Snort mailing list archives
Re: [Snort-sigs] [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 9 Dec 2013 22:22:25 +0000
On Dec 9, 2013, at 5:06 PM, lists () packetmail net<mailto:lists () packetmail net> wrote: On 12/09/2013 01:09 PM, Joel Esler (jesler) wrote: 2.9.4.1 is EOL. 2.9.4.6 is the last version supported in the 2.9.4.x tree. Sounds reasonable, the world moves forward and previous deficiencies are corrected in newly released versions. Ch0de, backport a patch to 2.9.4.1 and I'm certain many embedded device owners will be happy if you build the binaries for 'em too (eps military ones). Otherwise there has been some significant oversight in product selection and deployment that isn't solely shouldered by Cisco/Sourcefire/Snort. Yes. We don’t back port patches, from patch versions to previous patch versions. That’s the point of a patch version. :) In fact we generally don’t back port patches at all, we have patch versions, otherwise we’ll have versions of Snort out there with this patch in it and this other one but not this third patch. We do things this way so we can understand when a customer is at version “x.x.x.x”, they have a particular set of functionality. Furthermore when we speak of “supported version” we’re speaking of rules support. The developers really only work on the next version. They aren’t working on 2.9.5.6 anymore (since it’s been published), they are working on 2.9.6.0, so if you file a bug against 2.9.5.6 and we fix it, it’ll be fixed in 2.9.6.0, unless it’s critical enough to warrant a 2.9.5.7 version. We make that call during development. We have beta’ed 2.9.6.0, which means, upon release of 2.9.6.0, 2.9.4.6 will have 90 days of rules support. This EOL cycle is not expected to change under Cisco for the time being. -- Joel Esler AEGIS Intelligence Lead OpenSource Manager Vulnerability Research Team
------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword, (continued)
- Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Nov 07)
- Re: [Snort-sigs] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword rmkml (Nov 08)
- Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Nov 20)
- Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword rmkml (Nov 20)
- Re: [Snort-devel] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Bhagya Bantwal (Nov 22)
- Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Dec 04)
- Re: [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword rmkml (Dec 04)
- Re: [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Dec 05)
- Re: [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Joel Esler (jesler) (Dec 09)
- Re: [Snort-users] [Snort-devel] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword lists () packetmail net (Dec 09)
- Re: [Snort-sigs] [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Joel Esler (jesler) (Dec 09)
- Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Nov 07)