Secure FTP Server Version History Changes in 3.3.10 Fixed SFTP protocol command validation Eliminated Memory leak in authentication manager. Eliminated crash in SFTP. Changes in 3.3.7 Updated SSH libraries. Improved audit logger database connectivity. Changes in 3.3.5 Improved compatibility with Filezilla FTP client. Improved compatibility with z/OS systems. Improved resource usage when uploading via HTTP. Changes in 3.3.1 Corrected problem with inheritance and resulting folder permissions Changes in 3.3.0 MD5 functions not thread safe causes crash - Repaired Auto-lockout now resets on successful login (SFTP) Corrected COM Memory leak when creating users MLST now works according to specifications COM method SetMaxSpace inputs correct amount Corrected error where E-mail notifications fail in certain scenarios Corrected error when restoring key from backup location Show in list unchecked no longer allows viewing of directory HTTPS component correctly handles large file transfers MLSD correctly returns Virtual folders COM method RemoveUser error corrected MX Error: 65280 (0000FF00)” COM method RenameUser error corrected HTML directory listing links now properly encode for special characters Service crash error corrected faulting module to be ntdll.dll Error returned incorrect SSH dates corrected Correct file information now sent with SSH_FXP_STAT returns 403 and 404 errors corrected when there is no list permission (blind) in HTTP/S Force auth dbase refresh now works Folder listings for 1000+ virtual folders now works New Active Directory user accounts can now log in after service restart MLST and MSLD no longer return incorrect negative file sizes on files greater than 2GB Accounts are no longer incorrectly disabled when using AD and “disable account after X” is not engaged Upload button no longer displays in browser even though no upload permissions are available for that user Changes in 3.2.0 Build 07.07.2006.6 Optimized internal SMTP client to conform to RFC 2821 Optimized HTML listing to support RFC 1738 guidelines for special characters (sec. 2.2) Corrected problem with log file showing negative numbers for file sizes over 2GB Corrected problem with MLSD not returning Virtual Folders as part of the list Corrected problem with max transfer speeds preventing users with slower connections from uploading Corrected problem with disk quota limit affecting HTTPS transfers Corrected problem with SFTP logins for new users using AD Authentication Improved error reporting for custom command action triggering Changes in 3.1.5 Build 04.12.2006.2 Corrected error when SFTP clients connect to NT/AD Site using password only authentication Corrected issue where execution of a custom command with a lengthy parameter line passed to it causes server to crash. Corrected error in which settings for require client certificates feature for SSL protocols affected all sites, not only the one on which it was turned on. Enhanced On User Account Disable Event Rule to trigger when expiration of user account occurs (based upon site refresh interval) Enhanced SFTP server-side logging such that uploads of 0 Byte files are now written to the log file. Changes in 3.1.4 Build 01.10.2006 Added SFTP upload/download speed and count reporting to administration GUI Corrected issue with public key authentication in SFTP Corrected issue with timeout not disconnecting in SFTP Corrected issue when creating a site using NTLM authentication with custom domain and group Corrected issue with home folder permissions resetting at user's first login Corrected issue with impersonation while downloading in HTTP/S Improved SetMaxSpace and GetMaxSpace COM methods to use units of KB to allow greater maximum values Corrected issue connecting with OpenSSH 3.5 without Show and List permissions on parent folder Corrected issue where execution of a custom command with a lengthy parameter line passed to it causes server to crash. Changes in 3.1.3 Build 10.10.2005 Improved stability of service caused by unsynchronized access to the SFTP socket state Corrected HTML form-based uploads to work properly through a URL containing escape codes Corrected issue to allow Windows user impersonation Corrected event rule processing when transferring files in PASV mode and containing a command Changes in 3.1.1 Build 08.08.2005.2 Fixed service issue related to Windows 2003 Corrected branding issue in HTTP/S module Improved service stability Changes in 3.1 Build 7.06.2005.3 Added module for support of HTTP and HTTPS transfers Improved registration process Known Issues: 1. Upgrades with a fully registered (not trial) SFTP module may see the SFTP module disabled after upgrading to 3.1. If this happens, re-enter the SFTP serial to re-activate that component. 2. Those with trial versions of HTTP will need to restart the server service for the HTTP trial to apply. Changes in 3.0.4 Build 6.15.2005 Corrected SSH response to MSG_CHANNEL_REQUEST that had flip-flopped the sender and receiver channels. Now properly supports multiple channeled during SFTP session. Corrected error in SetPermission() and GetPermission() from the COM Admin module introduced when adding richer error reporting. Changes in 3.0.3 Build 4.29.2005 Fixed security vulnerabity due to buffer overflow in FTP command channel Improved COM interface error reporting by implementing ISupportErrorInfo interface Improved registration wizard to display options upon failed registration Changes in 3.0.2 Build 4.12.2005 Corrected file locking problem that caused some files to not appear after uploads (only when a user home folder was specified to be the root folder) Changes in 3.0.1 Build 3.31.2005 Corrected memory leaks Corrected problem with quota limits for SFTP uploads Changes in 3.0.0 Build 3.23.2005 Added MODE Z support with ZLIB compression engine Added support to limit the number of total concurrent user logins Added support to lock partially uploaded files (clients cannot download files in the process of being uploaded) Added support for importing and exporting site configuration data, user settings, site custom commands, and site event rules Added support for capturing and displaying connection-activity in real-time Improved logging information and provided option for "Standard" and "Verbose" logging Added registration wizard Enhanced logging mechanisms Corrected ability to disable SMTP authorization option Corrected issue where Event Rules does not release handles correctly when user redirects output -OR- terminates the process after a certain amount of time Corrected issue to properly re-establish lost connections with SQL database using ODBC Authentication Enhanced message prompt on Kick User functionality Corrected issue with SMTP authorization being disabled Corrected issue to log failed login attempts Corrected issue that could crash the Administrator GUI when the admin password is NOT remembered Corrected issue in receiving BitVise's Tunnelier client SSH/SFTP commands Corrected issue with multi-part uploads not always working Corrected issue so IIS logging records partial transfers Changes in 2.0.7 Build 12.20.2004 Corrected issue with AD Authentication failing to pull GROUP information Corrected issue with RNFR and RNTO not returning proper codes Corrected issue with COM ICISites section functionality Corrected issue with CreatePhysicalFolder failing unless UNIX style path provided Corrected issue with trial registration on the Windows 2003 Operating System Changes in 2.0.6 Build 11.03.2004.2 Corrected AD Authentication import of large numbers of users Corrected incorrect 'modified' date on files Corrected issue with ODBC Group Management Corrected issue with SFTP event rules using Email/Custom Command parameters Corrected issue with STOU command not returning unique filenames Corrected issue with deployment of default MS Access db Changes in 2.0.5 Build 9.08.2004 Corrected inappropriate SFTP Banner Message ("unexpected packet #53") on server initiated key re-exchange Made various SFTP Event Rule improvements Event rule parameters now honoring quotes so that embedded spaces are not considered parameter delimiters Administration COM DLL bug fixes (CreateUser, Permissions) Registration now allows multibyte (MBCS) characters Error message / prompt / indication string changes for clarification Corrected issue with disappearing users from ftpserver_ids table Corrected bug where client password only connections were allowed even though the server required password and certificates for authentication Changes in 2.0.3 Build 5.16.2004 Corrected condition where SFTP sometimes returned incorrect file permissions Corrected auto-assign home folder logic when NT Auth was used Corrected condition where SFTP would always listen on 0.0.0.0:22 regardless of IP settings Corrected remote administration problem where selecting SFTP tab would lock the admin GUI from selecting any other tab Corrected a defect introduced in 2.0.2 where SFTP public key authentication failed to occur Corrected condition where user level settings for protocol restrictions were ignored in favor of site-level restrictions Corrected default behavior to include Modified Time as part of MLSD/MLST options Corrected a formatting issue with regard to time values returned as a result of an MLSD command sequence Corrected security vulnerability where SSH service credentials were being used instead of the connecting user's NTFS permissions when using NT/AD Authentication and SFTP Corrected condition where server was returning both virtual and physical folder names in the raw listing (for virtual folders) Changes in 2.0.2 Build 4.15.2004 SFTP commands are logged to log file Improved SFTP response codes to conform to RFC standard and expectations of clients SFTP can now run independently of FTP/FTPS Proper handling of NTLM/AD usernames when connecting over SFTP Improved Trial Registration mechanisms Improved SMTP communication to avoid false positives in SPAM checkers Proper handling of home folder creation upon first login Changes in 2.0.1 Build 3.16.2004 Corrected two security vulnerabilities (DoS and Buffer Overflow on SITE commands) Corrected condition where GUI would crash if connecting while on the VFS tab Corrected issue wherein virtual folders would appear in duplicate places in VFS Changes in 2.0 3/11/2004 Added Event Rules Added support for SFTP (SSH2) Added programmatic interface support with COM Added support for database polling Added option to edit path to authentication provider (database) Added support for 1024,2048, and 4096 bit SSL key lengths Added feature which makes an expired certificate immediately recognizable in the certificate manager Added support for TLS 1.0 (SSL v3.1) Added support for Clear Command Channel (CCC) when using SSL Added support for server to server transfers using SSCN Added support for multiple servers to be managed through the Administrator Interface Added feature to specify a future date to expire user accounts Added support for Active Directory Added support to query domain controller Added feature for the input of personal account information Added option to use home folder when creating a Site that will use NT or Active Directory Authentication Changes in 1.2.3 10/17/2003 Added support for the MDTM command Added ability to use a forward slash on NT Authentication logins Corrected problem to properly handle Close_Notify sent by SSL client Corrected problem in handling of heavy loads under SSL that caused VFS to "forget" root path (especially on multi-processor machines) Corrected problem where server would sometimes close socket prematurely when a client requested a directory listing Corrected timestamp logic for file dates without explicit times being listed. This improves synchronization logic Changes in 1.2.1 7/9/2003 Corrected problem where SSL download speeds were substantially slower than SSL upload speeds Corrected a problem where there was an inconsistency between the change password dialog and the New User Wizard Changes in 1.2 3/4/2003 Corrected a problem where downloads using SSL would sometimes transfer an incomplete file Corrected a problem where the server was not sending the correct IP address in response to a PORT mode request when the server has multiple IP addresses and the virtual site is listening on any but the first of those addresses Added support for files sizes greater than 2 GB Corrected issue so that IIS log file format now correctly lists time per operation