03-20-00	Bang!  Here's version 1.6, marvel at its glory! :) I'm going
		to keep this short since it's 3AM, but I think that everyone
		is going to like the changes and additions since version 1.5.
		Be sure to check out the new rules writing document at 
		http://www.clark.net/~roesch/snort_rules.html! 

02-26-00        1.6 is still in the works, but this one fixes a few problems
                with people trying to compile on SunOS/Solaris/HP-UX boxes.
                This release really falls more into the "tweak" category, but I
                think it's important enough to put out.  Version 1.6 is coming
                RSN, but will probably be a couple more weeks!

01-03-00        This one is a minor bug fix in preparation for the impending
                release of version 1.6.  Version 1.6 is in beta, but I couldn't
                hold back doing a release of this bug fix version any longer.
                Speaking of 1.6, it should be out in about two weeks, and will
                incorporate a bunch of cool new functionality.  Stay tuned!

12-8-99		Wow, almost two months since the last major release.  Well, if
		you thought the last one was big, this one is HUGE!  There are
		nine major additions to this release, including plugins, 
		session recording, improved flexibility in the rules files,
		better packet content analysis, and a bunch of other stuff.
		Snort is faster, more efficient, more flexible, and more 
		powerful than 1.3.1.  Not bad for two month's work, eh? :)

		What's down the road from here?  Well, the Token Ring decoder
		needs to get finished, and then there are three big topics that
		Snort needs to address: IP defragmentation, TCP stream 
		reassembly, and port scan detection.  Fortunately, the new
		plugin architecture implemented in this version of Snort
		makes the addition of these huge features relatively painless
		from a development standpoint.  The modules can simpley be
		developed and then dropped right into every copy of Snort
		out there.

		The really cool functional (user level) things about version 
		1.5 are session logging with the new "session" keyword, 
		multiple content tests per rule, rules file variables, and the
		IP options inspection keyword "ipopts".  Check out the 
		RULES.SAMPLE file (at the bottom) for more info on the new
		stuff.

10-13-99 	Welp, here's the bug fix release.  There was one really big
		stupid bug in this one plus some other minor annoying stuff, 
		so here's a patch to clean things up a bit.  I also added some
		functionality to the dsize option keyword, you can specify
		">" or "<" now to select ranges.

		2.0 is progressing slowly in the face of various conference 
		activity I have over the next few months.  I'm looking at a late
		November or mid-December release now, but hang in there, it's 
		coming.

09-18-99	This is probably the last 1.x release of Snort (barring a 
		possible bugfix release).  The next planned version is 2.0
		and it will be radically changed for the better.  It will 
		include a faster, more flexible detection engine, plug-in 
		support for detection, output, and monitoring modules, and
		a plethora of other options.  Look for it in late October or
		early November!

		This version includes an enhanced logging/alerting engine that
		is several times faster than the Snort 1.2.1.  The logging
		and alerting command line options are also more streamlined
		so that people may have the flexibility to choose how they log.

		Enjoy!

08-06-99	This is the official "mea culpa" version of Snort.

		Version 1.2 wasn't exactly a high quality release for 
		non-Linux platforms, and so here we are five days later with
		version 1.2.1.  Thanks to everyone's bug reports and a small
		band of volunteers, this release is much more stable than
		version 1.2 and should configure and build cleanly on
		all platforms and architectures, including Sparcs and OpenBSD.

		While all of the bug fixing was taking place, I actually found
		time to integrate some patches that people generously sent in
		during the week.  That kind of makes this release value added,
		it's not just a bug fix there's actually some new stuff in 
		here! 

		If this version proves to be stable and everyone is pretty much
		happy with the way things are working, this will be the last 
		release for a month or so.  I'm writing a paper for the LISA
		'99 conference about Snort, and I need to concentrate on 
		finishing it and getting some facts and figures about the 
		software together.  After that is done, I've got some 
		enhancements for the detection engine thought up that are
		truly radical, stay tuned..... :)

08-03-99	Oops!

08-01-99	Well, here it finally is, the big performance release.  This
		version has a slick new packet decoder and a brand spankin'
		new, fully recursive, detection engine.  It kicks ass! :)  
		Large sections of the code have been restructured to eliminate
		global data structures and streamline how much real data has
		to be passed around.  Two major global data structures have
		been eliminated to make the code more thread friendly in case
		I ever get motivated enough to multi-thread this beast.  The
		SMB alerting code is now an option, use the 
		"--enable-smbalerts" switch to the configure script if you're 
		interested in using it.  Preliminary performance testing has
		shown this version to be about twice as fast as version 1.1
		in most cases, sometimes up to 500% faster than 1.1!  There's
		a lot of new code in this release, so if anyone finds any
		bugs I'd appreciate hearing about it.  Thanks! 

06-21-99	Tons of new and improved stuff this release.  Three new command
		line options, six new rule options, eight big bugs squashed, and
 		a shiny new content parser.  The WinPopup stuff was donated by 
		Damien Daspit.  It breaks one of my cardinal rules of security
		software coding (thou shalt not exec a program from within
		another), but it was so I cool I put it in pretty much 
		unmodified.  Probably in the next version I'll rig something up
		so that it will be a compile time define where you have to 
		specify a switch when you ./configure, but for now it's in.  It
		shouldn't be too much of a problem since you have to be root to
		run Snort anyway.  Trinux users can rejoice a bit, I hardcoded
		the netmasks into the program, so it no longer needs to be
		linked against libm, which was quite large to be putting on 
		floppy disks.  The new tcpdump file read option is cool, and as
		soon as I get my tcpdump file defragmenter working, Snort will 
		have the ability to decode and alert based on fragments.  C'est
		cool, no?

05-18-99	This release is primarily to fix some bugs that made it out in
		version 1.0.  At the time of release, my Sparc was broken and I
		didn't have a good way of testing the big endian/non-x86 stuff,
		so some little bugs made it out the door.  This version has 
 		been tested on a real live SPARCstation 10 (Sol 2.5.1) and
		seems to work as advertised, so I'm putting it out the door.  
		This release also features support for HP-UX and S/Linux thanks
		to Chris Sylvain's nice work.  (Thanks Chris!)  There are some
		other small additions, like the packet counter statistics on 
		exit and the "-x" command line switch which allows you to 
		specifically turn on IPX packet notification (since I still 
		haven't written a IPX decoder).  The next release is going to 
		have a new and improved content parser, I've discoverd that the
		current one, uh, sucks.  See the Changelog for specifics on 
		what's fixed in this version.

04-28-99	Woohoo!  One point oh baby!  New stuff: now does SLIP and 
                RAW (PPP) packets, so all you people out there with modems can
		use Snort now too.  I also added in options to send alerts to 
		syslog.  The stability/functionality of the last release was 
		good enough for me to decide that 1.0 was ready to ship, so 
		here it is.  Enjoy!
		
04-17-99        Well, I guess I decided to change things around a bit.  I have
                rewritten about half of the rules parser so that future 
                addition of rule types people find generally interesting will be
                much easier to do.  I also totally rewrote the logging section
                so that it was more sane to write follow on code with.  Those
                are the major big changes.  I'm finally happy with the way this
                software is laid out and operates, so if this one works pretty
                well, I'll slap whatever bug fixes need to be made onto it and
                it'll really truly be version 1.0.

04-06-99	Ok, this is the big one, I think everything is stable enough 
                now for a general release.  If this one doesn't do anything 
                bizzare once it gets out into the real world, it's going to be
                version 1.0, and this time I mean it! :) Note that I'm 
                including the snort-lib template file, which has some useful
                patterns and rules that people may want to use.  Also note that
                this is version 0.99 rc5, there was no version rc4!  Ok, that's
                it for now, if anyone has any problems with this version, let
                me know!

03-24-99        Let me just say that I think I might need to implement some
                sort of formalized testing regimen before making major 
                releases.  Please pardon the last two crap releases, not enough
                time and too much work for one person to do. (lets all have a 
                pity party...)  Anyway, I beat the crap out of this version 
                with iptest and nmap, and I think it works pretty damn good 
                now.  Lets hope it continues to work well tomorrow...

03-21-99	Ok, good size update, I think this may turn out to be 1.0, but
                I'm done thinking that seriously for the time being.  Added
                TCP flag-based rules, port range rules, IP and TCP option 
                decoding, truncated packet handling, improved fragmented packet
                handling, and some bug fixing.  I'm not quite sure what else I'd
                like to put in before the 1.0 release, so I thinking this is
                going to be it.  If there's any big feature you've been wishing
                for, now's the time to ask!

03-08-99	Got a request to do more precise timestamping, so I ripped off
		the TCPDump timestamp routine and stuffed it in Snort.  You
		can now see which particular millisecond packet XYZ showed up
		in.  I'm working on the rest of the stuff....

03-06-99        Well, no new rules yet, but this program is a lot faster than
                the last release.  The two biggest bottleneck routines have been
                rewritten and are now faster and more efficient.  I've also
                started doing more complete decoding of the IP header, starting
                with the fragment data.   For those of you not using Linux, 
                collected/dropped packet statistics are now being generated
                when Snort is exited.

                The next release will (hopefully) decode the fragments and be 
                able to apply the rules set to them.  I'm also planning on 
                having IP Option decoding in the next release, plus the new 
                rules set.  Stay tuned!

02-18-99	I've started a new job and gotten one of those ergonomic 
		keyboards, so development has slowed a bit.  This release 
		focuses on minor bug fixes and code cleanup.  I'm thinking about
		changing the rules format to something with one rule argument
		per line.  This will make for larger, more readable rules files
		at the cost of more typing for the user.  It sorta sucks,
		but this is the best way I can think of to do it...

01-28-99        Content based logging is done.  With this addition, this thing
                can finally be used for light duty IDS tasks and catch most 
                things.  There still needs to be some additional work done to
                add rules for things like TCP flags, fragments, and IP options,
                but the base structure is there.

                Automatic rules sorting is implemented now too, so you can make
                your rules look as disorganized as you want.

                If nobody finds any show stopper bugs in this release, this is
                going to be 1.0!

01-19-99        Rules based packet capture is a reality now.  Added it pretty
                much all in a day or so of serious hacking.  The code is
                modularized now into excitingly chunky files.  I did this to
                avoid insanity, and I highly recommend it.  Look at the README
                file or the "RULES.SAMPLE" file to see how rules work.  I also
                fixed the seriously porked logging code, now all conversations
                end up in single files based upon the homenet address command
                line parameter, or in its absense, hi port/lo port.  I highly
                recommend using the homenet capability (-h option).

                Coming soon: Content based logging!

01-08-99	I'm thinking about putting in some "capture/pass" logic into 
                the program to facilitate rules/content based traffic capture.  
                In other words, make some kind of light intrusion detection 
                capability.  Look for it by version 1.0.



 
