b/ChangeLog.md
index 32e01ecb739e8b5c9fdeaa9b1897b76c95d41859..0579a0bbc28841782b53889447aa4a638d3fe62c 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,22 @@
+2025-09-03: 3.9.5.0
+
+* appid: first packet API fixes for using asd instead of odp
+* appid: fix multiple mdns issues
+* appid: move tls metadata handling into single place
+* codecs: override default encode for ciscometadata codec
+* control: fix heap-use-after-free in is_local
+* decompress: add unit test for vba decompression - infinite loops, divide-by-zero, integer overflow and out-of-bound
+* file_api: clear file meta group before setting it during reload
+* flow: clear flow ref in pkt on stale flow cleanup
+* helpers: add syscall to flush new data written by SigSafePrinter to disk
+* http_inspect: partial inspection for headers
+* http_inspect: publish OPPORTUNISTIC_TLS
+* imap: abort fallback functionality
+* mp_dbus: make MPDataBusModule stats thread safe
+* protocols: add sanity checks for tcp and ipv4 options to prevent out-of-buffer access
+* ssl: fix unit test for OpenSSL v3+
+* watchdog: replace watchdog command with atomic kicking from packet threads
+

 2025-08-10: 3.9.3.0
 
 * appid: accounting for tmp offset in RPC
 2025-08-10: 3.9.3.0
 
 * appid: accounting for tmp offset in RPC

diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text
index 122cb23dc0e25cae115e77f13299de72e22c340b..5c5f850ab640da891e60ebeac5dd44e06be628ec 100644 (file)
--- a/doc/reference/snort_reference.text
+++ b/doc/reference/snort_reference.text
@@ -8,7 +8,7 @@ Snort 3 Reference Manual
 The Snort Team
 
 Revision History
 The Snort Team
 
 Revision History

-Revision 3.9.4.0 2025-08-12 10:56:17 EDT TST
+Revision 3.9.5.0 2025-09-03 21:10:35 EDT TST

 
 ---------------------------------------------------------------------
 
 
 ---------------------------------------------------------------------
 


@@ -4081,6 +4081,8 @@ Configuration:
     bytes to examine (-1 no limit) { -1:max53 }
   * int http_inspect.response_depth = -1: maximum response message
     body bytes to examine (-1 no limit) { -1:max53 }
     bytes to examine (-1 no limit) { -1:max53 }
   * int http_inspect.response_depth = -1: maximum response message
     body bytes to examine (-1 no limit) { -1:max53 }

+  * int http_inspect.partial_depth_header = 0: maximum request header
+    to send to early detection (0 disabled, -1 no limit) { -1:max53 }

   * int http_inspect.partial_depth_body = 0: maximum request body to
     send to early detection (0 disabled, -1 no limit) { -1:16384 }
   * bool http_inspect.unzip = true: decompress gzip and deflate
   * int http_inspect.partial_depth_body = 0: maximum request body to
     send to early detection (0 disabled, -1 no limit) { -1:16384 }
   * bool http_inspect.unzip = true: decompress gzip and deflate


@@ -10270,6 +10272,8 @@ libraries see the Getting Started section of the manual.
     URL directory { 1:65535 }
   * int http_inspect.partial_depth_body = 0: maximum request body to
     send to early detection (0 disabled, -1 no limit) { -1:16384 }
     URL directory { 1:65535 }
   * int http_inspect.partial_depth_body = 0: maximum request body to
     send to early detection (0 disabled, -1 no limit) { -1:16384 }

+  * int http_inspect.partial_depth_header = 0: maximum request header
+    to send to early detection (0 disabled, -1 no limit) { -1:max53 }

   * bool http_inspect.percent_u = false: normalize %uNNNN and %UNNNN
     encodings
   * bool http_inspect.plus_to_space = true: replace + with <sp> when
   * bool http_inspect.percent_u = false: normalize %uNNNN and %UNNNN
     encodings
   * bool http_inspect.plus_to_space = true: replace + with <sp> when

diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text
index 3831f98e1fc868cc886925017e3750e1cd338ed5..b36a7487f68e06725d666d6e6030f8cd5131f47e 100644 (file)
--- a/doc/upgrade/snort_upgrade.text
+++ b/doc/upgrade/snort_upgrade.text
@@ -8,7 +8,7 @@ Snort 3 Upgrade Manual
 The Snort Team
 
 Revision History
 The Snort Team
 
 Revision History

-Revision 3.9.4.0 2025-08-12 10:57:24 EDT TST
+Revision 3.9.5.0 2025-09-03 21:11:29 EDT TST

 
 ---------------------------------------------------------------------
 
 
 ---------------------------------------------------------------------
 

diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text
index 1ff0c2379fe943c3e9c3096af7999a4766c6e848..500c554b7f155b96480d4322065c38ea70870cb1 100644 (file)
--- a/doc/user/snort_user.text
+++ b/doc/user/snort_user.text
@@ -8,7 +8,7 @@ Snort 3 User Manual
 The Snort Team
 
 Revision History
 The Snort Team
 
 Revision History

-Revision 3.9.4.0 2025-08-12 10:56:39 EDT TST
+Revision 3.9.5.0 2025-09-03 21:10:53 EDT TST

 
 ---------------------------------------------------------------------
 
 
 ---------------------------------------------------------------------
 


@@ -4094,21 +4094,26 @@ consumes somewhat more of the sensor’s resources.
 This feature is off by default. script_detection = true will activate
 it.
 
 This feature is off by default. script_detection = true will activate
 it.
 

-5.10.3.4. partial_depth_body
-
-Partial depth detection is a feature that enables Snort to more
-quickly detect and block malicious requests. It is configured by the
-partial_depth_body parameter which can take values in the range
--1-16384 bytes. The feature is enabled by setting partial_depth_body
-to some non zero value. When the feature is enabled and either, the
-number of bytes received in the request body is below the value
-specified by partial_depth_body, or partial_depth_body is set to -1,
-unlimited; it immediately forwards the available part of the message
-body for early detection. This enables earlier threat detection but
-consumes somewhat more of the sensor’s resources.
+5.10.3.4. partial_depth_body and partial_depth_header
+
+Partial depth detection enables faster threat detection by
+immediately forwarding partial message data to the detection engine
+before the complete message arrives. This feature can be configured
+independently for HTTP request bodies (partial_depth_body) and
+headers (partial_depth_header).
+
+Configuration options:
+0 (default):    Feature disabled
+-1 (unlimited): Enable for all partial messages regardless of size
+Positive value: Enable only when received bytes are below the specified threshold
+
+For HTTP request bodies only, the maximum configurable value is
+16,384 bytes. Use partial_depth_body = -1 when early detection is
+needed beyond this limit. HTTP headers have no such limitation.

 
 This feature is turned off by default by setting partial_depth_body =
 
 This feature is turned off by default by setting partial_depth_body =

-0. To activate it, set partial_depth_body to the desired value.
+0 and partial_depth_header = 0. To activate it, set the corresponding
+parameter to the desired value.

 
 5.10.3.5. gzip
 
 
 5.10.3.5. gzip