VShell(R) Server 4.2.5 (Official) -- March 2, 2017 Copyright (C) 1995-2017 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 4.2.5 (Official) -- March 2, 2017 --------------------------------------------------- Changes: - The default host key generated for new installations is now an RSA 2048 bit key. - Windows: The default filename displayed on the host key generation dialog now includes the host key algorithm as part of the name. - Windows: When adding or editing a virtual root, any forward slashes that appear in the path are now automatically replaced with backslashes. This is to fix an issue where forward slashes were allowed to be entered in the path, but would fail when VShell attempted to resolve the path when a user connected. - Windows: On the VShell Control Panel Email Server page, increased the space used to display results from sending a test email. Bug fixes: - Windows: Shell connections to VShell running on Windows Server 2016 would sporadically fail with a ReadConsoleOutput error. - Windows: After upgrading from VShell version 2.6 or earlier to version 3.8 or later, access to virtual roots failed due to incorrect file and folder access permissions. - Windows: VShell could crash if the internal user database was changed while authentication was in process for a user in the database. - Windows: VShell Control Panel could crash when specifying a certificate and the store contained a certificate with an algorithm that was not supported. - VShellConfig could crash if MIT Kerberos was installed on the system and an export configuration operation was attempted. Changes in VShell 4.2.4 (Official) -- December 8, 2016 ------------------------------------------------------ Changes: - Windows: By default, the Windows "Everyone" group has unrestricted access to the file system on the machine VShell is installed on. To help VShell administrators lock down the VShell server, the Everyone group will automatically be removed from the root when a new virtual root is added, or an existing virtual root is modified. A "Preserve access to for Everyone group" option has been added to prevent the removal of this group. Bug fixes: - In rare circumstances, VShell could crash if a connection was closed while the server was checking the idle time for that session. - Windows: VShell could crash while performing diffie-hellman key-exchange with certain clients. Changes in VShell 4.2.3 (Official) -- September 13, 2016 -------------------------------------------------------- New features: - Added support for DSA host keys larger than 1024 bits. Bug fixes: - VShell would allow authentication attempts from certain clients even if the connecting user was specified in a DenyUsers file. - AIX 7.1: The vshelld startup script may not have worked with certain shells. Changes in VShell 4.2.2 (Official) -- June 16, 2016 --------------------------------------------------- Changes: - Windows: Added a registry-only option, "Disable Extra Newline in TTY Mode", which prevents VShell (when TTY mode is enabled) from echoing an extra newline character each time a client sends a command. Bug fixes: - VShell FTPS: The "Use single virtual root" option was not honored if a virtual root was set as a user's home directory. - Windows: VShell could crash during RADIUS authentication if the connecting user did not exist on the VShell machine. Changes in VShell 4.2.1 (Official) -- March 17, 2016 ---------------------------------------------------- Changes: - Windows: Automatically quote the %P trigger parameter if the filename contains a "&" character. Bug fixes: - Windows: Virtual root ConnectAs would fail if the user to impersonate was the same user connecting. - Windows: VShell could not load a certificate map file that contained a byte order mark (BOM). - Windows: VShell could crash while processing multiple send email triggers. - VShell FTPS: An FTP MLST command could cause a download trigger to fire. - VShell FTPS: File uploads would fail if the user did not have read access on the virtual root. - VShell FTPS could potentially use 100% CPU if the control connection was closed unexpectedly. Changes in VShell 4.2 (Official) -- December 17, 2015 ----------------------------------------------------- Bug fixes: - Windows: FTPS certificate authentication failed for VShell internal user database users. - Some error messages were not being logged correctly in the VShell log. Changes in VShell 4.2 (Beta 3) -- December 8, 2015 -------------------------------------------------- No changes. Changes in VShell 4.2 (Beta 2) -- November 24, 2015 --------------------------------------------------- New features: - Windows: User public-key folders and files can now be included in configuration import/export operations. - Windows: Filtering support has been added to the Deny Host and Deny User management interface. - An IP address/netmask combination can now be specified for the Deny Host White List. - VShell Monitor: Added a row color indicator and new column indicating whether an active connection has authenticated. Bug fixes: - Windows: Changes to the specified FTPS certificate password were not always saved. - Windows: Entries added to the deny host file or deny user file using the new management interface may have been lost. Changes in VShell 4.2 (Beta 1) -- November 3, 2015 -------------------------------------------------- New features: - Windows: Virtual roots can now optionally be accessed as a different user than the logged on user. This adds an easy way to provide access to network resources to users connecting with public-key only authentication. - Windows: The VShell configuration can now be exported or imported directly from the VShell Control Panel. - Windows: Added support for X.509 authentication using the x509v3-ssh-rsa and x509v3-ssh-dss algorithms as specified in RFC 6187. - Windows: Added the ability to select the signature algorithm used (SHA-1 or SHA-2) when generating a certificate for use by VShell FTPS. SHA-2 is the default. - Windows: VShell Monitor can now be minimized to the system tray. - Windows: VShell Monitor tray app can optionally display notifications when a user connects or disconnects from the server. - Windows: Option to automatically launch VShell Monitor at administrator logon, including the ability to start the app minimized to the system tray. - Windows: The ability to launch the VShell Control Panel and VShell Help directly from the VShell Monitor tray app. - Windows: VShell FTPS now supports SSL/TLS client certificate authentication. - Windows: Allow direct management of the deny host file and deny user file from the VShell Control Panel. - Windows: Added the ability to generate certificates with 4096 bit key size. - Windows: VShell FTPS allows SSL encryption options and client certificate authentication options to be set on a per listen address basis. - Windows: Increase the security of sensitive data stored in the registry by using an automatically generated passphrase for encryption. - Windows: VShellConfig now requires a passphrase when exporting sensitive data (e.g., host keys, saved credentials, FTPS certificate files, etc.). This is used to encrypt the data in the exported XML file. The same passphrase used during export will be required on import. - Windows: Improved reliability of output displayed by the Windows Command Shell (cmd.exe) for clients interacting with the remote shell through VShell. - VShell can now deny connections based on username, similar to the deny hosts functionality. This helps to free up resources by short circuiting authentication attempts for usernames that do not exist on the system. - IP addresses can now be added to a white list, which will prevent the address from being added to the deny host file after failed authentication. - Key-exchange methods, Ciphers, MACs, Compression, and Compression Level can now be specified in a per location subconfiguration. - All logging options (including log folder location, log topics, debug log level, etc.) can now be specified in a per location, user, or group subconfiguration. - UNIX: New option to disable logging attempts to the Basic Security Module (BSM) auditing tool. - Added a "Force Sftp Version" registry only option that allows the administrator to configure the SFTP version that the server requires. This option can be specified in a per location, user, or group subconfiguration. Changes: - Remove the "Preferred Sftp Version" option. This was a registry only option that allowed the administrator to configure the SFTP version the server prefers. The option did not prevent the SFTP client from renegotiating the SFTP version, so in real world use, the option had no effect. - VShell FTPS: When creating a certificate, the default key size is now 2048 bits. Bug fixes: - Windows: If VShell was attempting to add multiple IP addresses to the deny host file simultaneously, one or more of those additions may have failed. - Windows: VShell Monitor would not display a protocol for an SSH connection that did not request a shell.