16 November 2007 (SARA-7.4.4)
    o Maintenance Release
    o Enhanced report regeneration process
    o Fixed ill-behaved web server rejection logic
    o Corrected typos
    o En hancing registry access method (not completed)
    o Updating vulnerable versions of Samba

1 September 2007 (SARA-7.4.2)
    o Corrected numerous bugs
    o updated PHP version checking
    o updated SSL and SSH version checking
    o tweaked MAC fetching routine
    o Updated SMB version checking

25 May 2007 (SARA-7.4.1)
    o Added PHP tests for CVE-2007 series
    o Corrected problems with CVE identification with certain SIDs
    o Updated smb.sara to use Samba 3.x clients instead of Samba-TNG
    o Added OS version, MAC address, and SMB version detection in smb.sara
    o Updated tests for Apache version
    o Updated tests for SMB version
    o Updated tests for OpenSSL version.
 

 8 April 2007 (SARA-7.3.2)
    o Fixed FTP false positive generation with UNISYS and RICOH printers
    o Fixed two undefined SID reports

 3 March 2007 (SARA-7.3.1)
    o Continued to refine SQL injection module
    o Changed resolving concept for host definition (see README)
  
25 February 2007 (SARA-7.1.2)
    o Really fixed the exclusion problem
    o Corrected some NOCVE errors
    o Improved tests for proper installation of sql tester

10 February 2007 (SARA-7.1.1)
    o Added optional SQL injection scanning (alpha)

1 February 2007 (SARA-7.0.5)
    o Fixed false possible positive in ftp.sara
    o Updated ssh tests
    o Updated Apache tests
    o Fixed induced bug in make install
    o Fixed false positive generation in ISAPI test
    o Fixed problem with exclusion testing
    o Updated sss.pl to include database name in email report and subject

18 December 2006 (SARA 7.0.4)
    o Added NVD descriptors for Null Sessions
    o Added a status_dir variable for status files
    o Added logic to flag improperly configured web servers
    o Added logic to surpress possible false positives for above

1 November 2006 (SARA 7.0.3)
    o Got rid of bogus files in directory tree.
    o Corrected a typo in https
    o Corrected browser error message when in Daemon mode
    o Added more browsers to test in reconfig 
    o Fixed the $status-filename resolution

20 August 2006 (SARA 7.0.2b)
    o Fixed another problem with https
    o added netapi.sara to check for ms06-040
    o Does not work wilt Win 2003 targets

26 July 2006 (SARA 7.0.2a)
    o fixed problem http.sara calling https.sara
    o fixed Oracle /fcgi-bin/echo test
    o added Oracle /demo/ test
    o Built coSARA 7.0.2a

13 July 2006 (SARA 7.0.2)
    o Discarded use of Net::SSLeay in faver of 'openssl s_client' for https
    o Corrected two bugs in relay.sara
    o Fixed a problem where freetds was not cleared on a 'make distclean'

10 July 2006 (SARA 7.0.1)
    o Changed look and feel a bit.
    o Fixed minor configuration bugs 
    o Built coSARA 7.0.1

21 June 2006 (SARA 7.0.0 (beta)
    o Added National Vulnerability Database (NVD) functionality
    o Re-vamped CVE processing and idenification
    o Updated many of the version testing modules
    o Dropped tests that have high false positive rates
    o Dropped custom tutorials in favor of NVD reporting
    o Completed rules based testing modules
    o Updated to support secure http (https) tests

1 March 2006 (SARA 6.0.7f)
    o Changed firewall testing ports to include mysql
    o Fixed depends.sara to minimize JetDirect false positives
    o Added workaround for MS ICS (coSARA) false reporting of ftp services
    o Fixed a bug in ftp.sara (improperly reporting severity for 'no anon')
    o Uupdated reconfig to always put proper perl version on bin files.
    o Defined workarounds for Solaris and Samba builds (README.SMB).
    o Added dont_smb_guess to sara.cf to inhibit full account/pwd guessing
    o added a more definitve hosttype guesser for Windows platforms
    o corrected libdl problem with sssh build

17 October 2005 (SARA 6.0.7)
    o Proivded a large improvement in speed for fwping discovery
    o Fixed a problem with http.sara for ill behaved web servers
    o Fixed a problem with pnp.sara
    o Added basic test for MSDTC vulnerability (MS05-051)
    o Added several improvements for coSARA.

16 August 2005 (SARA 6.0.6)
    o Fixed library rsolution with openssl 0.9.8
    o fixed install for problems with linux and solaris
    o updated http.sara to reflect vulnerable apache servers
    o added test for pnp vulnerability (MS05-039)

20 July 2005 (SARA 6.0.5)
    o Expanded check on PHP IAW BID 11964
    o Updated samba detection for new samba TNG
    o updated SANS Top 20
    o Added version test for multiple ORACLE vulnerabilities (TA05-194A)
    o Updated hosttyping for both nmap and non-nmap fingerprinting
    o Performed general tidying up of forms

19 May 2005 (SARA 6.0.4)
    o Fixed to build under 64 bit SUSE
    o Fixed bug in generating SANS Top 20 report.
    o Fixed problem with oracletns.sara detecting open passwords.
    o fixed problem with sss.pl in reporting proper fields.
    o Fixed problem with make install (html directory not being loaded)

21 April 2005 (SARA 6.0.3)
    o expanded oracle coverage to ports 1521-1529.
    o tweaked timing parameters for better performance.
    o Added ability to change ports that fwping uses.
    o Fixed problems in 'make install'

15 March 2005 (SARA 6.0.2)
    o Provided better resolution with ip->name->ip probems (default to ip) 

1 March 2005 (SARA 6.0.1)
    o Fixed problem in sss.pl
    o added community strings to snmp.sara
    o Added test for AWStat cgi vulnerability
    o Fixed critical problem with mssql.sara (sqlat)
    o Working on framework for coSARA (coLinux and SARA)
    o Added account checking for mysql
    o Corrected minor firewall problem

9 December 2004 (SARA 5.4.0)
    o Added Oracle Application Server tests
    o Added Oracle version number testing
    o mitigated false positives in rdesktop
    o Adjusted timing in config/sara.cf to handle slow SARA machines
    o Added additional test for mssql buffer overflow tests

15 November 2004 (SARA 5.3.0)
    o corrected problem of scanning local machine when specifying external IP.
    o fixed fp.c to compile correctly under freeBSD.
    o tweaked ssh.sara to handle -v and %HOST argument
    o fixed README for sss to include a copy of fping.
    o added optional rdesktop support for offline testing

10 October 2004 (SARA 5.2.0)
    o encoded t2r so that McAfee would not flag it as a virus.
    o fixed logic bug in oracletns.sara 
    o cleaned up SSS installation and firewall support
    o Changed architecture to automatically detect and probe firewalled systems.
    o Updated to latest CVE (20040901)
    o Updated to latest SANS Top 20 (20041008)

30 August 2004 (SARA 5.1.1b)
    o Fixed user/password problem with ssh.sara
    o Added mac address retrieval when stored on SARA machine's arp table
    o Adjusted timeouts when password guessing enabled
    o Fixed TNG test for versions above 0.3
    o Added 'make install' feature (defaults to /usr/local/sara)

 22 July 2004 (SARA 5.1.0)
    o Added ssh, imap, pop3 login tests
    o Added additional tests for mysql
    o Fixed code flaw in ftp_scan.c
    o Improved performance of smb.sara

 15 June 2004 (SARA 5.0.6)
    o Added a Oracle component (issues in the past prevented testing on port 1521)
    o Updated test for unpatched MSSQL 2000 servers (Cert CA-2002-22)
    o Corrected problem with -F option and reportwriter
    o Added test for lsaenumsids in smb.sara (yield user names under null sessions)
    o Tweaked test for TNG in reconfig

 17 May 2004 (SARA 5.0.5)
    o Corrected problem with http.sara5
    o Increased scanning time-outs for slow customer networks
    o Corrected version number

  2 May 2004 (SARA 5.0.4)
    o Updated snmp to increase communities and improve OS fingerprinting 
    o Added test for LSASS vulnerability (CAN-2003-0533)

 25 March 2004 (SARA 5.0.3)
    o Fixed minor formatting problems in xml.pl
    o Added test for jetdirect null password (telnet)
    o Testing posibility of APC default password
    o Testing for Polycom password disclosure
    o Added new typing to hosttypes (Enterasys, Polycom, Delmonte)
    o Fixed problem with getfqdn.pl on dumping hosts (with dns misconfiguration).
    o Added definitive test for MSSQL SA open password

 19 February (SARA 5.0.2)
    o added encoding/decoding feature to stop virus checkers from 
      incorrecly labelling msadc.pl as virus.
    o Added basic test for MyDoom worm backdoor
    o Fixed sss.pl (changed sense of -r)
    o Fixed Green/Gray summary problem when all services were green
    o Inproved domain login support for smb.sara

 15 January 2004 (SARA 5.0.1)
    o Added additional security to html.pl
    o Clarified that there is no 'make install'
    o Fixed dscan.c to eliminate the '//' comment (problem with some cc's)
    o Again builds under MAC OS/X
    o Added rules/drop for EPSON printers for writable directories
    o Tweaked htm.cf for appendix references
    o Fixed telnet.sara to further reduce false positives
    o Updated ssl test to address SSL vulnerabilites below 0.9.6j and 7c.
    o Added stealth standalone password guesser (smb-sspg.sara)
    o Cleaned up CVE lookup.


<< See entries under CHANGES.OLD for previous changes >>
