SecureCRT® 3.4.8 (Official) -- January 21, 2003 Copyright © 1995-2003 VanDyke Software, Inc. All rights reserved. This file contains a SecureCRT product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration and contact information, please refer to Readme.txt (downloaded with this installation). Changes in SecureCRT 3.4.8 (Official) ------------------------------------- Bug fixes: - SecureCRT failed to scrub usernames, passwords, and passphrases from memory after use. Scrubbing memory prevents an attacker with access to memory or a memory dump from getting authentication information. Changes in SecureCRT 3.4.7 (Official) ------------------------------------- Bug fixes: - Using the SAM tool on HP-UX resulted in screen artifacts due to an emulation error related to the handling of the cursor position. - SSH2: 8-bit ASCII characters were being translated into UTF-8 when entered into the password or username dialog, preventing the user from logging onto the remote host. They are now sent as 8-bit ASCII when the remote host is not VShell. - Changes to the session config for the current session were not being saved. Changes in SecureCRT 3.4.6 (Official) ------------------------------------- Changes: - If compression is enabled in SecureCRT and the remote host does not support compression, SecureCRT now falls back to compression "None" rather than disconnecting. - Restored pre-3.4 ability to set logical and physical window sizes independently. - Changed the default VT100 keymap from "VT100" to "Default". Bug fixes: - SSH1: Fixed a buffer overflow which could occur if a server-specific identifier string was more than the specified 40 bytes long. This could result in a malicious SSH1 server executing arbitrary code. - SSH1, Telnet, and rlogin: Sessions could display an unformatted error. - VCP: VCP hung when connecting to a misconfigured OpenSSH server. - SecureCRT crashed when the Confirm Disconnect dialog was closed while a timeout dialog was up. - If the Auto reconnect option was on, the session would reconnect after a manual disconnect. - The Reconnect button did not work if the session being reconnected to was the auto session. - Zmodem uploads hung when the user did not have read access to the file being uploaded. Changes in SecureCRT 3.4.5 (Official) ------------------------------------- Bug Fixes: - The administrative option for disabling the saving of passwords was not being honored. - Auto reconnect was not attempting to reconnect in some cases. - SecureCRT could hang when using telnet and pressing CTRL+C while a large amount of data was being sent to the screen. - Toggling the NUNMLOCK key did not work properly. Changes in SecureCRT 3.4.4 (Official) ------------------------------------- Changes: - SSH2: Added support for OpenSSH's ClientAliveInterval and ClientAliveCountMax. - Added Xmodem category to the Session Options dialog, which allows the packet size to be set to 128 bytes or 1024 bytes for Xmodem uploads. Changes in SecureCRT 3.4.3 (Official) ------------------------------------- Bug fixes: - SSH2: SecureCRT could crash due to timing issues that occurred when a disconnect was followed by an immediate reconnect. - If the "Scale the font" option was set, the font was not scaled when the terminal was switched from 80-column mode to 132-column mode. - Attempts to underline text by overprinting during pass-through printing only showed the underline characters. - When the "Narrow font" option was set in the Session Options, the normal font type was changed to the narrow font type after using narrow font mode. Changes: - VCP: Added command-line switch (-noprompt) which causes a transfer to fail when input is required (e.g., hostkey, password, etc.). This prevents automated scripts via AT from running forever. - In order to be more compatible with the JAWS screen reader accessibility software, the cursor style can now be changed when the "Use trackable insertion carat" option is set. Changes in SecureCRT 3.4.2 (Official) ------------------------------------- Bug fixes: - SSH1: By entering a username or password with 300 characters or more, it was possible to overflow SecureCRT's buffer. - When "Use auto session" was set, changes made to the session configuration were not saved. Changes: - Added the euro symbol to the VT100 fonts as character 0x80. - The license text in the About box is now selectable. Changes in SecureCRT 3.4.1 (Official) ------------------------------------- Bug fixes: - SSH2: SecureCRT hangs if key exchange fails or other disconnect is sent from the server. - SSH2: SecureCRT crashes after several authentication attempts if the user repeatedly cancels the prompt for a password. - Hold Screen mode was not being cleared on disconnect. - In VT220 emulation 8-bit mode, the escape sequences CSI, IND, RI, and NEL could be ignored. - When running a VBScript that sent the output to the remote machine, SecureCRT crashed if non-zero values were used for line or character send delays values. - In keymap files, comments could not be on the same line as a key assignment. Changes in SecureCRT 3.4 (Official) ----------------------------------- Bug fixes: - When "Scale the font" was enabled, the last row in the window was cut off for certain TrueType fonts. - When receiving large amounts of data from the remote server, some data received was written multiple times for both ASCII receive and raw logging. - Under Windows XP, when a roaming profile was used, SecureCRT would fail to create the configuration data folder. Changes in SecureCRT 3.4 (beta 3) --------------------------------- New features: - VCP: Added firewall support for SOCKS4 and SOCKS5 without authentication. - VCP: Added command-line switch (-preserve) which preserves file attributes such as file dates and permissions when copying. - Added a global accessibility option to use a trackable insertion caret. Turning on this option allows screen magnification programs to track the position of the caret. - Added a VShell terminal emulation option to SecureCRT. - Added a new toolbar button that starts SecureFX if it is installed. Changes: - The number of local and remote port-forwarded connections is no longer limited to 32. Bug fixes: - VCP: If the server had keyboard interactive turned on but not configured, authentication always failed. VCP no longer retries keyboard-interactive authentication if the server fails it without ever starting keyboard authentication. - VCP: If an invalid cipher was specified on the command line, VCP did not display the complete list of ciphers and MACs. - SSH2: For remote port-forwarding requests, IPv6 addresses were unconditionally rejected. If the address string begins with "::FFFF:", it is now removed since this is a IPv4 address encoded in IPv6. - Serial: Under Windows 2000, SecureCRT incorrectly reported an error 0 on an RS232 error. - When the ANSI escape code (ESC, C) was used to reset the terminal, the line wrap emulation mode was always turned off. During a soft reset, the emulation modes are now set to the initial values. - Zmodem transfers failed using Omen Technologies sz with -e option. ZDLE+l and ZDLE+M escape sequences for 0177 and 0377 are now handled. - When the "Scale the font" option was on, there were display problems for some TrueType fonts such as Courier New and Andale Mono. - Sessions that were started in a minimized state and had the "Synchronize view to size" option turned on could have problems when the window was resized. - Send strings could not contain embedded quotes. - The blinking cursor stopped blinking if focus was moved to the chat window and back again. - The "Open Selection as URL" context menu item was available when the mouse was clicked above or below the current selection. Changes in SecureCRT 3.4 (beta 2) --------------------------------- New features: - VCP: Added a command line switches for passphrase (-p) and password (-pw). Changes: - SSH2: In the Host Keys category under SSH2 in the Global Options dialog, the list control containing the host keys is now sorted. - In the Color Schemes category of the Global Options dialog, the list containing the color schemes is now sorted. - Added three new commands to the Help menu that link to the SecureCRT web page, the SecureCRT order page, and the SecureCRT download page. Bug fixes: - VCP: When the destination folder was the root of a DOS drive (e.g., c:\), the copy failed. - VCP: When multiple source files were specified, the copy failed. - SSH2: If the remote server did not support the new GEX (group exchange), the session disconnected with the following error message: "The prime proposed for use during key exchange is too big, and cannot be used." GEX is now disabled if the remote server does not support GEX. - Color scheme was case sensitive. This applied when adding a new color scheme and when the color scheme is passed on the command line. - When the "Scale the font" option was on, if the user pressed OK from the Font dialog without making any changes, the font sometimes changed, causing the window to resize. Changes in SecureCRT 3.4 (beta 1) --------------------------------- New features: - SSH2: Added OpenSSH ssh-agent forwarding support. - SSH2: Added smart card (X.509 certificate) support for public key authentication. - SSH2: Added keyboard interactive authentication. - SSH2: Added support to view, import, export, and delete host keys. - SSH2: Added support for Diffie-Hellman Group Exchange. - SSH2: Added registry option to disable the saving of usernames. - SSH2 and telnet: Added support for sending a NO-OP to the server at a specified interval to prevent idle timeouts. - SSH1 and SSH2: Added /PASSPHRASE command-line option. - Telnet: Added NTLM authentication. - Added an option to scale the font size (instead of changing the number of rows and columns) when the application window is resized. - Added Reconnect dialog, displayed prior to auto-reconnecting, that provides the option to cancel the reconnect. - Added VT220 support for programming the function keys with an escape sequence. - Added /COLOR_SCHEME command-line option. Changes: - SSH1 and SSH2: Password dialog now displays username and hostname. - SSH1 and SSH2: The lock icon now appears as soon as the cipher has been negotiated. Previously, it did not appear until the authentication had been completed. - Changed F1-F5 in the Linux keymap to reflect the mappings required for Midnight Commander. - Added option to change the configuration folder. - The keyboard emulation is now selected automatically depending on the terminal emulation. It can be overridden using the "Select an alternate keyboard emulation" option. - "Suspend output" is displayed in the status bar if the user presses CTRL+S when local flow control is on. - "Hold screen" is now displayed in the status bar when the VT_HOLD_SCREEN command is sent (mapped to the F1 key in the VT220 keymap) until it is sent again. - In the Connect dialog, now opens/closes the selected folder. - Character and line send delays are now applied to "Automate Login" scripts. - Activator: When Explorer is restarted, the Activator tray icon is re-added to the tray. Bug fixes: - SSH2: The "Save username" check box on the Enter SSH Username dialog was always visible. It is now hidden when the registry key "Save Usernames" exists and has a value of 0. - SSH2: For port-forwarding requests, IPv6 addresses were unconditionally rejected. If the address string begins with "::FFFF:", it is now removed since this is a IPv4 address encoded in IPv6. - SSH1 and SSH2: When editing global options, the changes were saved even if the dialog was cancelled. - SSH1 and SSH2: Support for generic proxy was broken. - VCP: When used with VShell's tty mode, the prompt was not being echoed. - VCP: VCP always returned a 0 status value even when a failure occurred. - Scrolling performance was slow under Linux (especially directory listings). - The Help window was always on top of its parent SecureCRT window. - Flashing text was sometimes invisible when the SecureCRT lost focus. - SecureCRT did not respond properly to the DEC exit vt52 mode command (ESC <). - When "Auto reconnect" was enabled, a crash could occur when trying to close a window that could not reconnect. - Under Windows 2000, SecureCRT crashed after startup when a LAN printer resource was unavailable. - Excessive warning dialogs were displayed, especially during port forwarding or when using "Auto reconnect". - SecureCRT crashed when running a script that sent enough data to overflow the TCP window. - In order to avoid a clipboard deadlock problem (most notably under Windows Terminal Server), the method SecureCRT used to detect data on the clipboard was changed. - In the options dialogs, the path for the currently specified file was not always used when the File Open dialog was displayed. - Character cells that were marked with the INVISIBLE graphics attribute would be printed when Print Screen was selected. - Added support for the ANSI back-tab escape sequence, CSI n Z. - Due to a keymap problem, local flow control was broken. - "Open Selection as URL" failed when using column select.