]>
git.ipfire.org Git - thirdparty/snort3.git/log
Priyanka Gurudev (prbg) [Wed, 18 Mar 2026 01:38:38 +0000 (01:38 +0000)]
Pull request #5222: build: generate and tag 3.12.1.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.12.1.0 to master
Squashed commit of the following:
commit
32e37e40dbf03e08aa8eabfec2ddf943bc32da5b
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Tue Mar 17 18:08:00 2026 -0400
build: generate and tag 3.12.1.0
Pull request #5215: appid: removing dead code in service ssl
Merge in SNORT/snort3 from ~DKOLOMII/snort3:ssl_service_dead_code to master
Squashed commit of the following:
commit
277c2b57403d22f38192eb3be1309d15e02009e1
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Tue Mar 17 14:56:18 2026 -0400
appid: removing dead code in service ssl
Pull request #5157: appid: fix app detection when sni is spoofed
Merge in SNORT/snort3 from ~YEFURMAN/snort3:spoofed_sni_fix to master
Squashed commit of the following:
commit
c0c2a2e4a4dc4723e746e05a89fce273d3f60a95
Author: yefurman <yefurman@cisco.com>
Date: Tue Feb 3 04:32:45 2026 -0500
appid: fix app detection when sni is spoofed
Andres Avila Segura (aavilase) [Tue, 17 Mar 2026 18:10:27 +0000 (18:10 +0000)]
Pull request #5176: kerberos: fix race condition when reloading and setting failed_login
Merge in SNORT/snort3 from ~AAVILASE/snort3:kerberos_config_race_condition to master
Squashed commit of the following:
commit
c3c84fc482ec4fec6da9f6e127de8b36a58c4d74
Author: Andres Avila <aavilase@cisco.com>
Date: Tue Feb 24 11:36:48 2026 -0500
kerberos: fix race condition when reloading and setting failed_login
Raza Shafiq (rshafiq) [Tue, 17 Mar 2026 17:44:16 +0000 (17:44 +0000)]
Pull request #5204: hash: clamp max_size to entry_size minimum
Merge in SNORT/snort3 from ~RSHAFIQ/snort3:lru_cap to master
Squashed commit of the following:
commit
d973dd40c59573c65b1c60f123d1d9921512cf04
Author: rshafiq <rshafiq@cisco.com>
Date: Wed Mar 11 12:37:59 2026 -0400
hash: clamp max_size to entry_size minimum
Pull request #5189: appid: sync host attributes on http event service detection
Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_host_attr_update to master
Squashed commit of the following:
commit
e6023378ba51b7f62cb24e8ecf400429ce2d8037
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Thu Mar 5 06:25:38 2026 -0500
appid: sync host attributes on http event service detection
Russ Combs (rucombs) [Tue, 17 Mar 2026 17:31:58 +0000 (17:31 +0000)]
Pull request #5218: File names
Merge in SNORT/snort3 from ~RUCOMBS/snort3:file_names to master
Squashed commit of the following:
commit
3be526f4dbeb5c81b852143c0536adcdc9990ca3
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Mar 12 12:49:03 2026 -0400
file names: add unit tests for get_main_file and get_instance_file
commit
b2c17a8fe4a4ba44f51d2b3d03a46fcb6ec0307c
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Mar 12 08:01:51 2026 -0400
logs: do not add / to run prefix for main thread logs
Also, do not fatal error when trace.set fails.
Pull request #5200: appid: add unit test to cover DNS payload handler null dsession
Merge in SNORT/snort3 from ~BHRYNIV/snort3:dns_test to master
Squashed commit of the following:
commit
904c47b395819ce45f19a62d3c5ed6df745e8251
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Thu Mar 5 17:55:46 2026 -0500
appid: add unit test to cover DNS payload handler null dsession
Shijin Bose (shibose) [Tue, 17 Mar 2026 08:37:46 +0000 (08:37 +0000)]
Pull request #5195: dns: prevent unbounded TCP session vector growth
Merge in SNORT/snort3 from ~SHIBOSE/snort3:dns_clear_vector to master
Squashed commit of the following:
commit
5eb34aa47df3367b988c082c47427f31d8e745d8
Author: shibose <shibose@cisco.com>
Date: Thu Feb 26 14:31:50 2026 +0530
dns: prevent unbounded TCP session vector growth
Rishabh Choudhary (rishacho) [Tue, 17 Mar 2026 08:27:56 +0000 (08:27 +0000)]
Pull request #5201: stream: Pass opaque during IP fragment reassembly in FragRebuild
Merge in SNORT/snort3 from ~RISHACHO/snort3:fix/gre-frag-opaque to master
Squashed commit of the following:
commit
756d620f4d1e942d67f90df5be4ec99dcd884021
Author: Rishabh Choudhary <rishacho@cisco.com>
Date: Wed Mar 11 17:41:42 2026 +0530
stream: Pass opaque during IP fragment reassembly in FragRebuild
Pull request #5217: Enable SSH in Extractor
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:extr_ssh to master
Squashed commit of the following:
commit
c6d9356a70e2ec7a9ec6241f9afb1e0bf01fd3eb
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 16 23:00:59 2026 +0200
extractor: refine code
commit
2612f1e34fdbe24ab4eea9ea8470703a2a4ae894
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 16 19:35:22 2026 +0200
extractor: compute shared (selected) algorithm in SSH
commit
46f1896711f7662722ce81063df61f159ca1910e
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 16 18:23:00 2026 +0200
extractor: move details under 'algorithm' event
commit
2ef8b879a089aecb631b2ff5697d083d33cf6e4a
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 16 15:06:31 2026 +0200
extractor: add more details in SSH
commit
787cf787b038b30928510b06b238d34eefd4ec09
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 16 13:12:39 2026 +0200
extractor: add SSH direction field
commit
fc48a7d3d2a83652755aef522b2b78c0679c9218
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Mon Mar 16 12:04:10 2026 +0200
extractor: add SSH version field
commit
57434c6270310e1ea18effdd6b05ab2ebd949008
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Aug 26 15:14:14 2025 +0300
extractor: log SSH events
Jared Rittle (jrittle) [Mon, 16 Mar 2026 20:49:36 +0000 (20:49 +0000)]
Pull request #5193: Opcua inspector bugfix
Merge in SNORT/snort3 from ~JRITTLE/snort3:opcua_inspector_bugfix to master
Squashed commit of the following:
commit
46d013cd136a3dfc3cb5ab4fc4b7aa56a085f0ca
Author: Jared Rittle <>
Date: Wed Feb 25 09:05:15 2026 -0500
opcua: bugfix, buf size increase, and service modifications
Pull request #5194: add extractor file logging
Merge in SNORT/snort3 from ~ANOROKH/snort3:extractor_file to master
Squashed commit of the following:
commit
1068a08b3e05ae1905c62afc7e8a1a9e5b135f08
Author: anorokh <anorokh@cisco.com>
Date: Thu Mar 5 20:53:55 2026 +0200
extractor: add FILE logging
* update file log condition;
Pull request #5197: http_inspect: fix OOB read in find_next_header
Merge in SNORT/snort3 from ~VBILINSK/snort3:http_oob_fix_CSCws45829 to master
Squashed commit of the following:
commit
ba2642c7ff993ff615352e2b88fd15cdabc1e277
Author: vbilinsk <vbilinsk@cisco.com>
Date: Mon Mar 9 09:50:50 2026 -0400
http_inspect: fix OOB read in find_next_header
Juweria Ali Imran (jaliimra) [Mon, 16 Mar 2026 15:26:54 +0000 (15:26 +0000)]
Pull request #5203: stream_tcp: make sure to check for bad syn seq only when ISS is initialized
Merge in SNORT/snort3 from ~JALIIMRA/snort3:bad_syn_check to master
Squashed commit of the following:
commit
e5536b1b01524fb9247f28217b022d90086684bf
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Wed Mar 11 12:31:55 2026 -0400
stream_tcp: make sure to check for bad seq only when ISS is initialized
Lokesh Bevinamarad (lbevinam) [Mon, 16 Mar 2026 13:14:07 +0000 (13:14 +0000)]
Pull request #5178: file_api: fix tsan data races in circular buffer, file cache, and file policy
Merge in SNORT/snort3 from ~LBEVINAM/snort3:tsan/file-api to master
Squashed commit of the following:
commit
d473dcabf7c244f34a2c667027038f815f2170f4
Author: Lokesh Bevinamarad <lbevinam@cisco.com>
Date: Thu Feb 26 05:53:49 2026 -0500
file_api: fix tsan datarace in circular buffer, file cache and file policy
Pull request #5213: framework: return original string if list is empty
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:dump_empty_list to master
Squashed commit of the following:
commit
5f227716feac1995e8671f6c1d544bae3d4c547a
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Mar 13 16:53:07 2026 +0200
framework: return original string if list is empty
Value returns original string when parsing failed to extract list items.
Lokesh Bevinamarad (lbevinam) [Sat, 14 Mar 2026 09:47:07 +0000 (09:47 +0000)]
Pull request #5180: mime: fix TSAN data race on DecodeConfig decompress_buffer_size
Merge in SNORT/snort3 from ~LBEVINAM/snort3:tsan/mime to master
Squashed commit of the following:
commit
b1e5771528d93de87a9f438f1fc2327db774363f
Author: Lokesh Bevinamarad <lbevinam@cisco.com>
Date: Thu Feb 26 06:01:56 2026 -0500
decompress: fix tsan datarace in decompress_buffer_size
Lokesh Bevinamarad (lbevinam) [Sat, 14 Mar 2026 09:43:15 +0000 (09:43 +0000)]
Pull request #5179: decompress: fix TSAN data race on Signature_Map Enabled field
Merge in SNORT/snort3 from ~LBEVINAM/snort3:tsan/decompress to master
Squashed commit of the following:
commit
f2a40330ab4744cd84a38a6ebd81bf54100fa928
Author: Lokesh Bevinamarad <lbevinam@cisco.com>
Date: Thu Feb 26 05:57:42 2026 -0500
decompress: fix tsan data race
Pull request #5155: http_inspect: decompress optimization
Merge in SNORT/snort3 from ~OFEDORYC/snort3:decompress-optimization to master
Squashed commit of the following:
commit
15145a7b4b29ac92b439ea045afac6a44eb66e7f
Author: ofedoryc <ofedoryc@cisco.com>
Date: Mon Feb 9 02:11:11 2026 -0500
http_inspect: decompress optimization
Pull request #5175: ssl: additional chello, sertificates parse validation
Merge in SNORT/snort3 from ~DKOLOMII/snort3:ssl_alert_logging_fix to master
Squashed commit of the following:
commit
6daeba791be5f4762f6d4443992de7bf66365da0
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Fri Mar 13 08:51:32 2026 -0400
ssl: adding additional parser data fields checks
Michael Matirko (mmatirko) [Fri, 13 Mar 2026 18:33:20 +0000 (18:33 +0000)]
Pull request #5206: main: fallback to given process affinity if we can't satisfy process.lua
Merge in SNORT/snort3 from ~MMATIRKO/snort3:affinity_fallback to master
Squashed commit of the following:
commit
417fbbe79ad53de820ee3e8ebb3e0b9414fb3ef8
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Mar 11 11:22:40 2026 -0400
main: fallback to specified process affinity if we can't satisfy process.lua
Vitalii Tron -X (vtron - SOFTSERVE INC at Cisco) [Fri, 13 Mar 2026 12:59:55 +0000 (12:59 +0000)]
Pull request #5183: pub_sub: add content-length validation
Merge in SNORT/snort3 from ~VTRON/snort3:fix_malformed_content_length to master
Squashed commit of the following:
commit
3d6413c713a99b980ed9d91b57483548aeee21ab
Author: vtron <vtron@cisco.com>
Date: Fri Feb 27 05:57:52 2026 -0800
pub_sub: add content-length validation
Andres Avila Segura (aavilase) [Fri, 13 Mar 2026 12:05:52 +0000 (12:05 +0000)]
Pull request #5169: mime: partial header memory optimization using vectors to preallocate memory rather than allocating for every new chunk of header appended
Merge in SNORT/snort3 from ~AAVILASE/snort3:partial_header_memory_optimization to master
Squashed commit of the following:
commit
1765049b41acf70372173da2f0509fb177a15e41
Author: Andres Avila <aavilase@cisco.com>
Date: Wed Feb 18 14:00:16 2026 -0500
mime: partial header memory optimization using vectors to preallocate memory rather than allocating for every new chunk of header appended
Shilpa Nagpal (shinagpa) [Wed, 11 Mar 2026 06:10:11 +0000 (06:10 +0000)]
Pull request #5165: file_api: change file_service termination order after MPDatabus
Merge in SNORT/snort3 from ~SHINAGPA/snort3:file_mp_crash to master
Squashed commit of the following:
commit
fbf5b676d430e1154d5fa6c563a87eb9e08d42f4
Author: Shilpa Nagpal <shinagpa@cisco.com>
Date: Tue Feb 17 19:15:05 2026 +0530
file_api: change file_service termination order after MPDatabus
Raza Shafiq (rshafiq) [Tue, 10 Mar 2026 21:28:25 +0000 (21:28 +0000)]
Pull request #5198: socks: remove block_udp_fragmentation configuration option
Merge in SNORT/snort3 from ~RSHAFIQ/snort3:socks_event_test to master
Squashed commit of the following:
commit
bf88cc0389f5511ac82509966df025476b842282
Author: rshafiq <rshafiq@cisco.com>
Date: Wed Feb 25 09:11:07 2026 -0500
socks: remove block_udp_fragmentation configuration option
Pull request #5177: appid: address FIXIT comments related to http inspector
Merge in SNORT/snort3 from ~BHRYNIV/snort3:fixit_http to master
Squashed commit of the following:
commit
5e941db6ac32560ca1e0960912f4deeb0bfdf8d6
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Tue Feb 17 08:40:27 2026 -0500
appid: address FIXIT comments related to http inspector
Pull request #5191: Extractor: rename SSL log field
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:extr_ssl_sni to master
Squashed commit of the following:
commit
c60b00fcde0454be9c008ea5dc2649bb436d9ea6
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Mar 6 12:17:58 2026 +0200
extractor: rename ssl.server_name_identifier
To ssl.server_name.
Russ Combs (rucombs) [Thu, 5 Mar 2026 21:37:16 +0000 (21:37 +0000)]
Pull request #5190: snort: tweak config dtor so that tuners are released before their inspector
Merge in SNORT/snort3 from ~RUCOMBS/snort3:tuner_fix to master
Squashed commit of the following:
commit
06e78a431c1559e9827ab61cf21449540672c4bd
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Mar 5 09:38:10 2026 -0500
snort: tweak config dtor so that tuners are released before their inspector
Russ Combs (rucombs) [Thu, 5 Mar 2026 00:38:59 +0000 (00:38 +0000)]
Pull request #5187: so_fix_update: address perf issues from so_fix
Merge in SNORT/snort3 from ~RUCOMBS/snort3:so_fix_update to master
Squashed commit of the following:
commit
2c0cb8df1c53c7307df4610485be17b1a967e268
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Mar 4 16:33:19 2026 -0500
file_inspect: fix reload error messages
commit
2c1b9d26d862e73c08307dc92f529047153cf03e
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Mar 3 21:33:30 2026 -0500
snort: relax memory order for reload_id updates
commit
5a93723723b8cbdbc726796dad6b419633014a85
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Mar 3 09:07:27 2026 -0500
plugins: move trash pickup from analyzers to main
Priyanka Gurudev (prbg) [Wed, 4 Mar 2026 04:31:17 +0000 (04:31 +0000)]
Pull request #5188: build: generate and tag 3.12.0.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.12.0.0 to master
Squashed commit of the following:
commit
08aed91d74cdbc9c408b127dac53deda88b169db
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Tue Mar 3 21:25:25 2026 -0500
build: generate and tag 3.12.0.0
Adrian Mamolea (admamole) [Tue, 3 Mar 2026 18:52:32 +0000 (18:52 +0000)]
Pull request #5181: payload_injector: add support for payload injection on s2c packets for http and http2 traffic
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:test_s2c to master
Squashed commit of the following:
commit
5f0f358b3c2864c2a11d9697c8ce5046c2dfa7b6
Author: Adrian Mamolea <admamole@cisco.com>
Date: Thu Feb 26 13:58:35 2026 -0500
payload_injector: add support for payload injection on s2c packets for http and http2 traffic
Russ Combs (rucombs) [Mon, 2 Mar 2026 22:35:07 +0000 (22:35 +0000)]
Pull request #4963: Security Agility
Merge in SNORT/snort3 from ~RUCOMBS/snort3:so_fix to master
Squashed commit of the following:
commit
d9b1f3d32c9127a61e718b88091e34eed40ac391
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Mar 2 11:46:04 2026 -0500
trace: remove unstable unit test
commit
056ce7d0121aeddfc30ddf1d515a87865162ad38
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Mar 2 01:21:17 2026 -0500
snort: finalize so_fix
commit
f25d5c6eab6b7c63ab58a1c76d5eb65321c50c18
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Mar 1 11:52:50 2026 -0500
cd_ipv4: attempt to decode unassigned IP protos
This can happen if a plugin supports an unassigned proto.
Also replace broken decode_err_len_test with functional test.
commit
571b11944493203fee0aca1aac06ff632422dfa5
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Feb 28 05:49:41 2026 -0500
plugins: bump API version for base and all types
commit
7312a7df004dfe788a115f9a53bbe78d22a58bba
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Feb 28 05:13:53 2026 -0500
snort: add reg test feature --exit-after-reload
commit
3f38744a21d2e2d0de5d0c089b9bbf12eb572263
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Feb 28 05:13:05 2026 -0500
test: exclude from coverage unexecuted unit test stubs
commit
b7729ca95528e0204a651d6d3c5e91c030aa1a2e
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Feb 26 06:51:32 2026 -0500
snort: fix coverity issue with unlocked reload_id update
Use atomic for SnortConfig.reload_id, make all updates from main thread,
remove mutex.
reload_id is assigned from a static sequence number when SnortConfig is
instantiated and incremented when dependent commands are deleted. The
first active config is reload_id 2 and after the first reload it is 3.
For config reloads, the config with upated reload_id is swapped into
packet threads at once. With updates from dependent commands, there is a
lag from when the command is executed in the packet threads to when the
reload_id is updated in the main thread upon comman deletion. The lag
is not deemed significant.
There are several modules that use reload_id including http_inspect,
imap, pop, and smtp for js normalization purposes; detection
continuations; binder; reputation; and policy switcher.
Since the reload is used for multiple purposes, an inspector specific
update can impact other features. For example, reputation.reload() will
cause detection continuations to abort etc. This problem is pre-
existing and not fixed with this change.
commit
4decb58fabc1469a4a203fc1bb08f6fae97bcd1e
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Feb 19 07:00:46 2026 -0500
snort: run --show-plugins in help mode
Don't validate an empty conf with --show-plugins.
Add optional arg to --list-plugins and --show-plugins.
commit
71d568e33c14be75fc803865c75428978a74dc53
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Feb 19 04:05:35 2026 -0500
appid: add missing stub for ssh event handler test
commit
ed89cdd4a94a96b7e21b23d12a18a8d30f686882
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Feb 17 11:08:24 2026 -0500
trace: support reloading trace logger plugin libraries
commit
e829f583899a9978e6f2188c51005f753c400fe7
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Feb 13 05:53:08 2026 -0500
alert_syslog, snort, syslog_trace: refactor syslog calls
Call openlog and closelog only when needed using consistent args.
commit
b7c6eed895752ebd901bc5c826a6b5cbbe988fbd
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Feb 11 12:32:13 2026 -0500
appid: fix shadow traffic registration (configures are unordered)
commit
f60956e9b2ed6e59b48b7a5e3b082463863e2332
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Feb 11 06:33:51 2026 -0500
file_inspect: update capture buffers upon summing
commit
1761f8e06db8ca54d0b4c766a609f43a939617e1
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Feb 10 07:51:10 2026 -0500
text log: capture file name to avoid rollover issues
commit
8574a3db0a49f182d4f12734fdf700dcef4f3a7a
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Feb 8 06:20:53 2026 -0500
file_trace, stdout_trace, syslog_trace: support dynamic build
Refactor trace plugin helper methods.
Remove ineffective unit tests.
Replace unused TRACE_OUTPUT_TYPE_FLAG__* with TRACER_FLAG__RESERVED.
Reformat trace swap error messages for consistency.
commit
df86b9ea818fe434d6f7dc43af688892375c5f04
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Feb 3 11:59:18 2026 -0500
trace: update command implementations
Support changing output via commands.
Add output = 'none' to disable traces.
Simplify / unify command responses.
Eliminate duplicate responses from packet threads.
commit
ba9b50b55ac7433dec39324e420f93e75ce4d9e9
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Feb 1 20:46:54 2026 -0500
file_trace: refactor
Use existing TextLog instead of re-implementing.
Fix so that all threads write to different files.
Eliminate mutex.
Don't filter messages.
commit
d972e6e2a0b10f01c2f67a08a4b62bb08bcd70b8
Author: Russ Combs <rucombs@cisco.com>
Date: Sat Jan 31 07:20:23 2026 -0500
file_trace, stdout_trace, syslog_trace, trace: simplify implementation
Add PT_DYNAMICS which supports multiple selection from dynamic ranges.
Change trace.output to a simple multi-value string using above param type.
Remove enable flag. Enablement is via trace.output.
Remove stdout_trace and trace from coreinit.lua.
Support default instantiation of unconfigurd but enabled tracers.
commit
95dc3c32afbbf2c7f2f708bba9e9eae21f258ca8
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Jan 30 16:15:38 2026 -0500
inspector manager: add dump_inspector_map command for serviceability
commit
21c8e1d1505435572b8c766bfdf1dfc704f08d1b
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Jan 29 19:57:28 2026 -0500
socks: fix unit test stubs
commit
0a18569fb3365c351114aa21cba9a1b601d8fa26
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Jan 27 07:26:19 2026 -0500
trace: update to new plug interface; also:
Change trace module usage to global.
Remove syslog_trace from coreinit.lua.
Fix tracer for first packet thread.
Add default values for enable parameters.
Change file tracer max default to 0 (unlimited).
Fix race conditions.
commit
f43a41959b53f4ba9b1ba7291e6d7cf4f352ac31
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Jan 21 07:39:27 2026 -0500
trace: update managaer to use the new plug interface
commit
9f48f992bed0fbb46992f09d1fd5ce32899d3c9e
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Jan 21 06:27:01 2026 -0500
modules: provide config for dump stats accumulation
Required for the case where a packet thread terminates during runtime.
commit
3514f253ef15d89d0c7efd7d156a6a8f3246d6c5
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Jan 20 11:08:41 2026 -0500
plugin manager: propagate contexts for non-reloadable plugins
commit
bf300161a67ad002213e18fbbbc2be8de2fa1918
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Jan 19 10:43:37 2026 -0500
snort: add list_plugins command for serviceability
commit
fa5acfa363e93d47045840e9a4f5ea74d65d648f
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Jan 19 10:28:46 2026 -0500
plugin manager: do not unload plugins that are not reloadable
commit
6d71925fd101b422ed7c31c7551f64d80145f536
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Jan 18 13:07:23 2026 -0500
module manager: clear static parameter map when reloading plugins
commit
dfeb4640d66377693a5f309114a31f1f11e11239
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Jan 18 13:02:37 2026 -0500
plugin manager: make load_id atomic
commit
4eb10cfede0efa6c22e9c41d7c558e144c57cbf5
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Jan 18 05:44:32 2026 -0500
imap, pop, smtp: clear search tool pointers on delete
commit
4179725653861d9f06715c9a8b49255edb69ae47
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Jan 18 05:42:15 2026 -0500
inspector manager: always dump map with verbose output
commit
510214147ec32af6e47076c80a35f018ffa160c3
Author: Russ Combs <rucombs@cisco.com>
Date: Sun Jan 18 05:40:30 2026 -0500
opcua: enable so lib reloads
commit
ec0883af3609c639bec835a4ce3ad6093e5d3986
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Jan 14 08:29:06 2026 -0500
parser: change error counts to atomic
commit
0bc98ea3c8fc45beb44fe28a64e7cce18b4ae92b
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Jan 13 10:57:51 2026 -0500
snort: fix --exit-after-reload help
commit
2b2fb2573777b8219e872701d5c17945cdbd090f
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Jan 7 10:11:16 2026 -0500
doc: update file_id inspector is now file_inspect
commit
5b85deeffba652b4d5a743b485e9940e3e989140
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Jan 6 10:30:16 2026 -0500
inspector manager: accommodate acquire_file_inspector calls from non-packet thread.
commit
7ca5c64d36a1ef2760b5df6db5d43887c445bcd8
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Dec 23 10:00:33 2025 -0500
iec104: update flow data instantiation
commit
498066a655cd922388b9b88b545a133860c927c5
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Dec 23 09:22:16 2025 -0500
file_inspect: disallow external enable if not configured
commit
02d01437c2891fb6ee3a5a9314d12fc1fbd708d5
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Dec 15 11:57:39 2025 -0500
rewview: to be fixed up (address all but 1 comment up to 12/12 9p)
commit
e9550b51f440896e8050c92b9a696c5d33efc5a7
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Nov 24 12:27:48 2025 -0500
opcua: update unit test mocks
commit
d03d507fe148dbdc54d3103ba8739165382a0d3d
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Nov 18 09:16:41 2025 -0500
quic: don't cache inspector pointer in extractor
commit
a4da1375cf681827967e2477cf89e4eba3cb46b9
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Nov 13 06:47:38 2025 -0500
inspectors: clear service buffer map on reload
commit
3e7871040411c77ac5bf0fc3275f353b9b90196f
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Nov 12 08:04:03 2025 -0500
mp data bus: fix unit test
commit
71f78a4d9d43d5d3c0c6fcea95e1f8c93d38b50d
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Oct 30 11:19:08 2025 -0400
ssl: don't call OPENSSL_cleanup at shutdown to minimize reported leaks
commit
1c35bfa7003b3982aaeae27cdbb0aa6f335a4977
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Oct 28 09:08:20 2025 -0400
file_inspect: fix file cache race condition with lookup timeout
commit
ab9c85a03d3aef0d144cc9d64599c9430bbeefe1
Author: Russ Combs <rucombs@cisco.com>
Date: Mon Oct 27 09:05:14 2025 -0400
snort_ml: use new get_inspector args
commit
254590936e7cd87d5619c8ae01d8c3aba7350e26
Author: Russ Combs <rucombs@cisco.com>
Date: Thu Oct 23 13:16:33 2025 -0400
plugin manager: by default do not dlclose plugin libraries at shutdown
This avoids bogus leak reports from asan due to libraries that don't
exit cleanly.
Use snort --plugin-path <path> --close-all-plugins to force the dlclose.
commit
b261f0dfe562a4871a5a8c342255d6c8e1775550
Author: Russ Combs <rucombs@cisco.com>
Date: Fri Oct 3 14:08:42 2025 -0400
inspector manager: fix cppcheck issue
commit
fadaf02e91a047fe2c04ba2a2038af247915f67c
Author: Russ Combs <rucombs@cisco.com>
Date: Wed Oct 1 09:16:35 2025 -0400
appid: fix unit test
commit
a0d13dbf232e7eab10c96e569f83c152f9b7f79c
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Sep 30 09:05:39 2025 -0400
ips: coerce id = 1 when configured via -R etc
commit
2be01105770d702706e512aacccc3a5475d1651a
Author: Russ Combs <rucombs@cisco.com>
Date: Tue Sep 30 09:03:54 2025 -0400
module manager: remove cruft
... and 50 more commits
Priyanka Gurudev (prbg) [Sat, 28 Feb 2026 01:06:21 +0000 (01:06 +0000)]
Pull request #5182: build: generate and tag 3.11.1.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.11.1.0 to master
Squashed commit of the following:
commit
0aa62f1d9f3e42e00223f88000ee3f1cf44c1f6c
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Feb 26 22:40:47 2026 -0500
build: generate and tag 3.11.1.0
Juweria Ali Imran (jaliimra) [Thu, 26 Feb 2026 15:36:16 +0000 (15:36 +0000)]
Pull request #5174: stream_tcp: clear packet action flags after meta ACK processing to ensure parent packet processing is not affected
Merge in SNORT/snort3 from ~JALIIMRA/snort3:meta_ack_parent to master
Squashed commit of the following:
commit
e508c34174e0c890903263d1b7b0255dcf8f25cf
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Tue Feb 24 06:01:31 2026 -0500
stream_tcp: clear packet action flags after meta ACK processing to ensure parent packet processing is not affected
Satyajit Padalkar (spadalka) [Tue, 24 Feb 2026 13:50:11 +0000 (13:50 +0000)]
Pull request #5162: appid: remove assertion while processing dns pkt
Merge in SNORT/snort3 from ~SPADALKA/snort3:dns_assertion_error to master
Squashed commit of the following:
commit
0207efa74005a88bbbb5817e696bc369582cef57
Author: Satyajit Padalkar <spadalka@cisco.com>
Date: Fri Feb 13 11:23:50 2026 -0500
appid: remove assertion while processing dns pkt
Pull request #5173: src: fix copyright
Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_copyrights to master
Squashed commit of the following:
commit
216231d0d06abdb43308ce041d8c8620062725a1
Author: anorokh <anorokh@cisco.com>
Date: Tue Feb 24 11:51:42 2026 +0200
src: fix copyright
Pull request #5164: ssl: populate inspector in flow data
Merge in SNORT/snort3 from ~OSTEPANO/snort3:ssl_flow_data_check to master
Squashed commit of the following:
commit
b72fee3c171facc15d9360d84aee263115c5daba
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Mon Feb 16 05:22:24 2026 -0500
ssl: populate inspector in flow data
Shilpa Nagpal (shinagpa) [Fri, 20 Feb 2026 15:15:01 +0000 (15:15 +0000)]
Pull request #5153: file_api: add packet tracer logs for file verdict info
Merge in SNORT/snort3 from ~SHINAGPA/snort3:file_tracer_log to master
Squashed commit of the following:
commit
cbe3ddaff20c236aa6f434bcfede5726fb9d5c1b
Author: Shilpa Nagpal <shinagpa@cisco.com>
Date: Tue Feb 10 23:06:25 2026 +0530
file_api: add packet tracer logs
Pranav Balakumar (prbalaku) [Thu, 19 Feb 2026 06:21:19 +0000 (06:21 +0000)]
Pull request #5159: shadowtraffic: enhance logging to system support trace
Merge in SNORT/snort3 from ~PRBALAKU/snort3:shadow_traffic_remediation to master
Squashed commit of the following:
commit
52de38c9a7f18a55c95753c066b0ef6c8a31efb7
Author: Pranav Balakumar <prbalaku@cisco.com>
Date: Thu Feb 12 19:58:42 2026 +0530
shadowtraffic: enhance logging to system support trace
Ankit Kumar (kuankit) [Thu, 19 Feb 2026 05:08:32 +0000 (05:08 +0000)]
Pull request #5145: ftp_telnet: Improve performance in TelnetSplitter
Merge in SNORT/snort3 from ~KUANKIT/snort3:fix/telnet-splitter-perf-bug to master
Squashed commit of the following:
commit
df42809385a8275932915c81c3c163ec22fec66b
Author: kuankit <kuankit@cisco.com>
Date: Thu Feb 5 02:09:17 2026 -0800
ftp_telnet: improve performance in TelnetSplitter
Ankit Kumar (kuankit) [Thu, 19 Feb 2026 05:06:56 +0000 (05:06 +0000)]
Pull request #5151: ftp_telnet: fix off-by-one OOB read in CopyField
Merge in SNORT/snort3 from ~KUANKIT/snort3:fix-oob-read-copyfield to master
Squashed commit of the following:
commit
f1e3d86399ac7a625109d38a46d0e1ccca14e5e1
Author: kuankit <kuankit@cisco.com>
Date: Mon Feb 16 20:49:15 2026 -0800
ftp_telnet: clear stale pointers in FTP_CLIENT_REQ to prevent UAF
commit
9ed7595e65c3775eb238acdc69e3ad950a585be1
Author: kuankit <kuankit@cisco.com>
Date: Tue Feb 10 00:40:04 2026 -0800
ftp_telnet: fix off-by-one OOB read in CopyField
Pull request #5137: appid: address FIXIT comments in detector plugins
Merge in SNORT/snort3 from ~BHRYNIV/snort3:fixit_detector_plugins to master
Squashed commit of the following:
commit
b672e1cdc0f89cb5b008a5a6fc7f39c15fe45f2f
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Wed Jan 28 10:54:39 2026 -0500
appid: address FIXIT comments in detector plugins
Pull request #5144: appid: address FIXIT comments in service plugins
Merge in SNORT/snort3 from ~BHRYNIV/snort3:fixit_service_plugins to master
Squashed commit of the following:
commit
bf2743b691f7522f35c3b36ac5ad49972855125a
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Thu Feb 5 16:05:29 2026 -0500
appid: address FIXIT comments in service plugins
Pull request #5161: appid: refine ssh event id handling
Merge in SNORT/snort3 from ~OSTEPANO/snort3:ssh_flow_data to master
Squashed commit of the following:
commit
6c1d1ab07da00ab1668e08e7f3acb3950b30621f
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Feb 6 09:54:04 2026 -0500
appid: refine ssh event id handling
Umang Sharma (umasharm) [Wed, 18 Feb 2026 19:27:23 +0000 (19:27 +0000)]
Pull request #5125: rna: deviceinfo fingerprints handling and events generation
Merge in SNORT/snort3 from ~UMASHARM/snort3:rna_deviceinfo to master
Squashed commit of the following:
commit
610b54f6b764ca0dc32ea0d7a953b29dfbeae1c1
Author: Umang Sharma <umasharm@cisco.com>
Date: Tue Nov 4 09:16:57 2025 -0500
rna: support for deviceinfo fingerprint and events processing
Pull request #5163: doc: fix typo
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:doc to master
Squashed commit of the following:
commit
a61fc55e9d9c20d2b55c7d1355f1a76d3b5d6281
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Fri Feb 13 14:55:39 2026 +0200
doc: fix typo
Thanks to Nils Rennebarth for reporting the issue.
Pull request #5014: ssl: alert on multi client hello and server certificates data
Merge in SNORT/snort3 from ~DKOLOMII/snort3:ssl_client_certificate_parse_fix to master
Squashed commit of the following:
commit
768d92978901b7e8e101600601b14952c91e0172
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Thu Feb 12 13:29:13 2026 -0500
ssl: alert on multiple chello certificate records
Pull request #5158: mp_unix_transport: verify connector message allocation
Merge in SNORT/snort3 from ~OSTEPANO/snort3:mp_transport_opt to master
Squashed commit of the following:
commit
99290ac7b27de97e7d98824df22ead3343bcc8dd
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Feb 12 06:30:00 2026 -0500
mp_unix_transport: verify connector message allocation
Shilpa Nagpal (shinagpa) [Fri, 13 Feb 2026 08:10:34 +0000 (08:10 +0000)]
Pull request #4971: file_api: support fields for extractor
Merge in SNORT/snort3 from ~SHINAGPA/snort3:file_advance_log to master
Squashed commit of the following:
commit
a3d15de594b2336e80d408044009a3c1b021d418
Author: Shilpa Nagpal <shinagpa@cisco.com>
Date: Mon Nov 3 20:37:44 2025 +0530
file_api: support fields for extractor
Pull request #5154: imap: introduce snort memrchr for portability
Merge in SNORT/snort3 from ~BHRYNIV/snort3:imap_memrchr_portability to master
Squashed commit of the following:
commit
4a25a658c518a800abde968895a122424d7be811
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Wed Feb 11 07:59:53 2026 -0500
imap: replace memrchr with cross-platform snort_memrchr
Pull request #5148: wizard: improve MMS presentation context search logic
Merge in SNORT/snort3 from ~VCHYZHOV/snort3:mms_curse_pres_ctx_improve to master
Squashed commit of the following:
commit
b02b09a48fe9dd6f0911df32406d889c82bac965
Author: Viktor Chyzhovych <vchyzhov@cisco.com>
Date: Wed Feb 11 12:08:00 2026 +0200
wizard: additional coverage of unit tests
commit
99be40298a0f2f559b529f3c6b826c0f93a64e5b
Author: Viktor Chyzhovych <vchyzhov@cisco.com>
Date: Fri Feb 6 11:00:54 2026 +0200
wizard: improve MMS presentation context search logic
Pull request #5146: http_inspect: add params for http_decoded_uri
Merge in SNORT/snort3 from ~VBILINSK/snort3:feature-http-decoded-uri to master
Squashed commit of the following:
commit
62253c5d07c0a94f8cb537c5bd6a39f328410e38
Author: vbilinsk <vbilinsk@cisco.com>
Date: Tue Feb 10 12:52:26 2026 -0500
http_inspect: add decoded URI buffer with shared decoded path
Andres Avila Segura (aavilase) [Tue, 10 Feb 2026 20:51:15 +0000 (20:51 +0000)]
Pull request #5128: kerberos: add config to set failed_login flag in kerberos client detector
Merge in SNORT/snort3 from ~AAVILASE/snort3:kerberos_read_failed_login_config to master
Squashed commit of the following:
commit
df7f69935cab4aa36609413fc3144849695b87d7
Author: Andres Avila <aavilase@cisco.com>
Date: Fri Jan 23 15:49:17 2026 -0500
kerberos: add config to set failed_login flag in kerberos client detector
Juweria Ali Imran (jaliimra) [Tue, 10 Feb 2026 16:51:44 +0000 (16:51 +0000)]
Pull request #5109: stream_tcp: reject SYNs with different sequence numbers than first seen SYN
Merge in SNORT/snort3 from ~JALIIMRA/snort3:syn_wrap_around to master
Squashed commit of the following:
commit
57bac6552d2e9f20421d97056ff72c3c25acb004
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Tue Jan 20 11:00:48 2026 -0500
stream_tcp: reject SYNs with different sequence numbers than first seen SYN
Pull request #5040: imap: fix oob read in body length parsing
Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_imap_body_len_oob to master
Squashed commit of the following:
commit
20f9df7f744f8d0e9e83a25124c14ba1c7b60441
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Mon Dec 8 11:25:42 2025 -0500
imap: fix oob read in body length parsing
Raghav Bhardwaj (raghavb) [Thu, 5 Feb 2026 15:23:11 +0000 (15:23 +0000)]
Pull request #5073: CSCws35171 : Fix DCE/RPC context id list parsing out-of-bounds read
Merge in SNORT/snort3 from ~RAGHAVB/snort3:fix-dce-rpc-ctx-id-oob-read to master
Squashed commit of the following:
commit
0e78c692227fb0769a84d7260e3565a0e48e91db
Author: raghavb <raghavb@cisco.com>
Date: Mon Dec 22 12:40:24 2025 +0530
CSCws35171 : Fix DCE/RPC context id list parsing out-of-bounds read
Pranav Balakumar (prbalaku) [Thu, 5 Feb 2026 13:55:23 +0000 (13:55 +0000)]
Pull request #5142: shadowtraffic: Fix shadow traffic detection failing after config reload and crash during deploy
Merge in SNORT/snort3 from ~PRBALAKU/snort3:shadow_traffic_remediation to master
Squashed commit of the following:
commit
8603f02e88c86aff4eebd753e234c8c0bf22a720
Author: Pranav Balakumar <prbalaku@cisco.com>
Date: Tue Feb 3 22:36:22 2026 +0530
shadowtraffic: Fix shadow traffic detection failing after config reload and crash during deploy
Pull request #5119: mp_dbus: use lockless ring for events
Merge in SNORT/snort3 from ~OSTEPANO/snort3:mp_ring_opt to master
Squashed commit of the following:
commit
d918d17143484d7d84ed2852dc107290ea8e952a
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Jan 9 06:36:46 2026 -0500
mp_dbus: lockless event ring
Raza Shafiq (rshafiq) [Tue, 3 Feb 2026 19:12:20 +0000 (19:12 +0000)]
Pull request #5129: output: add coverity annotations for thread-safe startup/shutdown functions
Merge in SNORT/snort3 from ~RSHAFIQ/snort3:log_cov to master
Squashed commit of the following:
commit
3b5e460afbdd86936efa506a0c2ad20ee890fed5
Author: rshafiq <rshafiq@cisco.com>
Date: Thu Jan 29 14:57:03 2026 -0500
output: add coverity annotations for thread-safe startup/shutdown functions
Pull request #4897: file_api: add data about available buffers to perf-monitor-base.csv file
Merge in SNORT/snort3 from ~AMANDIUK/snort3:andrii/16153 to master
Squashed commit of the following:
commit
7a7825be38beec2ebc768807aa2cb5e965a7f467
Author: Andrii Mandiuk <amandiuk@cisco.com>
Date: Tue Sep 9 07:15:16 2025 -0700
file_api: add data about buffers to perf-monitor output
Juweria Ali Imran (jaliimra) [Fri, 30 Jan 2026 19:42:44 +0000 (19:42 +0000)]
Pull request #5099: stream_tcp: default to overwrite upon zwp mismatch instead of session block
Merge in SNORT/snort3 from ~JALIIMRA/snort3:zwp_mismatch to master
Squashed commit of the following:
commit
9888d121ef1596f5c26466f0510f36480566d56b
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Thu Jan 15 11:31:30 2026 -0500
stream_tcp: default to overwrite upon zwp mismatch instead of session block
Pull request #5122: wizard: improve MMS curse against fragmented traffic
Merge in SNORT/snort3 from ~VCHYZHOV/snort3:mms_curse_acse_data_oob to master
Squashed commit of the following:
commit
f399d5757e4384b8175317b2cbe5c26cac0b8b30
Author: Viktor Chyzhovych <vchyzhov@cisco.com>
Date: Tue Jan 27 17:30:12 2026 +0200
wizard: improve MMS curse against fragmented traffic
* Improve and fix search_for_osi_acse_data() function MMS protocol analyzer.
* Cover by unit testing.
Pull request #5127: test: fix comparison for pointers in check tests
Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_mac_os to master
Squashed commit of the following:
commit
1d878c766464d72b5ecb4f77581255f1521ba9d5
Author: anorokh <anorokh@cisco.com>
Date: Tue Jan 27 01:29:23 2026 +0100
test: fix comparison for pointers in check tests
Michael Matirko (mmatirko) [Thu, 29 Jan 2026 20:44:27 +0000 (20:44 +0000)]
Pull request #5117: mms: guard against case where p->flow is null and dereference causes a crash
Merge in SNORT/snort3 from ~MMATIRKO/snort3:mms_guard_null to master
Squashed commit of the following:
commit
1c89892856969bc43ee215076503625010ecf56e
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Jan 26 14:32:44 2026 -0500
mms: guard against case where p->flow is null and dereference causes a crash
Raza Shafiq (rshafiq) [Thu, 29 Jan 2026 20:39:55 +0000 (20:39 +0000)]
Pull request #5126: perf_mon: coverity fixes
Merge in SNORT/snort3 from ~RSHAFIQ/snort3:perfmon_coverity to master
Squashed commit of the following:
commit
99f251304565dad3d5f14412725597b894970673
Author: rshafiq <rshafiq@cisco.com>
Date: Wed Jan 28 11:35:59 2026 -0500
perf_mon: coverity fixes
Raza Shafiq (rshafiq) [Thu, 29 Jan 2026 16:20:57 +0000 (16:20 +0000)]
Pull request #5043: socks: socks inspector
Merge in SNORT/snort3 from ~RSHAFIQ/snort3:socks to master
Squashed commit of the following:
commit
9ff4662694ab5ec8dd992b777c6efd9f2020809d
Author: rshafiq <rshafiq@cisco.com>
Date: Tue Aug 19 14:00:03 2025 -0400
socks: socks inspector
Shijin Bose (shibose) [Thu, 29 Jan 2026 16:12:33 +0000 (16:12 +0000)]
Pull request #5121: dns: add fix heap-buffer-overflow in DNS NSEC resource record decoder
Merge in SNORT/snort3 from ~SHIBOSE/snort3:nsec_parsing to master
Squashed commit of the following:
commit
8ed1d4cbaac34970a379cf7c3e4c90695167ea8e
Author: shibose <shibose@cisco.com>
Date: Wed Jan 28 13:59:03 2026 +0530
dns: fix heap-buffer-overflow in DNS NSEC resource record decoder
Shibin K V (shikv) [Wed, 28 Jan 2026 16:40:45 +0000 (16:40 +0000)]
Pull request #5120: dns: clear insert flag for DoH/DoQ
Merge in SNORT/snort3 from ~SHIKV/snort3:dns_ips_fix to master
Squashed commit of the following:
commit
8925ab1e95e9c656b8fa5fe3e6c359657aecbf7d
Author: shibin kv <shikv@cisco.com>
Date: Tue Jan 27 23:50:24 2026 -0600
dns: clear insert flag for DoH/DoQ
Pull request #5097: mms: fix session spdu params OOB read
Merge in SNORT/snort3 from ~VHORBATO/snort3:mms_curse_spdu_oob to master
Squashed commit of the following:
commit
34ff78389cc0e7e7ac83a17c53c215714ae32e53
Author: Oleksandr Fatieiev <ofatieie@cisco.com>
Date: Mon Jan 5 15:24:54 2026 +0200
mms: fix session spdu params OOB read
Pull request #5103: snort3: update copyright year to 2026
Merge in SNORT/snort3 from ~ANOROKH/snort3:upd_copyright_year to master
Squashed commit of the following:
commit
de500a5d0ff8412d54042100e27ae533de65cf68
Author: anorokh <anorokh@cisco.com>
Date: Fri Jan 16 17:59:47 2026 +0200
snort3: update copyright year to 2026
Adrian Mamolea (admamole) [Wed, 28 Jan 2026 08:56:41 +0000 (08:56 +0000)]
Pull request #5106: http_inspect: add http_decoded_uri ips option
Merge in SNORT/snort3 from ~ADMAMOLE/snort3:uri-decoded to master
Squashed commit of the following:
commit
c481e69b04db3708c443501c2017cbc4a4676f1d
Author: Adrian Mamolea <admamole@cisco.com>
Date: Fri Jan 16 16:03:48 2026 -0500
http_inspect: add http_decoded_uri ips option
Pull request #5009: ssl: removing cached length check on validation
Merge in SNORT/snort3 from ~DKOLOMII/snort3:ssl_parser_leak_fix to master
Squashed commit of the following:
commit
5ad1b07d2ff6087aa049c306783fffc6c70788d6
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Mon Dec 8 08:49:52 2025 -0500
ssl: prevent caching zero size ssl data
Ankit Kumar (kuankit) [Tue, 27 Jan 2026 06:52:30 +0000 (06:52 +0000)]
Pull request #5045: ftp_telnet: fix 1-byte heap-buffer-overflow in telnet normalization
Merge in SNORT/snort3 from ~KUANKIT/snort3:test/ftp-telnet-oob-read to master
Squashed commit of the following:
commit
5b543d9f9990afb73c383659f1b5e81c8c3450d2
Author: kuankit <kuankit@cisco.com>
Date: Thu Dec 18 00:39:42 2025 -0800
ftp_telnet: fix out-of-bounds read vulnerabilities in normalize_telnet function
commit
5119c38ff041eabafa2c789371ea6a728135bf42
Author: kuankit <kuankit@cisco.com>
Date: Wed Dec 3 02:46:08 2025 -0800
ftp_telnet: fix 1-byte heap-buffer-overflow in telnet normalization
Vitalii Tron -X (vtron - SOFTSERVE INC at Cisco) [Mon, 26 Jan 2026 20:44:55 +0000 (20:44 +0000)]
Pull request #5077: pub_sub: add get_content_length method to HttpEvent
Merge in SNORT/snort3 from ~VTRON/snort3:optimize_http_body_vector_allocation to master
Squashed commit of the following:
commit
6d329614312895a28ac1321afa64e7a10cfec155
Author: vtron <vtron@cisco.com>
Date: Mon Jan 5 06:25:09 2026 -0800
pub_sub: add get_content_length method to HttpEvent
Pull request #5091: stream: add support to include the flow_id field in the flow data output for each flow dumped
Merge in SNORT/snort3 from ~DAVMCPHE/snort3:show_conn_detail_merge to master
Squashed commit of the following:
commit
fa19f245e88be38cbb2eaaea9cfe33f61990856b
Author: davis mcpherson <davmcphe@cisco.com>
Date: Thu Jan 8 14:58:22 2026 -0500
stream: include the flow_id flow data output of the dump_flows command
commit
31f94334e2aa7b2b24d2760559deeda3d370c6cf
Author: davis mcpherson <davmcphe@cisco.com>
Date: Thu Jan 8 14:24:03 2026 -0500
flow: save the flow_id from the DAQ header struct of a Packet in the Flow object when it is allocated for a new flow
Pull request #5104: stream: skip check for held packet retransmit if current packet is not a wire packet
Merge in SNORT/snort3 from ~DAVMCPHE/snort3:snort_crash_held_packet to master
Squashed commit of the following:
commit
675460c81bb068e75c5f7147f75b3548e67baecf
Author: davis mcpherson <davmcphe@cisco.com>
Date: Wed Jan 14 11:17:17 2026 -0500
stream: skip check for held packet retransmit if current packet is not a wire packet
Pull request #5078: appid: detect ssl service during midstream
Merge in SNORT/snort3 from ~BHRYNIV/snort3:ssl_midstream_service_discovery to master
Squashed commit of the following:
commit
69d9c8176014e959c14bbac04677948a8ebc0e96
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Mon Jan 5 09:50:06 2026 -0500
appid: detect ssl service during midstream
Pull request #5016: appid: inspect server port and client port during midstream; add support for NFSv4.1
Merge in SNORT/snort3 from ~BHRYNIV/snort3:bidir_port_midstream to master
Squashed commit of the following:
commit
171392f863c0903096d653debb093c154699950d
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Fri Nov 28 05:54:24 2025 -0500
appid: inspect server port and client port during midstream; add support for NFSv4.1
Priyanka Gurudev (prbg) [Thu, 22 Jan 2026 22:14:26 +0000 (22:14 +0000)]
Pull request #5113: build: generate and tag 3.11.0.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.11.0.0 to master
Squashed commit of the following:
commit
a2222f0679df5fa00400e6ab72181c758344c9d7
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Thu Jan 22 13:31:00 2026 -0500
build: generate and tag 3.11.0.0
Pull request #4959: Implemented logging feature to support new lua configuration
Merge in SNORT/snort3 from ~SAVRAMAP/snort3:multilogging_feature to master
Squashed commit of the following:
commit
a26ed164317b8e153656af4eeaf566ae6a55d009
Author: Savitha Ramappa <savramap@cisco.com>
Date: Wed Jan 14 14:52:23 2026 +0530
trace: Implemented multi-logging feature to support new lua configuration
Priyanka Gurudev (prbg) [Thu, 22 Jan 2026 03:23:18 +0000 (03:23 +0000)]
Pull request #5112: build: generate and tag 3.10.2.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.10.2.0 to master
Squashed commit of the following:
commit
b12e80674dd99bdd920548b464751357582ebc0e
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Jan 21 15:59:19 2026 -0500
build: generate and tag 3.10.2.0
Pull request #5054: control: refactor connection ownership model and improve thread safety
Merge in SNORT/snort3 from ~VSHPYRKA/snort3:ctrl_conn_tsan to master
Squashed commit of the following:
commit
cf3961411d12e4f972ed2df14e0928b67f4201dd
Author: Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) <vshpyrka@cisco.com>
Date: Fri Dec 12 14:19:09 2025 +0200
control: refactor connection ownership model and improve thread safety
Pull request #5095: extractor: avoid reporting default values for missing SSL fields
Merge in SNORT/snort3 from ~YCHALOV/snort3:ssl_extractor_default_value to master
Squashed commit of the following:
commit
938939d2d569882eb913b7fc1870eb722900b9a5
Author: Yurii Chalov <ychalov@cisco.com>
Date: Wed Jan 14 11:56:48 2026 +0100
extractor: avoid reporting default values for missing SSL fields
Pull request #5038: appid: prefer QUIC client appid over SSL
Merge in SNORT/snort3 from ~OSTEPANO/snort3:quic_client_appid to master
Squashed commit of the following:
commit
decff55972a34bae3931038c4ab305cc64935d05
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Mon Dec 8 08:37:27 2025 -0500
appid: prefer QUIC client appid over SSL
Pull request #5084: appid: prevent oob read in sslv2 server-hello detection
Merge in SNORT/snort3 from ~BHRYNIV/snort3:ssl_sslv2_shello_oob to master
Squashed commit of the following:
commit
66cc7980ef8a6ded57e4d02679525c146e3a5dd5
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Wed Jan 7 07:05:04 2026 -0500
appid: prevent oob read in sslv2 server-hello detection
Pull request #4983: appid: configurable midstream service discovery
Merge in SNORT/snort3 from ~DKOLOMII/snort3:midstream_service_discovery to master
Squashed commit of the following:
commit
598fc31e667da263c8514a92c4f95ef2cdc3eada
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Thu Dec 4 10:18:32 2025 -0500
appid: configurable midstream service discovery
Arnab Kumar Singh (arnsingh) [Sat, 17 Jan 2026 17:07:00 +0000 (17:07 +0000)]
Pull request #5035: file_api : coverity fix
Merge in SNORT/snort3 from ~ARNSINGH/snort3:coverity_fstat_fix to master
Squashed commit of the following:
commit
bd20bb8eb0e070dbe5d3d08038a46aee6d911670
Author: Arnab <arnsingh@cisco.com>
Date: Thu Nov 20 12:27:49 2025 +0530
file_api : coverity fix
Pull request #5085: react: block flow when packets are not reset candidates
Merge in SNORT/snort3 from ~DZIKRATY/snort3:fix_non_tcp_react to master
Squashed commit of the following:
commit
ff894c92b795ba1e20a89d06395f95dca3f4ec97
Author: Denys Zikratyi -X (dzikraty - SOFTSERVE INC at Cisco) <dzikraty@cisco.com>
Date: Thu Jan 8 10:38:11 2026 -0500
react: block flow when packets are not reset candidates
Pull request #5081: smtp: handle split CRLF in multiline response parsing
Merge in SNORT/snort3 from ~BHRYNIV/snort3:smtp_split_crlf to master
Squashed commit of the following:
commit
e5e8bbfebc399179f7ececb283c72239cd9bff97
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Wed Jan 7 05:32:27 2026 -0500
smtp: handle split CRLF in multiline response parsing
Pull request #5052: appid: prevent oob read in bootp option parsing
Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_bootp_oob to master
Squashed commit of the following:
commit
fdd6efba573953f666c8cb7de141c5df4d8e7086
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Fri Dec 12 05:45:41 2025 -0500
appid: prevent oob read in bootp option parsing
Pull request #4968: flow: Support a binary output option for the dump_flows command
Merge in SNORT/snort3 from ~DAVMCPHE/snort3:show_snort_flows_optimization to master
Squashed commit of the following:
commit
0aa744d2857d142cdd3a284d58d6e79ea69d34b9
Author: davis mcpherson <davmcphe@cisco.com>
Date: Tue Oct 14 16:17:22 2025 -0400
flow: refactor dump_flows command to dump flow state in binary format
show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow
flow: test dump limit of 1000 flows per packet
Pull request #5088: SSL client hello event is published with empty hostname
Merge in SNORT/snort3 from ~MURURAJA/snort3:SSL_inspector to master
Squashed commit of the following:
commit
1440bbda83b60bca597a8386fdd98f117de4f642
Author: mururaja <mururaja@cisco.com>
Date: Sat Jan 10 00:26:45 2026 -0800
ssl: SSL client hello event is published with empty hostname
Pull request #5089: mime: fix compile issues
Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_comp_issues_mime to master
Squashed commit of the following:
commit
811fd8cd31e5bc8b84696c420d604568075888b7
Author: anorokh <anorokh@cisco.com>
Date: Sat Jan 10 17:41:00 2026 +0200
mime: fix compile issues (one is false positive)
Priyanka Gurudev (prbg) [Tue, 13 Jan 2026 02:49:49 +0000 (02:49 +0000)]
Pull request #5090: build: generate and tag 3.10.1.0
Merge in SNORT/snort3 from ~PRBG/snort3:build_3.10.1.0 to master
Squashed commit of the following:
commit
6f5e73543576e443e22c2f2f2dd0693cde9bf42a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Sun Jan 11 17:57:00 2026 -0500
build: generate and tag 3.10.1.0
Pull request #5007: ftp_telnet: fix ftp_cmd_pipe_index handling
Merge in SNORT/snort3 from ~AMANDIUK/snort3:ftp_multiple_file_download to master
Squashed commit of the following:
commit
a344640ab0970b50fa9278ec7d21df753b0d3415
Author: Andrii Mandiuk <amandiuk@cisco.com>
Date: Mon Nov 24 07:44:48 2025 -0800
ftp_telnet: fix ftp_cmd_pipe_index handling
Pull request #5083: appid: enable out-of-order inspection by default
Merge in SNORT/snort3 from ~YEFURMAN/snort3:appid_ooo_by_default to master
Squashed commit of the following:
commit
bf9e2b73759c5c43191f78445c1e301bd2a0241e
Author: yefurman <yefurman@cisco.com>
Date: Thu Jan 8 07:43:19 2026 -0500
appid: enable out-of-order inspection by default
Pull request #5079: snort2lua: fix failure in converting patterns containing commas.
Merge in SNORT/snort3 from ~VHORBATO/snort3:s2l_comma to master
Squashed commit of the following:
commit
e59ff8ab76ae27d3409412174192ee0f2c1fc451
Author: vhorbato <vhorbato@cisco.com>
Date: Tue Jan 6 15:41:43 2026 +0200
snort2lua: fix failure in converting patterns containing commas
Pull request #5082: MIME to provide null-terminated string for logging
Merge in SNORT/snort3 from ~OSHUMEIK/snort3:mime_fix to master
Squashed commit of the following:
commit
14b21aec883ea11a6ef259613d5fb9f083b39ff5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 18:39:44 2026 +0200
mime: leave room for null-character in case of size limit hit
commit
d1b484a9e46aecbd9c8608a6d2c3a809edb4bfe8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 18:18:25 2026 +0200
mime: add unit tests for data over memory limit
commit
d0a87edddd87f9330ab8ff36ddb5cb45236b028f
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 17:25:17 2026 +0200
mime: add unit tests for data fitting memory limit
commit
6b790e39c1386c23732417abf19bb8ed1db45113
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 13:44:45 2026 +0200
mime: rename class field to comply with the style
commit
6f6423c66d9fbe54b65c01d098a6fe7cf3c97ada
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 13:28:09 2026 +0200
mime: return error code if cannot add headers for logging
commit
54c5677f65c6e7acbfea1a8b471b30b118e129a8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 13:20:59 2026 +0200
mime: ignore field collection if not configured
commit
449671977200c825b958984e1de6a52d52c4000a
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 11:36:22 2026 +0200
mime: add basic unit tests for file logging
commit
ed77619021828399f29d4e25412ef545920eb8c9
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jan 6 10:33:49 2026 +0200
mime: remove unused forward-declaration
Pull request #5068: ips_options: reset PCRE rule counts on new configuration loaded
Merge in SNORT/snort3 from ~VCHYZHOV/snort3:fix_pcre_rule_counts to master
Squashed commit of the following:
commit
00454f429eca1af4d67d1ef6e4981d1d8814f30d
Author: Viktor Chyzhovych <vchyzhov@cisco.com>
Date: Wed Dec 17 14:57:28 2025 +0200
ips_options: reset PCRE rule counts on new configuration loaded
projects / thirdparty / snort3.git / log
