Version 2.1.1: 2011-08-11
=============================

Important bug fix in application labeling SSL plugin

Version 2.1.0: 2011-07-27
=============================

New Information Element exported in every flow record, flowAttributes (CERT PEN 6871, IE 40).

YAF now checks if a flow has fixed-size packets and exports this flag using the new flowAttributes Information Element (see <a href="yaf.html">yaf</a>)

Reset Application Label on UDP-uniflows for Deep Packet Inspection

Fixed yafscii invalid parameter bug that may have existed on certain platforms

Added VNC (RFB Protocol) application label

DPI Enhancements

FlowEndReason IPFIX field is now set to 31 for udp-uniflows

For Cygwin: Added support for getting the yaf config directory via the Windows Registry

Several other bug fixes

Version 2.0.2: 2011-06-13
==============================

Improvements with Reassembly of TCP Fragments.

Bug Fix for DNS Deep Packet Inspection.

--no-frag switch now works.

Bug Fix for expiring flows that exceed the idle timeout when reading from a file.

Added the ability to configure YAF with WinPCAP.

Version 2.0.1: 2011-05-23
==============================

Bug Fix for compile error with --enable-daginterface

Enhancement for SNMPv3 application labeler

Version 2.0.0: 2011-04-28
==============================

This version requires <a href="../fixbuf/index.html">libfixbuf-1.0.0</a> or greater.

Added Napatech Adapter Integration (requires libpcapexpress).

YAF now exports TCP, payload, finger printing, p0f, MAC, entropy, and DPI flow information within an IPFIX subTemplateMultiList data type. 

Added the ability to export YAF capture statistics using IPFIX Options Templates.

The --stats or --no-stats were added to configure YAF stats output.

Added the ability to define Spread group types to use Spread as a manifold for flow export based on application, port, protocol, version, or vlan.

Added New Application Labels: DHCP, AIM, SOCKS, SMB, SNMP, NETBIOS.

Added a time-out buffer flush function.

Added SSL Certificate Capture.

Added DNS Resource Record Parsing.

Added Deep Packet Inspection for the MySQL protocol.

The --silk switch will maintain compatibility with SiLK by not nesting TCP information in the subTemplateMultiList data type. 

Deep Packet Inspection elements are read from one configuration file.

Added the ability to create new DPI elements from configuration file.

Added UDP Export and Template Retransmission.

Many Bug fixes and other enhancements.

Version 1.3.2: 2011-02-03
=============================

Bug fix for dnsplugin.c

Minor bug fix for fingerprint exporting.

Version 1.3.1: 2010-10-06
==============================

Important bug fix for p0f or fpexport enabled code.

Fixed bug in DNS Application Labeling Decoder.

Removed machine learning code for future work.

Version 1.3.0: 2010-09-20
===============================

Vlan tags are now a part of the flow key.

Vlan tags are now always exported.

--mac flag exports MAC addresses.

Fixed bug in DNS Application Labeling Decoder.

Fixed bug in libp0f Makefile.

Added --print-header switch to yafscii for use with tabular mode to print column headers.

Added --mac switch to yafscii to support printing of MAC addresses in tabular mode.

Version 1.2.0: 2010-07-27
===============================

Spread support has been added into libfixbuf and YAF to allow publish subscribe distribution of YAF sensor output.

Plugin support has returned to YAF to support basic deep packet inspection (DPI) and application labeling (see <a href="yafdpi.html"> yafdpi </a>).

Added 9 new protocols to the application labeling feature (see <a href="applabel.html">applabel</a>).

Added ability for signature detection through the application labeling mechanism.

Added --udp-uniflow switch to capture each UDP packet on a set port and export the payload (for DNS dissector creation).

Added --udp-payload to concatenate and export payload up to the max-payload value.

DNS DPI can be restricted to Authoritative and NXDomain responses only via compile switches.

Enhanced payload capture for TCP streams with out-of-order SYN packets.

Fixed a bug in processing small (less than 64-packets) PCAP files.

Fixed IPv6 header options bug.

Fixed bug in parsing capability for strings longer than 80 columns.

Added p0f passive OS labeling capability from community <a href="https://tools.netsa.cert.org/confluence/display/tt/libp0f">libp0f</a>.

Added Berkley Packet Filtering (BPF) switch --filter.

Version 1.0.0.2: 2009-03-18
===============================

Fix to the --rotate switch so that it actually works.

Added the --noerror switch so that when a caplist set
of PCAP files are processed, all files will be attempted
even if there is a malformed PCAP in the middle of the list.

Added the --dag-interface switch (along with configure option
--enable-daginterfaces) that will record the physical interface
a packet arrived on in the flow table.


Version 1.0.0: 2008-09-09
================================

Airframe has now been merged into YAF and does not need
to be separately installed.

Fixes to the configure system to allow external pcap libraries,
(Bivio, nPulse, DAG) have been fixed.

The packet decoder system has been rewritten in order to allow
multithreading in the future.

Version 0.8.0: 2008-01-18
================================

Add experimental packet classifier support to YAF.

Experimental plugin support has been removed.

Version 0.7.2: 2007-11-30
================================

Add experimental YAF plugin support.

Version 0.7.1: 2007-08-29
==============================

Add ability to decode PPP and PPPoE headers.

Add experimental startup script in etc/. 

Fix --lock option bug; change --rotate file naming to minimize collision.

Version 0.7.0: 2007-08-15
==============================

Complete rewrite of YAF's main loop for simplicity and performance.
Input and output command-line configuration options have changed, and some
features are no longer available; see the yaf(1) manpage for details.

Complete rewrite of the packet decoder and fragment reassembler for
IPv6 flow assembly and for future flexibility.

Add ability to decode IPv6 headers and create IPv6 flows.

Version 0.6.0: 2007-05-17
===========================

Add tabular output to yafscii.

Add ability to decode IP over C-HDLC and GRE.

Update to fixbuf 0.6.0 API.

Add ability to export via IPFIX over TLS and IPFIX over SCTP.

Various bugfixes.

Version 0.5.0: 2006-09-29
=================================

Add Endace DAG capture support.

Add ability to drop privileges during live capture.

Add ability to decode (but not export) MPLS information.

Update to fixbuf 0.5.0 API.

Numerous internal performance and reliability enhancements. 

Version 0.1.6: 2006-07-07
===========================

Add ability to process pcap trace files (those containing headers only, 
and not full packet payload).

Add ability to decode 802.1q VLAN headers, and to export VLAN tags.

Fix bugs in yafscii I/O handling that led to instability on close.

Version 0.1.5: 2006-06-16
============================

Changes to template handling for 0.4.0 libfixbuf release; 
documentation tweaks; new --observation-domain option to set 
observationDomainId on exported messages.

Version 0.1.0: 2006-03-28
=============================

Initial public release of YAF. YAF is presently alpha-quality software.
