git.ipfire.org Git - thirdparty/snort3.git/log

Pull request #5112: build: generate and tag 3.10.2.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.10.2.0 to master

Squashed commit of the following:

commit b12e80674dd99bdd920548b464751357582ebc0e
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Jan 21 15:59:19 2026 -0500

build: generate and tag 3.10.2.0

Pull request #5054: control: refactor connection ownership model and improve thread safety

Merge in SNORT/snort3 from ~VSHPYRKA/snort3:ctrl_conn_tsan to master

Squashed commit of the following:

commit cf3961411d12e4f972ed2df14e0928b67f4201dd
Author: Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) <vshpyrka@cisco.com>
Date: Fri Dec 12 14:19:09 2025 +0200

control: refactor connection ownership model and improve thread safety

Pull request #5095: extractor: avoid reporting default values for missing SSL fields

Merge in SNORT/snort3 from ~YCHALOV/snort3:ssl_extractor_default_value to master

Squashed commit of the following:

commit 938939d2d569882eb913b7fc1870eb722900b9a5
Author: Yurii Chalov <ychalov@cisco.com>
Date: Wed Jan 14 11:56:48 2026 +0100

extractor: avoid reporting default values for missing SSL fields

Pull request #5038: appid: prefer QUIC client appid over SSL

Merge in SNORT/snort3 from ~OSTEPANO/snort3:quic_client_appid to master

Squashed commit of the following:

commit decff55972a34bae3931038c4ab305cc64935d05
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Mon Dec 8 08:37:27 2025 -0500

appid: prefer QUIC client appid over SSL

Pull request #5084: appid: prevent oob read in sslv2 server-hello detection

Merge in SNORT/snort3 from ~BHRYNIV/snort3:ssl_sslv2_shello_oob to master

Squashed commit of the following:

commit 66cc7980ef8a6ded57e4d02679525c146e3a5dd5
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Wed Jan 7 07:05:04 2026 -0500

appid: prevent oob read in sslv2 server-hello detection

Pull request #4983: appid: configurable midstream service discovery

Merge in SNORT/snort3 from ~DKOLOMII/snort3:midstream_service_discovery to master

Squashed commit of the following:

commit 598fc31e667da263c8514a92c4f95ef2cdc3eada
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Thu Dec 4 10:18:32 2025 -0500

appid: configurable midstream service discovery

Pull request #5035: file_api : coverity fix

Merge in SNORT/snort3 from ~ARNSINGH/snort3:coverity_fstat_fix to master

Squashed commit of the following:

commit bd20bb8eb0e070dbe5d3d08038a46aee6d911670
Author: Arnab <arnsingh@cisco.com>
Date: Thu Nov 20 12:27:49 2025 +0530

file_api : coverity fix

Pull request #5085: react: block flow when packets are not reset candidates

Merge in SNORT/snort3 from ~DZIKRATY/snort3:fix_non_tcp_react to master

Squashed commit of the following:

commit ff894c92b795ba1e20a89d06395f95dca3f4ec97
Author: Denys Zikratyi -X (dzikraty - SOFTSERVE INC at Cisco) <dzikraty@cisco.com>
Date: Thu Jan 8 10:38:11 2026 -0500

react: block flow when packets are not reset candidates

Pull request #5081: smtp: handle split CRLF in multiline response parsing

Merge in SNORT/snort3 from ~BHRYNIV/snort3:smtp_split_crlf to master

Squashed commit of the following:

commit e5e8bbfebc399179f7ececb283c72239cd9bff97
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Wed Jan 7 05:32:27 2026 -0500

smtp: handle split CRLF in multiline response parsing

Pull request #5052: appid: prevent oob read in bootp option parsing

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_bootp_oob to master

Squashed commit of the following:

commit fdd6efba573953f666c8cb7de141c5df4d8e7086
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Fri Dec 12 05:45:41 2025 -0500

appid: prevent oob read in bootp option parsing

Pull request #4968: flow: Support a binary output option for the dump_flows command

Merge in SNORT/snort3 from ~DAVMCPHE/snort3:show_snort_flows_optimization to master

Squashed commit of the following:

commit 0aa744d2857d142cdd3a284d58d6e79ea69d34b9
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Tue Oct 14 16:17:22 2025 -0400

    flow: refactor dump_flows command to dump flow state in binary format

    show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow

    flow: test dump limit of 1000 flows per packet

Pull request #5088: SSL client hello event is published with empty hostname

Merge in SNORT/snort3 from ~MURURAJA/snort3:SSL_inspector to master

Squashed commit of the following:

commit 1440bbda83b60bca597a8386fdd98f117de4f642
Author: mururaja <mururaja@cisco.com>
Date: Sat Jan 10 00:26:45 2026 -0800

ssl: SSL client hello event is published with empty hostname

Pull request #5089: mime: fix compile issues

Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_comp_issues_mime to master

Squashed commit of the following:

commit 811fd8cd31e5bc8b84696c420d604568075888b7
Author: anorokh <anorokh@cisco.com>
Date: Sat Jan 10 17:41:00 2026 +0200

mime: fix compile issues (one is false positive)

Pull request #5090: build: generate and tag 3.10.1.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.10.1.0 to master

Squashed commit of the following:

commit 6f5e73543576e443e22c2f2f2dd0693cde9bf42a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Sun Jan 11 17:57:00 2026 -0500

build: generate and tag 3.10.1.0

Pull request #5007: ftp_telnet: fix ftp_cmd_pipe_index handling

Merge in SNORT/snort3 from ~AMANDIUK/snort3:ftp_multiple_file_download to master

Squashed commit of the following:

commit a344640ab0970b50fa9278ec7d21df753b0d3415
Author: Andrii Mandiuk <amandiuk@cisco.com>
Date: Mon Nov 24 07:44:48 2025 -0800

ftp_telnet: fix ftp_cmd_pipe_index handling

Pull request #5083: appid: enable out-of-order inspection by default

Merge in SNORT/snort3 from ~YEFURMAN/snort3:appid_ooo_by_default to master

Squashed commit of the following:

commit bf9e2b73759c5c43191f78445c1e301bd2a0241e
Author: yefurman <yefurman@cisco.com>
Date: Thu Jan 8 07:43:19 2026 -0500

appid: enable out-of-order inspection by default

Pull request #5079: snort2lua: fix failure in converting patterns containing commas.

Merge in SNORT/snort3 from ~VHORBATO/snort3:s2l_comma to master

Squashed commit of the following:

commit e59ff8ab76ae27d3409412174192ee0f2c1fc451
Author: vhorbato <vhorbato@cisco.com>
Date: Tue Jan 6 15:41:43 2026 +0200

snort2lua: fix failure in converting patterns containing commas

Pull request #5082: MIME to provide null-terminated string for logging

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:mime_fix to master

Squashed commit of the following:

commit 14b21aec883ea11a6ef259613d5fb9f083b39ff5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 18:39:44 2026 +0200

    mime: leave room for null-character in case of size limit hit

commit d1b484a9e46aecbd9c8608a6d2c3a809edb4bfe8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 18:18:25 2026 +0200

    mime: add unit tests for data over memory limit

commit d0a87edddd87f9330ab8ff36ddb5cb45236b028f
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 17:25:17 2026 +0200

    mime: add unit tests for data fitting memory limit

commit 6b790e39c1386c23732417abf19bb8ed1db45113
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 13:44:45 2026 +0200

    mime: rename class field to comply with the style

commit 6f6423c66d9fbe54b65c01d098a6fe7cf3c97ada
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 13:28:09 2026 +0200

    mime: return error code if cannot add headers for logging

commit 54c5677f65c6e7acbfea1a8b471b30b118e129a8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 13:20:59 2026 +0200

    mime: ignore field collection if not configured

commit 449671977200c825b958984e1de6a52d52c4000a
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 11:36:22 2026 +0200

    mime: add basic unit tests for file logging

commit ed77619021828399f29d4e25412ef545920eb8c9
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Tue Jan 6 10:33:49 2026 +0200

    mime: remove unused forward-declaration

Pull request #5068: ips_options: reset PCRE rule counts on new configuration loaded

Merge in SNORT/snort3 from ~VCHYZHOV/snort3:fix_pcre_rule_counts to master

Squashed commit of the following:

commit 00454f429eca1af4d67d1ef6e4981d1d8814f30d
Author: Viktor Chyzhovych <vchyzhov@cisco.com>
Date: Wed Dec 17 14:57:28 2025 +0200

ips_options: reset PCRE rule counts on new configuration loaded

Pull request #5065: appid: prevent multiple oob reads in ssl

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_ssl_oob to master

Squashed commit of the following:

commit e1d42bb9c34f6e2af3ec0a94a404a64291ff8c20
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Tue Dec 16 08:45:23 2025 -0500

appid: prevent multiple oob reads in ssl

Pull request #5066: appid: fix size check in TFTP service detector

Merge in SNORT/snort3 from ~OSTEPANO/snort3:tftp_oob_read to master

Squashed commit of the following:

commit 27c9141209fa8db65b885facb909a07e6370dc8e
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Dec 17 10:17:50 2025 -0500

appid: fix size check in TFTP service detector

Pull request #4992: flow: add logs to show different ways a flow can fail to create

Merge in SNORT/snort3 from ~JALIIMRA/snort3:pkt_without_flow_reason to master

Squashed commit of the following:

commit 67fdb4cf3c7bdfcc195b67f56111ca74c0af2d1b
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date: Thu Nov 6 10:23:43 2025 -0500

flow: add logs to show different ways a flow can fail to create

Pull request #5072: main: Update Dioctl daqSnort latency common change

Merge in SNORT/snort3 from ~MIYLI/snort3:New_Dioctl_snort_latency_stats_libdaq to master

Squashed commit of the following:

commit 56becc51a905084929a34526a0eb299d7f29ca2f
Author: Manjunatha Iyli <miyli@cisco.com>
Date: Mon Dec 22 08:57:58 2025 +0530

main: Update Dioctl daqSnort latency common change

Pull request #5050: iec104: validate Type I length to prevent ASDU out-of-bounds read

Merge in SNORT/snort3 from ~YEFURMAN/snort3:CSCws05701_fix to master

Squashed commit of the following:

commit ff30b6a527ad21f96071e785772c56156c3ebf36
Author: yefurman <yefurman@cisco.com>
Date: Thu Dec 11 12:03:33 2025 -0500

iec104: validate Type I length to prevent ASDU out-of-bounds read

Pull request #5064: decoder: adding TransbridgeCodec encode function

Merge in SNORT/snort3 from ~OFEDORYC/snort3:trans_bridge_codec-encode-support to master

Squashed commit of the following:

commit 0bb9bf4b3160acc869eed0d2e30502f6285ad2c9
Author: ofedoryc <ofedoryc@cisco.com>
Date: Wed Dec 17 02:45:17 2025 -0500

decoder: adding encode function for TransbridgeCodec

Pull request #5011: appid: fix client process regex mapping logic

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_eve_process_matching to master

Squashed commit of the following:

commit 20f93fcd90c115c5783b76d0c4f1d6dc62a5efbd
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Mon Nov 24 11:14:30 2025 -0500

appid: fix client process regex mapping logic

Pull request #5062: ssl: free certificate data if certificate length is 0

Merge in SNORT/snort3 from ~AAVILASE/snort3:ssl_certs_len_0_memleak to master

Squashed commit of the following:

commit 9ad30c78770360907cf1534f68f2135d8f36b400
Author: Andres Avila <aavilase@cisco.com>
Date: Mon Dec 15 13:21:33 2025 -0500

ssl: Free certificate data if certificate length is 0

Pull request #5037: mime: fix mime boundary parsing

Merge in SNORT/snort3 from ~ANOROKH/snort3:fix_mime_boundary_spacing to master

Squashed commit of the following:

commit e1c11c4d6093f35ace7af372c7818527f2adc185
Author: anorokh <anorokh@cisco.com>
Date:   Fri Dec 5 14:50:37 2025 +0200

    mime: fix mime boundary parsing

    * fixed quoted boundary parsing
    * added ; as delimiter
    * fixed max len boundary parsing, initially 71 length was allowed
    * added mime trace type to snort_module

Pull request #5041: iec104: Fix IEC 104 SQ0 bounds checks by removing duplicate asdu_size_map entries and using IO_GROUP sizes, preventing out-of-bounds reads

Merge in SNORT/snort3 from ~YEFURMAN/snort3:CSCws05710_fix to master

Squashed commit of the following:

commit 5d6580db2c8589788661eff7e14227c88d35fd20
Author: yefurman <yefurman@cisco.com>
Date: Mon Dec 8 06:05:55 2025 -0500

iec104: Fix IEC 104 SQ0 bounds checks by removing duplicate asdu_size_map entries and using IO_GROUP sizes, preventing out-of-bounds reads

Pull request #5046: appid: check for Lua table errors during initialization and cleanup

Merge in SNORT/snort3 from ~OSTEPANO/snort3:lua_table_error_handle to master

Squashed commit of the following:

commit 7367e3e513f0b6f362544791fd763f4a1ded975e
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Dec 10 07:45:22 2025 -0500

appid: check for Lua table errors during initialization and cleanup

Pull request #5004: ftp_telnet: Handle malformed traffic in ftp to generate alert.

Merge in SNORT/snort3 from ~RASMANOH/snort3:ftp_response_validation to master

Squashed commit of the following:

commit d02c41b518967993cd9c5052d9fad9716013838d
Author: Rashi Manohar Patil <rasmanoh@b18-vms-vm1089.cisco.com>
Date: Tue Dec 16 15:40:26 2025 +0530

ftp_telnet: Handle malformed traffic in ftp to generate alert

Pull request #5051: ssl: tls client hello check out of bounds fix

Merge in SNORT/snort3 from ~AAVILASE/snort3:tls_client_hello_oob to master

Squashed commit of the following:

commit 8a6e74c9bfca03e7f08da85345ef405e00302939
Author: Andres Avila <aavilase@cisco.com>
Date: Thu Dec 11 16:01:41 2025 -0500

ssl: tls client hello check out of bounds fix

Pull request #5042: appid: add check to avoid setting brute force state for pending sessions that are pruned

Merge in SNORT/snort3 from ~AAVILASE/snort3:set_brute_force_only_service_failure to master

Squashed commit of the following:

commit 1b508226cd69b2e38c2d732d52b5f4bf9afe09b8
Author: Andres Avila <aavilase@cisco.com>
Date: Mon Dec 8 21:07:43 2025 -0500

appid: add check to avoid setting brute force state for pending sessions that are pruned

Pull request #5036: http_inspect: fix coverity errors

Merge in SNORT/snort3 from ~JMARTINC/snort3:cov_fix to master

Squashed commit of the following:

commit cc8ae063c7b71257df2f61550fbfb2d8819ee392
Author: Juan David Martin Castillo <jmartinc@cisco.com>
Date: Wed Nov 26 12:54:25 2025 -0500

http_inspect: fix coverity error

Pull request #5044: dns: add fix infinite recursion vulnerability

Merge in SNORT/snort3 from ~SHIBOSE/snort3:dnsloop to master

Squashed commit of the following:

commit deba44f95fa2318eecae06366136a29801478ab1
Author: shibose <shibose@cisco.com>
Date: Wed Dec 10 00:09:05 2025 +0530

dns: add fix infinite recursion vulnerability

Pull request #5024: Opensource PRs

Merge in SNORT/snort3 from ~MMATIRKO/snort3:opensource_PRs-12-2-25 to master

Squashed commit of the following:

commit dc343859ef082303a8dcb44574cf0f59d382b827
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Dec 4 09:50:26 2025 -0500

    file: use new EVP functions rather than deprecated SHA functions

commit eb29d47a8d58aa9d5891cb3cd8be7716a7694329
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 11:01:03 2025 -0500

    alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix

commit b94f8da944edab611bdd5ac0613ea5c584a75e9e
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 10:54:03 2025 -0500

    cmake: fix pkg-config path for libdir, thanks to brianmcgillion on GitHub for submitting a similar fix

commit a96ce2c7dc6dcfc4b207aa1fe71f9c31a4cdde42
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 10:25:06 2025 -0500

    alert_json: add support for logging appid, thanks to ssam18 on GitHub for suggesting this change

commit 2e45e88d7d31c7fd55a9ce2f246e3b7983ffe714
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 10:20:18 2025 -0500

    hash: update hashes to use new EVP functions, thanks to
    Bl4omArchie on GitHub for suggesting a similar change

Pull request #4985: sip: fix out of bound reads in sip inspector

Merge in SNORT/snort3 from ~SHIBOSE/snort3:sip_oob to master

Squashed commit of the following:

commit db754babd2279566a1c11267a8249d4f22311467
Author: shibose <shibose@cisco.com>
Date:   Tue Nov 18 12:35:41 2025 +0530

    sip: avoid out-of-bounds reads in sip_parse_sdp_m

commit 0455ee01dad5f61b1eab726facb894f2334615cc
Author: shibose <shibose@cisco.com>
Date:   Fri Nov 7 00:33:16 2025 +0530

    sip: fix out of bound reads in sip inspector

Pull request #5028: smtp: usage of config cmds to prevent oob

Merge in SNORT/snort3 from ~DKOLOMII/snort3:smtp_handle_command_fix to master

Squashed commit of the following:

commit 306fa5ea894c9a7a66805f7f5c0294999b1e3f0d
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Thu Dec 4 07:21:33 2025 -0500

smtp: usage of config cmds

Pull request #5030: snort_ml: scan multipart form data

Merge in SNORT/snort3 from ~BRASTULT/snort3:snort_ml_multipart to master

Squashed commit of the following:

commit 324097ebac2877412a01f66816006c6033613ad3
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue Dec 2 18:18:21 2025 -0500

    snort_ml: enable client body scanning by default

commit 3a36905a39c842aca112757b3927b135395429ff
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue Dec 2 18:17:57 2025 -0500

    snort_ml: scan multipart form data

commit 065b77b473a6536bb002c71d362d8b7beb78e815
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue Dec 2 18:05:27 2025 -0500

    pub_sub: add is_urlencoded method

commit 6ef1aee143d6040d3e690f197cc71e629e9b40c9
Author: Brandon Stultz <brastult@cisco.com>
Date:   Tue Dec 2 17:57:54 2025 -0500

    http_inspect: add urlencoded to content-type list

Pull request #5001: appid: allow out-of-order packet inspection in TP

Merge in SNORT/snort3 from ~OSTEPANO/snort3:tp_http_request_len to master

Squashed commit of the following:

commit aa0c0de17168228c169f7f3a358cedf4f2e9a70a
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Nov 19 13:47:05 2025 -0500

appid: allow out-of-order packet inspection in TP

Pull request #5032: appid: fix eve process handler event debug logging

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:fix_deferred_trust to master

Squashed commit of the following:

commit 749e2e9e043a229ecdb534d0844efaf6c33d8df0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Thu Oct 16 15:52:16 2025 -0400

appid: fix eve process handler event debug logging

Pull request #5010: smb,dlp: update filename,filesize of FileInfo handling to enable dlp evaluation for repeated txns

Merge in SNORT/snort3 from ~VEVURI/snort3:dlp-for-smb to master

Squashed commit of the following:

commit 05bda7e2ae1e9459082199474e77750d03bbe916
Author: Veera Reddy Evuri <vevuri@cisco.com>
Date: Wed Nov 26 02:04:04 2025 -0800

smb,dlp: update filename,filesize of FileInfo handling to enable dlp evaluation for repeated txns

Pull request #5027: detection: fix Coverity warnings in related components

Merge in SNORT/snort3 from ~VHORBATO/snort3:de_coverity to master

Squashed commit of the following:

commit e79722ff502f1030531812e64148893df153cb38
Author: vhorbato <vhorbato@cisco.com>
Date: Wed Dec 3 18:23:21 2025 +0200

build: fix Coverity warnings in related components

Pull request #5031: mime: improve form-data collection for incomplete boundaries

Merge in SNORT/snort3 from ~ANOROKH/snort3:improve_form_data_collection to master

Squashed commit of the following:

commit 46cfe4731ceda80b8ffca47b296355e5fbe85fd4
Author: anorokh <anorokh@cisco.com>
Date: Fri Dec 5 12:32:55 2025 +0200

mime: improve form-data collection for incomplete boundaries

Pull request #5013: unified2: use proper API for obtaining VLAN ID from packet

Merge in SNORT/snort3 from ~MMATIRKO/snort3:better_vlan to master

Squashed commit of the following:

commit 407d27f35e065241d594d3ecb857432295214401
Author: Michael Matirko <mmatirko@cisco.com>
Date: Wed Nov 26 12:47:54 2025 -0500

unified2: use proper API for obtaining VLAN ID from packet

Pull request #5021: appid: fix setting global ssh ignore flag

Merge in SNORT/snort3 from ~YEFURMAN/snort3:early_ssh_ignore to master

Squashed commit of the following:

commit ff4f3e97c6000eb8c80b14d49bab8bceb9fcf40d
Author: yefurman <yefurman@cisco.com>
Date: Tue Dec 2 03:37:09 2025 -0500

appid: fix setting global ssh ignore flag

Pull request #4973: Mdns deviceinfo

Merge in SNORT/snort3 from ~UMASHARM/snort3:mdns_deviceinfo to master

Squashed commit of the following:

commit b183f83410da9d86cef10e8bae079e9bc734c933
Author: Umang Sharma <umasharm@cisco.com>
Date: Tue Nov 4 09:16:57 2025 -0500

appid: mDNS TXT records parsing and deviceinfo event generation

Pull request #5017: build: address compilation warnings

Merge in SNORT/snort3 from ~VSHPYRKA/snort3:cov_fixes_serviceability to master

Squashed commit of the following:

commit eb683d834d223d44ad475b2dd29b4cf36c567853
Author: Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) <vshpyrka@cisco.com>
Date: Wed Nov 26 15:45:58 2025 +0200

build: address compilation warnings

Pull request #4944: mime: implement parsing for MIME multipart/form_data content

Merge in SNORT/snort3 from ~ANOROKH/snort3:mime_form_data to master

Squashed commit of the following:

commit 86cbfb84db9b2930b42fc3bb7aea147d1c6e7aea
Author: anorokh <anorokh@cisco.com>
Date:   Wed Nov 12 12:08:36 2025 +0200

    mime: implement content parsing of multipart/form_data

        - reworked MIME header (Content-*) parsing
        - http_inspect: added new form_data value in MsgBody
        - pub_sub: added new event HttpFormDataEvent

Pull request #5015: A fix for byte_extract

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:byte_extract_cursor to master

Squashed commit of the following:

commit f30dd5a7b7b87a08e2975a627b7a8313fca71c9e
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Nov 27 10:32:22 2025 +0200

    ips_options: fix cursor position for byte_extract

    Cursor position is set with respect to Relative flag.

Pull request #4953: ftp_telnet: fix Coverity DEADCODE and INTEGER_OVERFLOW errors

Merge in SNORT/snort3 from ~KUANKIT/snort3:ftp-telnet-coverity-fixes to master

Squashed commit of the following:

commit bc51db20619b348fe136829b25eed1f25c78e316
Author: kuankit <kuankit@cisco.com>
Date: Tue Oct 21 21:45:04 2025 -0700

ftp_telnet: fix coverity errors and improve cmd_len configurability

Pull request #5008: build: generate and tag 3.10.0.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.10.0.0 to master

Squashed commit of the following:

commit d86300b334840b019e8e73cab6c48af00675612a
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Mon Nov 24 15:55:53 2025 -0500

build: generate and tag 3.10.0.0

Pull request #4995: appid: ignore empty strings in ssl lookup api

Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_api_zero_tls to master

Squashed commit of the following:

commit 5e6a9c0b9cea6e476cee6369e79d168807b5db2d
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Fri Nov 14 09:54:37 2025 -0500

appid: ignore empty strings in ssl lookup api

Pull request #4932: opcua: adding documentation for new OPC UA service inspector

Merge in SNORT/snort3 from ~DKOLOMII/snort3:opcua_inspector_doc to master

Squashed commit of the following:

commit 48e1b1cfb621fc834e6e3f0f9973a76e7a2a1efa
Author: Jared Rittle <>
Date: Mon Jan 6 13:40:15 2025 -0500

opcua: inspector documentation

Pull request #4931: opcua: adding new service inspector for OPC UA

Merge in SNORT/snort3 from ~DKOLOMII/snort3:opcua_inspector to master

Squashed commit of the following:

commit ebef1ee2314a3db2e8790556567b9a419f42ea5a
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Thu Nov 20 09:21:10 2025 -0500

opcua: adding support for opcua

Pull request #4978: reload: make proc_stats thread_local

Merge in SNORT/snort3 from ~YCHYP/snort3:tsan-thread-local to master

Squashed commit of the following:

commit ec57c80d77119ed5692526016c00a26766b912cb
Author: ychyp <ychyp@cisco.com>
Date: Tue Nov 4 12:34:26 2025 -0500

reload: make proc_stats thread_local

Pull request #4960: ssh: support fields for extractor

Merge in SNORT/snort3 from ~AMUTTUVA/snort3:ssh_ext to master

Squashed commit of the following:

commit 0179324498cb13d08a1a23b44eee55ce1fa92e19
Author: Akhilesh MY <amuttuva@cisco.com>
Date: Mon Oct 27 05:37:19 2025 -0400

ssh: support fields for extractor

Pull request #4982: main: Retry queue timeout option added

Merge in SNORT/snort3 from ~VITHIRAV/snort3:retry_queue_timeout to master

Squashed commit of the following:

commit 61f65bb7adef7ce6e4b836ee07c8a62030c66fb7
Author: vithirav <vithirav@cisco.com>
Date: Tue Nov 18 20:45:04 2025 -0800

main: Retry queue timeout option added

Pull request #4999: extractor: fix cppcheck errors

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:cppcheck to master

Squashed commit of the following:

commit fbce54b7c5dc6493b8d97742fa7658e39549a0b8
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Tue Nov 18 16:57:33 2025 -0500

extractor: fix cppcheck errors

Pull request #5000: ips_options: make pcre match data thread specific

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:pcre2_mt to master

Squashed commit of the following:

commit c526c6db25247c43cbaa9f176838d94f18944bee
Author: vhorbato <vhorbato@cisco.com>
Date: Mon Nov 17 18:26:07 2025 +0200

ips_options: make pcre match data thread specific

Pull request #4991: extractor: add quic extractor

Merge in SNORT/snort3 from ~VSHPYRKA/snort3:quic_extractor_implementation to master

Squashed commit of the following:

commit f0020563a960fdf16c09af4454b7c80cd4073da7
Author: Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) <vshpyrka@cisco.com>
Date: Thu Oct 16 12:02:12 2025 +0300

extractor: add quic extractor

Pull request #4977: appid: ftp parsing  bounds check

Merge in SNORT/snort3 from ~OSTEPANO/snort3:ftp_overflow to master

Squashed commit of the following:

commit 725fa41fe90f105ce77b67ba120b8bd3778018c3
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date:   Wed Nov 5 06:48:08 2025 -0500

    appid: ftp parsing bounds check

Pull request #4859: file_api: copy cacheable property to new context from cached context and use filecontext from cache, only if the entry is marked as cacheable

Merge in SNORT/snort3 from ~VEVURI/snort3:dlp-verdict-cache-txns to master

Squashed commit of the following:

commit 00181875a2fbe3e67d92cbd137fe93919b437f46
Author: Veera Reddy Evuri <vevuri@cisco.com>
Date: Sun Nov 2 22:49:21 2025 -0800

file_api: copy cacheable property to new context from cached context and use filecontext from cache, only if the entry is marked as cacheable

Pull request #4961: Fix:Coverity issue due to copy instead of move

Merge in SNORT/snort3 from ~ARNSINGH/snort3:copyinsteadmove to master

Squashed commit of the following:

commit c2531f56ac8d343f45b5bd4869dfca2621516f4f
Author: arnsingh <arnsingh@cisco.com>
Date: Sun Oct 26 14:25:20 2025 +0530

dce_rpc: changed copy to move

Pull request #4962: mp_data_bus: unsubscribe

Merge in SNORT/snort3 from ~UMASHARM/snort3:mpdbus_unsubscribe to master

Squashed commit of the following:

commit 5e4ec40feb8fa04b35ef621bc1449f730b8ed5ce
Author: Umang Sharma <umasharm@cisco.com>
Date: Mon Nov 3 08:11:49 2025 -0500

mp_data_bus: unsubscribe API

Pull request #4969: dns: add counters for different DNS flavors

Merge in SNORT/snort3 from ~SHIKV/snort3:doh_counters to master

Squashed commit of the following:

commit a09815a683072f0a63125f114a7ba8ae639bbf2f
Author: shibin k v <shikv@cisco.com>
Date: Mon Nov 3 01:58:24 2025 -0600

dns: add counters for different DNS flavors

Pull request #4935: packet_io: snort3ci platforms_rt failing

Merge in SNORT/snort3 from ~MURURAJA/snort3:Snort_rt to master

Squashed commit of the following:

commit cf53f8fe6c868332a9fec6fa94859e7a3fe9eddd
Author: mururaja <mururaja@cisco.com>
Date: Wed Oct 8 07:19:57 2025 -0700

ai_inspector: changes in active_packet_trace_test

Pull request #4979: http_inspect: rename request and response buffers

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:rename_fields to master

Squashed commit of the following:

commit 6d5aa070aea3445990211f5e2d20d776180f438b
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed Nov 5 12:04:55 2025 -0500

http_inspect: rename request and response buffers

Pull request #4981: build: generate and tag 3.9.7.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.7.0 to master

Squashed commit of the following:

commit d15630e1075770f7fc4973a6a822195e7e0630d7
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Wed Nov 5 22:32:31 2025 -0500

build: generate and tag 3.9.7.0

Pull request #4925: appid: SNI and CNAME patterns matching fix

Merge in SNORT/snort3 from ~AMILASH/snort3:cname_sni_pattern_matching to master

Squashed commit of the following:

commit 6b2ac4841f641790fce314bb369289009b977907
Author: Artur <amilash@cisco.com>
Date: Tue Sep 30 08:08:56 2025 -0400

appid: SNI and CNAME patterns matching fix

Pull request #4970: stream: remove lock on extra_data_log as it is only changed at Analyzer startup

Merge in SNORT/snort3 from ~MMATIRKO/snort3:xtra_no_lock to master

Squashed commit of the following:

commit a59a788ca121a1df8bd111eec08b19e7437dad6b
Author: Michael Matirko <mmatirko@cisco.com>
Date: Mon Nov 3 09:49:45 2025 -0500

stream: remove lock on extra_data_log as it is only changed at Analyzer startup

Pull request #4893: http_inspect: waf buffers

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:log_buffers to master

Squashed commit of the following:

commit c2b242a909c4bd36d03b4b16f9c267857ce27580
Author: Adrian Mamolea <admamole@cisco.com>
Date: Tue Sep 2 12:32:45 2025 -0400

http_inspect: add waf buffers

Pull request #4967: appid: suppress false positive coverity warning

Merge in SNORT/snort3 from ~AAVILASE/snort3:suppress_coverity_warning to master

Squashed commit of the following:

commit 3f45980bf43e944f4eddc181965360fb3671102d
Author: Andres Avila <aavilase@cisco.com>
Date: Thu Oct 30 11:04:40 2025 -0400

appid: suppress false positive coverity warning

Pull request #4966: appid: fix ssh service detection on mid-stream sessions

Merge in SNORT/snort3 from ~YEFURMAN/snort3:ssh_service_detection_fix to master

Squashed commit of the following:

commit 21a4f27f6cda49e6b176f6ae1461d24db1a28611
Author: yefurman <yefurman@cisco.com>
Date: Fri Oct 24 09:49:36 2025 -0400

appid: fix ssh service detection with dropped packets

Pull request #4945: memory, filters: resolve coverity and TSAN issues

Merge in SNORT/snort3 from ~MMATIRKO/snort3:coverity_calamity to master

Squashed commit of the following:

commit 696a51e6dad7ca1c6351831ca2b08899538346b5
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Oct 9 13:52:36 2025 -0400

    memory: resolve race condition on global stats

    filters: resolve lock issues, 2k38 issues in rate_filter and sfthd

    stream: add additional lock/unlock when we do extra_data_log

    perf_monitor: don't decrement index if already zero

    appid: fix printf args

    perf_monitor: fix minor issue with int overflow

    ha: guard against negative shift

    codec: fix byte math, codec coverity issues

    rna: use std::move on RnaTracker to move instead of copying

    snort2lua: use std::move where possible

    stream, loggers: use std::move where possible

    sfthd: fix issues with printf type specifier, cppcheck issues

    detection_engine: use const where possible

Pull request #4933: ssl: SSL extractor event

Merge in SNORT/snort3 from ~OSTEPANO/snort3:ssl_metadata_extractor to master

Squashed commit of the following:

commit 45a8012221075eb0d84589631d543b9151d25c95
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Thu Sep 11 04:42:20 2025 -0400

ssl: SSL extractor event

Pull request #4946: appid: solve coverity warnings

Merge in SNORT/snort3 from ~AAVILASE/snort3:address_coverity_warnings to master

Squashed commit of the following:

commit b100d38c8fbf510e5e6daf9f4b5cfe37de1d8352
Author: Andres Avila <aavilase@cisco.com>
Date: Thu Oct 16 10:33:30 2025 -0400

appid: solve coverity warnings

Pull request #4950: appid: add multi-stream support for DNS

Merge in SNORT/snort3 from ~SHIKV/snort3:doh_multi_stream to master

Squashed commit of the following:

commit e46e9809c787162b84bdd9147a27cde496cd8714
Author: shibin k v <shikv@cisco.com>
Date: Tue Oct 21 04:00:46 2025 -0500

appid: add multi-stream support for DNS

Pull request #4951: iec104: data size checks for pointer operations

Merge in SNORT/snort3 from ~OSTEPANO/snort3:iec_coverity to master

Squashed commit of the following:

commit dc00f009a3007ba2d9b5d7ff33e123f49413b643
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Tue Oct 21 06:01:08 2025 -0400

iec104: data size checks for pointer operations

Pull request #4940: dce_rpc: checking out of bounds

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_dcesmb_oob to master

Squashed commit of the following:

commit a81f44c4ed3c9867580b49cd0877798cefa7dffb
Author: ashutosh <ashugup3@cisco.com>
Date: Thu Oct 9 12:17:10 2025 +0530

dce_rpc: checking out of bounds

Pull request #4884: flow: add new flow prune reason

Merge in SNORT/snort3 from ~RSHAFIQ/snort3:flow_release to master

Squashed commit of the following:

commit c6c4c580d3aa46a09b9063b08347c6071de631f6
Author: rshafiq <rshafiq@cisco.com>
Date: Tue Aug 26 16:51:20 2025 -0400

flow: new pegs and packet tracer log for flow prune

Pull request #4954: s7commplus: out of bounds check during decode

Merge in SNORT/snort3 from ~AAVILASE/snort3:s7commplus_out_bounds_check to master

Squashed commit of the following:

commit 946cf17ece70bdf2899053099dca70e93fd7d9b5
Author: Andres Avila <aavilase@cisco.com>
Date: Tue Oct 21 10:12:21 2025 -0400

s7commplus: out of bounds check during decode

Pull request #4833: snort_ml: add mpse and lru cache

Merge in SNORT/snort3 from ~BRASTULT/snort3:snort_ml_pipeline to master

Squashed commit of the following:

commit 1f51dd1bee92a4995d960561b59a72e1a8903b53
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Jul 25 13:46:00 2025 -0400

    build: only enable libml for supported versions

commit 47a789fc3b637f95b11ba0b154af53440ed5b2f2
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Jul 25 13:32:01 2025 -0400

    snort_ml: add mpse and lru cache

commit 7c74729080cc2f1095dbbeee8e98bbbda00accf9
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Sep 5 17:00:03 2025 -0400

    hash: add FNV-1a hash

Pull request #4942: pop: fixing oob in pop_paf search_for_command

Merge in SNORT/snort3 from ~DKOLOMII/snort3:pop_oob_fix to master

Squashed commit of the following:

commit f06464862b154bd1742a19bdb330348519017da4
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Wed Oct 15 11:35:39 2025 -0400

pop: fixing oob in pop_paf search_for_command

Pull request #4948: log: Increase max length of LogMessage output.

Merge in SNORT/snort3 from ~STECHEW/snort3:log_message_size to master

Squashed commit of the following:

commit aed76bcfc3177ab2d806380029e5b2e75ed60a8b
Author: Steve Chew <stechew@cisco.com>
Date: Sun Oct 19 14:37:14 2025 -0400

log: Increase max length of LogMessage output.

Pull request #4941: imap: parse_command oob fix

Merge in SNORT/snort3 from ~DKOLOMII/snort3:imap_oob_fix to master

Squashed commit of the following:

commit fd69fd0e106da891013f471051c06cd357bba5ac
Author: Daniil Kolomiiets <dkolomii@cisco.com>
Date: Wed Oct 15 10:12:23 2025 -0400

imap: parse_command oob fix

Pull request #4947: mp_data_bus: fixing coverity issues

Merge in SNORT/snort3 from ~UMASHARM/snort3:mpdbus_coverity to master

Squashed commit of the following:

commit 0d1fa67aa85e084c72dbe5f161e551c0455ed14f
Author: Umang Sharma <umasharm@cisco.com>
Date: Thu Oct 16 11:55:05 2025 -0400

mp_data_bus: fixing coverity issues

Pull request #4923: stream_tcp: enhance rst validation to follow RFC 5961 recommendations

Merge in SNORT/snort3 from ~DAVMCPHE/snort3:stream_tcp_rst_handling to master

Squashed commit of the following:

commit f355fb9799470aae71c2f6b13cea98d981e0ba68
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Tue Sep 9 11:58:15 2025 -0400

    stream_tcp: enhance rst validation to follow RFC 5961 recommendations, default all modern OSes to use this validation algorithm
                add PegCounts to track all outcomes when validating RST packets
                clean up code that was redundantly setting flags/state

Pull request #4939: appid: ignore arcserve so dcerpc protocol is used when syncing to flow service

Merge in SNORT/snort3 from ~AAVILASE/snort3:arcserve_dcerpc_intrusion_fix to master

Squashed commit of the following:

commit f183fca9b4fff875c7ab8b75096340408b5db2a1
Author: Andres Avila <aavilase@cisco.com>
Date: Mon Oct 13 20:37:56 2025 -0400

appid: ignore arcserve so dcerpc protocol is used when syncing to flow service

Pull request #4936: appid: more restrictive checks for DNS client detection

Merge in SNORT/snort3 from ~OSTEPANO/snort3:dns_udp_detector to master

Squashed commit of the following:

commit 12ff8b2092daa3f17b78dfd42bdb16ec7f208589
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed Oct 8 09:50:19 2025 -0400

appid: more restrictive checks for DNS client detection

Pull request #4915: http_inspect: partial inpection on start line

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:part_rl to master

Squashed commit of the following:

commit 0499b6ce50885ba6544ddf8202cf52a25b57a9ee
Author: Adrian Mamolea <admamole@cisco.com>
Date: Mon Sep 15 12:45:22 2025 -0400

http_inspect: partial inpection on start line

Pull request #4930: js_norm: prevent memory leak when temp buffer was processing

Merge in SNORT/snort3 from ~YCHALOV/snort3:js_norm_mem_leak to master

Squashed commit of the following:

commit c5b89ffcfbc304527f38d1e5ef2eb5d02e3bbcd5
Author: Yurii Chalov <ychalov@cisco.com>
Date: Fri Oct 3 14:39:02 2025 +0200

js_norm: prevent memory leak when temp buffer was processing

Pull request #4888: appid: fix high inspected packets count

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_high_inspected_packets_count to master

Squashed commit of the following:

commit bab6b11b314c1cf6545add72eef8bd51e97c399f
Author: Bohdan Hryniv <bhryniv@cisco>
Date: Tue Sep 9 12:09:23 2025 -0400

appid: fix high inspected packets count

Pull request #4896: Doh initial

Merge in SNORT/snort3 from ~SHIKV/snort3:doh_initial to master

Squashed commit of the following:

commit bf26dd87ba5532b379784ff8f4c8b7dee26b8001
Author: shibin k v <shikv@cisco.com>
Date:   Thu Sep 18 11:44:41 2025 -0500

    stream_tcp: copy all layers from original packet during pseudo packet creation

commit b16a92f10481ad99d4196e80c8bed0fb67262e96
Author: shibin k v <shikv@cisco.com>
Date:   Wed Sep 3 07:56:16 2025 -0500

    appid, http_inspect, dns: add support for DNS over HTTPS and DNS over QUIC

Pull request #4934: build: generate and tag 3.9.6.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.6.0 to master

Squashed commit of the following:

commit 1b21169577bb692a0c0ea99f1e58fbf5c6d679ca
Author: Priyanka Gurudev <prbg@cisco.com>
Date: Mon Oct 6 12:46:18 2025 -0400

build: generate and tag 3.9.6.0

Pull request #4921: decompress: added check for mini_fat_persector to not to be zero

Merge in SNORT/snort3 from ~ASHUGUP3/snort3:bug_decompress_dividebyzero to master

Squashed commit of the following:

commit a0d4a7be7d1f6b3bc64c11356c21a182d542ab37
Author: ashutosh <ashugup3@cisco.com>
Date: Fri Oct 3 14:50:53 2025 +0530

decompress: added check for mini_fat_persector to not to be zero

Pull request #4908: quic advanced logging

Merge in SNORT/snort3 from ~BMORRIS2/snort3:quic_events to master

Squashed commit of the following:

commit 92a10ddfbb99ddeff8e13c96c8ffab6bf9c995ea
Author: Brian Morris <bmorris2@cisco.com>
Date: Tue Sep 30 11:12:06 2025 -0500

pub_sub: add quic logging events

Pull request #4926: main: add message when unable to set affinity

Merge in SNORT/snort3 from ~MMATIRKO/snort3:proc_error_msg to master

Squashed commit of the following:

commit 21b3ff6037338932101226b997dd65220ace78cf
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Sep 30 10:33:59 2025 -0400

main: add message when unable to set affinity

Pull request #4924: appid: retain shadow traffic status after reload detectors

Merge in SNORT/snort3 from ~AAVILASE/snort3:retain_st_state_after_reload to master

Squashed commit of the following:

commit 084ec7699094f59a8d32653e8f9d2fff286b3d0c
Author: Andres Avila <aavilase@cisco.com>
Date: Mon Sep 29 20:49:02 2025 -0400

appid: retain the shadow traffic status after detector reload

Pull request #4920: flow: continue retrying when the retry processing is still pending.

Merge in SNORT/snort3 from ~STECHEW/snort3:retry_still_pending to master

Squashed commit of the following:

commit 135d27bbdfe077633ee897663cc3f7fac507a7ba
Author: Steve Chew <stechew@cisco.com>
Date: Thu Sep 25 15:40:26 2025 -0400

flow: continue retrying when the retry processing is still pending.