Pull request #5112: build: generate and tag 3.10.2.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.10.2.0 to master

Squashed commit of the following:

commit b12e80674dd99bdd920548b464751357582ebc0e
Author: Priyanka Gurudev <prbg@cisco.com>
Date:   Wed Jan 21 15:59:19 2026 -0500

    build: generate and tag 3.10.2.0

diff --git a/CMakeLists.txt b/CMakeLists.txt
index a8df0240372f6c26b72a6691d6b6974c1d87c4ab..db66a58839a27602272830b7a303ee9551b3709d 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ project (snort CXX C)
 
 set (VERSION_MAJOR 3)
 set (VERSION_MINOR 10)
-set (VERSION_PATCH 1)
+set (VERSION_PATCH 2)
 set (VERSION_SUBLEVEL 0)
 set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
 

diff --git a/ChangeLog.md b/ChangeLog.md
index 895abb5b10b558e960a4d38ca6071d4375b4cb64..42f269491c08d057f53b4bd889516170d4e62473 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,19 @@
+2026-01-21: 3.10.2.0
+
+* appid: configurable midstream service discovery
+* appid: prefer QUIC client appid over SSL
+* appid: prevent out-of-bounds read in bootp option parsing
+* appid: prevent out-of-bounds read in sslv2 server-hello detection
+* control: refactor connection ownership model and improve thread safety
+* extractor: avoid reporting default values for missing SSL fields
+* file_api: coverity fix
+* flow: refactor dump_flows command to dump flow state in binary format
+* mime: fix compile issues
+* react: block flow when packets are not reset candidates
+* show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow
+* smtp: handle split CRLF in multi-line response parsing
+* ssl: ssl client hello event is published with empty hostname
+
 2026-01-11: 3.10.1.0
 
 * alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix

diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text
index bbd7a5600e75b80df75ef1a5cea20c98750cb01f..ff3131fc991f18bc92734e02d2438bafbec4c36c 100644 (file)
--- a/doc/reference/snort_reference.text
+++ b/doc/reference/snort_reference.text
@@ -8,7 +8,7 @@ Snort 3 Reference Manual
 The Snort Team
 
 Revision History
-Revision 3.10.1.0 2026-01-11 17:51:32 EST TST
+Revision 3.10.2.0 2026-01-21 15:52:22 EST TST
 
 ---------------------------------------------------------------------
 
@@ -1023,6 +1023,9 @@ Peg counts:
     (sum)
   * ips_actions.react: number of packets that matched an IPS react
     rule (sum)
+  * ips_actions.non_supported_react: number of packets that matched
+    an IPS react rule but could not be processed because the protocol
+    is not supported (sum)
   * ips_actions.reject: number of packets that matched an IPS reject
     rule (sum)
   * ips_actions.rewrite: number of packets that matched an IPS
@@ -6028,8 +6031,9 @@ Configuration:
 
 Commands:
 
-  * stream.dump_flows(): dump the flow table
-  * stream.dump_flows_summary(): dump the flow summaries
+  * stream.dump_flows(): dump the flow table in text format
+  * stream.dump_flows_binary(): dump the flow table in binary format
+  * stream.dump_flows_summary(): dump flow table summary
 
 Rules:
 
@@ -12652,6 +12656,9 @@ libraries see the Getting Started section of the manual.
     file_id rule (sum)
   * ips_actions.log: number of packets that matched an IPS log rule
     (sum)
+  * ips_actions.non_supported_react: number of packets that matched
+    an IPS react rule but could not be processed because the protocol
+    is not supported (sum)
   * ips_actions.pass: number of packets that matched an IPS pass rule
     (sum)
   * ips_actions.react: number of packets that matched an IPS react
@@ -16879,8 +16886,9 @@ alert is raised by the enhanced JavaScript normalizer.
   * snort.detach(): detach from control shell (without shutting down)
   * snort.quit(): shutdown and dump-stats
   * snort.help(): this output
-  * stream.dump_flows(): dump the flow table
-  * stream.dump_flows_summary(): dump the flow summaries
+  * stream.dump_flows(): dump the flow table in text format
+  * stream.dump_flows_binary(): dump the flow table in binary format
+  * stream.dump_flows_summary(): dump flow table summary
   * trace.set(modules, constraints, ntuple, timestamp): set modules
     traces, constraints, ntuple and timestamp options
   * trace.clear(): clear modules traces and constraints

diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text
index 5352ce40a754015314f10e3ccf5b89c19b21f953..b68ba22e22746b66c2958966cb3a8f3c6a2c1189 100644 (file)
--- a/doc/upgrade/snort_upgrade.text
+++ b/doc/upgrade/snort_upgrade.text
@@ -8,7 +8,7 @@ Snort 3 Upgrade Manual
 The Snort Team
 
 Revision History
-Revision 3.10.1.0 2026-01-11 17:52:25 EST TST
+Revision 3.10.2.0 2026-01-21 15:53:32 EST TST
 
 ---------------------------------------------------------------------
 

diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text
index 7c18bb2a12bd19c453d4af400e299bac05fd0c6b..ddb07e7a2758fe82a4ec56d4d4560c9c53801721 100644 (file)
--- a/doc/user/snort_user.text
+++ b/doc/user/snort_user.text
@@ -8,7 +8,7 @@ Snort 3 User Manual
 The Snort Team
 
 Revision History
-Revision 3.10.1.0 2026-01-11 17:51:49 EST TST
+Revision 3.10.2.0 2026-01-21 15:52:45 EST TST
 
 ---------------------------------------------------------------------