2010-07-15 - Snort 2.8.6.1 [*] Updates * Fix installer packages to include correct version of sensitive data preprocessor for linux and Windows * Eliminate false positives when using fast_pattern:only and having only one http content in the pattern matcher. * Address false positives in FTP preprocessor with string format verification. Also addressed issue with handling of response codes to data transfer commands where the response code didn't contain a message. 2010-04-22 - Snort 2.8.6 [*] New Additions * HTTP Inspect now splits requests into 5 components - Method, URI, Header (non-cookie), Cookies, Body. Content and PCRE rule options can now search one or more of these buffers. HTTP server-specific configurations to normalize the HTTP header and/or cookies have been added. Support gzip decompression across multiple packets. * Added a Sensitive Data preprocessor, which performs detection of Personally Identifiable Information (PII). A new rule option is available to define new PII. See README.sensitive_data and the Snort Manual for configuration details. * Added a new pattern matcher and related configurations. The new pattern matcher is optimized to use less memory and perform at AC speed. [*] Improvements * Addressed problem to resolve output obfuscation affecting packets when Snort is inline. * Preprocessors with memcap settings can now be configured in a "disabled" state. This allows you to configure that memcap globally, but only enable the preprocessor in targeted configurations.