VShell(R) Server 4.0.5 (Official) -- December 18, 2014 Copyright (C) 1995-2014 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 4.0.5 (Official) -- December 18, 2014 ------------------------------------------------------- Changes: - VShell FTPS: In order to address the POODLE attack, SSL 3.0 is now disabled by default. - VShell FTPS: SSL protocol negotiation information was not logged for FTPS implicit connections. - UNIX: If a system call fails with an "Interrupted system call" or "Resource temporarily unavailable" error, VShell will now retry the call for up to five minutes. Bug fixes: - The %C trigger parameter could have had a value of 0, indicating success, when a transfer was interrupted. - Windows: VShell could have launched multiple upload triggers and crashed if an SCP transfer was interrupted. - Windows: When running the VShell installation as the SYSTEM user, custom actions (e.g., starting services, registering VShell Monitor, creating shortcuts, etc.) may not have succeeded. - VShell FTPS: Changed the source port that VShell binds to for PORT data connections to be the listen address port minus one, as specified in RFC 959. Changes in VShell 4.0.4 (Official) -- September 25, 2014 -------------------------------------------------------- New features: - Windows: For those installing VShell using automated deployment tools that must run as system, two new command-line options have been added to help facilitate this: - The INSTALLTO option allows the VShell installation directory to be specified. - The STARTSERVICES option allows control over whether to start the installed services after installation completes. Changes: - UNIX: If a system call results in an "Interrupted system call" error, VShell will now retry the call up to ten times. Bug fixes: - VShell was not correctly advertising support for the SFTP file hashing extension. - VShell was incorrectly applying double quotes when the %P trigger parameter was combined with other non-substitution text. - When certain trigger parameters (%S, %C, %G) were part of an uploaded filename, the %P (filename) parameter may have had those parameters replaced with the actual values. - Windows: In rare cases, VShell could have crashed due to a Microsoft system call failing in an unexpected way. - Windows: File downloads could fail from VShell when using Bitvise's SFTP client with the "Auto Std" transfer mode enabled. - Windows: VShell was not installing for all users when the installation was ran in silent mode. - Windows: If both VShell and VShell FTPS services are installed and using the deny hosts file, one of the services may have failed to read changes due to a file sharing issue. Changes in VShell 4.0.3 (Official) -- June 26, 2014 --------------------------------------------------- Vulnerabilities: - On Mac OS X, VShell-FTPS now includes OpenSSL version 1.0.1h which addresses several recently discovered OpenSSL vulnerabilities. Please refer to the following page for details: http://www.openssl.org/news/vulnerabilities.html VShell-FTPS was only vulnerable to CVE-2014-0224. Bug fixes: - Windows: VShell Login and Logout triggers would not fire if they were conditionalized for a specific user. Changes in VShell 4.0.2 (Official) -- April 22, 2014 ---------------------------------------------------- Vulnerabilities: - On Mac OS X, VShell-FTPS now includes OpenSSL version 1.0.1g which contains a fix for the OpenSSL Heartbleed bug. Only VShell-FTPS 4.0.0 and 4.0.1 on Mac OS X were directly vulnerable. Please see the CVE-2014-0160 security advisory on the following page for more information: http://www.vandyke.com/support/advisory/index.html New features: - UNIX: Added support for AIX 7.1. Bug fixes: - Windows: VShell file copy and move trigger actions were not properly expanding substitution parameters. - Windows: The "Destination Filename" field on the file copy and move trigger action dialog could not be cleared once a value had been specified. - Windows: VShell minor upgrade installations were causing an unnecessary system reboot. - Windows: VShellConfig could crash when exporting the virtual root settings if a user from the internal database had access to one or more of the roots. - UNIX: Some triggers were firing as the user connecting to vshelld, instead of as the user running vshelld. Changes in VShell 4.0.1 (Official) -- March 4, 2014 --------------------------------------------------- New features: - Windows: VShell now interprets VT emulation arrow key sequences, which allows for command history and cursor movement at the command shell. Bug fixes: - Windows: On certain systems, the VShell control panel could have crashed after adding a virtual root, internal user, or RunAs command. - Windows: On Windows XP, SFTP connections could not be established. - Windows: VShell could crash if an authentication trigger had a wait period configured. - Windows: In rare circumstances, VShell's command shell wrapper (Scraper) could crash if a terminal size of zero was requested. - VShell FTPS could crash when a connection was closed. Changes in VShell 4.0 (Official) -- January 21, 2014 ---------------------------------------------------- New features: - Support for Windows Server 2012 R2. Changes in VShell 4.0 (Beta 3) -- January 14, 2014 -------------------------------------------------- New features: - A user configurable response to the FTPS SYST command can now be specified. Changes in VShell 4.0 (Beta 2) -- December 17, 2013 --------------------------------------------------- New features: - Windows: Added a comment field to the trigger configuration that allows notes to be entered related to the trigger. Changes: - Windows: Removed unneeded quotes that were placed around paths when using the %P (path) parameter in an email trigger action. - Windows: VShell will now be installed for all administrators by default. Changes in VShell 4.0 (Beta 1) -- November 21, 2013 --------------------------------------------------- New features: - Windows: Multiple triggers of the same type can now be configured. For example, two login triggers that have different actions depending on who logged on. - Windows: Added support for multiple actions for each trigger event. - Windows: Triggers can now be conditionalized on a per user or group basis. - Windows: File and folder based triggers can now be conditionalized on a per virtual root basis. - Windows: All triggers now have a built-in method for sending email notifications. - Windows: File based triggers (i.e., File upload, download, and rename) now have a built-in trigger action that allows the file to be moved or copied to another location on the server. - Windows: New VShell control panel page that allows SMTP server configuration used by the "send email" trigger action. - Windows: The internal user database now provides user access to shell, remote exec, port forward, and remote port forward services, in addition to file transfer. - VShell server bandwidth can be configured (throttled) on a global, user/group, or location basis. - Windows: VShell can optionally be installed using a common profile. This allows other administrators on the system the ability to modify the installation. - Windows: Added autocomplete support to file and directory edit fields in all VShell control panel pages and dialogs. - Windows: Added the ability to select the VShell internal user database system username using the user/group picker. - Windows: VShellConfig can now optionally export or import only the virtual root settings in the VShell configuration. - Windows: Ability to add comments to the virtual root configurations. This is helpful to note information related to the virtual root. - Windows: Added a confirmation dialog when deleting connection filter or port forward filter entries. - Added support for SHA-2 MAC algorithms. - Added new trigger parameter to track the session ID of the connection. - VShell FTPS: Added support for the APPE (append) command. - UNIX: Support for Ubuntu 13 x86 and x64 platforms. Changes: - Windows: VShell's WMI management provider now logs any errors encountered to the Windows application event log. - Windows: The "Add User from Database" buttons in the VShell control panel are now disabled instead of hidden when the user database is disabled. - Windows: SFTP file listings are now sent in UNIX format by default. - VShell FTPS now logs when a certificate file that is associated with a Personal Information Exchange (.pfx) file is loaded. - Mac OS X: VShell now uses the launchd facility to manage the daemon. Bug fixes: - VShell could have used the same session ID for different connections. - Windows: It was possible to specify a non-existent file in the VShell control panel subconfiguration browse dialog. - Windows: VShellConfig import operation could have logged an invalid path error when a virtual root path contained a substitution parameter (i.e., %USER%). - Support for a secondary public-key folder that is common to all users. - UNIX: VShell on Mac OS X may not have loaded the user's login keychains correctly. - VRALib: VRALib could crash if the remote server went away (e.g., disconnected or crashed) during a file transfer. - VRALib: The IFileObject.DateLastModified function sometimes returned an incorrect time.