VShell(R) Server 3.5.4 (Official) -- September 10, 2009 Copyright (C) 1995-2009 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 3.5.4 (Official) -- September 10, 2009 -------------------------------------------------------- Changes: - Windows: The default value for the "Automatically delete log files older than days" option was changed from 30 days to 90 days. Bug fixes: - Windows FTPS: Incorrect reply codes were sent in response to some FTP commands. - Windows: VShellConfig was not logging an error when a configuration import failed due to an installation directory conflict. Changes in VShell 3.5.3 (Official) -- March 31, 2009 ---------------------------------------------------- New features: - Official support for Windows 2008. - VShell FTPS: A Certificate Signing Request (CSR) file is now generated when the VShell administrator creates a self- signed certificate from the Control Panel. - VShell FTPS: The expiration date can now be specified when creating a self-signed certificate used by the FTPS server. Changes: - Added FTPS to the Access Control category in the VShell Help. Bug fixes: - In rare circumstances, VShell could respond with a prime that was outside of the size requested by the client during Diffie-Hellman key exchange. Changes in VShell 3.5.2 (Official) -- December 2, 2008 ------------------------------------------------------ Changes: - Windows: Accounts defined in the VShell internal user database are no longer case sensitive. - The default cipher list has been modified to prefer the AES ciphers in CTR mode. This change was made to address a potential vulnerability. See the following web page for more information. http://www.vandyke.com/support/advisory/2008/12/cpni-957037.html The cipher change is currently available on Windows, FreeBSD, and Mac OS X platforms. The change is not yet available on AIX, HP-UX, RedHat Enterprise Linux, and Solaris platforms. Bug fixes: - Windows: VShell FTPS was not properly shutting down the SSL/TLS connection. - UNIX: SCP file transfer operations could fail with very large files on some AIX systems. Changes in VShell 3.5.1 (Official) -- October 2, 2008 ----------------------------------------------------- Bug fixes: - Windows: Users authenticating to VShell with both public key and password may not have had access to network shares if the public-key authentication occurred first. - Windows: VShell installation could have failed on some non-English versions of Windows. - Windows: The LSA authentication module did not honor the W3C logging format option. - UNIX: vshelld could crash on some platforms if the window size requested was abnormally large. Changes in VShell 3.5 (Official) -- August 21, 2008 --------------------------------------------------- Bug fixes: - Windows: Public-key-only authentication could have failed in some complex domain environments. Changes in VShell 3.5 (Beta 2) -- July 31, 2008 ----------------------------------------------- Changes: - Windows: Added an "Advanced" page to the Control Panel that allows the user to enable or disable the internal user database. - Windows: The User Database page is only displayed when the "Enable user database" option is checked. Bug fixes: - Windows: The VShell SSH2 service name was not being logged in the W3C log format x-source field. - Windows: File transfer actions performed by a user from the internal database were logged as the system user that was impersonated. - Windows: VShell could crash when a SCP file transfer operation specified a certain path variant. - Windows: Selecting "Apply" in the VShell Control Panel could cause a warning about the user database file being modified. - Windows: VShell could crash with certain remote exec strings. - Windows: VShell could crash if a user from a different forest attempted to log in without fully qualifying the username. - Windows: Network drive mappings established when connecting to VShell were not released when the session was disconnected. - VShell with FTPS: Changes to the "Require encrypted connection" option were not saved if there were no implicit listen addresses specified. Changes in VShell 3.5 (Beta 1) -- July 10, 2008 ----------------------------------------------- Three New Editions of VShell with FTP over SSL (FTPS) Support: - VShell with FTPS is now available in Administrator, Workgroup, and Enterprise Editions. - Secure file transfer using the FTP protocol in which all data sent or received is protected by SSL/TLS based encryption. - The FTPS module honors existing VShell settings for Virtual Roots, Access Control Lists, Connection Filters, Triggers, Deny Host, Logging, and User Database. New features: - Windows: New W3C Extended Log File format. For new installs, this option is on by default. This optional log format can be configured on the VShell Control Panel Logging page. - Windows: Logging to the Windows Event Log can now be configured through the VShell Control Panel. - Windows: The Virtual Roots interface has been updated to provide a larger viewable area and to allow the listed roots to be sorted by the Virtual Root name or the Alias name. - Windows: Added the ability to create VShell specific user accounts, which are separate from Windows system accounts. Users can be created from the User Database page in the VShell Control Panel. - Windows: VShell "who" command-line utility will now allow administrators to disconnect active sessions. - Windows: New VShell Control Panel RunAs Commands page allows configuration of commands that can be remotely executed as a different user than the currently authenticated user. - Windows: New SFTP extension gives the user the ability to "su" to another user during the connection. The client used must support the sftp-su@vandyke.com SFTP protocol extension. - Windows: VShellConfig command-line utility can add, edit, or delete users from the VShell internal user database. - Windows: Persistent network drive mappings are now available when logged into VShell. - Windows: VShell services can be started and stopped from the VShell Control Panel. - VShell can now log to both syslog and syslog-ng servers. - New trigger parameter that allows the passing of the current date to a trigger script. - Concurrent connection limits can now be specified on a per- location, per-group, and per-user basis through the use of subconfigurations. - Support for SFTP version 6. - New log events for SFTP chmod, chgrp and chown commands. - UNIX: Option to control what permission checking vshelld does on a user's publickey folder during authentication. - UNIX: Support for Redhat Enterprise Linux 5.0. - UNIX: Support for Mac OS X on x86 architecture. - UNIX: Support for FreeBSD 7.0. - UNIX: Support for the posix-rename@openssh.com SFTP protocol extension. - UNIX: Added support for Pluggable Authentication Modules (PAM) to the AIX 5.2 and AIX 5.3 VShell versions (all other VShell for UNIX versions already included PAM support). - Added --log option to the command-line clients, which enables them to log all output to a file. - vsftp: Added a "view" command which downloads the specified file and opens it in the default editor or appropriate application. - vsftp: Added a batch option (-b) to read in a list of commands from a file. - vsftp: Added the commands "exit", "continue", and "exit-all" which provide control over how errors are handled in batched commands. - vsftp: Added a "detail" command which displays the system information for the specified file. Changes: - Windows: Reorganized VShell Control Panel pages based on SSH2, FTPS, and common functionality. - Windows: The option to automatically delete VShell log files older than the specified number of days is now on by default with a value of 30 days. - Windows: Increased the size of the VShell Control Panel. - Windows: Renamed the VShell Control Panel SFTP page to Virtual Roots. - Windows: Command-line utility help now included with the VShell Help file. - UNIX: Message logged when a vshelld trigger child process fails. Bug fixes: - Windows: Public-key authentication could have failed if Kerberos Protocol Transition was enabled and the User Principal Name (UPN) was not in a user@domain.name format. - Windows: When using public-key authentication, the user's group membership may not have been determined correctly. - Windows: When port forwarding SFTP traffic through VShell, transfer speeds were very slow. - Windows: VShell would leak memory if a client attempted to authenticate using the GSSAPI (with mic) authentication method. - Windows: VShell Control Panel would crash on startup if the access control list was empty. - Windows: The VShell Control Panel Cipher page would show that all ciphers were enabled even if they had previously been deselected. - Windows: Public-key authentication would fail if the user did not have "Log on locally" rights. - VShell would not accept connections from SFTP clients that sent a SFTP version packet with a value of zero. - VShell would report a 0 concurrent connection limit if the license used contained a "Maintenance Expiration" feature. - The %C trigger variable could have had a value of "0", indicating success, when the file transfer operation was interrupted by a disconnect. - An extra space was sent with the identification string when the RevealVersionInfo option was set to false. - UNIX: Users that were allowed unrestricted file system access and also matched a virtual directory defined in vshelld_config could only access the virtual directory. - UNIX: File transfer operations could fail with very large files on some AIX systems. - vcp: Under certain circumstances, vcp immediately disconnected after connecting to an SSH Communications server.