SUMMARY OF RELEASE CHANGES FOR OPENVAS-SCANNER 5.1
==================================================

For detailed code changes, please visit
 https://github.com/greenbone/openvas-scanner/commits/openvas-scanner-5.1
or get the entire source code repository and view log history:
$ git clone https://github.com/greenbone/openvas-scanner.git
$ cd openvas-scanner && git checkout openvas-scanner-5.1 && git log


openvas-scanner 5.1.3 (2018-08-29)

This is the third maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Juan Jose Nicola, Timo Pollmeier, Jan-Oliver Wagner
and Michael Wiegand.

Main changes compared to 5.1.2:
* An issue which caused the scanner host process to get stuck searching
  for plugins has been addressed.
* Dependency for openvas-libraries has been raised from 9.0.2 to 9.0.3.
* Checking routines for tcp and udp required ports have been improved.
* Handling of requests from manager during the plugin load up has been
  improved.
* Support to specify a regex-based mandatory key has been added.
* New scanner option "time_between_request" has been added.
* NVT metadata cleanup has been improved.


openvas-scanner 5.1.2 (2018-03-07)

This is the second maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Bjrn Ricks, Michael Wiegand, and Juan Jose Nicola.

Main changes compared to 5.1.1:
* Plugin scheduling has been improved.
* An issue which caused segmentation faults under certain circumstances when
  openvas-scanner was built with GnuTLS < 3.3.0 has been addressed.
* The use of hostname and IP while logging has been made more consistent.
* An issue which caused NVTs to be executed out of sequence has been addressed.
* An issue which caused the main scanner process to terminate prematurely when
  receiving a SIGHUP signal under certain circumstances has been addressed.
* Increased dependency for openvas-libraries from 9.0.0 to 9.0.2.
* A Redis error is considered fatal and all running scans are stopped. A
  message is sent to the client and the NVTs are reloaded.
* A new progress bar style in which dead host are not taken in account was
  added, which makes more time realistic the progress bar.
* An issue which caused low scan performance has been addressed.
* The preference log_whole_attack is now an scanner-only preference.
* Several memory management issues have been addressed.
* Load-up plugins process is now a forked child process, which prevent main
  process memory footprint growth.
* Plugin preferences are sent directly to the client.
* Full nvticache has been moved from .nvti files to Redis.
* An issue with dependency cycle detection has been addressed.
* An issue which cause complete deletion of nvticache before reloading has
  been addressed.


openvas-scanner 5.1.1 (2017-03-07)

This is the first maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).

Many thanks to everyone who has contributed to this release:
Hani Benhabiles.

Main changes compared to 5.1.0:
* The logging is now properly re-initialized when the main openvassd
  process receives as SIGHUP signal.
* An issue which caused openvassd child processes to enter an infinite
  busy-wait loop under certain conditions has been fixed.
* Handling of 'dead' targets has been improved.


openvas-scanner 5.1.0 (2016-11-09)

This is the first release of the openvas-scanner 5.1 module for the Open
Vulnerability Assessment System 9 (OpenVAS-9). Compared to the previous
major release the scanner now serves via a unix file socket instead
of a tcp socket which simplifies the setup, handling and code-base.
Also, the feed synchronisations were consolidated into a single method.
And in general the scanner becomes lighter, faster and more robust.

Many thanks to everyone who has contributed to this release:
Benot Allard, Hani Benhabiles, Henri Doreau, Sven Haardiek, Matthew Mundell,
Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to the 5.0 series:
* Replaced OTP TLS certificate-authorized TCP socket service by
  a unix file socket based service.
* Moved the TLS certificate management script to module openvas-manager.
* Merged the two feed sync scripts into a single one that can handle
  both, the Community Feed and the Greenbone Security Feed. 
* New command line options --unix-socket, --listen-mode,
  --listen-group, --listen-owner and --gnupg-home.
* Removed command line options --listen, --port, --gnutls-priorities and
  --dh-params.
* The nvt summary isn't send anymore as it is not used anymore.
* Send a "Host dead" host detail when the host is dead.
* Dropped scanner preferences cert_file, key_file and ca_file.
* Add scanner preferences timeout_retry and scanner_plugins_timeout.
* Reduced memory consumption and improved performance
* Numerous build and code improvements 
* Increased dependency for glib from 2.16 to 2.32.
* Increased dependency for openvas-libraries from 8.0 to 9.0.0.

Main changes compared to 5.0beta3:
* Replaced OTP TLS certificate-authorized TCP socket service by
  a unix file socket service.
* New command line options --unix-socket, --listen-mode,
  --listen-group, --listen-owner and --gnupg-home.
* Removed command line options --listen, --port, --gnutls-priorities and
  --dh-params.
* Extended greenbone-nvt-sync with some functionalities of openvas-nvt-sync to
  cover both, GSF feed and Community Feed. openvas-nvt-sync removed.
* Moved the openvas-manage-certs script to module openvas-manager.
* Dropped scanner preferences cert_file, key_file and ca_file.
* Send a "Host dead" host detail when the host is dead.
* Improved the cmake buildsystem.
* Fixed some memory leaks.
* Some improvements to the logging functionality.
* The nvt summary isn't send anymore as it is not used anymore.
* Increased dependency for glib from 2.16 to 2.32.
* Various code improvements.


openvas-scanner 5.1+beta3 (2016-04-14)

This is the third beta release of the openvas-scanner 5.1 module for
the Open Vulnerability Assessment System (OpenVAS). It will be part of
the upcoming "OpenVAS-9".

This release addresses numerous minor bug fixes, code improvements and
build improvements.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Sven Haardiek, Timo Pollmeier and Michael Wiegand.

Main changes compared to 5.0beta2:
* Add scanner preferences timeout_retry and scanner_plugins_timeout.
* Various minor bug fixes and code improvements as well as build
  improvements.


openvas-scanner 5.1+beta2 (2015-10-21)

This is the second beta release of the openvas-scanner 5.1 module for
the Open Vulnerability Assessment System (OpenVAS). It will be part of
the upcoming "OpenVAS-9".

Main new feature of this release is the switch from openssl based
certificate management scripts to a GNUTLS (certtool) based one.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 5.0beta1:
* Install "openvas-mkcert-client" FHS compliant.
* Improve openvas-manage-certs script. The script is now able to set up
  a certificate infrastructure for an OpenVAS installation, create
  additional certificates, verify the installation and perform other
  certificate related tasks while being highly configurable at run time
  through environment variables or a configuration file.
* Retire openvas-mkcert and openvas-mkcert-client now that their
  replacement openvas-manage-certs is ready for use. This also means
  that openssl is not required anymore, instead gnutls (certtool) is now
  also used for the certificate management scripts.
* Improved support for IPv6.
* Simplify project version setting. Use SVN version at build time in
  binary instead of SVN version at configuration time. Make SVN revision
  retrieval work with SVN >= 1.7.
* Apply -Wextra for builds.


openvas-scanner 5.1+beta1 (2015-07-17)

This is the first beta release of the openvas-scanner 5.1 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-9".

Main new features of 5.1 compared to 5.0 include reduced memory usage and
improved performance.

Many thanks to everyone who has contributed to this release:
Benot Allard, Hani Benhabiles, Sven Haardiek, Jan-Oliver Wagner and Michael
Wiegand.

Main changes compared to 5.0.x:
* The required minimum version of OpenVAS Libraries has been raised to 8.1.0.
* Internal improvements to match changes in OpenVAS Libraries.
* Memory usage has been reduced by improved cache usage.
* A number of issues discovered through static code analysis have been
  addressed.
* Documentation has been updated.


openvas-scanner 5.0.1 (2015-04-01)

This is the first maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).

This release basically applies some minor improvements
about signal handling and stopping a scan.

Many thanks to everyone who contributed to this release:
Hani Benhabiles

Main changes compared to 5.0.0:
* Dropped the useless otp setting "ntp_keep_communication_alive".
  Clients don't need to send this anymore.
* Improved signal handling of the scanner daemon.
* Fixes for stopping scans properly.
* Various code cleanups.


openvas-scanner 5.0.0 (2015-03-16)

This is the first release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System release 8 (OpenVAS-8). Compared to the previous
major release it now uses a Redis based back end for the internal knowledge
base. It removes support for the scan pausing feature and considerably reduces
memory consumption and provides a number of other improvements.

Many thanks to everyone who contributed to this release:
Benoit Allard, Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner
and Michael Wiegand.

Main changes compared to the 4.0 series:
* OpenVAS Scanner now uses the Redis based knowledge base (KB) back end. This
  makes it mandatory to run a Redis server for scanning.
* Support for the scan pausing feature has been removed.
* The commands STOP_ATTACK and OPENVASSD_VERSION have been removed from OTP.
* The scanner will no longer set the obsolete "src" element for the NVTi cache.
* The default key size for certificates produces by the "mkcert" tools has been
  changed from 1024 to 4096 bits, the scripts now use SHA-256 instead of SHA-1
  as the message digest algorithm.
* The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS
  category when scanning.
* When commanded to stop a scan the scanner will now switch to ACT_END instead
  of immediately bailing out.
* Memory consumption has been considerably reduced.
* Internal memory management now uses the appropriate glib functions instead of
  the custom implementation provided by openvas-libraries used previously.
* The OID of the affected NVT is now reported if an NVT terminates early.
* The scanner now logs a backtrace when a process segfaults.
* The communication of the host scanning status with the client has been
  improved to allow for more accurate progress information.
* Library checks during package configuration have been improved and are now
  more comprehensive and consistent.
* Handling of linker and compiler flags during package configuration has been
  improved and simplified.
* Support for migration of unsigned files to the "private/" subdirectory has
  been removed as it was obsolete since the retirement of OpenVAS-5.
* Signal handling has been improved.
* Comprehensive code cleanups.

Main changes compared to 5.0+beta6:
* An issue which caused openvassd process to fail to terminate when a scan was
  requested to stop has been fixed.
* Support for migration of unsigned files to the "private/" subdirectory has
  been removed as it was obsolete since the retirement of OpenVAS-5.
* Signal handling has been improved.
* Various code cleanups and improvements.


openvas-scanner 5.0+beta6 (2015-02-11)

This is the sixth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".

This release contains a number of small improvements and cleanups.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles and Michael Wiegand.

Main changes compared to 5.0+beta5:
* The communication of the host scanning status with the client has been
  improved to allow for more accurate progress information.
* Library checks during package configuration have been improved and are now
  more comprehensive and consistent.
* Handling of linker and compiler flags during package configuration has been
  improved and simplified.


openvas-scanner 5.0+beta5 (2015-01-12)

This is the fifth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".

This release contains a number of small improvements and cleanups.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 5.0+beta4:
* The NVT file name is now used correctly when enabling dependencies.
* The preference "kb_location" has been added to the list of "scanner only"
  preferences.
* The scanner will no longer set the obsolete "src" element for the NVTi cache.
* The greenbone-nvt-sync script is now generated by the build process.
* Version information has been updated and improved.
* Superfluous includes and redundant linking commands have been removed.
* Various code cleanups and improvements.


openvas-scanner 5.0+beta4 (2014-11-20)

This is the fourth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".

This release considerably improves memory management.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau and Jan-Oliver Wagner.

Main changes compared to 5.0+beta3:
* Upon stop signal, the scanner will switch to ACT_END instead
  of immediately bailing out.
* Considerable reduction of memory consumption.
* Various code cleanups and improvements.
* Increase buffer size for preferences to allow for upto 69K NVTs.
* Log backtrace when a process segfaults.
* Refactored preferences module.


openvas-scanner 5.0+beta3 (2014-10-14)

This is the third beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".

This release further improves memory management and fixes memory leaks. It also
contains adjustments for changes in the NVTi cache API and produces more useful
information when an NVT terminates early.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles and Jan-Oliver Wagner.

Main changes compared to 5.0+beta2:
* Memory management has been improved and memory leaks have been fixed.
* Adjustments for NVTi cache API changes.
* If an NVT terminates early, the OID of the affected NVT is reported.
* Adjustments for further changes in OpenVAS Libraries.


openvas-scanner 5.0+beta2 (2014-09-22)

This is the second beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".

This release contains further comprehensive code-cleanups, especially regarding
internal calls for memory management. It also removes an exception for NVTs from
the ACT_SETTINGS category regarding implicit launches during a scan and makes
the location of the redis socket configurable.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 5.0+beta1:
* The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS
  category when scanning.
* Internal memory management now uses the appropriate glib functions instead of
  the custom implementation provided by openvas-libraries used previously.
* The location of the redis socket is now configurable.
* Further comprehensive code-cleanups.


openvas-scanner 5.0+beta1 (2014-08-21)

This is the first beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".

Main new feature of 5.0 compared to 4.0 is the switch to redis-based
Knowledge Base (KB), making it mandatory to run a redis-server.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and
Michael Wiegand.

Main changes compared to 4.0.x:
* Switch to the redis-based kowledge base (KB) backend.
  This makes it mandatory to run a redis server for scanning.
* Default key size for certificates of "mkcert" tools changed
  from 1024 to 4069 bits and use SHA-256 instead of SHA-1.
* Removed scan pausing feature.
* Removed commands STOP_ATTACK and OPENVASSD_VERSION from OTP.
* openvas-manage-certs.sh as initial version to eventually replace
  openvas-mkcert and openvas-mkcert-client.
* Various minor improvements.
* Comprehensive code-cleanups.


openvas-scanner 4.0.1 (2014-04-23)

This is the first maintenance release of the openvas-scanner 4.0 module for
the Open Vulnerability Assessment System release 7 (OpenVAS-7).

This release removes the last beta identifier from the OTP protocol, as well
as fixes some minor issues.

Many thanks to everyone who contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner

Main changes compared to 4.0.0:
* Remove "beta" from OTP identifier.
* Remove superflous linking.


openvas-scanner 4.0.0 (2014-04-10)

This is the first release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System release 7 (OpenVAS-7). Compared
to the previous major release it has a reduced OTP protocol, does
not manage users anymore and has a improved daemon handling.
Further changes are a entirely new target host module that allows advanced
specification of target ranges and new is the interface selection for scans.

Many thanks to everyone who has contributed to the 4.0.0 release:
Benot Allard, Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell,
Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 3.4.x:
* Speedup cache building process.
* Add --gnutls-priorities option.
* An ETA for the plugins reload is now included in the proctitle.
* The scanner now loads the NVTs in the background after starting instead of
  waiting for the NVTs to load before backgrounding.
  Attention: This changes the default behaviour of invoking the scanner.
* Drop command line option "-q". Instead scanner is now quiet by default.
  Attention: This changes the default behaviour of invoking the scanner.
* New command line option "--progress" will show progress of start-up.
* New handling of SIGHUP: The NVT cache will be updated and configuration
  be reloaded.  This is only done for the main process, not for child processes.
* OTP version 2.0 replaces OTP 1.0 and 1.1.
* OTP command "PLUGINS_DEPENDENCIES" has been removed.
* OTP command "CERTIFICATES" has been removed.
* The handling of MD5 checksums and the SEND_PLUGINS_MD5 command has been
  removed from OTP.
* The OTP command PLUGINS_MD5 has been renamed to NVT_INFO.
* Support for sending the feed version via OTP has been added.
* Report current and total number of loading plugins to clients when scanner is still loading.
* Don't early drops out of OTP upon non-critical problems.
* Removed server_info preferences from OTP as they have not much use for
  the client.
* OpenVAS Scanner no longer sends NVT descriptions separately since the
  corresponding information is now contained in the script_tags.
* Remove slice_network_addresses and ntp_opt_show_end scanner preferences.
* Add hosts_ordering, exclude_hosts, reverse_lookup_only, reverse_lookup_unify
  scanner preferences.
* The port range option "default" has been removed.
* The scanner preference "silent_dependencies" has been removed.
* Improved port range validation.
* Prevent NVT circular depedencies in recursion.
* Removed support for OVAL plugins. It was never used as part of the feed
  and it makes more sense to issue a specialised oval scanner.
* The host permissions concept has been reworked, resulting in the removal of
  the outdated rules system.
* Handling of interface permissions has been introduced.
* Usage of post_alarm instead of post_error and post_note.
* Integrate openvas_hosts interface. Remove usage of HG submodule.
* Support for Knowledge Base saving outside of network scans has been removed.
* User handling has been removed as it is now handled by OpenVAS Manager.
* Support for determining if a NVT feed is current and only synchronizing it
  when it is not has been added.
* The required minimum GnuTLS version has increased to 2.8.
* The required minimum OpenVAS Libraries version has increased to 7.0.0.
* The I18n support for outdated scripts has been removed.
* A number of outdated and unmaintained documentation files have been removed.
* Addressed code quality issues.
* Code cleanups.


openvas-scanner 4.0+beta9 (2014-03-26)

This is the ninth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

This release speedup the cache building process as well as adds a
--gnutls-priorities option to specify the cipher priority.

Many thanks to everyone who contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner

Main changes since 4.0+beta8:
* Speedup cache building process.
* Add --gnutls-priorities option.
* Report current and total number of loading plugins to clients when scanner is still loading.


openvas-scanner 4.0+beta8 (2014-03-18)

This is the eighth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

Starting with this release, OpenVAS Scanner will support only the OTP 2.0
protocol. The OTP 1.0 and 1.1 protocols have been consolidated into OTP 2.0,
thus allowing now unnecessary complexities to be removed from the code. This
release also removes the obsolete OTP command "PLUGINS_DEPENDENCIES" and
improves the loading process.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 4.0+beta7:
* OpenVAS Scanner will only support OTP version 2.0 from now on.
* The OTP command "PLUGINS_DEPENDENCIES" has been removed.
* The loading process has been improved.
* A number of outdated and unmaintained documentation files have been removed.


openvas-scanner 4.0+beta7 (2014-03-12)

This is the seventh beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

This release removes the OTP command "CERTIFICATES". The command was used by the
old GTK client to retrieve the signing keys for NVT feed content. The core idea
at that time was to have feed content with mixed author signing keys.  This
turned out to not get into practice. The release also adds an estimate of the
time remaining for the NVT reload to the process title and addresses a number of
code quality issue.

Many thanks to everyone who has contributed to this release:
Benot Allard, Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 4.0+beta6:
* The OTP command "CERTIFICATES" has been removed.
* An ETA for the plugins reload is now included in the proctitle.
* Addressed code quality issues.


openvas-scanner 4.0+beta6 (2014-03-05)

This is the sixth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

This release addresses code quality issues and changes the launch behaviour of
OpenVAS Scanner to backgrounding before the initial loading of the NVTs instead
of wait for the NVTs to load before going into the background.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau and Michael Wiegand.

Main changes compared to 4.0+beta5:
* Addressed code quality issues.
* The scanner now loads the NVTs in the background after starting instead of
  waiting for the NVTs to load before backgrounding.
  Attention: This changes the default behaviour of invoking the scanner.


openvas-scanner 4.0+beta5 (2014-02-16)

This is the fifth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

Main changes since last beta release address some fixes and code cleanups. 

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Michael Meyer, Matthew Mundell,
Michael Wiegand and Jan-Oliver Wagner.

Main changes compared to 4.0+beta4:
* Don't early drops out of OTP upon non-critical problems.
* Improved port range validation.
* Prevent NVT circular depedencies in recursion.
* Code cleanups.


openvas-scanner 4.0+beta4 (2014-01-10)

This is the fourth beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

Main changes since last beta release include:
New handling of SIGHUP and replacement of "-q" by "--progress",
which changes the default behaviour.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Matthew Mundell and Jan-Oliver Wagner.

Main changes compared to 4.0+beta3:
* Drop command line option "-q". Instead scanner is now quiet by default.
  Attention: This changes the default behaviour of invoking the scanner.
* New command line option "--progress" will show progress of start-up.
* New handling of SIGHUP: The NVT cache will be updated and configuration
  be reloaded.  This is only done for the main process, not for child processes.
* Removed server_info preferences from OTP as they have not much use for
  the client.
* Removed support for OVAL plugins. It was never used as part of the feed
  and it makes more sense to issue a specialised oval scanner.
* Code cleanups.


openvas-scanner 4.0+beta3 (2013-11-21)

This is the third beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

Main changes since last beta release include:
A reworked host permissions concept, resulting in the removal of the outdated
rules system; improve handling of interface permissions and host related
preferences as well as a change in sending NVT descriptions.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 4.0+beta2:
* The host permissions concept has been reworked, resulting in the removal of
  the outdated rules system.
* Handling of host related preferences has been improved.
* Handling of interface permissions has been reworked.
* OpenVAS Scanner no longer sends NVT descriptions separately since the
  corresponding information is now contained in the script_tags.
* Code cleanups.


openvas-scanner 4.0+beta2 (2013-09-26)

This is the second beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

Main changes since last beta release include:
Integration of openvas_hosts interface, replacing the usage of HG submodule.
Support of new scanning preferences and removal of other ones and various code
cleanups and improvements.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner, Matthew Mundell and Michael Wiegand.

Main changes compared to 4.0+beta1:
* Usage of post_alarm instead of post_error and post_note.
* Big number of code cleanups.
* Integrate openvas_hosts interface. Remove usage of HG submodule.
* Remove slice_network_addresses and ntp_opt_show_end scanner preferences.
* Add hosts_ordering, exclude_hosts, reverse_lookup_only, reverse_lookup_unify
  scanner preferences.


openvas-scanner 4.0+beta1 (2013-06-21)

This is the first beta release of the openvas-scanner 4.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-7".

Main new features and other changes of 4.0 compared to 3.4 include:
Functionality such as user and rules management has been moved to OpenVAS
Manger and removed from OpenVAS Scanner. As a result, other now superfluous
functionality has been removed as well, along with a number of legacy features
conflicting with the updated behavior of OpenVAS Scanner. The OTP version
number has been increased to reflect the resulting protocol changes.

Please note: The changes described above mean that OpenVAS Scanner >= 4.0 will
no longer work with the old Gtk based OpenVAS-Client application. Please use
OpenVAS Manager and an OMP based client instead.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner and Michael
Wiegand.

Main changes compared to 3.4.x:
* The handling of MD5 checksums and the SEND_PLUGINS_MD5 command has been
  removed from OTP.
* The OTP command PLUGINS_MD5 has been renamed to NVT_INFO.
* Protocol version has been changed to OTP 2.x.
* The port range option "default" has been removed.
* Support for Knowledge Base saving outside of network scans has been removed.
* Support for sending the feed version via OTP has been added.
* The required minimum GnuTLS version has increased to 2.8.
* The required minimum OpenVAS Libraries version has increased to 7.0.0.
* The I18n support for outdated scripts has been removed.
* User handling has been removed as it is now handled by OpenVAS Manager.
* The scanner preference "silent_dependencies" has been removed.
* Support for determining if a NVT feed is current and only synchronizing it
  when it is not has been added.


openvas-scanner 3.4+beta2 (2013-02-20)

This is the second beta release of the openvas-scanner 3.4 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-6".

Main changes since last beta release are the behaviour change of the Feed
Synchronization routine and the more flexible handling of script tags.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Werner Koch, Matthew Mundell, Timo Pollmeier,
Jan-Oliver Wagner, Michael Wiegand.

Main changes compared to 3.4+beta1:
* Changed behaviour of NVT sync script "openvas-nvt-sync":
  It will now delete scripts not part of the when using rsync,
  except for the directory "private/".
  A Migration option "--migrate-to-private" of the sync-script will
  move private scripts into the "private/" directory.
  The Feed Sync will stop with an error until the "private/" is created.
  As soon as this directory is created, the synchronisation will ultimately
  delete all files in the local feed directory that are not part of the
  regular Feed.
* Newline in script tags are now escaped.
* The size of tags is not limited anymore.
* Internal use of NVTI references by OID to allow using the NVTI
  cache properly. This significantly lowers the memory consumption
  per Scanner process.
* Improve bug tracking by directing diagnostics to the log file.
* Memleak fixes and other small bugfixes.
* Various code and build cleanups.


openvas-scanner 3.4+beta1 (2012-10-26)

This is the first beta release of the openvas-scanner 3.4 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-6".

Main new feature and other changes of 3.4 compared to 3.3 include:
A collection internal and other small improvements, introducing
OTP 1.1 as optional protocol.

Many thanks to everyone who has contributed to this release:
Michael Meyer, Matthew Mundell, Thomas Reinke, Jan-Oliver Wagner
and Michael Wiegand.

Main changes compared to 3.3.x:
* Minimum requirements for openvas-libraries: Increased from 5.0 to 6.0.
* Removed built-in logfile rotation. It is not a good idea to try
  to circumvent system environment technology for logrotate.
* New optional OTP version 1.1 which is like 1.0 but sends less info
  to the client initially.
* New: command line switch "--only-cache" to just build the cache and exit.
* Changed: The magic that NVTs of category ACT_SETTINGS were always enabled
  even when user disabled them has been removed. OTP clients now have
  to take care to enable as needed.
* Internal code cleanups for NVTI cache handling.
* Fixed a bug when NVT lacks family specification.
* Removed deprecated code.
* Closed a number of memory leaks.


openvas-scanner 3.3.1 (2012-04-24)

This is the first maintenance release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System release 5 (OpenVAS-5).

This release contains fixes for the CMake build infrastructure and an updated
greenbone-nvt-sync script. It also raises the glib and gnutls dependencies to
the minimum of what OpenVAS Libraries requires (currently glib 2.16 and gnutls
2.2).

Many thanks to everyone who has contributed to the 3.3.1 release:
Lukas Grunwald, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 3.3.0:
* The CMake infrastructure has been cleaned up to ensure that compilation with
  modern gccs works.
* The greenbone-nvt-sync script has been updated.
* OpenVAS Scanner now requires at least glib 2.16 and gnutls 2.2, matching the
  requirements of OpenVAS Libraries.


openvas-scanner 3.3.0 (2012-03-25)

This is the first release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System release 5 (OpenVAS-5). Compared
to the previous major release it covers a set of various improvements.

Many thanks to everyone who has contributed to the 3.3.0 release:
Henri Doreau, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner and Michael
Wiegand.

Main changes compared to 3.2.x:

* New: scanner preference "reverse_lookup", defaulting to "no" (the previous
  behaviour)
* Changed: For network wide scanning, mandatory keys are ignored.
* Changed: Don't start the second scan phase when network scan is enabled and
  user requests "stop" during the first phase.
* New: Send an ERRMSG to the client when terminating a process.
* Changed: Do not force execution of ACT_INIT category.
* Fixed: A number of potential resource leaks.
* Fixed: A number of compiler warnings when compiling with gcc 4.6.
* Fixed: Usage of the mktemp template in openvas-nvt-sync.
* Removed: Support for shared sockets.
* New: The scanner options "network_scan" and "report_host_details" have been
  added to the default scanner options.
* The greenbone-nvt-sync script has been updated.
* OpenVAS Scanner now uses UTC internally.
* The optional use of the external tool "ovaldi" has been made more secure.
* NVT management code has been updated to reflect the updated openvas-libraries
  API.
* Further improvements to the build system.


openvas-scanner 3.3+rc1 (2012-03-11)

This is the first release candidate of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-5".

This release fixes some minor issues detecting during beta testing.

Many thanks to everyone who has contributed to this release:
Henri Dorea, Matthew Mundell and Michael Wiegand.

Main changes compared to 3.3+beta2:
* New scanner preference "reverse_lookup", defaulting to "no" (the previous
  behaviour)
* For network wide scanning, mandatory keys are ignored.
* Don't start the second scan phase when network scan is enabled and
  user requests "stop" during the first phase.
* Send an ERRMSG to the client when terminating a process.
* Furter improvements to the build system.


openvas-scanner 3.3+beta2 (2011-10-10)

This is the second beta release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS 5".

This release tightens security when using the external tool "ovaldi", enforces
the internal use of the UTC timezone and features an updated greenbone-nvt-sync
script.

NOTE: Due to the changes in 5.0+beta2, it is strongly recommended to delete the
contents of the OpenVAS Scanner cache directory to remove obsolete files and to
force the Scanner to rebuild the cache.

ATTENTION: The OpenVAS Scanner now enforces the internal use of the UTC
timezone. If the Scanner has been in use with an OpenVAS Manager, it is strongly
recommended to update to OpenVAS Manager >= 5.0+beta5 and to migrate the Manager
database before using this Scanner version to ensure data consistency.

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 3.3+beta1:
* NVT management code has been updated to reflect the updated openvas-libraries
  API.
* The optional use of the external tool "ovaldi" has been made more secure.
* OpenVAS Scanner now uses UTC internally.
* The greenbone-nvt-sync script has been updated.


openvas-scanner 3.3+beta1 (2011-06-21)

This is the first beta release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS 5".

It contains the result of a continuous code audit and fixes a number of
potential resource leaks and compiler warnings. It also removes the forced
execution of NVTs in the ACT_INIT category and removes support for shared
sockets in accordance with the OpenVAS Change Request #53.

Many thanks to everyone who has contributed to this release:
Henri Doreau, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner and Michael
Wiegand.

Main changes compared to 3.2.3:
* Changed: Do not force execution of ACT_INIT category.
* Fixed: A number of potential resource leaks.
* Fixed: A number of compiler warnings when compiling with gcc 4.6.
* Fixed: Usage of the mktemp template in openvas-nvt-sync.
* Removed: Support for shared sockets.
* New: The scanner options "network_scan" and "report_host_details" have been
  added to the default scanner options.


openvas-scanner 3.2.3 (2011-04-11)

This is the third maintenance release of the openvas-scanner 3.2 module for the
Open Vulnerability Assessment System release 4 (OpenVAS-4).

This release features a number of minor improvements to the build process and to
the synchronization scripts. It also close three potential resource leaks
discovered by Henri Doreau.

Many thanks to everyone who has contributed to this release:
Henri Doreau and Michael Wiegand.

Main changes compared to 3.2.2:
* Fixed: Three potential resource leaks.
* Fixed: Generation of code documentation.
* Updated: Feed synchronization scripts.
* Changed: The openvas-nvt-sync script will now perform the initial feed
  synchronization via HTTP instead of rsync.
* Changed: The openvas-nvt-sync script will now default to synchronize into the
  NVT directory used by the OpenVAS Scanner instead of the one defined at
  compile time.


openvas-scanner 3.2.2 (2011-02-21)

This is the second maintenance release of the openvas-scanner 3.2 module for the
Open Vulnerability Assessment System release 4 (OpenVAS-4).

It features improvements to the synchronization scripts and a minor code
cleanup. All synchronization scripts are now free of bashisms, meaning they no
longer depend on the GNU Bourne-Again shell to run and should be compatible with
most shells.

Many thanks to everyone who has contributed to this release:
Michael Wiegand.

Main changes compared to 3.2.1:
* The last bashism has been removed from the openvas-nvt-sync synchronization
  script.
* The greenbone-nvt-sync script now logs additional information during
  synchronization.
* An unimplemented and superfluous function declaration has been removed.


openvas-scanner 3.2.1 (2011-02-16)

This is the first maintenance release of the openvas-scanner 3.2 module for the
Open Vulnerability Assessment System release 4 (OpenVAS-4).

It features minor improvements to documentation, build environment and
synchronization scripts and sets a default value for the "Consider unscanned
ports closed" preference; this means that the scanner will now mark unscanned
ports as closed by default unless instructed otherwise by a client.

Many thanks to everyone who has contributed to this release:
Michael Wiegand.

Main changes compared to 3.2.0:
* The openvassd man page has been updated.
* The build environment has been consolidated.
* The greenbone-nvt-sync script has been improved.
* OpenVAS Scanner now sets a default value for the "unscanned_closed"
  preference.


openvas-scanner 3.2.0 (2011-02-04)

This is the first release of the openvas-scanner 3.2 module for the Open
Vulnerability Assessment System release 4 (OpenVAS-4). Compared
to the previous major release it contains a major cleanup of code, build process
and installation. This increases the efficiency of the OpenVAS Scanner, makes
the build easier and the installation compliant with the Filesystem Hierarchy
Standard (FHS 2.3).

Featurewise this release adds support for a network scan level, finally gets rid
of binary plugins (existing binary plugins were turned into NASL built-ins and
moved to openvas-libraries 4.0) and improves the handling of setting files. It
exposes the vhosts feature, changes the default port to 9391 and now listens on
IPv4 sockets by default.

Many thanks to everyone who has contributed to the 4.0.0 release:
Matthew Mundell, Michael Wiegand and Jan-Oliver Wagner.

Main changes compared to 3.1.x:

* Improved output of --version to comply with the GNU Coding Standard.
* Comprehensive code cleanup.
* Binary (.nes) plugins were moved to libraries and turned into built-in
  NASL methods.
* Handling of binary plugins has been removed.
* Added preferences for the vhost feature so that clients get them
  and can offer them to the user. In other words: unhide the vhost feature.
* Default port is now 9391 where the OpenVAS Manager expects the
  Scanner by default.
* Command line options "--dump-cfg" and "--gen-config" are removed.
* openvassd does not need anymore a "openvassd.conf" file. It uses
  its defaults and a possibly present conf-file can overwrite settings.
* openvas-mkcert got a additional switch "-f" to force overwriting
  certificates.
* openvas-mkcert does not create a openvassd.conf anymore as it shares
  the defaults with openvassd.
* Hardening flags are now enabled during compile time to increase code quality.
* openvas-scanner now listens on an IPv4 socket by default, even when IPv6
  support is present.
* The former autotools build environment has been replaces with a build process
  using cmake and using pkgconfig for dependency checks.
* Removed unnecessary log entries.
* Man pages have been updated.

Main changes compared to 3.2+rc2:

* The sync scripts have been updated.
* OpenVAS Scanner now uses pkg-config to find libraries.
* Installation of the openvas-services file has been moved to openvas-libraries.
* Filesystem Hierarchy Standard (FHS 2.3) compliance has been improved.


openvas-scanner 3.2+rc2 (2011-01-20)

This release is the second release candidate for the next major release of
the Scanner module. It will be part of the upcoming "OpenVAS 4".

It features a complete exchange of the build process which now
is cmake-based. Also, numerous code elements were removed
of which it was unclear whether they have still practical relevance.
The third major change concerns the resolving of binary NVTs.

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Michael Wiegand and Jan-Oliver Wagner.

Main changes compared to 3.2+rc1:
* Improved output of --version
* Comprehensive code cleanup
* Binary (.nes) plugins we moved to libraries and turned into builtin
  NASL methods.
* Removed handling of binary plugins as we don't want to have them ever
  again.
* Added preferences for the vhost feature so that clients get them
  and can offer them to the user. In other words: unhide the vhost feature.
* Default port is now 9391 where the OpenVAS Manager expects the
  Scanner by default.
* Command line options "--dump-cfg" and "--gen-config" are removed.
* openvassd does not need anymore a "openvassd.conf" file. It uses
  its defaults and a possibly present conf-file can overwrite settings.
* openvas-mkcert got a additional switch "-f" to force overwriting
  certificates.
* openvas-mkcert does not create a openvassd.conf anymore as it shares
  the defaults with openvassd.


openvas-scanner 3.2+rc1 (2010-12-20)

This release is the first release candidate for the next release of
openvas-scanner.  It will be part of the upcoming "OpenVAS 4".

It silences a number of debug messages and addresses compiler warnings. Most
importantly, openvas-scanner now reliably defaults to listening on IPv4 sockets
even in environments where IPv6 support is present.

Many thanks to everyone who has contributed to this release:
Michael Wiegand.

Main changes compared to 3.2+beta2:
* Debug messages during the use of shared sockets are no longer logged unless
  requested during compile time.
* A number of compiler warnings from gcc 4.4 has been addressed.
* Hardening flags are now enabled during compile time to increase code quality.
* openvas-scanner now listens on an IPv4 socket by default, even when IPv6
  support is present.


openvas-scanner 3.2+beta2 (2010-12-06)

This release is the second beta version of the next release of openvas-scanner.
It will be part of the upcoming "OpenVAS 4".

It addresses three compiler warnings and fixes two issues discovered after the
release of openvas-scanner 3.2+beta1.

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 3.2+beta1:
* A compiler warning regarding an incorrect function declaration in
  openvas_tcp_scanner has been addressed.
* A compiler warning regarding incorrect pointer casts in find_service has been
  addressed.
* A compiler warning regarding the type of a return value in openvassd has been
  addressed.
* An issue which caused openvassd to refuse to scan certain hosts even when
  permitted by rules has been fixed.
* An issue which caused openvassd to abort the scan process prematurely under
  certain circumstances has been fixed.


openvas-scanner 3.2+beta1 (2010-11-18)

This release is the first beta version of the next release of openvas-scanner.
It will be part of the upcoming "OpenVAS 4".

Main new features and other changes of 3.2 compared to 3.1 include: Support of
a network scan level, reduced memory consumption due to changes in
openvas-libraries and a cleanup of the code base.

Many thanks to everyone who has contributed to this release:
Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 3.1.1:
* Network level scan support.
* Removed unnecessary log entries.
* Include paths have been updated to match with openvas-libraries 4.0.


openvas-scanner 3.1.1 (2010-10-29)

This is the 3.1.1 release of the openvas-scanner module for the Open
Vulnerability Assessment System (OpenVAS).

This release improves the code documentation, clarifies the licenses of
individual source code files, removes obsolete support for systems without
entropy generation and fixes a bug in the client certificate generation script.

Many thanks to everyone who has contributed to this release:
Michael Meyer, Thomas Reinke, Jan-Oliver Wagner, Michael Wiegand
and Felix Wolfsteller.

Main changes compared to 3.1.0:
* The code documentation infrastructure has been improved.
* The license situation of the individual source code files has been clarified.
* Obsolete support for systems without entropy generation has been removed.
* A bug which caused the client certificate generation to fail under certain
  circumstances has been fixed.


openvas-scanner 3.1.0 (2010-07-14)

This is the 3.1.0 release of the openvas-scanner module for the Open
Vulnerability Assessment System (OpenVAS).

This release adds a number of new features, for example support for soft pausing
of scans, for retrieving the version of an installed NVT collection, for
automatically installing generated client certificates, for storing uploaded
preference files in memory, for dropping privileges for NASL and NES NVTs and
for scanning virtual web hosts. It also contains updated feed synchronization
scripts and removes legacy support for passwords stored in plaintext (see
OpenVAS change request #31, http://www.openvas.org/openvas-cr-31.html).

Many thanks to everyone who has contributed to this release:
Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand
and Felix Wolfsteller.

Main changes compared to 3.0.2:
* Support for storing scanner passwords in plaintext has been removed.
* Support for dropping privileges in NASL and NES NVTs had been added.
* Support for scanning virtual web hosts has been added.
* The handling of NVTs with an invalid timestamp has been improved.
* A bug in the openvas-nvt-sync script which prevented synchronization via http
  under certain circumstances has been fixed.
* Support for retrieving the version of the NVT collection has been added to the
  openvas-nvt-sync and greenbone-nvt-sync scripts.
* Support for soft pausing of scans has been added.
* Support for automatically installing generated certificate file has been added
  to the openvas-mkcert-client script.
* The obsolete C based NVT "ssl_cipher" has been removed from the
  openvas-scanner module. It has been replaced by the NASL implementation
  "secpod_ssl_ciphers.nasl".
* Support for storing an uploaded preference file in memory instead of on disk
  has been added.


openvas-scanner 3.1.0.rc3 (2010-07-01)

This is the third release candidate of the openvas-scanner module for the
Open Vulnerability Assessment System (OpenVAS) 3.1 series.

This release removes legacy support for passwords stored in plaintext ahead of
the openvas-scanner 3.1.0 release (see OpenVAS change request #31,
http://www.openvas.org/openvas-cr-31.html).

Many thanks to everyone who has contributed to this release:
Michael Wiegand.

Main changes compared to 3.1.0.rc2:
* Support for storing scanner passwords in plaintext has been removed.


openvas-scanner 3.1.0.rc2 (2010-06-28)

This is the second release candidate of the openvas-scanner module for the
Open Vulnerability Assessment System (OpenVAS) 3.1 series.

This release adds support for dropping privileges for NASL and NES NVTs and for
scanning virtual web hosts. It also contains updated feed synchronization
scripts.

Many thanks to everyone who has contributed to this release:
Michael Wiegand and Felix Wolfsteller.

Main changes compared to 3.1.0.rc1:
* The support scripts for feed synchronization have been updated.
* Support for dropping privileges in NASL and NES NVTs had been added.
* Support for scanning virtual web hosts has been added.
* The handling of NVTs with an invalid timestamp has been improved.


openvas-scanner 3.1.0.rc1 (2010-05-19)

This is the first release candidate of the openvas-scanner module for the
Open Vulnerability Assessment System (OpenVAS) 3.1 series.

This release adds support for soft pausing of scans, for retrieving the version
of an installed NVT collection, for automatically installing generated client
certificates and for storing uploaded preference files in memory.

Many thanks to everyone who has contributed to this release:
Geoff Galitz, Michael Meyer, Matthew Mundell, Jan-Oliver Wagner and Michael
Wiegand.

Main changes compared to 3.0.2:

* A bug in the openvas-nvt-sync script which prevented synchronization via http
  under certain circumstances has been fixed.
* The build environment for C based NVTs has been cleaned up.
* Code formatting has been improved in a number of files to match the coding
  style.
* Support for retrieving the version of the NVT collection has been added to the
  openvas-nvt-sync and greenbone-nvt-sync scripts.
* Support for soft pausing of scans has been added.
* Support for automatically installing generated certificate file has been added
  to the openvas-mkcert-client script.
* The obsolete C based NVT "ssl_cipher" has been removed from the
  openvas-scanner module. It has been replaced by the NASL implementation
  "secpod_ssl_ciphers.nasl".
* Support for storing an uploaded preference file in memory instead of on disk
  has been added.


openvas-scanner 3.0.2 (2010-03-22)

This is the second maintenance release of the openvas-scanner module for the
Open Vulnerability Assessment System (OpenVAS) 3.0-series.

This release mainly improves the supporting shell scripts for
user- and feed-management.

Many thanks to everyone who has contributed to this release:
Javier Fernandez-Sanguino, Stephan Kleine, Michael Meyer,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 3.0.1:

* Changed C-NVT "find_service" to mark unknown services.
* Improved script "openvas-adduser" regarding exit code.
* Improved script "openvas-mkcert-client" to allow clean
  certificate creation and to allow non-interactive execution.
* Improved script "openvas-nvt-sync" to comply with openvas-adminstrator
  API specification of NVT sync scripts. Also more robustness.
* Added script "greenbone-nvt-sync".
* Small internal code cleanups.


openvas-scanner 3.0.1 (2010-01-26)

This is the first maintenance release of the openvas-scanner module for the
Open Vulnerability Assessment System (OpenVAS) 3.0-series.

It reenables certificate authentication, improves user rules support and
includes an updated openvas-nvt-sync script.

Many thanks to everyone who has contributed to this release:
Vlatko Kosturjak, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix
Wolfsteller.

Main changes compared to 3.0.0:
* Reenabled certificate authentication
* Improved user rules support
* Updated openvas-nvt-sync script


openvas-scanner 3.0.0 (2009-12-18)

This is the 3.0.0 release of the openvas-scanner module for the Open
Vulnerability Assessment System (OpenVAS). Apart from the name change
from openvas-server to openvas-scanner, now the platform-dependent NVTs
as well as the OpenVAS NVT Feed synchronisation script have been
integrated.

OpenVAS 3.0 introduces a new architecture where openvas-libraries now
includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this, the
source code line count has been reduced even though new features have
been added. Also, for running the scanner now only 2 modules are
required (instead of 4 as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 also supports the new OpenVAS Manager and OpenVAS
Administrator as optional extensions. This combination leverages the
vulnerability scanner to a comprehensive vulnerability management
solution.

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea, Vlatko
Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner,
Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this package for
  building.
* For the same reason, no header files are installed anymore

Main changes compared to 3.0.0-rc1:

* The openvassd.conf configuration file now complies with the key file
  specification.


openvas-scanner 3.0.0-rc1 (2009-12-07)

This release is the first release candidate of openvas-scanner
leading up to the upcoming 3.0 release of OpenVAS.
Apart from the name change from openvas-server to
openvas-scanner, the platform-dependent NVTs as
well as the OpenVAS NVT Feed synchronisation script
are now integrated.

OpenVAS 3.0 will introduce a new architecture where openvas-libraries
now includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this,
the source code will shrink, though new features will be added. Also,
for running the scanner now only 2 modules are required (instead of 4
as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator
as optional extension. This combination leverages the vulnerability
scanner to a comprehensive vulnerability management solution.

The "release candidate" releases are intended to allow testing of the upcoming
3.0 series. It should be kept separate from OpenVAS 2.0 installations
and not be used in a production environment.

Unless serious bugs are discovered, this release candidate will become the final
OpenVAS 3.0 release. Users are encouraged to test this release and to report
bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ .

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea,
Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this
  package for building.
* For the same reason, no header files are installed anymore

Main changes compared to 3.0.0-beta6:

* IPv6 support has been improved.
* Support for the upcoming synchronization script API has been added to
  openvas-nvt-sync.
* The amount of debug messages in the log files when not compiled in debug
  mode has been reduced.


openvas-scanner 3.0.0-beta6 (2009-11-23)

This release is the sixth beta version of openvas-scanner
leading up to the upcoming 3.0 release of OpenVAS.
Apart from the name change from openvas-server to
openvas-scanner, the platform-dependent NVTs as
well as the OpenVAS NVT Feed synchronisation script
are now integrated.

OpenVAS 3.0 will introduce a new architecture where openvas-libraries
now includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this,
the source code will shrink, though new features will be added. Also,
for running the scanner now only 2 modules are required (instead of 4
as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator
as optional extension. This combination leverages the vulnerability
scanner to a comprehensive vulnerability management solution.

The "beta" releases are intended to allow testing of the upcoming
3.0 series. It should be kept separate from OpenVAS 2.0 installations
and not be used in a production environment.

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea,
Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this
  package for building.
* For the same reason, no header files are installed anymore

Main changes compared to 3.0.0-beta5:

* IPv6 support has been improved.
* Code clean up.


openvas-scanner 3.0.0-beta5 (2009-10-26)

This release is the fifth beta version of openvas-scanner
leading up to the upcoming 3.0 release of OpenVAS.
Apart from the name change from openvas-server to
openvas-scanner, the platform-dependent NVTs as
well as the OpenVAS NVT Feed synchronisation script
are now integrated.

OpenVAS 3.0 will introduce a new architecture where openvas-libraries
now includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this,
the source code will shrink, though new features will be added. Also,
for running the scanner now only 2 modules are required (instead of 4
as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator
as optional extension. This combination leverages the vulnerability
scanner to a comprehensive vulnerability management solution.

The "beta" releases are intended to allow testing of the upcoming
3.0 series. It should be kept separate from OpenVAS 2.0 installations
and not be used in a production environment.

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea,
Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this
  package for building.
* For the same reason, no header files are installed anymore

Main changes compared to 3.0.0-beta4:

* Adjustments for the API changes that happened from
  openvas-libraries 3.0.0-beta4 to 3.0.0-beta5.


openvas-scanner 3.0.0-beta4 (2009-10-19)

This release is the fourth beta version of openvas-scanner
leading up to the upcoming 3.0 release of OpenVAS.
Apart from the name change from openvas-server to
openvas-scanner, the platform-dependent NVTs as
well as the OpenVAS NVT Feed synchronisation script
are now integrated.

OpenVAS 3.0 will introduce a new architecture where openvas-libraries
now includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this,
the source code will shrink, though new features will be added. Also,
for running the scanner now only 2 modules are required (instead of 4
as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator
as optional extension. This combination leverages the vulnerability
scanner to a comprehensive vulnerability management solution.

The "beta" releases are intended to allow testing of the upcoming
3.0 series. It should be kept separate from OpenVAS 2.0 installations
and not be used in a production environment.

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea,
Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this
  package for building.
* For the same reason, no header files are installed anymore

Main changes compared to 3.0.0-beta3:

* A number of resource and memory leaks have been identified and fixed.
* Command line options have been updated.
* Old and obsolete code has been identified and removed.
* Adjustments for the API changes that happened from
  openvas-libraries 3.0.0-beta3 to 3.0.0-beta4.


openvas-scanner 3.0.0-beta3 (2009-10-06)

This release is the third beta version of openvas-scanner
leading up to the upcoming 3.0 release of OpenVAS.
Apart from the name change from openvas-server to
openvas-scanner, the platform-dependent NVTs as
well as the OpenVAS NVT Feed synchronisation script
are now integrated.

OpenVAS 3.0 will introduce a new architecture where openvas-libraries
now includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this,
the source code will shrink, though new features will be added. Also,
for running the scanner now only 2 modules are required (instead of 4
as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator
as optional extension. This combination leverages the vulnerability
scanner to a comprehensive vulnerability management solution.

The "beta" releases are intended to allow testing of the upcoming
3.0 series. It should be kept separate from OpenVAS 2.0 installations
and not be used in a production environment.

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea,
Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this
  package for building.
* For the same reason, no header files are installed anymore

Main changes compared to 3.0.0-beta2:

* Adjustments for the API changes that happened from
  openvas-libraries 3.0.0-beta2 to 3.0.0-beta3.


openvas-scanner 3.0.0-beta2 (2009-09-28)

This release is the second beta version of openvas-scanner
leading up to the upcoming 3.0 release of OpenVAS.
Apart from the name change from openvas-server to
openvas-scanner, the platform-dependent NVTs as
well as the OpenVAS NVT Feed synchronisation script
are now integrated.

OpenVAS 3.0 will introduce a new architecture where openvas-libraries
now includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this,
the source code will shrink, though new features will be added. Also,
for running the scanner now only 2 modules are required (instead of 4
as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator
as optional extension. This combination leverages the vulnerability
scanner to a comprehensive vulnerability management solution.

The "beta" releases are intented to allow testing of the upcoming
3.0 series. It should be kept separate from OpenVAS 2.0 installations
and not be used in a production environment.

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea,
Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this
  package for building.
* For the same reason, no header files are installed anymore

Main changes compared to 3.0.0-beta1:

* Adjustments for the API changes that happened from
  openvas-libraries 3.0.0-beta1 to 3.0.0-beta2.
* Code cleanups.
* Fixed and improved build.

openvas-scanner 3.0.0-beta1 (2009-09-23)

This release is the first beta version of openvas-scanner
leading up to the upcoming 3.0 release of OpenVAS.
Apart from the name change from openvas-server to
openvas-scanner, and platform-dependent NTSs as
well as the OpenVAS NVT Feed synchronisation script
are now integrated.

OpenVAS 3.0 will introduce a new architecture where openvas-libraries
now includes openvas-libnasl as well as redundant code from openvas-client
and where openvas-server is renamed to openvas-scanner and includes any
platform-dependent elements of openvas-plugins. As a result of this,
the source code will shrink, though new features will be added. Also,
for running the scanner now only 2 modules are required (instead of 4
as for OpenVAS 2.0).

New features of OpenVAS include support for IPv6 and WMI-Clients.
Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator
as optional extension. This combination leverages the vulnerability
scanner to a comprehensive vulnerability management solution.

The "beta" releases are intented to allow testing of the upcoming
3.0 series. It should be kept separate from OpenVAS 2.0 installations
and not be used in a production environment.

Many thanks to everyone who has contributed to the 3.0.0 release:
Chandrashekhar B, Tim Brown, Javier Fernndez-Sanguino Pea,
Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes compared to 2.0.x:

* IPv6 support
* Integration of platform dependent NVTs from openvas-plugins
* Integration of openvas-nvt-sync script
* Renamed daemon from openvasd to openvassd
* glib dependency raised from 2.6 to 2.12
* openvasd-config removed as no other packages require this
  package for building.
* For the same reason, no header files are installed anymore


openvas-server 2.0.2 (2009-06-03)

This is the second maintenance release of the openvas-server module for the
Open Vulnerability Assessment System (OpenVAS) 2.0-series.

It fixes some issues discovered after the release of openvas-server
2.0.1 and introduces support for new features. Thanks to the continuing
audit of the code, a number of obsolete, unused and/or unnecessary functions
were identified and removed.

Effects when installing this version:

* The option "Silent dependencies" is now "off" by default. Previously it was
  set to "on", openvas-client >= 2.0.2 has already switched to "off" per
  default. Note that this may result in larger reports.

* Dependencies: openvas-server 2.0.2 requires openvas-libraries 2.0.2 and
  openvas-libnasl 2.0.1. You need to install these prior to openvas-server 2.0.2.

* The openvas-adduser script will no longer allow passwords in plaintext for new
  users. This means that the openvas-adduser script will refuse to add a new
  user if neither openssl nor md5sums is available.

Main changes since 2.0.1:

* OVAL support has been improved and now supports multiple definitions and
  results in one file.
* Support for per-host password based local checks has been added.
* Debian packaging files have been updated.
* Dependency searching has been improved to work better with subdirectories.
* openvas-server will now generate a warning if a NVT could not be cached.
* The openvas-adduser script will no longer create the now obsolete "plugins"
  directory in the user directory.


Many thanks to everyone who has contributed to this release: Vlatko Kosturjak,
Jan Wagner, Felix Wolfsteller and Michael Wiegand.


openvas-server 2.0.1 (2009-02-17)

This is the first maintenance release of the openvas-server module for the
Open Vulnerability Assessment System (OpenVAS) 2.0-series.

It fixes some issues discovered after the release of openvas-server
2.0.0 and introduces support for new features. Thanks to the continuing
audit of the code, a number of obsolete, unused and/or unnecessary functions
were identified and removed.

Effects when installing this version:

* Dependencies: openvas-server 2.0.1 requires openvas-libraries 2.0.1 and
openvas-libnasl 2.0.1. You need to install these prior to openvas-server 2.0.1.

* Cache files: Effects of openvas-libraries 2.0.1 are changes in the
cache file management. With 2.0.1 release of openvas-server it is
possible to specify a new location for the cache folder. If you will
use a new location, then the effects described for openvas-libraries
do not apply anymore (see also below regarding cache folder).

* New default port of the server: Please be aware that openvas-server
now listens on port 9390 by default since this port has recently been allocated
by IANA for the Openvas Transport Protocol (OTP). If you want to continue to
use the old port 1241, you have to specify the port you want openvasd to
listen on, for example by starting the server with "openvasd -p 1241".
If you don't specify this, it might happen that at next boot of your
system (or other restart of openvasd), the service is available
at a new port and you need to update the connection information
in your OpenVAS-Client.

Main changes since 2.0.0:

* Support for sub-directories in plugins_folder in accordance with
  Change Request #24 (http://www.openvas.org/openvas-cr-24.html).
* Established automated source code documentation. HTML-Version is available
  under http://www.openvas.org/src-doc/openvas-server/current/index.html
* Openvas-server now uses the IANA-assigned port 9390 for communication
  with the client.
* It is now possible to start openvas-server without root privileges. Note that
  a number of NVTs which rely on operations requiring root privileges (like
  packet forgery) will not work under these circumstances.
* The openvasd-config script now returns the values for sysconfdir, libdir and
  sbindir set at compile time.
* The new server preference "cache_folder" allows you to define the location
  of the cache ($plugins_folder/.desc in previous versions). The default value
  for this preference is /var/cache/openvas for new OpenVAS installations.
  Existing installations need to add cache_folder = /var/cache/openvas
  manually to openvasd.conf and make sure the directory exists.
* The new server preference "include_folders" allows you to specify
  search paths for the NASL include directive. This aids the use of
  subdirectories for plugins. The default value for this preference is
  $plugins_folder to be compatible with the old "flat" (all in one directory)
  structure.
* Initial support for per-target SSH credentials settings has been added. Please
  note that you will need a new client (>= 2.0.2) and a new ssh_authorization.nasl file to
  use this feature.
* Having a directory structure in $plugins_folder is now supported. openvasd
  will recurse through the subdirectories in $plugins_folder.

Note: The OpenVAS NVT feed will not use the new features for subdirectories and
include paths as long as the OpenVAS 1.0.x and OpenVAS 2.0.0 releases are
supported. An exception might be OVAL support.

Bugfixes:

* The usage of the gettext support tool in support scripts like openvas-adduser
  did expect gettext.sh to be in /usr/bin, which prevented the scripts from
  working correctly on systems where this was not the case. The gettext usage
  has been made more robust. (Solves: #860)
* During startup, openvasd will now show the correct total number of plugins
  and not count signatures and other files anymore.
* The obsolete user-specific cache (.desc in
  /var/lib/openvas/users/USER/plugins/) is not created anymore.

Many thanks to everyone who has contributed to this release: Tim Brown,
Stjepan Gros (for subdirs feature), Joey Schulze, Jan-Oliver Wagner,
Felix Wolfsteller and Michael Wiegand.


openvas-server 2.0.0 (2008-12-17)

This is the 2.0.0 release of OpenVAS.

If you have used the 2.0-beta1, -beta2 or -rc1 release, we recommend that you
update all your OpenVAS modules (openvas-libraries, openvas-libnasl,
openvas-server and openvas-client) to 2.0.0.

If you are currently using the 1.0.x branch and want to evaluate OpenVAS
2.0.0, we recommend that you install 2.0.0 separately from your OpenVAS 1.0
installation. Instructions on how to do this are available from the OpenVAS
website.

Main changes since 2.0-rc1:
* Debian packaging files have been updated.
* Obsolete code relating to the ENABLE_PLUGIN_SERVER has been removed.
* The build environment has been updated.

Main changes since 1.0.1:
* Support for the new script_tag command in NASL scripts has been added.
* 64-bit compatibility has been considerably improved.
* Support for transfering NVT signature information to the client has been added.
* Certificate checking has been improved.
* The obsolete openvas-check-signature tool has been removed.
* Support for plugin upload has been removed from OpenVAS-Server.
* Support for detached scans has been removed from OpenVAS-Server.
* Switch from Nessus Transfer Protocol 1.2 to OpenVAS Transfer Protocol (OTP) 1.0.
* Support for OVAL definitions has been added.
* Switch from Nessus plugin IDs to NVT OIDs.

Many thanks to everyone who has contributed to this release: Tim Brown, Javier
Fernandez-Sanguino, Stjepan Gros, Joey Schulze, Jan Wagner, Jan-Oliver Wagner,
Michael Wiegand and Felix Wolfsteller.


openvas-server 2.0-rc1 (2008-12-05)

This release is the first release candidate for the upcoming 2.0 release of OpenVAS.

Unless serious bugs are discovered, this release candidate will become the final
OpenVAS 2.0 release. Users are encouraged to test this release and to report
bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ .

If you have used the 2.0-beta2 release, we recommend that you update all your
OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and
openvas-client) to 2.0-rc1.

If you are currently using the stable 1.0.x branch and want to take part in
testing this release candidate, we recommend that you install 2.0-rc1 separately
from your OpenVAS 1.0 installation. Instructions on how to do this are available
from the OpenVAS website.

Main changes since 2.0-beta2:
* Support for the new script_tag command in NASL scripts has been added.
* Code quality has been improved, a potential buffer overflow due to
  insufficient memory allocation has been fixed.
* Debian packaging files have been updated.
* Minor bugfixes.

Many thanks to everyone who has contributed to this release: Tim Brown, Joey
Schulze, Felix Wolfsteller and Michael Wiegand.


openvas-server 2.0-beta2 (2008-11-14)

This release is the second beta version of the upcoming 2.0 release of OpenVAS.
It contains improved 64-bit compatibility, improved OVAL support, support for
transferring NVT signature information to the client and various improvements.

This release is intended to contain all features intended for the final OpenVAS
2.0 release. Users are encouraged to test this release and to report bugs to the
OpenVAS bug tracker located at http://bugs.openvas.org/ .

If you have used the 2.0-beta1 release, we recommend that you update all your
OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and
openvas-client) to 2.0-beta2.

If you are currently using the stable 1.0.x branch and want to take part in the
beta phase for 2.0, we recommend that you install 2.0-beta2 separately from your
OpenVAS 1.0 installation. Instructions on how to do this are available from the
OpenVAS website.

Main changes since 2.0-beta1:
* 64-bit compatibility has been considerably improved.
* Debian packaging files have been updated.
* Support for transfering NVT signature information to the client has been added.
* Certificate checking has been improved.
* OVAL support has been improved.
* The obsolete openvas-check-signature tool has been removed.
* Bugfixes.
* Various code cleanups.

Many thanks to everyone who has contributed to this release: Tim Brown, Stjepan
Gros, Michael Wiegand and Felix Wolfsteller.


openvas-server 2.0-beta1 (2008-09-25)

This release is a first beta version of the upcoming 2.0 release of OpenVAS.
It introduces support for the cleaned up and improved OpenVAS Transport Protocol
(OTP, replacing NTP), the new OpenVAS NVT OID scheme and support for the Open
Vulnerability and Assessment Language (OVAL).
The protocol cleanup also removed some features that were considered unsecure,
unneeded or wrongly placed.

OpenVAS 2.0 will introduce a full set of new modules for OpenVAS Server
(openvas-libraries, openvas-libnasl and openvas-server) and a new
OpenVAS-Client. The only  module OpenVAS 1.0 and OpenVAS 2.0 will  share is
openvas-plugins. This means that the OpenVAS NVT Feed is compatible with both
generations of OpenVAS.

However, in case you plan to try out the new generation of OpenVAS, you should
install it separately from OpenVAS 1.0 installation. Instructions on how to do
this will be added to the OpenVAS homepage after all relevant modules are
released as 2.0-beta1. A separate announcement will officially start the beta
testing phase for OpenVAS 2.0.

Main changes in this release (compared to release 1.0.1):

* Updated packaging files for Debian.
* Support for plugin upload has been removed from OpenVAS-Server.
* Support for detached scans has been removed from OpenVAS-Server.
* Switch from Nessus Transport Protocol 1.2 to OpenVAS Transport Protocol (OTP) 1.0.
* New command line parsing implementation for openvasd (internal change).
* Fix for memory management issues in plugin scheduler that resulted in aborted
  scan sessions under certain circumstances.
* Updated scripts for user management; this fixes issues with new users being
  unable to login under certain circumstances.
* Initial support for OVAL definitions.
* Updated documentation.
* Switch from Nessus plugin IDs to NVT OIDs (internal change, also applies for OTP)

Many thanks to everyone who has contributed to this release: Tim Brown, Javier
Fernandez-Sanguino, Jan Wagner, Jan-Oliver Wagner and Michael Wiegand

openvas-server 1.0.1 (2008-07-03)

This release contains new and improved packaging files for various distributions
as well as bug fixes and cleanups. It also adds syslog support to openvas-server
and contains a first draft for the upcoming OpenVAS Transport Protocol.

Please note that this version requires openvas-libraries 1.0.2 or newer and
openvas-libnasl 1.0.1 or newer.

Please be aware that the plugin upload feature has been disabled in
openvas-server due to security concerns as described in
http://www.openvas.org/openvas-cr-4.html . This functionality is now deprecated
and will be removed in future versions of openvas-server. If your existing
installation depends on this feature, we recommend that you do not update to 
1.0.1.

* Added syslog support to openvasd logging facility.
* Fixed memory leaks in plugin scheduler.
* Added and improved packaging files for Debian, OpenSUSE and Fedora.
* Changed version requirements for openvas-libraries from 0.9.2 to 1.0.2 due to
  API extension for OpenVAS OIDs.
* Changed version requirements for openvas-libnasl from 0.9.1 to 1.0.1 due to
  API extension for OpenVAS OIDs.
* Disabled plugin upload feature due to security concerns.
* Fixed possible buffer overflow in user authentication.
* Fixed a configuration issue that broke the build process on certain 64bit
  installations.
* Added a first draft of the specification for the upcoming OpenVAS Transport
  Protocol.
* Various code cleanups.

Many thanks to everyone who has contributed to this release: Bernhard Herzog,
Jan Wagner, Jan-Oliver Wagner, Michael Wiegand and others.

openvas-server 1.0.0 (2008-01-31)

First stable release with only minimal changes
compared to latest 0.9 version.
No problems or any sort of issues have been
reported for over two months now.
This release is done basically
to reach the mentally important version 1.0,
there is no technical need to replace openvas-server
for a running installation.

Main changes are:

* Minor cleanups in package files.
* openvasd does not do any (useless) version check
  for -libraries and -libnasl anymore.

openvas-server 0.9.2 (2007-11-07)

Legal and minor technical fixes release.

Main changes are:

* Fixed tool "openvas-config" to output correct version
  of OpenVAS server (openvasd)
* During  installation routine, now a "gnupg" directory
  is created where the other configuration files of
  OpenVAS are located. This is the place for feed certificates.
* Removed some non-free documents (README_SSL, doc/WARNING.En
  and doc/WARNING.Fr).

openvas-server 0.9.1 (2007-10-17)

Minor cleanup release.

Main changes are:

* Version checking for openvas-libaries and openvas-libnasl
  at package configure time.
* Some code cleanups.
* Internal code refactoring.

openvas-server 0.9.0 (2007-07-27)

The first initial release of openvas-server
after the fork from Nessus 2.2.x.

Main changes are:

* Removed the client from this package.
* Replace OpenSSL by GNU/TLS (therefore it is allowed now to distribute
  binary packages with SSL-support)
* SSL now mandatory.
* Many cleanups of ancient remains (still many to come)
* Removed various W32-specific elements, because W32 isn't
  a taget system anyway.
* Lots of renaming to avoid conflicts with parallel
  Nessus installation


Old Changes information from the Nessus times:

2.2.5 :

. changes by Renaud Deraison :

- Faster scan startup speed (at the expense of a slightly bigger memory usage)
- nessus-fetch now calls nessus-update-plugins upon registration
- Fixed the use of an uninitialized buffer in the shared socket code
- Fixed some uninitialized variables in nessus_tcp_scanner
- Fixed several null pointer dereferencement in libnasl
- New NASL function 'send_capture()'
- Rotate nessusd.messages on startup if the file is too big

. changes by Michel Arboi :

- nessus_tcp_scanner now tracks down more statistics about the remote ports 
  (filtered vs. closed)

. changes by Beirne Kornarksi : 

- Fixed bug#1224

2.2.4 :

. changes by Renaud Deraison :

- Fixed a bug in nessusd when killing slow plugins, which may result
  in a hang of the scan
- Fixed a bug in find_services.nes which would prevent it from exiting
  properly when receiving a SIGTERM message
- Fixed a bug in libnessus/network.c which may result in incompletes
  SSL reads
- Fixed proxy support in nessus-fetch
- Reduced CPU usage
- Brand new SMB API
- The nessus-fetch man page is now installed
- Updated os_fingerprint.nasl with all the newest signatures

. changes by Michel Arboi :

- More gentle nessus_tcp_scanner

2.2.3 :

. changes by Renaud Deraison :

- Added the 'silent dependencies' option (suggested by Nicolas Pouvesle)
- Added a new 'Credentials' Tab to put SSH and SMB credentials
- Removed some un-recommended options from the GUI (detached scan)
- Fixed a NULL-ptr dereferencement in libnasl

. changes by Michel Arboi :

- Call setrlimit() without any limits when calling popen()

. changes by Nicolas Pouvesle :

- Replaced the functions in libnasl/nasl/smb_crypt.* by crypt_func.nasl

2.2.2 :

. changes by Renaud Deraison :

- Fixed HTTPS-over-proxy in nessus-fetch
- Fixed a build issue on Solaris in nessus-fetch
- Fixed the detached scans

2.2.1 :

. changes by Renaud Deraison :

- Turn on buffering for every TCP sockets to reduce the number of system calls
(only HTTP-related sockets would have a buffered input)

- Fixed bug#1065 which would make nessusd do an endless stream of calls
to gethostbyname() when testing a non-existant host name 

- Fixed a bug in the TCP socket buffering which would cause 
read_stream_connection() to perform a short read under some circumstances

- Added nessus-fetch(1), a utility which retrieves plugins from
www.nessus.org.

- Rewrote nessus-update-plugins to use nessus-fetch instead
of wget/lynx/fetch/curl

- Fixed bug#1076 (support for bash 3.0)

. changes by Michel Arboi :

- New TCP port scanner (nessus_tcp_portscan.nes)
- Better Hydra integration through multiple nasl scripts

2.2.0 :

- Fixed a couple of memory leaks (thanks to Lance Uyehara)

2.2.0RC1 :

. changes by Renaud Deraison :

- Fixed a bug in the client which would not make it 'remember' the scanner selection
- Each plugin can have a bigger number of cross-references associated to it
- Starting nessusd displays the current status of the plugins beeing loaded

. changes by Boris Wolf :

- Increased the buffer size on the client side to receive bigger reports

2.1.3 :

. changes by Renaud Deraison :

- Shared sockets: NASL scripts can share a socket between each others, instead
  of re-establishing the connection
- New system calls in NASL - get_kb_fresh_item() and replace_kb_item()
- The SSH checks now use a shared socket instead of re-logging into the
  remote host 
- The plugin selection in the client GUI is much faster


2.1.2 :

. changes by Renaud Deraison :

- nessus-update-plugins makes sure that the plugin archive has been properly
signed before uncompressing it

. changes by Michel Arboi :

- fixed a memory leak in NASL2
- wrote nmap.nasl, snmpwalk_portscan.nasl and nikto.nasl to replace the
  equivalent .nes plugins
- fixed the pread() NASL function

. changes by Nicolas Pouvesle :

- Improved SSH compatibility with non-OpenSSH servers

2.1.1 :

. changes by Renaud Deraison :

- Scripts can be cryptographically signed. A signed script gets access to
more NASL functions

- Restricted the access to the nasl functions pem_to_rsa(), pem_to_dsa(), 
rsa_sign() and dsa_do_sign() to signed NASL scripts

- The nasl functions pread() and find_in_path() are accessible to
signed NASL scripts and allow the execution of local commands
 

2.1.0 :

. changes by Nicolas Pouvesle :

- SSH implementation in NASL

. changes by Renaud Deraison :

- Added support for local security checks on remote hosts, over SSH
  (support for FreeBSD, MacOS X, RHEL2.1 and RHEL3)

- Wrote a clean internal API to let Nessus communicate with its sons

- Re-wrote the KB API to use a hash table instead of a slow linked list and
to support KB items of arbitrary length


2.0.12 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a bug in ./configure which would sometimes assume that GTK is not 
installed whereas it actually is
- Fixed a race condition in nessus-adduser for users who do not configure
their TMPDIR variable (thanks to Cyrille Barthelemy)
- Fixed a bug in nessus-update-plugins which would not update the plugins 
properly on all systems
- Fixed the installer to compile Nessus with GTK support if gtk-config OR
pkg-config is installed.


2.0.11 : 

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed Solaris portability issue introduced in 2.0.11
- Fixed a bug in the HTML with graphs output which would make it
  loop indefinitely
- Proper GTK+2.x support (GTK+ 1.2 is still supported)
- Fixed nessus-update-plugins for FreeBSD

2.0.10 : [maintenance release only]

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed MacOS X portability issues
- Non-intrusive OS-fingerprinting (based on xprobe's techniques)
- DNS fingerprinting
- killall -1 nessusd does not restart the bpf server on BSD systems
- longer connect() timeout for TCP sockets
- Fixed hydra.nes

. changes by Michel Arboi (mikhail@nessus.org)

- WWW fingerprinting
- partially fixed hydra.nes

. changes by (galt@fiberpimp.net)

- IP addresses are now sorted in EVERY reports 

. changes by Laurent FACQ (facq@u-bordeaux.fr)

- Automagically rewrite banners to handle distributions which do
  backporting of security fixes (ie: Debian)


2.0.9 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- The bpf sharing system now works fine on BSD systems, so Nessus
  now only requires one /dev/bpf to work correctly, no matter how many
  hosts are being tested

- Minor bug fixes

- A bug in tcp_ping() would make some probes have a source port set to 0


. changes by Michel Arboi (arboi@alussinan.org)

- Added functions in libnasl (join_multicast_group(), unixtime(), and
  more...)
- All SSL operations now use non-blocking sockets instead of the alarm()
  trick to handle timeouts

. Changes by Pavel Kankovky 

- Minimize the number of pixmaps that need to be created in the Nessus 
  client by re-using them

2.0.8 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Improved plugins dependencies
- Improved some plugins performances
- Better default values for nessusd.conf and .nessusrc
- Fixed insert_ip_options() which was broken

2.0.7 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed bad performances issues when pinging dead hosts
- Fixed a bug which would prevent to store items larger than 2kb in the KB
- NFS and SMB file-related functions completed (open, read and cwd are
  implemented)
- Plugins support for Windows 2003
- Network IPs can now be evenly sliced instead of being scanned
  sequentially
- User-definable source-IP(s) for the checks (nessusd -S)
- Fixed a possible message corruption problem if a plugin was to send a too
  long message back to nessusd
- Fixed a possible plugin corruption problem when the client overwrites
  existing plugins
- Fixed various false positives and wording issues in several plugins

2.0.6 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Support for the keyword 'default' as a port range in nmap_wrapper.nes
- Fixed a zombie issue in nmap_wrapper.nes
- Fixed various issues which could allow a NASL script to crash the
  NASL interpretor
- Improved the process management in find_services.nes

2.0.5 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a rare race condition which may make the scan hang
- Fixed SMB related issues
- Entering "default" as the port range will make nessusd scan the ports
  listed in the Nessus services file.
- Even more sigs in find_services.nes

. changes by Julien Bordet (zejames@greyhats.org)

- Added over 3,000 signatures to smtpscan.nasl (thanks to the data
  provided by the Nessus team)



2.0.4 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- fixed the SIGCHLD handler which would not work properly and leave zombies
  on the system

- fixed a race condition when testing a great number of hosts which would
  cause a testing process to slow down a whole audit or even hang it
  totally

- When a great number of host names is passed to nessusd as a target, they
  are resolved by chunks of 64 instead of trying to resolve everything then
  starting the test

- RedHat 9 support (in spite of their attempt to make their distro incompatible
  with everyone else)

. changes by Gabriel L. Somlo <somlo@acns.colostate.edu>

- The nessus can save the reports to stdout and read them from stdin




2.0.3 :

- fixed a compilation error which would prevent find_services from working
  properly

2.0.2 :


. changes by Michel Arboi (arboi@alussinan.org)

- NASL port of smtpscan (original Perl program by Julien Bordet)

- Nasty bug made loop stop prematurely on rare cases


. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Re-wrote webmirror.nasl from scratch. The new version has a real parser 
  built-in and is much faster

- Added checks for older Microsoft Advisories

- SMB plugins now use NTMLv1 authentication, ie: they don't send passwords
  in clear text over the network any more

- Added new crypto functions, taken from samba, in libnasl/

- Repaired detached scans

- Fixed IP ranges notation (10.1.1-9.1-254 did not work any more)

- Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222, 
  #220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205

- nessus-update-plugins properly calls chown under FreeBSD, no matter how
  many plugins there are 

- find_services.nes recognizes even more protocols

. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>

- Added NTLMv2 authentication

. changes by Frank Migge (frank.migge@oracle.com)

- nessus-mkcert-client creates the auth/rules file properly


2.0.1 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204)
- Fixed the "pink" graphical report issue
- Added http keep-alive support in the CGI related plugins
- Fixed a bug in the function get_kb_list() which would not always work
  properly
- Fixed an issue where in some situations, some HTTP services would not
  be tested for flaws if they have not been port-scanned first
- Added new signatures in find_services.nes

. changes by Stephen Friedl (steve@unixwiz.net)

- Fixed bugs and warnings in nessus-libraries


2.0.0 :

. changes by Michel Arboi (arboi@alussinan.org)

- NASL2 : Implement >!< "strings don't match" operator 
- NASL2 : fixed a vicious case of freed memory copy.

. changes by Renaud Deraison (deraison@cvs.nessus.org)
  
- Fixed a small bug in the plugin scheduler
- Ported to IRIX
- Several small bugfixes

. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>

- Added nmap_osfingerprint



1.3.4 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Re-written the process manager for the hosts
- Lots of bugfixes in the plugins text store manager
- New port scanner "synscan" which uses the RTT of the packets to do
  its job. 
- Fixed several small issues in nasl and nessusd (bug fixes, code cleanup)
- Added cryptographic hashing functions in NASL
- Added the function get_kb_list() which returns the content of a KB
  without forking the plugin
- Updated the manpages of nessusd and nasl

. changes by Michel Arboi (arboi@alussinan.org)

- Fixed scanner_get_port() when running in standalone mode
- Fixed possible uninitiliazed memory issues in libnasl
- Started to write the NASL2 reference guide (to be found in libnasl/doc/)



1.3.3 :

. changes by Michel Arboi (arboi@alussinan.org)

- Implement bit xor, logical & aithmetic right shift, power
- Fix operator precedence
- Added new NASL functions

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- The plugin texts are not loaded in memory any more, thus reducing
  the consumption of the nessus daemon of two megs. This also speeds up
  the loading of nessusd.

- Fixed a bug in the plugins scheduler (if optimizations were enabled, 
  the scan would sometime hang)

- Added a new NASL function (int())

- Fixed strings substraction to handle null values properly

- find_services.nes runs in parallel mode, for improved speed

- new plugin (synscan) which should perform well against firewalled
  hosts (computes the RTT before the scan)

1.3.2 : 

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with
  the latest version of GCC

- Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not
  be reset, causing plugins which call bpf_next() to sometimes crash

- Set the timer of bpf_share.c to a much lower value, thus making it work
  much better

- Improved tcp_ping()

- Fixed two bugs in the plugins scheduler :
	- If the option "enable dependencies at runtime" is set, 
	  it would enable ALL the plugins which are depended on, instead
	  of only those we use ;

	- In some cases, it may terminate too early, thus preventing a scan
	  from being complete

- DESTDIR support

1.3.1 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Rewrote the plugins scheduler (which determines the order in which
  the plugins are to be launched). The new one is much more efficient
  but as a result, it is not possible to accurately determine the
  order in which the plugins will be ran, so the 'plugin name' in
  the client is now totally bogus
  
- Fixed various issues with NASL scripts so that they work better
  with NASL2

- Fixed bugs relative to the creation of icmp and udp packets in nasl
  
- Fixed some fatal bugs in the bpf sharer

- NASL scripts do not read /dev/urandom any more, and use time() as a
  random seed instead. As a result, the loading and execution of nasl
  scripts if faster on systems where /dev/urandom can be blocking

- Fixed the tcp NIDS evasion techniques on BSD systems

- Full support for Bugtraq IDs 

- The HTML reports add links for URLs, and show the ID number of
  the plugin that issues the report.

- Speed up the calls to arg_get_value() by using a hash of the name
  being searched for.

- Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi)

. changes by Michel Arboi (arboi@alussinan.org)

- Better handling of the arrays in NASL2

. changes by Erik Anderson (eanders@carmichaelsecurity.com) 

- CVE and bugtraq cross references

. changes by Jay (jay@kinetic.org)

- Fixed multiple typos in the plugins

. changes by Javier Fernandez-Sanguino (jfernandez@germinus.com)

- Nessus now ships Hydra 2.2
- Fixed various compilation scritps (see bug#63)

1.3.0 :


. changes by Michel Arboi (arboi@alussinan.org)

- Use our own nessus-services file (re-generated at first start to include
  /etc/services and nmap-services)
- Added new families of plugins (ACT_KILL_HOST and ACT_END)
- Rewrote libnasl

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- The 'cancel' button of several file selection dialogs is now working
- Optimized several plugins :
	- Web-related checks now use http_recv() instead of recv()
	- open_priv_sock_tcp() has a lower timeout
	- RPC related checks now use get_rpc_port(), a function equivalent
	  to libc's getrpcport() but with a much smaller timeout
	- Decreased the default value of checks_read_timeout from 15 to 5
- Fixed a bug in the plugin selection GUI which would not refresh
  the list of plugins of a given family properly (bug#3)
- Fixed memory leaks in NASL
- Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP
  (bug#10)
- Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11)
- Nessus now accepts nmap's U: and T: notation for the port range (bug#5)
- Helped Michel Arboi to give the last touches to the new libnasl
  
. changes by Erik Anderson (eanders@pobox.com)

- Added CVE and BID links, added urls and removed dead links from the plugins

. changes by Michel Scheidell (scheidell@secnap.net)

- Improved several SMB-related checks

. changes by Rodolfo Baader (rbaader@activesec.biz)

- Quotes and apostrophes are properly escaped in the XML output report


1.2.6 :


. changes by Michael Slifcak (Michael.Slifcak@guardent.com)

- Added Bugtraq cross reference in the plugins
- Added support for BID in nessusd (this has yet to be done on the
  client side)

. changes by Axel Nennker (Axel.Nennker@t-systems.com)

- fixed the xml and html outputs
- fixed array issues in a couple of plugins

. changes by Michel Arboi (arboi@alussinan.org)

- find_service now detects services protected by TCP wrappers or ACL
- find_service detects gnuserv
- ptyexecvp() replaced by nessus_popen() (*)
  
. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a bug which may make nasl interpret backquoted strings
  (\n and \r) received from the network (problem noted by Pavel Kankovsky)
- nmap_wrapper.nes calls _exit() instead of exit() (*)
- Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by
  sharing _one_ among all the Nessus processes. As a result, Nessus's
  ping is much more effective on these platforms
- bugfix in plug_set_key() which would eventually make some scripts
  take too long when writing in the KB
- Plugins of family ACT_SETTINGS are run *after* plugins of family
  ACT_SCANNERS
- replaced the implementation of md5 which was used when OpenSSL is disabled
  by the one from RSA (the old one would not work on a big-endian host)
- Fixed plugins build issues on MacOS X
- The nessus client compiles and links against GTK+-2.0. Of course, it will
  be horrible and instable, as the GTK team does not care about backward
  compatibility


(*) These two modifications solve the problems of nmap hanging under FreeBSD
  
  
1.2.5 :

. changes by Michel Arboi (arboi@alussinan.org)

- find_service now displays unknown services that run on assigned ports
- read_stream_connection smarter (smaller timeout)
- find_service sometimes declared IDENT as "unknown"

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a deadlock that would prevent some plugins from completing
- Fixed a possible (although rare) corruption issue in the reports
  (the script IDs could under some circumstances be random)
- Fixed a potential segfault in the execution of nasl scripts

1.2.4 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Reverted back to autoconf 2.13. 
- Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances,
  data might have be lost in the reports
- Fixed a bug in several plugins for web checks (under some circumstances,
  a plugin would do N x N checks against the remote web servers (where
  N equals to the number of web servers running on the remote host)


1.2.3 :


. changes by Isaac Dawson (idawson@securitymanagementpartners.com)

- New html output layout.

. changes by Pasi Eronen (pasi.eronen@nixu.com)

- fix in nmap_wrapper

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed a bug which could make, under some circumstances, make nessusd
  crash the host it is running on.
- If the option log_whole_attack is set to "no", then only the begining
  and the end of the attack is logged (and not the time each plugin takes)
- Improved no404.nasl to further reduce false positives
- Bug fix in nessusd - under some rare circumstances, report data could
  be lost (if many many plugins were enabled at the same time and were
  sending data at the same time).
- UDP packets are resent while we wait for a reply (avoids to loose packets
  en route)
- Fixed the option "auto_enable_dependencies" which would not always work
- Sending a SIGTERM to the nessus client during a command line scan
  forces it to save its result to the current test file
- Non-printables characters are not shown in the report any more


1.2.2 :

. changes by Renaud Deraison (deraison@cvs.nessus.org)

- In the GUI, while running a scan, plugins names are only updated once 
  in a while (saves CPU)
- Bugfix in the client : some host names would make the client crash 
- Repaired the '-P' switch in the client

1.2.1 :


. changes by Simon Law (sfllaw@engmail.uwaterloo.ca)

- Made a manpage for nessus-mkcert-client(1) and have it installed by
  the Makefile
- Revised most other manpages for missing information and to increase
  clarity


. changes by Renaud Deraison (deraison@cvs.nessus.org)

- Fixed the -i switch of nessus-update-plugins
- Fixed a bug in the server which would, in some circumstances, not make it 
  announce the proper order of the plugins being run
- More CVE cross references
- get_host_name() always return a FQDN
- User-configurable third party domain for SMTP relay checks
- Repaired hydra.nes
- Fixed MacOS X specific problems (dlcompat vs NSCreateObjectFileImageFromFile)
- Plugins dependencies appear in the GUI
- Fixed nessus-mkcert so that long email addresses are accepted
- Re-generated the 'configure' scripts with autconf 2.53

. changes by Michael Scheidell (scheidell@fdma.com)

- Added some bound checkings in some SMB plugins to reduce
  noise in nessusd.messages

. changes by Michel Arboi (arboi@alussinan.org)

- ping_host.nasl pings on multiple ports


1.1.15/1.2.0 :

. changes by Nicolas Dubee (ndubee@secway.com) :

- Better support for AF_UNIX sockets 


. changes by Brian (bmc@snort.org) :

- CVE references
- several bugfixes in the plugins

. changes by Peter Grndl (pgrundl@kpmg.dk) and
  Carsten Joergensen (carstenjoergensen@kpmg.dk) :
  
- Extensive review of the plugins and therefore numerous fixes

. changes by Axel Nennker (Axel.Nennker@t-systems.com)

- FD leak in save_kb.c fixed

. changes by Renaud Deraison (deraison at nessus.org)

- It is now possible to upload files to the server when using
  the command line client 

- lrand48() portability problems worked around

- fixed a bug in the report window that would make it crash
  randomly
  


  
1.1.14 :

. changes by Renaud Deraison (deraison at nessus.org)

- SMB fixes (thanks to Michael Scheidell)
- When the safe checks option is enabled, dangerous tests with no 
  alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and
  ACT_DENIAL) are disabled
- Hosts can be designated by their MAC address of instead of their
  IP address (mostly useful for DHCP networks)
- Fixed a bug in the report generation which would replace newlines (\n)
  by semi-columns (;)
- Fixed a bug in the export of some types of reports, where open ports
  with no data associated would not be saved
- Integrated THC's Hydra as a Nessus plugin
- Added new NT security checks (related to user management)
- Plugins of type ACT_SETTINGS can not be disabled
- Fixed a bug which would make nessusd hang when a scanner was reporting
  too many open ports (as when a UDP scan reports all UDP ports as
  being open)

. changes by Dion Stempfley (dion at riptech.com)

- The client can now filter on category

. changes by Axel Nennker (Axel.Nennker@t-systems.com)

- Fixed some plugins causing error messages in some circumstances
  (dns_xfer.nasl, snmp_processes.nasl...)
- Stylish changes to prevent gcc -Wall from whining in some files
- XML NG output is now XML compliant
- Bug fixes


. changes by Jenni Scott (jenni.scott@guardent.com) and
  Michael Slifcak (michael.slifcak@guardent.com) :

- Improved the reporting of the plugins (better consistency, better
  wording)
1.1.13 :

. changes by Michel Arboi (arboi@alussinan.org)

- New family ACT_SETTINGS dedicated to plugins which just let the user
  enter some preferences

- Optional NIDS evasion techniques (url encoding, tcp slicing)

. changes by Renaud Deraison (deraison at nessus.org)

- Fixed a bug in the command line client which would make it ignore
  some preferences

- SMB checks can now log into a Windows domain

- NIDS evasion techniques (data injection, short ttl)

- Fixed a bug which would randomly stall the scan

1.1.12 :

. changes by Renaud Deraison (deraison at nessus.org)

- Workarounds on FreeBSD to prevent a kernel panic
  (thanks to Michael Scheidell and Stefan Esser)

- nessus can export reports as other file formats again



1.1.11 :

. changes by Renaud Deraison (deraison at nessus.org)

- Fixed a bug regarding the saving of reports from the GUI
- Improved the backend in many ways (speed-wise, content-wise)
- Changes in the protocol
- More messages are sent between the server and the client (timestamps,
  plugins version, ...)
- New .nbe file format, which looks like .nsr but has more information
  in it
- Plugins now have versions numbers.
- The user can upload his plugins to the nessusd server from the client
- It is now possible to upload files to the server (ie: nmap's results) in 
  command-line mode
- Fixed false positives in SNMP plugins when launched against a non-configured
  Solaris snmpd

. changes by Guillaume Valadon (guillaume at valadon.net)

- New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch])

1.1.10 :

. changes by Renaud Deraison (deraison at nessus.org)

- Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from 
  aborting an on-going test
- Fixed a bug in the client which would prevent the user from setting a port
  range longer than 255 chars
- Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next()   is now more flexible.
- Fixed a bug in the command line client which would make it close the 
  communication too early when the client - server communication is not
  ciphered
- Added an "auto-load dependencies at runtime" option

1.1.9 :


. changes by Renaud Deraison (deraison at nessus.org)

- Fix in the GUI, when closing a saved report
- Fixed a bug in ftp_log_in() which would prevent nasl script from
  logging into some FTP servers 
- Solaris build problems fixed
- Darwin 1.4.1 build problems fixed
- MkLinux DR3 build problems fixed  (is anyone using it anymore ?)
- GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though)
- Fixed the "wrong call to getopt" problem which would make Nessus
  segfault when built with cygwin, and which would prevent options
  from working under Solaris & FreeBSD (thanks to Udo Schweigert)
- SMB checks speedup (thanks to Georges Dagousset's suggestion)
- Fixed a bug in the client - server communication that would make the
  server close the communication when the client is idle
- Better support for AF_UNIX socket for client-server communication
  (compile nessus-core with ./configure --enable-unix-socket)
- Plugins are disabled by default in batch mode

. changes by Michel Arboi (arboi@alussinan.org)

- Client now properly checks the certificate of the server

. changes by Benoit Brodard (bbrodard at arkoon.net)

- fixed bugs in nasl/tcp.c (checksum, handling of unsigned int)


1.1.8 :

. changes by Renaud Deraison (deraison at nessus.org)

- Workaround for systems with a low number of bpfs (OpenBSD, Darwin)
- Added some length checks for SMB checks
- No more zombies
- Fixed accounts.nes
- Fixed the reporting of the client (reports would be mixed)
- Client removes tempfiles when exiting
- Repaired ptyexecvp() which would not work on Solaris
- Slight bugfix in the NASL interpretor

. changes by Georges Dagousset (georges at alert4web.com)

- More optimizations
- Properly reloads KBs with the same value defined more than once
- Fixes in some plugins dependencies

. changes by Michael Slifcak <Michael.Slifcak at guardent.com>

- More nmap options
- Quiet mode in nessus-adduser

1.1.7 :

. changes by Renaud Deraison (deraison at nessus.org)

- Compiles on platforms without OpenSSL
- Better Solaris support
- Ported under Darwin (many thanks to Dieter Fiebelkorn 
  (dieter at fiebelkorn.net) who actually started the port and helped
  me test this)
- Unscanned ports can now be considered as closed or open (instead of
  just open), at user choice
- Upgraded to libtool 1.4.2
- fixed a bug in the client which would make it display the wrong report
  when doing multiple scans
- enhanced the plugins filter (that appear when pressing 'l' in the GUI)
- fixed a serious problem in the SMB plugins which would prevent them to work
  against Samba and which would make them slow against Windows (pointed out
  by Georges Dagousset)

. changes by Iouri Pletnev (Iouri.Pletnec at xacta.com)

- Ported under Cygwin

. changes by Michel Arboi (arboi@alussinan.org)

- Added nessus-mkrand for hosts with no /dev/random AND no EGD
  running




1.1.6 :

. changes by Renaud Deraison (deraison at nessus.org)

- EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket
  in nessus-libraries)
- KB items are now stored with individual dates instead of a global
  date for the whole KB file. Yes, this means you have to delete your
  old KB files
- When an host could not be pinged, his KB is not altered (nor created)
- fixed memory leaks in nessusd
- nessus-mkcert checks that the certificates were really created
  before congratulating the user 
- fixed a security problem where anybody with a shell on the nessusd
  host could log in


1.1.5 :

. changes by Georges Dagousset (georges.dagousset at alert4web.com) :

- new KB entries for further "optimizations"
- improved find_services.nes

. changes by Renaud Deraison (deraison at nessus.org) :

- cleaned up the KB
- added doc/kb_entries.txt
- bugfix in find_services regarding the pem password
- new reporting GUI
- fixed a problem which would leave some plugin run against a host
  considered as dead
- the KB are now stored with properly escaped \n and \r chars
- greatly improved tcp_ping.nasl (and tcp_ping() in libnasl)

. changes by Michel Arboi (arboi@alussinan.org) :

- replaced PEKS by OpenSSL in the client/server communication


. changes by H D Moore (hdm@secureaustin.com)

- fixed no404.nasl



1.1.4 :

. changes by Renaud Deraison (deraison at nessus.org) :

- fixed find_services.nes
- plugins that are slow to finish are _really_ killed by the server
- the client better handles the scan of big networks
- nmap_wrapper now updates its progress bar 
- nessus-update-plugins support proxies (with or without authentication)
- monitor_backend.c and data_mining.c allow any developer to plug
  a database behind the client (by default flatfiles are used)
- bug fixed in nmap_wrapper which would make it kill its parent
  process randomly
- minor fix in the tcp_ping() function of NASL (ack would be set
  to non-zero for a syn packet)
- fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes

. changes by Michel Arboi (arboi@alussinan.org) :

- find_services accepts password-protected .pem files
- patches in the way files were transmitted between the client 
  and the server (which could end up in a deadlock)

. changes by Alexis de Bernis <alexisb at tpfh.org) :

- fixed ftp_write_dirs.nes

1.1.3 :

. changes by Renaud Deraison (deraison at nessus.org) :

- added the plugin 'torturecgis.nasl' which supplies bogus args to
  the remote CGIs, in order to find the most blantantly broken
  ones
- webmirror.nasl now retrieves the list of arguments of each
  CGI.
- added filter support in the client. Use the key 'l' to filter
  out plugins you don't want to see.
- added the 'safe checks' option which allow the user to not disturb
  the network (but which weakens the Nessus tests)
- disabled backward support for port 3001 - the official port
  is 1241 now.

1.1.2 :

. changes by Renaud Deraison (deraison at nessus.org) :

- added the plugin 'webmirror.nasl', which extracts the list of
  CGIs used by a remote web server (and will do much more).
- fixed a problem in NASL due to the SSL patch that would cause
  a fd leak with some plugins.
- added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins
  that may harm the remote host.
- SSL certificates & key can be imported
- corrected a bug introduced in 1.1.0 that would make the client not display
  the name of the plugin currently being run.
- sending signal SIGUSR1 to nessusd makes the grandfather process (the one
  who listens on tcp ports) die without killing its children, thus 
  allowing a smooth upgrade of nessusd
- updated config.guess and config.sub
  
1.1.1 :

. changes by Renaud Deraison (deraison at nessus.org) :

- fixed mem leaks in NASL
- fixed a bug introduced in 1.1.0 regarding recv_line()
- fixed a bug introduced in 1.1.0 in the process management of the plugins 
  (all the KB would not be filled, resulting in incomplete tests)
- smb_sid2user.nasl is twice as fast ;)

1.1.0 :

. changes by Devin Kowatch (devink at SDSC.EDU) :

- fixed communication problem between client and server
- user-defined timing policy in nmap
- nessus-update-plugins uses wget (or any user-supplied command at
  compilation time) if available.

. changes by Michel Arboi (arboi@alussinan.org) :

- support for the -T option of nmap
- SSL support

. changes by Zorgon (zorgon at antionline.org) :

- support for the --os_guess option of nmap


. changes by Renaud Deraison (deraison at nessus.org) :

- the user can upload files to plugins through the client (ie: it is possible
  to upload nmap's results directly to the nmap plugin)
- tests can be run in parallel now
- each user is now granted a home by nessus-adduser
- added nessus-rmuser
- per users plugins

1.0.7 :

. changes by Jordan Hrycaj (jordan at nessus.org) :

- added support for iana port 1241 while 3001 open at the
  same time, nin-compat mode (disabling 3001) as an experimantal
  configure option

- nessus-adduser allows to create local users with immediate
  key exchange (no passphrase procedure needed)

- nessusd allows to specify user logins with netmasks (as with
  the public key tags and passwords) in the nessusd.users file

- some options added to nessus, and nessusd

- you can force the compilation/installation of the getopt_long()
  function(s) by a configure option

. changes by Renaud Deraison (deraison at nessus.org) :

- http virtual hosts can now be tested

- user-modifiable per-plugin timeout

- detached scans can now be stopped from the client

- fixed issues in detached scan

- implemented plugins_reload() which loads new plugins in memory

- get_host_name() returns the name of host, as entered by the user
  (and not a resolve(ip(name_of_host)))

- added the function cgibin() in NASL, which returns the paths
  to use to get to the CGIs (default : /cgi-bin)

. changes by Loren Bandiera (lorenb at shelluser.net) :

- XML output improved



1.0.6 :

. changes by Renaud Deraison (deraison at nessus.org) :

- detached scans can send their result to a given email address (experimental,
 see http://www.nessus.org/doc/detached_scan.html)

- diff scan (experimental - see http://www.nessus.org/doc/diff_scan.html)

- probably fixed a bug which would prevent, under rare circumstances, a
  scan to finish

- NASL plugins can have no timeout

- minor change in the LaTeX report

- Support for Sun Workshop 5 compiler

- IRIX 6.2 support

- HP/UX 10.20 support

- Fixed a problem in report saving (saving as HTML would produce an XML
  file) - thanks to Scott Nichols (Scott.Nichols at globalintegrity.com)


. changes by Jordan Hrycaj (jordan@mjh.teddy-net.com)

- Fixed a problem in the random number generator

1.0.5 :

. changes by Loren Bandiera (lorenb at shelluser.net) :

- XML output in the Nessus client. 

. changes by Renaud Deraison (deraison at nessus.org) :

- added experimental KB saving, to prevent the audit to restart
  from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html
  for details

- added experimental detached scans. 
  See http://www.nessus.org/doc/detached_scan.html for details

- bug in the test of DoS attacks fixed (thanks to Christophe Grenier,
  (Christophe.Grenier at esiea.fr))

- minor changes in nessus-adduser

- scripts that open a UDP socket read the result of a UDP scan first

- when it receives a SIGHUP, nessusd first frees memory. It also closes
  and re-opens the nessusd.messages file

- the plugin timeout is now user definable, in nessusd.conf

- 64 bit compatible (nessusd would produce warnings when running
  on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team
  for having given me access to an IA-64 to compile and try Nessus.

- libnasl : better error reporting, minor bugs fixed


. Changes by Jordan Hrycaj (jordan at mjh.teddy-net.com) 

- faster cipher layer


. changes by Cyril Leclerc (cleclerc at boreal-com.fr)

- a GTK error would sometime be produced when the client is run in
  batch mode (Cyril Leclerc (cleclerc at boreal-com.fr))

1.0.4 :

. changes by Christoph Puppe (pluto at defcom-sec.com) :

- added "Sort by Port" to the report window. Saving of this is not finished.

- arglist_insert sorts first by holes, then by warnings, then by
  notes. Previous version only sorted by holes.

. changes by Renaud Deraison (renaud at nessus.org) :

- ftp related checks : the user can now supply a login/password
  for the ftp checks, and relies on the ftp banner if nessusd can't
  log into the ftp server (requested by Jens.Oeser at connector.de).

- libnessus : ftp_log_in() would sometime fail against some ftp
  servers

- better handling of large reports

- tests are saved on the server side and can be restored. Note that
  this is experimental and disabled by default. Do 
  ./configure --enable-save-sessions to enable this experimental
  feature, and read doc/session_saving.txt for details.

- better handling of targets with multiple web servers running

- continue to launch the DoS if the state of the remote host can not
  be determined

- fixed a bug in smb_login_as_users.nasl, and improved
  smb_accessible_shares.nasl

- added checks for unpassworded MySQLs and PostgreSQL databases

- nessusd uses less memory

. changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) :

- fixed a possible deadlock in the nessusd internal communication

- fixed a problem in the client that would make it crash if it received
  a malformed message from the server

- the client would not detect the death of the server when run in batch mode

- possible header confusion (with regex.h) fixed

- possible signal deadlock when exiting fixed
  
. Other changes :

- fixed a problem in the function is_cgi_installed() that may sometime
  not work against odd clients (Thomas Reinke (reinke at e-softinc.com))

- fixed a bug in snmp_default_communities.nasl (Lionel Cons (lionel.cons at cern.ch))
  
- fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu))

- typo in showmount.nasl would prevent it to work over udp (ctor at krixor.xy.org)


1.0.3 :

. changes by Renaud Deraison (renaud at nessus.org) :

- fixed various small problems in various plugins
- fixed a nasty bug in libnasl that would prevent raw packets from being
  read
- compiles under Solaris
- possible segfault in the client fixed


1.0.2 :

. changes by Christoph Puppe (christoph.puppe at defcom-sec.com) :

- Unified the naming of Vulnerability, Warning, Note in ASCII and HTML.

- latex_report_category seems like an oversimplification to me. What
  if we have a large network with lots of small holes, is this saver
  than a network with only one big? I've made a try on weighted
  rules. Hosts with holes get elevated to *10, warnings to *5 and
  notes stay where they are.

- added Level Note, it has it's own dot and is meant to be used for
  notes and notifications. The tex file is updated.

- changed smalies in various functions, to be easier to read, faster
  or more generic.

- plugins: finger.nasl was buggy

. changes by Renaud Deraison (renaud at nessus.org) : 
 
- possible hang at report time fixed in the client

- fixed a bug in the way the command-line client handles the plugins
  preferences

- fixed a problem in the detection of the servers that do not reply
  with a 404 error code when request an inexistant page

- fixed various compilations errors occuring on various
  platforms

- libnasl : fixed a bug that would occur in standalone mode

- nessus-libraries : takes the presence of the shared libraries
  of the system into account
  
- SMB and DCE/RPC over SMB issues :

   . smb_login.nasl : fixed an error (would always want
     to access IPC$ to declare that a login is valid)  

   . netbios_name_get.nasl : fixed an error which would
     prevent the SMB tests to work against Windows 2000

   . smb_dom2sid.nasl : LsarQueryInfoPolicy() now obtains the
     host sid, rather than the sid of the domain, so that local accounts
     are shown and tested (instead of the domain accounts only)

   . smb_enum_services.nasl : Lists the services that are running
     on the remote host

- new security checks added


. changes by Jordan Hrycaj (jordan at nessus.org) : 

- libpeks now uses the libgmp that comes with the operating system 
  if any, and does the same for libz
  
- fixed a bug that would prevent the client from working properly
  under OpenBSD
  
1.0.1 :

- nessusd : if the --enable-tcpwrappers flag is given to 
  ./configure, then nessusd is compiled with tcpwrappers support

- nessus : Pies and charts under Win32 too

- nessus : fixed errors when generating pies and charts which would
  cause horrible graphics (thanks to John Q. Public (tpublic at dimensional.com)
  for pointing this out)    

- nasl : memory leaks fixed, performance improved, bug in 
  forge_tcp_packet() fixed

- nessus-update-plugins : somehow improved

- plugins : more SMB checks, rewritten showmount in nasl, tons of new security
  checks (for a total of 435, whatever that means)

- plugins : fixed snmp_default_communities which was bugged. Thanks to
  W. Mark Herrick, Jr. (markh at va.rr.com) for pointing this out.

- gmp 3.0 is used by libpeks (vs 2.0.2)  

1.0.0 :

- nessus : fixed problems with the "spiffy" HTML export

- nasl : fixed various minor issues

- nasl : added the function ereg_replace()

- libhosts_gatherer : fixed a problem in the reverse lookups issues

- plugins : nearly 20 new security checks (including SMB checks)

- hinting to NESSUSHOME if ~/.nessusrc is not available (jh)

1.0.0pre3 :

- added the utility nessus-update-plugins(8). See the man
  page for security notes

- nessus : HTML reports now include links to the CVE entries

- nessus-adduser / libpeks : it is now possible to declare 
  from which host a user can connect to nessusd 
  
- plugins : better behavior of the CGI tests against hosts
  which do not issue 404 error codes

- security : nessusd.users would sometime be in mode 0644 (due
  to nessus-adduser), accounts.nes would let nessusd users read
  arbitrary files on the system

- nessusd : sends an error to the client when it attempts to scan
  a host it's not allowed to (suggested by Hermann Himmelbauer 
  <dusty@violin-kan.dyndns.org>)

- nessusd and nessus : error at loading time when the peks library was
  compiled with a special ./configure flag (thanks to 
  Bradley M Alexander <storm@tux.org>)

- nessusd and nessus : can be compiled with the --disable-cipher flags

- plugins : ftp_overflow.nasl : fixed a false positive pointed out
  by Jean-Paul Le Fevre <J-P.LeFevre@cea.fr>

- plugins : a dozen of new plugins have been added (piranha, uw imap
  overflow, Ken!, htimage.exe, lcdproc overflow, real server DoS, and 
  more...)

- nasl : added open_priv_sock_{udp,tcp} to open a socket with a priviledged
  port

  
1.0.0pre2 :


- nessusd : stop the current plugin when the user hits 'stop'

- nessusd : the rules now accept the keyword 'client_ip'  (suggested
  by  Hermann Himmelbauer <dusty@violin-kan.dyndns.org>)  

- nessusd : logs the name of the plugins that are loaded (suggested 
  by Matthias Andree <ma@dt.e-technik.uni-dortmund.de>)  
- nessus : the 'reverse lookup' option now works

- nessus : typo would prevent to compile nessus with gtk 1.0 (thanks to
  mike <michael.seeger@mchh.siemens.de> for pointing this out)

- nessus : changed the .nsr file format to something more easily parseable
  which contains the ID of the plugins which generate security warnings
  or holes

- nessus : error dialog makes more sense when nessusd is killed in the middle
  of a test (pointed out by Matthias Andree <ma@dt.e-technik.uni-dortmund.de>)

- nessus : fixed a segmentation fault that could occur during the login
  (Stefan Rapp s.rapp@hrz.uni-dortmund.de)

- nessus : the user now has the ability to select all the plugins
  except the dangerous ones

- nessus : fixed the busy waiting loop in the password dialog. For real
  this time. Thanks to Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
  for pointing this out again.

- nessus : other cosmetics things have been fixed

- nasl : now supports user-defined functions (see the documentation
  for more details)  

- plugins : ssh_insertion.nasl : fixed a typo which would cause the plugin
  to yell when the user was using OpenSSH 1.2.2 (which is immune to this
  problem). Thanks to R. Pickett <emerson@hayseed.net> for pointing this out

- plugins : lot of new security checks (thanks to  Roelof Temmingh
    <roelof@sensepost.com> for pointing out some missing IIS checks)

- all : version check at startup, as suggested by Scott Adkins <sadkins@voyager2.cns.ohiou.edu>


1.0.0pre1 :

- nessus-adduser : utility to add easily a nessusd user

- nessus : remembers the username

- nessus : warns the user that the host key has been saved

- nessus : fixed a busy waiting in the passphrase requester (thanks to
  Matthias Andree <ma@dt.e-technik.uni-dortmund.de> for pointing
  this out)

- nessus : fixed a segmentation fault that would occur when
  the user close the test window during a test

- nessus : saves the preferences of each plugin

- nessusd : fixed a problem in the rules which ended up being
  too restrictive

- nessusd : killall -1 nessusd now works  

- plugins : nmap_wrapper.nes : compatible with the new output of nmap

- traditional netmasks (255.255.255.0) are now accepted

- will not scan broadcast addresses (ie: 192.168.1.1/255.255.255.0 will scan 
  from 192.168.1.1 to 192.168.1.254)  


- Compatible with FreeBSD 4

0.99.10 :

- nessus : polished the GUI

- nessus : GTK 1.0 compatible (Eduardo Urrea <eduardou@hispasecurity.com>)

- nessusd : fixed a problem which could make the client see what was
  happening a few seconds later the event happened. (this was occuring
  when doing few tests against a great number of hosts)    

- nessusd.conf goes back to ${sysconfdir}/nessus/ (and not
  ${sysconfdir}/)

- nessusd CPU usage : dropped from 100% to much fewer [thanks to
  Ryan Mooney <ryanm@mhpcc.edu> who pointed this out]

- nessus and nessusd : the target file may have an unlimited size
  (it was cut down to 2047 bytes in the past) [many thanks to 
  Boris Wesslowski <Boris.Wesslowski@RUS.Uni-Stuttgart.DE> for pointing
  this out]

- nasl : fixed a bug in recv() which would make nasl crash when reading data
  from a non-socket

- nasl : close the sockets opened by a script in nasl_exit()

- nasl : fixed a bug in egrep()  

- nasl : init_telnet() behaves well against a tcp-wrapped telnet  

- plugins : nmap_wrapper : ability to use nmap's ping.
  
0.99.9 :


- nasl : added support for \xNN translation (Sebastian Andersson <sa@hogia.net>)

- nasl : cleaner compilation process

- nessusd : removed warnings during compilation

- nessusd : fixed a possible segmentation fault / logfile corruption that could
  occur when the user was manually stopping a test

- nessusd : fixed typos that would prevent the compilation without the cipher
  layer

- libnessus : timeout in recv_line()

- nessus : fixed a dumb segmentation fault in the client when all the plugins
  are activated

- nessus :  disable all / enable all buttons

- nessus : nicer xpms for error and warnings dialogs 

- nessus : fixed a bug that could make the client crash during plugin 
  selection

- plugins : read_accounts : fixed a problem that would disable  this plugin

- plugins : read_accounts : better handling of BSD telnet

- plugins : queso : fixed a problem which would disable this plugin

- plugins : stacheldraht : fixed a typo

- plugins : added acc.nasl, netscape_wp_bug.nasl 

- added nasl_version() and nessuslib_version(), as suggested
  by Scott Adkins <sadkins@voyager2.cns.ohiou.edu>

- nessus-core : better support for sysconfdir Keith Amidon  (camalot@picnicpark.org)


0.99.8 :

- OpenBSD portability

- HP/UX shl_* support

- re-attributed the plugins category, thanks to the lists made by
  Jeff Odegard <jeff@digitaldefense.net> who divided the plugins
  into three categories : begnign, intrusive and potentially destructive

- the client disable all the potentially destructive plugins if they
  are not in ~/.nessusrc, and puts a warning sign in front of them

- plugins have been attributed a unique ID

- plugins are CVE compatible

- NASL now supports regular expressions through the ereg() function. The
  syntax of the regexps is egrep-style, that I personnaly like.

- several bugfixes

- several new plugins

- 'nasl' is a standalone NASL interpretor that can be used to debug 
  Nessus scripts and/or write independants ones.

- the nasl guide has been updated and comes with libnasl/  

0.99.7 :

- fixed a 'file descriptor bomb' which would prevent nessusd to test
  big networks

- fixed a problem in nessusd which would make it slow down then crawl when
  it was testing big networks

0.99.6 :

- many segmentation faults corrected

- fixed a problem in the client <-> server communication which would make
  the server "forget" to send some data to the client

0.99.5 :

- New HTML export with pies and graphs

- Handles the HTTP redirects (thanks to  
  Andreas J. Koenig <andreas.koenig@anima.de> for requesting it)

- behaves well when the same service is detected more than once on the target
  side. Ie: if the target is running 2 web servers, then all the security checks
  will be performed on both

- Nicer client GUI

- Communication between the client and the server's children done in a
  cleaner way
- Corrected a bug in the client that would prevent it to work
  when not compiled with the cipher layer
  
- Added a inetd friendly option

- The quiet mode of the client will produce HTML, LaTeX, text or 
  .nsr files regarding the file suffix given as argument
  
- ASCII text output

- report can be saved to stdout

- kept-alive connection between the client and the server (no need to
  log in again between two tests)  

0.99.4 :

- Speedup

- Several segmentation faults fixed

- The user can now select the timeout value of the security checks read()
  function

- The client can specify an alternate configuration file

- Client : fixed problems regarding when to use the GUI

Previous versions :

- Corrected a problem regarding the list of checks selected by the user

- ${prefix}/var/nessus is created

- Corrected a typo in the code that would generate the preferences
  file

- Changed the behaviour of the nessus client, when it is started in the
  background and a pass phrase is wanted as input.  If available,
  the client terminates while complaining to the stderr.

- Added long options to the nessus client; as a side effect, the command
  line version works under windows, too

- OpenBSD portability issues

- Fixed the process tracker on cipher layer to meet the io thread
  table overflow

- Updated the process mgmnt, provided a general pty interface for
  subprocesses like nmap

- Reduced memory consumption by 50%

- Nessus can now use nmap(1). Thanks to Phil Brutsche <pbrutsch@creighton.edu>
  who helped me to figure out how to do this.

- Configuration files now installed in ${prefix}/etc/nessus/

- Man pages for nasl-config, nessus-config, nessus-build, as well
  as patches to problems that may occur during the installation
  by Josip Rodin <joy@cibalia.gkvk.hr>
  
- More efficient way to determine whether a DoS was successful or not.  
  Thanks to Michel Arboi <arboi@alussinan.org> for the suggestion
  (does not work well yet)

- The communication errors : 'out of threads already' and 'no cookie
  for received packets' have been fixed.

- All the newest security tests  
