set (VERSION_MAJOR 3)
set (VERSION_MINOR 9)
-set (VERSION_PATCH 1)
+set (VERSION_PATCH 2)
set (VERSION_SUBLEVEL 0)
set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
+2025-07-20: 3.9.2.0
+
+* build: fix comparison of empty integers. Thanks to Hatix Ntsoa.
+* cip: cip inspector fallback functionality
+* extractor: modify JSON Formatter to improve performance
+* file_api: multi instance snort related file cache sharing
+* flow: watchdog kick in dump flow summary
+* hash: ensure that find_else_create functions set is_new field in all cases
+* hash: return cache size from remove so new size check can be atomic
+* http_inspect: parameter name change from partial_depth to partial_depth_body
+* http_param: clear body http_param after each flush
+* main: do not start Analyzer if codec manager doesn't match any codec
+* modbus: modbus paf abort
+* stream_tcp: separate logs and counters for left and right invalid sequence numbers
+
2025-06-29: 3.9.1.0
* appid: appid_debug_test and critical log fix
The Snort Team
Revision History
-Revision 3.9.1.0 2025-06-29 23:11:37 EDT TST
+Revision 3.9.2.0 2025-07-20 23:16:33 EDT TST
---------------------------------------------------------------------
bytes to examine (-1 no limit) { -1:max53 }
* int http_inspect.response_depth = -1: maximum response message
body bytes to examine (-1 no limit) { -1:max53 }
- * int http_inspect.partial_depth = 0: maximum request body to send
- to early detection (0 disabled, -1 no limit) { -1:16384 }
+ * int http_inspect.partial_depth_body = 0: maximum request body to
+ send to early detection (0 disabled, -1 no limit) { -1:16384 }
* bool http_inspect.unzip = true: decompress gzip and deflate
message bodies
* int http_inspect.maximum_host_length = -1: maximum allowed length
* stream_tcp.discards: tcp packets discarded (sum)
* stream_tcp.discards_skipped: tcp packet discards skipped due to
normalization disabled (sum)
- * stream_tcp.invalid_seq_num: tcp packets received with an invalid
- sequence number (sum)
+ * stream_tcp.invalid_seq_left: tcp packets received that fall to
+ the left of the current TCP window (spurious retransmits) (sum)
+ * stream_tcp.invalid_seq_right: tcp packets received that fall to
+ the right of the current TCP window (sum)
* stream_tcp.invalid_ack: tcp packets received with an invalid ack
number (sum)
* stream_tcp.no_flags_set: tcp packets received with no TCP flags
encodings in response bodies
* int http_inspect.oversize_dir_length = 300: maximum length for
URL directory { 1:65535 }
- * int http_inspect.partial_depth = 0: maximum request body to send
- to early detection (0 disabled, -1 no limit) { -1:16384 }
+ * int http_inspect.partial_depth_body = 0: maximum request body to
+ send to early detection (0 disabled, -1 no limit) { -1:16384 }
* bool http_inspect.percent_u = false: normalize %uNNNN and %UNNNN
encodings
* bool http_inspect.plus_to_space = true: replace + with <sp> when
* stream_tcp.internal_events: 135:X events generated (sum)
* stream_tcp.invalid_ack: tcp packets received with an invalid ack
number (sum)
- * stream_tcp.invalid_seq_num: tcp packets received with an invalid
- sequence number (sum)
+ * stream_tcp.invalid_seq_left: tcp packets received that fall to
+ the left of the current TCP window (spurious retransmits) (sum)
+ * stream_tcp.invalid_seq_right: tcp packets received that fall to
+ the right of the current TCP window (sum)
* stream_tcp.keep_alive_probes: number of tcp keep-alive probes
(sum)
* stream_tcp.max_bytes_exceeded_hole: number of times max bytes
The Snort Team
Revision History
-Revision 3.9.1.0 2025-06-29 23:12:18 EDT TST
+Revision 3.9.2.0 2025-07-20 23:17:26 EDT TST
---------------------------------------------------------------------
The Snort Team
Revision History
-Revision 3.9.1.0 2025-06-29 23:11:50 EDT TST
+Revision 3.9.2.0 2025-07-20 23:16:51 EDT TST
---------------------------------------------------------------------
This feature is off by default. script_detection = true will activate
it.
-5.10.3.4. partial_depth
+5.10.3.4. partial_depth_body
Partial depth detection is a feature that enables Snort to more
quickly detect and block malicious requests. It is configured by the
-partial_depth parameter which can take values in the range -1-16384
-bytes. The feature is enabled by setting partial_depth to some non
-zero value. When the feature is enabled and either, the number of
-bytes received in the request body is below the value specified by
-partial_depth, or partial_depth is set to -1, unlimited; it
-immediately forwards the available part of the message body for early
-detection. This enables earlier threat detection but consumes
-somewhat more of the sensor’s resources.
-
-This feature is turned off by default by setting partial_depth = 0.
-To activate it, set partial_depth to the desired value.
+partial_depth_body parameter which can take values in the range
+-1-16384 bytes. The feature is enabled by setting partial_depth_body
+to some non zero value. When the feature is enabled and either, the
+number of bytes received in the request body is below the value
+specified by partial_depth_body, or partial_depth_body is set to -1,
+unlimited; it immediately forwards the available part of the message
+body for early detection. This enables earlier threat detection but
+consumes somewhat more of the sensor’s resources.
+
+This feature is turned off by default by setting partial_depth_body =
+0. To activate it, set partial_depth_body to the desired value.
5.10.3.5. gzip
projects / thirdparty / snort3.git / commitdiff
