From: Priyanka Gurudev (prbg) Date: Thu, 22 Jan 2026 03:23:18 +0000 (+0000) Subject: Pull request #5112: build: generate and tag 3.10.2.0 X-Git-Tag: 3.10.2.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1452daa57177fd3a9442be08234842931fcef9c;p=thirdparty%2Fsnort3.git Pull request #5112: build: generate and tag 3.10.2.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.10.2.0 to master Squashed commit of the following: commit b12e80674dd99bdd920548b464751357582ebc0e Author: Priyanka Gurudev Date: Wed Jan 21 15:59:19 2026 -0500 build: generate and tag 3.10.2.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index a8df02403..db66a5883 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 10) -set (VERSION_PATCH 1) +set (VERSION_PATCH 2) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index 895abb5b1..42f269491 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,19 @@ +2026-01-21: 3.10.2.0 + +* appid: configurable midstream service discovery +* appid: prefer QUIC client appid over SSL +* appid: prevent out-of-bounds read in bootp option parsing +* appid: prevent out-of-bounds read in sslv2 server-hello detection +* control: refactor connection ownership model and improve thread safety +* extractor: avoid reporting default values for missing SSL fields +* file_api: coverity fix +* flow: refactor dump_flows command to dump flow state in binary format +* mime: fix compile issues +* react: block flow when packets are not reset candidates +* show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow +* smtp: handle split CRLF in multi-line response parsing +* ssl: ssl client hello event is published with empty hostname + 2026-01-11: 3.10.1.0 * alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index bbd7a5600..ff3131fc9 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.10.1.0 2026-01-11 17:51:32 EST TST +Revision 3.10.2.0 2026-01-21 15:52:22 EST TST --------------------------------------------------------------------- @@ -1023,6 +1023,9 @@ Peg counts: (sum) * ips_actions.react: number of packets that matched an IPS react rule (sum) + * ips_actions.non_supported_react: number of packets that matched + an IPS react rule but could not be processed because the protocol + is not supported (sum) * ips_actions.reject: number of packets that matched an IPS reject rule (sum) * ips_actions.rewrite: number of packets that matched an IPS @@ -6028,8 +6031,9 @@ Configuration: Commands: - * stream.dump_flows(): dump the flow table - * stream.dump_flows_summary(): dump the flow summaries + * stream.dump_flows(): dump the flow table in text format + * stream.dump_flows_binary(): dump the flow table in binary format + * stream.dump_flows_summary(): dump flow table summary Rules: @@ -12652,6 +12656,9 @@ libraries see the Getting Started section of the manual. file_id rule (sum) * ips_actions.log: number of packets that matched an IPS log rule (sum) + * ips_actions.non_supported_react: number of packets that matched + an IPS react rule but could not be processed because the protocol + is not supported (sum) * ips_actions.pass: number of packets that matched an IPS pass rule (sum) * ips_actions.react: number of packets that matched an IPS react @@ -16879,8 +16886,9 @@ alert is raised by the enhanced JavaScript normalizer. * snort.detach(): detach from control shell (without shutting down) * snort.quit(): shutdown and dump-stats * snort.help(): this output - * stream.dump_flows(): dump the flow table - * stream.dump_flows_summary(): dump the flow summaries + * stream.dump_flows(): dump the flow table in text format + * stream.dump_flows_binary(): dump the flow table in binary format + * stream.dump_flows_summary(): dump flow table summary * trace.set(modules, constraints, ntuple, timestamp): set modules traces, constraints, ntuple and timestamp options * trace.clear(): clear modules traces and constraints diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 5352ce40a..b68ba22e2 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.10.1.0 2026-01-11 17:52:25 EST TST +Revision 3.10.2.0 2026-01-21 15:53:32 EST TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 7c18bb2a1..ddb07e7a2 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.10.1.0 2026-01-11 17:51:49 EST TST +Revision 3.10.2.0 2026-01-21 15:52:45 EST TST ---------------------------------------------------------------------