set (VERSION_MAJOR 3)
set (VERSION_MINOR 10)
-set (VERSION_PATCH 0)
+set (VERSION_PATCH 1)
set (VERSION_SUBLEVEL 0)
set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
+2026-01-11: 3.10.1.0
+
+* alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix
+* alert_json: add support for logging appid, thanks to ssam18 on GitHub for suggesting this change
+* appid: add check to avoid setting brute force state for pending sessions that are pruned
+* appid: allow out-of-order packet inspection in third-party engine
+* appid: check for Lua table errors during initialization and cleanup
+* appid: enable out-of-order inspection by default
+* appid: fix client process regex mapping logic
+* appid: fix eve process handler event debug logging
+* appid: fix setting global ssh ignore flag
+* appid: fix size check in TFTP service detector
+* appid: mDNS TXT records parsing and deviceinfo event generation
+* appid: prevent multiple out-of-bounds reads in ssl
+* build: address compilation warnings
+* build: fix Coverity warnings in related components
+* cmake: fix pkg-config path for libdir, thanks to brianmcgillion on GitHub for submitting a similar fix
+* decoder: adding encode function for TransbridgeCodec
+* dns: add fix infinite recursion vulnerability
+* file: use new EVP functions rather than deprecated SHA functions
+* flow: add logs to show different ways a flow can fail to create
+* ftp_telnet: fix coverity errors and improve cmd_len configurability
+* ftp_telnet: fix ftp_cmd_pipe_index handling
+* ftp_telnet: Handle malformed traffic in ftp to generate alert
+* hash: update hashes to use new EVP functions, thanks to
+* http_inspect: add urlencoded to content-type list
+* http_inspect: fix coverity error
+* iec104: fix IEC 104 SQ0 bounds checks by removing duplicate asdu_size_map entries and using IO_GROUP sizes, preventing out-of-bounds reads
+* iec104: validate Type I length to prevent ASDU out-of-bounds read
+* ips_options: fix cursor position for byte_extract
+* ips_options: reset PCRE rule counts on new configuration loaded
+* main: update dioctl daqSnort latency common change
+* mime: add unit tests for data fitting memory limit
+* mime: add unit tests for data over memory limit
+* mime: add unit tests for file logging
+* mime: fix mime boundary parsing
+* mime: ignore field collection if not configured
+* mime: implement content parsing of multipart/form_data
+* mime: improve form-data collection for incomplete boundaries
+* mime: leave room for null-character in case of size limit hit
+* mime: remove unused forward-declaration
+* mime: rename class field to comply with the style
+* mime: return error code if cannot add headers for logging
+* pub_sub: add is_urlencoded method
+* sip: fix out-of-bounds reads in sip_parse_sdp_m
+* smb,dlp: update filename,filesize of FileInfo handling to enable dlp evaluation for repeated txns
+* smtp: usage of config cmds
+* snort2lua: fix failure in converting patterns containing commas
+* snort_ml: enable client body scanning by default
+* snort_ml: scan multipart form data
+* ssl: free certificate data if certificate length is 0
+* ssl: tls client hello check out of bounds fix
+* unified2: use proper API for obtaining VLAN ID from packet
+
2025-11-24: 3.10.0.0
* appid: ftp parsing bounds check
#]=======================================================================]
find_package(PkgConfig)
-pkg_check_modules(PC_DAQ libdaq>=3.0.23)
+pkg_check_modules(PC_DAQ libdaq>=3.0.24)
# Use DAQ_INCLUDE_DIR_HINT and DAQ_LIBRARIES_DIR_HINT from configure_cmake.sh as primary hints
# and then package config information after that.
The Snort Team
Revision History
-Revision 3.10.0.0 2025-11-24 15:32:19 EST TST
+Revision 3.10.1.0 2026-01-11 17:51:32 EST TST
---------------------------------------------------------------------
* int snort_ml.uri_depth = -1: number of input HTTP URI bytes to
scan (-1 unlimited) { -1:max31 }
- * int snort_ml.client_body_depth = 0: number of input HTTP client
+ * int snort_ml.client_body_depth = -1: number of input HTTP client
body bytes to scan (-1 unlimited) { -1:max31 }
* real snort_ml.http_param_threshold = 0.95: alert threshold for
http_param_model { 0:1 }
to EOF (sum)
* stream.excess_to_allowlist: number of flows moved to the
allowlist due to excess (sum)
+ * stream.no_flow_no_proto_handler: packets without flow: no
+ protocol handler registered (sum)
+ * stream.no_flow_retry_packet: packets without flow: retry packet
+ dropped (sum)
+ * stream.no_flow_tcp_rst: packets without flow: TCP RST packet
+ (sum)
+ * stream.no_flow_unwanted: packets without flow: flow not wanted
+ (sum)
+ * stream.no_flow_midstream_reject: packets without flow: midstream
+ rejected (sum)
+ * stream.no_flow_alloc_failure: packets without flow: flow
+ allocation failed (sum)
+ * stream.no_flow_pkt_type_none: packets without flow: packet type
+ is NONE (sum)
+ * stream.no_flow_no_inspector: packets without flow: no flow
+ tracking inspector configured (sum)
+ * stream.no_flow_paf_no_flow: packets without flow: PAF payload but
+ no flow exists (sum)
* stream.allowlist_flows: number of flows moved to the allowlist
(now)
* stream.current_flows: current number of flows in cache (now)
stdout
* multi alert_json.fields = timestamp pkt_num proto pkt_gen pkt_len
dir src_ap dst_ap rule action: selected fields will be output in
- given order left to right { action | class | b64_data |
+ given order left to right { action | app_id | class | b64_data |
client_bytes | client_pkts | dir | dst_addr | dst_ap | dst_port |
eth_dst | eth_len | eth_src | eth_type | flowstart_time |
geneve_vni | gid | icmp_code | icmp_id | icmp_seq | icmp_type |
(0 is unlimited) { 0:maxSZ }
* multi alert_json.fields = timestamp pkt_num proto pkt_gen pkt_len
dir src_ap dst_ap rule action: selected fields will be output in
- given order left to right { action | class | b64_data |
+ given order left to right { action | app_id | class | b64_data |
client_bytes | client_pkts | dir | dst_addr | dst_ap | dst_port |
eth_dst | eth_len | eth_src | eth_type | flowstart_time |
geneve_vni | gid | icmp_code | icmp_id | icmp_seq | icmp_type |
engines
* string snort.--metadata-filter: <filter> load only rules
containing filter string in metadata if set
- * int snort_ml.client_body_depth = 0: number of input HTTP client
+ * int snort_ml.client_body_depth = -1: number of input HTTP client
body bytes to scan (-1 unlimited) { -1:max31 }
* int snort_ml_engine.cache_memcap = 0: maximum memory for verdict
cache in bytes, 0 = disabled { 0:maxSZ }
* stream_ip.trackers_completed: datagram trackers completed (sum)
* stream_ip.trackers_freed: datagram trackers released (sum)
* stream.memcap_prunes: sessions pruned due to memcap (sum)
+ * stream.no_flow_alloc_failure: packets without flow: flow
+ allocation failed (sum)
+ * stream.no_flow_midstream_reject: packets without flow: midstream
+ rejected (sum)
+ * stream.no_flow_no_inspector: packets without flow: no flow
+ tracking inspector configured (sum)
+ * stream.no_flow_no_proto_handler: packets without flow: no
+ protocol handler registered (sum)
+ * stream.no_flow_paf_no_flow: packets without flow: PAF payload but
+ no flow exists (sum)
+ * stream.no_flow_pkt_type_none: packets without flow: packet type
+ is NONE (sum)
+ * stream.no_flow_retry_packet: packets without flow: retry packet
+ dropped (sum)
+ * stream.no_flow_tcp_rst: packets without flow: TCP RST packet
+ (sum)
+ * stream.no_flow_unwanted: packets without flow: flow not wanted
+ (sum)
* stream.pdu_eof_prunes: number of PDU flows pruned due to EOF
(sum)
* stream.pdu_memcap_prunes: number of PDU flows pruned due to
The Snort Team
Revision History
-Revision 3.10.0.0 2025-11-24 15:33:13 EST TST
+Revision 3.10.1.0 2026-01-11 17:52:25 EST TST
---------------------------------------------------------------------
The Snort Team
Revision History
-Revision 3.10.0.0 2025-11-24 15:32:37 EST TST
+Revision 3.10.1.0 2026-01-11 17:51:49 EST TST
---------------------------------------------------------------------
projects / thirdparty / snort3.git / commitdiff
