Thema: Netzwerk-Schwein Snort ...

[SiLæncer]

Whats new:>>

    appid: add appId for DNS over QUIC and DNS over HTTP/3 to application_ids.h
    decompress: use list for OLE file entries to guarantee their order in file_data
    detection: setting flag for flows with affected logging due to event filter

http://www.snort.org/

[SiLæncer]

Changelog

Changes in this release (since 3.1.78.0)

3.1.81.0

    appid: check tenant_match() if required
    appid: log error message instead of fatal error if appid stats logfile is not accessible
    appid: Lowering max packet count before service fail
    control: Adds counting to ctrlcon blocked to allow for nested commands
    detection: add c'tors, use new instead of snort_calloc
    detection: copy ip var name in dup_rtn
    flow: added ips event suppression flags
    host_cache: fixed update_stats to remove race_condition
    http_inspect: recreate JSNorm if reload takes place inside transaction
    ips_context: add lazy-allocation of alt buffer
    kaizen: provide an option to enable Kaizen's mock
    kaizen: remove redundant semicolon and add explicit cast
    kaizen: rename modules
    lua: improve spell of wizard for HTTP
    memory: prevent data race between main and packet threads
    service_inspectors: add check for JSNorm config actuality
    stream_tcp: add alerts for exceeding thresholds for max queued bytes or segments
    stream_tcp: add check to verify seglist head is not nullptr and only initialize PAF when it is not
    utils: add macro for setting thread name

3.1.79.0

    appid: add tenants filter for appid debug
    appid: process organization unit instead of organization name
    appid: return false in is_appid_inspecting_session for quic if not decrypting
    appid: update peg counts to be thread safe
    coverity: fix for stream and hash
    filters: make rate_filter multithreaded + some cleanup
    kaizen: add dev_notes.txt
    kaizen: change default value of uri_depth to -1
    kaizen: change kaizen gid to 411
    kaizen: extend mock object with simple matching mechanism
    kaizen: make kaizen configurable per policy
    kaizen: register module only when LibML present or REG_TEST defined
    kaizen: update copyright
    mercury: updating alpn info without sni in 7.6
    network_inspectors: add kaizen ML based exploit detector
    packet_tracer: add tenants to filters
    profiler: improve multithread rule percentage calculation
    ssl: heap overflow issue when processing handshake records
    stream_tcp: correct labeling of in-sequence and out-of-sequence packets
    stream_tcp: persist disable_reassembly in Flow
    stream_tcp: set packet direction flag based on direction saved in reassembly state

[close]

http://www.snort.org/

[SiLæncer]

Changelog

Dependencies:

    No 'new' dependencies introduced

Changes in this release since 3.1.84.0:

    appid: enhanced appid config parsing
    appid: remove locks from peg counts
    appid: separate main thread and packet thread appid_pub_id
    dce_smb: fixing an ASAN memory corruption issue
    detection: handle policy changes in continuation
    framework: add correct cast from double to unsigned
    http_inspect: add file_data to buffer list
    packet_capture: include cstdint in a header file. Thanks to Plup plup@plup.io and Hauke Mehrtens hauke@hauke-m.de for reporting this!
    xhash: fixed typo

[close]

http://www.snort.org/