VShell(R) Server 3.9.3 (Official) -- September 17, 2013 Copyright (C) 1995-2013 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 3.9.3 (Official) -- September 17, 2013 -------------------------------------------------------- Changes: - VShell now logs the number of connections that are currently open to the server. Bug fixes: - Windows: Under certain high load circumstances, VShell could have stopped accepting new connections for a short period of time. - Windows: On certain platforms, connections that used public-key authentication and loaded the user's profile may have caused the Windows LSASS process to leak memory. - Windows: VShell may have crashed if an unknown packet type was received. - Windows: VShell FTPS could have crashed while processing an incoming data connection. - Windows: VShell may have failed to upload files or create new folders if the destination folder had the Owner Rights security principal specified in the access control list. - Windows: The VShell Control Panel license evaluation dialog was not automatically dismissed after valid license information was entered. Changes in VShell 3.9.2 (Official) -- April 30, 2013 ---------------------------------------------------- New features: - Windows: Added a "saved-credentials" export option to VShellConfig to allow the export of the username and password options that are stored (encrypted) in the registry. - Windows: Added an "all" keyword to VShellConfig to allow the export or import of all VShell registry options and referenced files. - Windows: Optimized the lookup of user public-key files to first try opening the file with the public key's md5 fingerprint as its filename before iterating through all the files in the public-key folder. Changes: - Windows: VShellConfig no longer exports sensitive data by default. This includes the host key files, FTPS certificate files, user database file, and all username and password options that are stored (encrypted) in the registry. - Windows: VShell no longer caches all impersonation failures of the domain controller user. VShell will only cache a failure if the domain controller user was required, but was not configured. Bug fixes: - VShell could have crashed while decoding certain invalid public-key data. - Windows: On certain platforms, public-key authentications could cause the memory usage of the Windows LSASS process to slowly increase. - Windows: On some platforms, access to virtual roots on network shares may have been denied if the user did not have the Windows "Log on locally" security right. - Windows: On the VShell control panel "Common" page, the "Apply" button was not enabled when changing the value of the "Disconnect idle sessions" option. - Windows: The %E download trigger parameter would not always be set correctly when downloading files with certain SFTP clients. - UNIX: VShell FTPS was not translating line endings for ASCII transfers correctly. Changes in VShell 3.9.1 (Official) -- February 05, 2013 ------------------------------------------------------- New features: - The "Log Topic Debug Level" option can now be specified in a per user, group, or location subconfiguration. Changes: - Windows: Restrict the clickable hotspot for several options in the VShell Control Panel to the immediate option text area. Bug fixes: - VShell was not displaying the system error text in the log for some file transfer errors. - Windows: In some cases, access to virtual roots on network shares was denied. - Windows: On the VShell Control Panel Subconfiguration/Location page, the "Config" field was extended so that longer subconfiguration paths can be displayed in full. Changes in VShell 3.9 (Official) -- November 13, 2012 ----------------------------------------------------- New features: - Support for Windows Server 2012. - Support for Windows 8 (excluding Metro). Changes in VShell 3.9 (Beta 3) -- October 30, 2012 -------------------------------------------------- New features: - Added support for SSH_FXF_BLOCK_READ, SSH_FXF_BLOCK_WRITE, and SSH_FXF_BLOCK_DELETE SFTP open flags. Changes: - Changed the message that is logged when a user could not be found on the system to clarify what problem occurred. Bug fixes: - Under heavy load, VShell FTPS could crash if an error condition occurred. - VShell FTPS could crash if errors occurred during initialization of the data connection. Changes in VShell 3.9 (Beta 2) -- October 11, 2012 -------------------------------------------------- Changes: - Windows: Removed the "Subscribe to Newsletter now?" option from the VShell installer. Bug fixes: - Windows: In some circumstances, VShell could have crashed when keyboard-interactive authentication was attempted with an unknown user. - Windows: Users may not have had access to their virtual roots during a configuration save. Changes in VShell 3.9 (Beta 1) -- September 13, 2012 ---------------------------------------------------- New features: - Connection filters can now be applied on a per user or group basis through the use of subconfigurations. - VShell now sends the hostkey during GSSAPI based key-exchange per the optional SSH_MSG_KEXGSS_HOSTKEY message described in RFC 4462. - Windows: The virtual roots per user file and directory permissions can now be configured using the VShellConfig command-line utility. - Windows: The "Use single virtual root" option can now be specified on a per location, group, and user basis, through the use of subconfigurations. - Windows: Added support for SSH agent forwarding. VShell for UNIX already supports agent forwarding. - Windows: When public-key authentication is required, public keys can now be uploaded to the server automatically after successful password authentication. - UNIX: VShell with FTP over SSL (FTPS) support is now available on all supported platforms. The vshell-ftpsd server runs in parallel with the vshelld SSH2 server. It honors existing vshelld settings for SFTPVirtualDirectories, AccessControl, ConnectionFilterTableV2, ChrootUsers/ChrootGroups, all trigger commands (e.g., LoginCommand, LoginCommand, etc.), and logging options. - UNIX: Support for Solaris 11 x86 and x64 platforms. - UNIX: Support for FreeBSD 9.0 x86 and x64 platforms. - UNIX: Support for SUSE Linux Enterprise Server 11 x86 and x64 platforms. - UNIX: Support for OpenSUSE 12 x86 and x64 platforms. - VRALib: Added support for keyboard-interactive authentication to the AuthenticationMethods property. The AddChallengeResponse method was added to provide support for more complex challenge response systems. - VRALib: Added object IBinaryStream that supports streaming binary files. Supporting functions were added to the IRemoteExec, iFileSystemObject, and IFileObject objects. - VRALib: The Connection object has a new KexMethods property that can be used to get or set the key exchange algorithms. - VRAlib: Added Version and Revision properties to the License object. - vcp/vsftp: Added support for the syntax user@domain@host for authentication. - vkeygen: Added the command-line flag "-O", which specifies that the keys should be generated in the OpenSSH format. Changes: - Windows: VShell no longer uses the Windows Side-by-Side (WinSxS) assembly in order to address issues with other applications removing dependent DLLs which could result in the VShell service or control panel failing to start. - Modified default values for some file transfer related window, packet, and buffer sizes. This change has shown an increase in file transfer speeds for many SFTP clients. - Use reasonable default values for statvfs when actual values cannot be determined. Bug fixes: - VShell could have crashed if a client sent all of the read requests that were required to get a file at once before it started processing any responses to the requests. - When using subconfigurations, some options were mistakenly using the default values instead of the configured values from the main configuration. - VShell could have started dropping connections if username lookup was taking a long time. - VShell could have crashed if key re-exchange occurred while the connection was being disconnected. - Windows: The LSA module was logging that settings had changed multiple times each time a change was made. - Windows: Access to virtual roots may have been denied after using VShellConfig to import a configuration file. - Windows: The LSA authentication module could have stopped authenticating users if a domain controller user was required and the impersonation of that domain controller user failed. - Windows: A VShellConfig export operation could hang and cause the CPU to be pegged if the drive letter of any path exported did not exist on the system. - Windows: VShell could crash if the virtual root directory permissions were all disabled, and at least one file permission was enabled. - Windows: VShell FTPS could hang if a client requested SSL renegotiation. - Windows: In rare circumstances, some file operation triggers may not have completed if the VShell service was running as a user other than System and a user from the internal user database was connecting. - Windows: The "Do not allow more than <#> connections per user" option was not working with VShell FTPS connections. - Mac: VShell could not be installed on OS X 10.8 (Mountain Lion) without disabling the gatekeeper. - UNIX: The user's group membership may not have been determined correctly on some platforms. - UNIX: VShell erroneously sent STDERR data as STDOUT. - UNIX: vshelld was not sending the correct remote IP to the PAM access control module. - UNIX: VShell may not have honored the "Idle Timeout" setting. - UNIX: VShell was not honoring the AuthenticationsAllowed option in a subconfiguration. - vsftp: If the "--log" flag was specified, the prompt was not displayed correctly. - vsh: ~ escape processing did not work if the server did not give a channel window (e.g., server denied shell access). - vcp/vsftp/VRALib: In very rare cases, a transfer could stall due to a race condition. - VRALib: If wildcards were used to transfer files using the FileTransfer object and the AutoDeleteSourceFiles property, not all source files were deleted. - VRALib: A warning was reported by the type library importer for the PrivateKeyFile property. - VRALib: Connection.FileSystemObject() returned success when the SFTP channel had closed unexpectedly. - VRALib: The call to Connection.Identify() did not fail when called on an unlicensed VShell server even though the attempt to get the identity string failed.