Secure FTP Server Version History

 

Changes in 3.3.5, September 4, 2008

• Improved compatibility with Filezilla FTP client
• Improved compatibility with z/OS systems.
• Improved resource usage when uploading via HTTP.

Changes in 3.3.1, April 30, 2008

• Corrected problem with inheritance and resulting folder permissions

Changes in 3.3.0

• MD5 functions not thread safe causes crash - Repaired
• Auto-lockout now resets on successful login (SFTP)
• Corrected COM Memory leak when creating users
• MLST now works according to specifications
• COM method SetMaxSpace inputs correct amount
• Corrected error where E-mail notifications fail in certain scenarios
• Corrected error when restoring key from backup location
• Show in list unchecked no longer allows viewing of directory
• HTTPS component correctly handles large file transfers
• MLSD correctly returns Virtual folders
• COM method RemoveUser error corrected MX Error: 65280 (0000FF00)”
• COM method RenameUser error corrected
• HTML directory listing links now properly encode for special characters
• Service crash error corrected faulting module to be ntdll.dll
• Error returned incorrect SSH dates corrected
• Correct file information now sent with SSH_FXP_STAT returns
• 403 and 404 errors corrected when there is no list permission (blind) in HTTP/S
• Force auth dbase refresh now works
• Folder listings for 1000+ virtual folders now works
• New Active Directory user accounts can now log in after service restart
• MLST and MSLD no longer return incorrect negative file sizes on files greater than 2GB
• Accounts are no longer incorrectly disabled when using AD and “disable account after X” is not engaged
• Upload button no longer displays in browser even though no upload permissions are available for that user

Changes in 3.2.0 Build 07.07.2006.6

• Optimized internal SMTP client to conform to RFC 2821
• Optimized HTML listing to support RFC 1738 guidelines for special characters (sec. 2.2)
• Corrected problem with log file showing negative numbers for file sizes over 2GB
• Corrected problem with MLSD not returning Virtual Folders as part of the list
• Corrected problem with max transfer speeds preventing users with slower connections from uploading
• Corrected problem with disk quota limit affecting HTTPS transfers
• Corrected problem with SFTP logins for new users using AD Authentication
• Improved error reporting for custom command action triggering

Changes in 3.1.5 Build 04.12.2006.2

• Corrected error when SFTP clients connect to NT/AD Site using password only authentication
• Corrected issue where execution of a custom command with a lengthy parameter line passed to it causes server to crash.
• Corrected error in which settings for require client certificates feature for SSL protocols affected all sites, not only the one on which it was turned on.
• Enhanced On User Account Disable Event Rule to trigger when expiration of user account occurs (based upon site refresh interval)
• Enhanced SFTP server-side logging such that uploads of 0 Byte files are now written to the log file.

Changes in 3.1.4 Build 01.10.2006

• Added SFTP upload/download speed and count reporting to administration GUI
• Corrected issue with public key authentication in SFTP
• Corrected issue with timeout not disconnecting in SFTP
• Corrected issue when creating a site using NTLM authentication with custom domain and group
• Corrected issue with home folder permissions resetting at user's first login
• Corrected issue with impersonation while downloading in HTTP/S
• Improved SetMaxSpace and GetMaxSpace COM methods to use units of KB to allow greater maximum values
• Corrected issue connecting with OpenSSH 3.5 without Show and List permissions on parent folder
• Corrected issue where execution of a custom command with a lengthy parameter line passed to it causes server to crash.

Changes in 3.1.3 Build 10.10.2005

• Improved stability of service caused by unsynchronized access to the SFTP socket state
• Corrected HTML form-based uploads to work properly through a URL containing escape codes
• Corrected issue to allow Windows user impersonation
• Corrected event rule processing when transferring files in PASV mode and containing a command

Changes in 3.1.1 Build 08.08.2005.2

• Fixed service issue related to Windows 2003
• Corrected branding issue in HTTP/S module
• Improved service stability

Changes in 3.1 Build 7.06.2005.3

• Added module for support of HTTP and HTTPS transfers
• Improved registration process
• Known Issues:

  1. Upgrades with a fully registered (not trial) SFTP module may see the SFTP module disabled after upgrading to 3.1. If this happens, re-enter the SFTP serial to re-activate that component.
  2. Those with trial versions of HTTP will need to restart the server service for the HTTP trial to apply.

Changes in 3.0.4 Build 6.15.2005

• Corrected SSH response to MSG_CHANNEL_REQUEST that had flip-flopped the sender and receiver channels. Now properly supports multiple channeled during SFTP session.
• Corrected error in SetPermission() and GetPermission() from the COM Admin module introduced when adding richer error reporting.

Changes in 3.0.3 Build 4.29.2005

• Fixed security vulnerabity due to buffer overflow in FTP command channel
• Improved COM interface error reporting by implementing ISupportErrorInfo interface
• Improved registration wizard to display options upon failed registration

Changes in 3.0.2 Build 4.12.2005

• Corrected file locking problem that caused some files to not appear after uploads (only when a user home folder was specified to be the root folder)

Changes in 3.0.1 Build 3.31.2005

• Corrected memory leaks
• Corrected problem with quota limits for SFTP uploads

Changes in 3.0.0 Build 3.23.2005

• Added MODE Z support with ZLIB compression engine
• Added support to limit the number of total concurrent user logins
• Added support to lock partially uploaded files (clients cannot download files in the process of being uploaded)
• Added support for importing and exporting site configuration data, user settings, site custom commands, and site event rules
• Added support for capturing and displaying connection-activity in real-time
• Improved logging information and provided option for "Standard" and "Verbose" logging
• Added registration wizard
• Enhanced logging mechanisms
• Corrected ability to disable SMTP authorization option
• Corrected issue where Event Rules does not release handles correctly when user redirects output -OR- terminates the process after a certain amount of time
• Corrected issue to properly re-establish lost connections with SQL database using ODBC Authentication
• Enhanced message prompt on Kick User functionality
• Corrected issue with SMTP authorization being disabled
• Corrected issue to log failed login attempts
• Corrected issue that could crash the Administrator GUI when the admin password is NOT remembered
• Corrected issue in receiving BitVise's Tunnelier client SSH/SFTP commands
• Corrected issue with multi-part uploads not always working
• Corrected issue so IIS logging records partial transfers

Changes in 2.0.7 Build 12.20.2004

• Corrected issue with AD Authentication failing to pull GROUP information
• Corrected issue with RNFR and RNTO not returning proper codes
• Corrected issue with COM ICISites section functionality
• Corrected issue with CreatePhysicalFolder failing unless UNIX style path provided
• Corrected issue with trial registration on the Windows 2003 Operating System

Changes in 2.0.6 Build 11.03.2004.2

• Corrected AD Authentication import of large numbers of users
• Corrected incorrect 'modified' date on files
• Corrected issue with ODBC Group Management
• Corrected issue with SFTP event rules using Email/Custom Command parameters
• Corrected issue with STOU command not returning unique filenames
• Corrected issue with deployment of default MS Access db

Changes in 2.0.5 Build 9.08.2004

• Corrected inappropriate SFTP Banner Message ("unexpected packet #53") on server initiated key re-exchange
• Made various SFTP Event Rule improvements
• Event rule parameters now honoring quotes so that embedded spaces are not considered parameter delimiters
• Administration COM DLL bug fixes (CreateUser, Permissions)
• Registration now allows multibyte (MBCS) characters
• Error message / prompt / indication string changes for clarification
• Corrected issue with disappearing users from ftpserver_ids table
• Corrected bug where client password only connections were allowed even though the server required password and certificates for authentication

Changes in 2.0.3 Build 5.16.2004

• Corrected condition where SFTP sometimes returned incorrect file permissions
• Corrected auto-assign home folder logic when NT Auth was used
• Corrected condition where SFTP would always listen on 0.0.0.0:22 regardless of IP settings
• Corrected remote administration problem where selecting SFTP tab would lock the admin GUI from selecting any other tab
• Corrected a defect introduced in 2.0.2 where SFTP public key authentication failed to occur
• Corrected condition where user level settings for protocol restrictions were ignored in favor of site-level restrictions
• Corrected default behavior to include Modified Time as part of MLSD/MLST options
• Corrected a formatting issue with regard to time values returned as a result of an MLSD command sequence
• Corrected security vulnerability where SSH service credentials were being used instead of the connecting user's NTFS permissions when using NT/AD Authentication and SFTP
• Corrected condition where server was returning both virtual and physical folder names in the raw listing (for virtual folders)

Changes in 2.0.2 Build 4.15.2004

• SFTP commands are logged to log file
• Improved SFTP response codes to conform to RFC standard and expectations of clients
• SFTP can now run independently of FTP/FTPS
• Proper handling of NTLM/AD usernames when connecting over SFTP
• Improved Trial Registration mechanisms
• Improved SMTP communication to avoid false positives in SPAM checkers
• Proper handling of home folder creation upon first login

Changes in 2.0.1 Build 3.16.2004

• Corrected two security vulnerabilities (DoS and Buffer Overflow on SITE commands)
• Corrected condition where GUI would crash if connecting while on the VFS tab
• Corrected issue wherein virtual folders would appear in duplicate places in VFS

Changes in 2.0

3/11/2004

• Added Event Rules
• Added support for SFTP (SSH2)
• Added programmatic interface support with COM
• Added support for database polling
• Added option to edit path to authentication provider (database)
• Added support for 1024,2048, and 4096 bit SSL key lengths
• Added feature which makes an expired certificate immediately recognizable in the certificate manager
• Added support for TLS 1.0 (SSL v3.1)
• Added support for Clear Command Channel (CCC) when using SSL
• Added support for server to server transfers using SSCN
• Added support for multiple servers to be managed through the Administrator Interface
• Added feature to specify a future date to expire user accounts
• Added support for Active Directory
• Added support to query domain controller
• Added feature for the input of personal account information
• Added option to use home folder when creating a Site that will use NT or Active Directory Authentication

Changes in 1.2.3

10/17/2003

• Added support for the MDTM command
• Added ability to use a forward slash on NT Authentication logins
• Corrected problem to properly handle Close_Notify sent by SSL client
• Corrected problem in handling of heavy loads under SSL  that caused VFS to "forget" root path (especially on multi-processor machines)
• Corrected problem where server would sometimes close socket prematurely when a client requested a directory listing
• Corrected timestamp logic for file dates without explicit times being listed. This improves synchronization logic

Changes in 1.2.1

7/9/2003

• Corrected problem where SSL download speeds were substantially slower than SSL upload speeds
• Corrected a problem where there was an inconsistency between the change password dialog and the New User Wizard

Changes in 1.2

3/4/2003

• Corrected a problem where downloads using SSL would sometimes transfer an incomplete file
• Corrected a problem where the server was not sending the correct IP address in response to a PORT mode request when the server has multiple IP addresses and the virtual site is listening on any but the first of those addresses
• Added support for files sizes greater than 2 GB
• Corrected issue so that IIS log file format now correctly lists time per operation