Snort 2.8.6 is finally out. It's been in beta and RC for awhile now, but here it is! Sourcefire (the company I work for), the makers of Snort have been working on several of the features you see below for awhile, and we have plenty more in store. So go update now!
[*] New Additions

* HTTP Inspect now splits requests into 5 components -

Method, URI, Header (non-cookie), Cookies, Body.

Content and PCRE rule options can now search one or more of these buffers.
HTTP server-specific configurations to normalize the HTTP header and/orcookies have been added.
Support gzip decompression across multiple packets.
* Added a Sensitive Data preprocessor, which performs detection ofPersonally Identifiable Information (PII). A new rule option is availableto define new PII. See README.sensitive_data and the Snort Manualfor configuration details.
* Added a new pattern matcher and related configurations. The new patternmatcher is optimized to use less memory and perform at AC speed.
[*] Improvements

* Addressed problem to resolve output obfuscation affecting packetswhen Snort is inline.
* Preprocessors with memcap settings can now be configured in a disabledstate. This allows you to configure that memcap globally, but only enablethe preprocessor in targeted configurations.
Go tohttp://www.snort.orgto download the latest release! I have two more posts that will be coming out later today with further updates, so make sure you read those as well. One of the posts, about rule updates, is huge and will affect everyone who uses Snort, so make sure you stay tuned! Also, make sure you read the VRT blog for further information:http://vrt-sourcefire.blogspot.com

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.