Re: [Snort-sigs] [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword

["Joel Esler (jesler)" <jesler () cisco com>]

On Dec 9, 2013, at 5:06 PM, lists () packetmail net<mailto:lists () packetmail net> wrote:

On 12/09/2013 01:09 PM, Joel Esler (jesler) wrote:
2.9.4.1 is EOL.  2.9.4.6 is the last version supported in the 2.9.4.x tree.

Sounds reasonable, the world moves forward and previous deficiencies are
corrected in newly released versions.  Ch0de, backport a patch to 2.9.4.1 and
I'm certain many embedded device owners will be happy if you build the binaries
for 'em too (eps military ones).  Otherwise there has been some significant
oversight in product selection and deployment that isn't solely shouldered by
Cisco/Sourcefire/Snort.

Yes.  We don’t back port patches, from patch versions to previous patch versions.  That’s the point of a patch version. 
:)  In fact we generally don’t back port patches at all, we have patch versions, otherwise we’ll have versions of Snort 
out there with this patch in it and this other one but not this third patch.  We do things this way so we can 
understand when a customer is at version “x.x.x.x”, they have a particular set of functionality.  Furthermore when we 
speak of “supported version” we’re speaking of rules support.

The developers really only work on the next version.  They aren’t working on 2.9.5.6 anymore (since it’s been 
published), they are working on 2.9.6.0, so if you file a bug against 2.9.5.6 and we fix it, it’ll be fixed in 2.9.6.0, 
unless it’s critical enough to warrant a 2.9.5.7 version.  We make that call during development.

We have beta’ed 2.9.6.0, which means, upon release of 2.9.6.0, 2.9.4.6 will have 90 days of rules support.  This EOL 
cycle is not expected to change under Cisco for the time being.

--
Joel Esler
AEGIS Intelligence Lead
OpenSource Manager
Vulnerability Research Team


------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!