This release adds new alerts for HTTP (undefined methods and HTTP 0.9 simple requests), updates the Stream preprocessor in TCP session tracking to avoid re-queuing retransmitted data which was already flushed, and adds various tweaks for PAF flushing and other fixes.
This release added SCADA (DNP3 and Modbus) preprocessors, and GTP decoding and preprocessor. The HTTP preprocessor now normalizes HTTP responses that
include JavaScript-escaped data in the HTTP response body. A number of fixes and improvements have been added as well.
This release introduces a number of new capabilities, updates, and improvements over the previous version, including major preprocessor and rule option features and fixes.
The Razorback "Snort as a Collector" (SaaC) dynamic preprocessor was added. This is for experimental use only. False positives in HTTP traffic were fixed, which were caused by large HTTP chunks split across two packets. Several updates were made to the Snort manual and READMEs. A false positive on Stream5 rule 129:15, caused by a RST following a FIN, was fixed.