All VRT Certified rule releases will now be 2.8.5 compliant and we will cease to support 2.8.4 (in 90 days) in favor of this latest release. Here are some highlights from the release notes:
- Ability to specify multiple configurations (snort.conf and everything it includes), bound either by Vlan ID or IP Address. This allows you to run one instance of Snort with multiple snort.conf files, rather than having separate processes. See README.multipleconfigs for details.
- Continued inspection of traffic while reloading a configuration.
Add --enable-reload option to your configure script prior to building. See README.reload for details.
- Rate Based Attack Prevention for Connection Attempts, Concurrent Connections, and improved rule/event filtering. See README.filters for details.
- SSH preprocessor is no longer experimental
- Multiple performance improvements
The full release notes are available here.
We strongly suggest you upgrade your snort installations. Here's some notes you might want to read when upgrading software.