diff --git a/CHANGES b/CHANGES
index cf1b682f81..5fd76c8b06 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.3-376 | 2015-01-12 09:38:10 -0600
+
+  * Improve documentation for connection_established event. (Jon Siwek)
+
 2.3-375 | 2015-01-08 13:10:09 -0600
 
   * Increase minimum required CMake version to 2.8. (Jon Siwek)
diff --git a/VERSION b/VERSION
index 41ff87b741..05511b04c1 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3-375
+2.3-376
diff --git a/src/analyzer/protocol/tcp/events.bif b/src/analyzer/protocol/tcp/events.bif
index f52fadaebb..5cf2710804 100644
--- a/src/analyzer/protocol/tcp/events.bif
+++ b/src/analyzer/protocol/tcp/events.bif
@@ -29,8 +29,10 @@ event new_connection_contents%(c: connection%);
 ##    new_connection new_connection_contents partial_connection
 event connection_attempt%(c: connection%);
 
-## Generated when a SYN-ACK packet is seen in response to a SYN packet during
-## a TCP handshake.  The final ACK of the handshake in response to SYN-ACK may
+## Generated when seeing a SYN-ACK packet from the responder in a TCP
+## handshake.  An associated SYN packet was not seen from the originator
+## side if its state is not set to :bro:see:`TCP_ESTABLISHED`.
+## The final ACK of the handshake in response to SYN-ACK may
 ## or may not occur later, one way to tell is to check the *history* field of
 ## :bro:type:`connection` to see if the originator sent an ACK, indicated by
 ## 'A' in the history string.