v1.0.1: January 18th, 2006

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
v1.0.1RC2: January 6th, 2006

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Added BSD license to Win32 installer message.
	* Upgraded packaged Tor (Win32 only).
	* Multiple instances can now be run at once (Win32 only).
	* Mac OS X encrypted file transfers now work.

-------------------------------------------------------------------------------
v1.0.1RC1: December 30th, 2005

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* ID deletion now resets the UI properly.
	* Currently loaded ID and fingerprint now displayed in 'About' menu.
	* Overly long messages from the local user are now gracefully truncated
	  instead of black-holed.
	* Fixed compile warnings.
	* Initial messages in encrypted conversations are queued so that it
	  is more clear to the user that they were sent over the encrypted
	  tunnel and not in plaintext.
	* Usability improvement: switched order of checkbox and entry/button in
	  'Select Load/Save Directory' frame.

-------------------------------------------------------------------------------
v1.0.0: October 17th, 2005

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Changed name to Scatter Chat.
	* Temporarily backed out of autoencrypt menu support.

-------------------------------------------------------------------------------
Release Candidate 10: September 11th, 2005

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Tor support crash-landed!
	* Added autoencrypt menu support.

-------------------------------------------------------------------------------
Release Candidate 9:  August 21st, 2005

SECURITY FIXES:
	* Fixed denial of service caused by newlines trailing in messages;
	this would cause the client to freeze.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Fixed bug that would sometimes truncate plaintext messages while in
	plaintext mode.
	* Fixed UI truncation caused by long default load/save directory.

-------------------------------------------------------------------------------
Release Candidate 8:  August 15th, 2005

SECURITY FIXES:
	* Fixed CAN-2005-2102, CAN-2005-2103, and CAN-2005-2370.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
Release Candidate 7:  June 26th, 2005

SECURITY FIXES:
	* Fixed CAN-2005-1934 and CAN-2005-1269.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Added MSN file transfer support.
	* Fixed IM window state persistence after closing window under MSN.
	* Fixed crash in key timeout mechanism (Windows XP only).

-------------------------------------------------------------------------------
Release Candidate 6:  May 29th, 2005

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Fixed module debugging mechanism.
	* Fixed crash in key timeout mechanism (UNIX only).

-------------------------------------------------------------------------------
Release Candidate 5:  May 22nd, 2005

SECURITY FIXES:
	* Fixed CAN-2005-1261 and CAN-2005-1262.
	* Fixed potential DOS whereby another user could tear down a secure
	channel if signed on to multiple accounts at the same time.  Impact is
	minimal and successful exploitation is not easy.  Nevertheless, this
	problem has been fixed.

PROACTIVE SECURITY ENHANCEMENTS:
	* Added user notifications when conversations are immune to replay
	attacks.

General Enhancements:
	* Auto-encryption support for familiar buddies crash-landed.
	* Fixed compile warnings.

-------------------------------------------------------------------------------
Release Candidate 4:  May 1st, 2005

SECURITY FIXES:
	* Fixed CAN-2005-0965, CAN-2005-0966, CAN-2005-0967.

PROACTIVE SECURITY ENHANCEMENTS:
	* None.

General Enhancements:
	* Fixed Win32 crashes on exit.
	* Fixed Win32 message flushing.
	* Added new Win32 icon.
	* Typing notifications now sent for non-encrypted conversations.
	* Now packaging PDF User's Manual.  Yay!

-------------------------------------------------------------------------------
Release Candidate 3:  March 27th, 2005

SECURITY FIXES:
	* Re-synchronized with Gaim v1.2.0 to remove vulnerabilities in
	Gaim v1.1.2 code.

PROACTIVE SECURITY ENHANCEMENTS:
	* Expanded simple UI status icons to include more states.  User can
	now toggle between 'Unencrypted' and 'To Encrypt' states (marked by
	red and yellow lock icons).  The new state notifications from the
	underlying blackchatmod will shift a new connection to the
	'Handshaking' (yellow lock) and 'Encrypted' (green lock) states as
	necessary.

General Enhancements:
	* File transfer support crash-landed.  Yahoo transfers work well.
	* Help menus for 'Encryption Initialization' window implemented.

-------------------------------------------------------------------------------
v0.85 Beta: March 25th, 2004

SECURITY FIXES:
	* Fixed a null-pointer dereference that occurs when receiving an
	invalid key.  This results in a simple denial-of-service, and NOT
	in a compromise of key or connection integrity.

PROACTIVE SECURITY ENHANCEMENTS:
	* Added a warning when the user changes profile information that it
	will NOT be encrypted because its public.
	* Disabled IM images since these are not yet encrypted.
	* Partially completed a second major security review.

General Enhancements:
	* Fixed Gaim bug that prevented user from chatting with multiple UM
	users concurrently.
	* Added right-click menu option to buddy that allows manual connection
	reset.

-------------------------------------------------------------------------------
v0.82 Beta: January 27th, 2004

SECURITY FIXES:
	Fixed two more vulnerabilities in Gaim's code that v0.81 missed.
	Again, these vulnerabilities DO NOT allow a third party to
	break encrypted messages or spoof messages.  See Ultramagnetic
	Advisory #002 for more details:
	    http://ultramagnetic.sourceforge.net/advisories.html

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
v0.81 Beta: January 26th, 2004

SECURITY FIXES:
	Fixed multiple vulnerabilities in Gaim's code.  Note that the
	integrity of Ultramagnetic-specific encryption code has NOT been
	compromised.  See Ultramagnetic Advisory #001 for more details:
	    http://ultramagnetic.sourceforge.net/advisories.html

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
v0.80 Beta: January 24th, 2004

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Switched from ECB mode to CTR mode!  Yay!
	* Implemented Perfect Forward Secrecy for session keys.
	* Added nonces to protocol handshake to prevent replay attacks.

General Enhancements:
	* Upgraded from libgcrypt v1.1.12 to v1.1.91.
	* Merged code tree with Gaim v0.74.
	* Switched from using message signatures to message HMACs.

-------------------------------------------------------------------------------
v0.70 Beta: October 31st, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Added warnings to away message windows.
	* Implemented Ultramagnetic IDs!
	* Initialization Vectors and HMAC keys are now exchanged in handshake.

-------------------------------------------------------------------------------
v0.65 Beta: October 1st, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Merged with Gaim v0.68 sources.
	* Fixed typing notification (disabled).
	* Added 'UM Setup' button to main window.
	* Added custom splash graphic!  Yay!

-------------------------------------------------------------------------------
v0.60 Beta: September 7th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Completed UI database editing.
	* Fixed screen name consistency bugs.
	* Fixed unexplainable random hanging... somehow...

-------------------------------------------------------------------------------
v0.55 Beta: August 19th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Continued code audit.
	* Added encryption state timeouts.
	* pending_message array expanded into list of pending messages.
	* Encryption initialization window now loads and displays the key
	database (but it is not editable yet).

-------------------------------------------------------------------------------
v0.50 Beta: August 12th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Finished changing strncpy's/strncat's to g_strlcpy's/g_strlcat's.

General Enhancements:
	* Six/Four support for AIM (oscar) crash landed.
	* Compile system improved: got rid of annoying corrupt libtool script
	problem.
	* An absolute path to '64hosts.lst' in Six/Four's '64.cfg' file no
	longer required.
	* Table view added to encryption initialization window (though it is
	non-functional as of yet).

-------------------------------------------------------------------------------
v0.40 Beta: July 28th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Changed all strncpy's and strncats to g_strlcpy's and g_strlcat's.
	* Added all kinds of proactive measures to parse_directory_string that
	guard against theoretical attacks which probably only exist up in my
	head.
	* Modified sign buffer length calculation to guard against off-by-one
	buffer overflows (um_encryption.c:698).
	* Changed incorrect size parameter in g_strlcat (um_encryption:710).

General Enhancements:
	* Added LOTS of comments to UM-specific source code.
	* Split moved encryption & encryption ui support into
	'um_encryption.c' & 'um_encryption_ui.c'
	* Key generation is now done in a separate thread.  User can now
	watch a pretty progress bar bounce back and forth too.
	* New Key Fingerprint window now has more accept options:  Temporary
	and Permanent.
	
-------------------------------------------------------------------------------
v0.20 Beta: July 13th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Many UI quirk fixes.
	* Fixed screenname display bug when initializing encryption.
	* Added Win32 build system.
	* Changed dual-license back to GPL-only.  =(

-------------------------------------------------------------------------------
v0.10 Beta: July 4th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	* Changed stat() calls to lstat() to guard against symlink attacks.

General Enhancements:
	* Implemented public key fingerprint checking/caching.
	* Added help dialogs to encryption windows.
	* Buddies can now sign on & sign off, and encryption states will
	  be updated.

-------------------------------------------------------------------------------
v0.03 Preview Alpha Release 3: June 28th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Added minimal support for the Six/Four protocol.
	* Integrated source directly with Gaim tree.
	* Added ./configure support.
	* Encryption support is now statically linked.

-------------------------------------------------------------------------------
v0.02 Preview Alpha Release 2: April 13th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	* Removed/fixed deprecated GTK functions.
	* Readied code for Gaim v0.6x series.

-------------------------------------------------------------------------------
v0.01 Preview Alpha Release 1: March 16th, 2003

SECURITY FIXES:
	None.

PROACTIVE SECURITY ENHANCEMENTS:
	None.

General Enhancements:
	None.

-------------------------------------------------------------------------------
