set (VERSION_MAJOR 3)
set (VERSION_MINOR 1)
-set (VERSION_PATCH 45)
+set (VERSION_PATCH 46)
set (VERSION_SUBLEVEL 0)
set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
+2022-11-04: 3.1.46.0
+
+* appid: check for empty patterns in lua detector api input
+* appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete
+* detection: add config option for SSE
+* detection: skip a rule variable copy for a single-branched node
+* doc: add information about handling multiple detection in SSE
+* doc: specified which packages are sent on rejection
+* helpers: fix duplicate scratch_handler
+* http_inspect: add override to destructor
+* http_inspect: move LiteralSearch::setup for http_param to its module
+* main: add variables to lua environment
+* netflow: if LAST_SWITCHED isn't provided, use packet time
+* parser: improve port_object hash function
+* ports: align fields of PortObject and PortObject2
+* ports: enable checks in debug build only
+
2022-10-25: 3.1.45.0
* detection: check Pig run number in node state conditions. Fixes crash introduced in 3.1.44.0.
The Snort Team
Revision History
-Revision 3.1.45.0 2022-10-25 11:19:35 EDT TST
+Revision 3.1.46.0 2022-11-06 23:55:31 EST TST
---------------------------------------------------------------------
* bool detection.enable_strict_reduction = false: enable strict
deduplication of rule headers by ports (saves memory, but loses
some speed during config reading)
+ * int detection.max_continuations_per_flow = 1024: maximum number
+ of continuations stored simultaneously on the flow { 0:65535 }
Peg counts:
against all policies
* bool detection.hyperscan_literals = false: use hyperscan for
content literal searches instead of boyer-moore
+ * int detection.max_continuations_per_flow = 1024: maximum number
+ of continuations stored simultaneously on the flow { 0:65535 }
* int detection.offload_limit = 99999: minimum sizeof PDU to
offload fast pattern search (defaults to disabled) { 0:max32 }
* int detection.offload_threads = 0: maximum number of simultaneous
The Snort Team
Revision History
-Revision 3.1.45.0 2022-10-25 11:19:21 EDT TST
+Revision 3.1.46.0 2022-11-06 23:55:16 EST TST
---------------------------------------------------------------------
The Snort Team
Revision History
-Revision 3.1.45.0 2022-10-25 11:19:21 EDT TST
+Revision 3.1.46.0 2022-11-06 23:55:16 EST TST
---------------------------------------------------------------------
SNORT_PATCH_VERSION = 2
+ * SNORT_DEP_VERSIONS: Snort dependencies version numbers table. If
+ snort wasn’t built with some dependency, its value will be nil.
+
+ SNORT_DEP_VERSIONS.DAQ = 3.0.7
+ SNORT_DEP_VERSIONS.LUAJIT = 2.1.0
+ SNORT_DEP_VERSIONS.OPENSSL = 3.0.5
+ SNORT_DEP_VERSIONS.LIBPCAP = 1.9.1
+ SNORT_DEP_VERSIONS.PCRE = 8.45
+ SNORT_DEP_VERSIONS.ZLIB = 1.2.11
+ SNORT_DEP_VERSIONS.HYPERSCAN = 5.4.8
+ SNORT_DEP_VERSIONS.LZMA = 5.0.5
+
1.2.4. Whitelist
When Snort is run with the --warn-conf-strict option, warnings will
Snort can take more active role in securing network by sending active
responses to shutdown offending sessions. When active responses is
-enabled, snort will send TCP RST or ICMP unreachable when dropping a
-session.
+enabled, snort will send TCP RST and ICMP unreachable when dropping a
+TCP session and ICMP unreachable packets for UDP.
5.1.1. Changes from Snort 2.9
5.1.3. Reject
IPS action reject perform active response to shutdown hostile network
-session by injecting TCP resets (TCP connections) or ICMP unreachable
-packets.
+session by injecting TCP resets and ICMP unreachable for TCP
+connections, and ICMP unreachable packets for UDP.
Example:
projects / thirdparty / snort3.git / commitdiff
