set (VERSION_MAJOR 3)
set (VERSION_MINOR 9)
-set (VERSION_PATCH 4)
+set (VERSION_PATCH 5)
set (VERSION_SUBLEVEL 0)
set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
+2025-09-03: 3.9.5.0
+
+* appid: first packet API fixes for using asd instead of odp
+* appid: fix multiple mdns issues
+* appid: move tls metadata handling into single place
+* codecs: override default encode for ciscometadata codec
+* control: fix heap-use-after-free in is_local
+* decompress: add unit test for vba decompression - infinite loops, divide-by-zero, integer overflow and out-of-bound
+* file_api: clear file meta group before setting it during reload
+* flow: clear flow ref in pkt on stale flow cleanup
+* helpers: add syscall to flush new data written by SigSafePrinter to disk
+* http_inspect: partial inspection for headers
+* http_inspect: publish OPPORTUNISTIC_TLS
+* imap: abort fallback functionality
+* mp_dbus: make MPDataBusModule stats thread safe
+* protocols: add sanity checks for tcp and ipv4 options to prevent out-of-buffer access
+* ssl: fix unit test for OpenSSL v3+
+* watchdog: replace watchdog command with atomic kicking from packet threads
+
2025-08-10: 3.9.3.0
* appid: accounting for tmp offset in RPC
The Snort Team
Revision History
-Revision 3.9.4.0 2025-08-12 10:56:17 EDT TST
+Revision 3.9.5.0 2025-09-03 21:10:35 EDT TST
---------------------------------------------------------------------
bytes to examine (-1 no limit) { -1:max53 }
* int http_inspect.response_depth = -1: maximum response message
body bytes to examine (-1 no limit) { -1:max53 }
+ * int http_inspect.partial_depth_header = 0: maximum request header
+ to send to early detection (0 disabled, -1 no limit) { -1:max53 }
* int http_inspect.partial_depth_body = 0: maximum request body to
send to early detection (0 disabled, -1 no limit) { -1:16384 }
* bool http_inspect.unzip = true: decompress gzip and deflate
URL directory { 1:65535 }
* int http_inspect.partial_depth_body = 0: maximum request body to
send to early detection (0 disabled, -1 no limit) { -1:16384 }
+ * int http_inspect.partial_depth_header = 0: maximum request header
+ to send to early detection (0 disabled, -1 no limit) { -1:max53 }
* bool http_inspect.percent_u = false: normalize %uNNNN and %UNNNN
encodings
* bool http_inspect.plus_to_space = true: replace + with <sp> when
The Snort Team
Revision History
-Revision 3.9.4.0 2025-08-12 10:57:24 EDT TST
+Revision 3.9.5.0 2025-09-03 21:11:29 EDT TST
---------------------------------------------------------------------
The Snort Team
Revision History
-Revision 3.9.4.0 2025-08-12 10:56:39 EDT TST
+Revision 3.9.5.0 2025-09-03 21:10:53 EDT TST
---------------------------------------------------------------------
This feature is off by default. script_detection = true will activate
it.
-5.10.3.4. partial_depth_body
-
-Partial depth detection is a feature that enables Snort to more
-quickly detect and block malicious requests. It is configured by the
-partial_depth_body parameter which can take values in the range
--1-16384 bytes. The feature is enabled by setting partial_depth_body
-to some non zero value. When the feature is enabled and either, the
-number of bytes received in the request body is below the value
-specified by partial_depth_body, or partial_depth_body is set to -1,
-unlimited; it immediately forwards the available part of the message
-body for early detection. This enables earlier threat detection but
-consumes somewhat more of the sensor’s resources.
+5.10.3.4. partial_depth_body and partial_depth_header
+
+Partial depth detection enables faster threat detection by
+immediately forwarding partial message data to the detection engine
+before the complete message arrives. This feature can be configured
+independently for HTTP request bodies (partial_depth_body) and
+headers (partial_depth_header).
+
+Configuration options:
+0 (default): Feature disabled
+-1 (unlimited): Enable for all partial messages regardless of size
+Positive value: Enable only when received bytes are below the specified threshold
+
+For HTTP request bodies only, the maximum configurable value is
+16,384 bytes. Use partial_depth_body = -1 when early detection is
+needed beyond this limit. HTTP headers have no such limitation.
This feature is turned off by default by setting partial_depth_body =
-0. To activate it, set partial_depth_body to the desired value.
+0 and partial_depth_header = 0. To activate it, set the corresponding
+parameter to the desired value.
5.10.3.5. gzip
projects / thirdparty / snort3.git / commitdiff
