VShell(R) Server 4.4.3 (Official) -- June 25, 2019 Copyright (C) 1995-2019 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 4.4.3 (Official) -- June 25, 2019 --------------------------------------------------- Bug fixes: - In the rare event that multiple connections require access to a certificate map file simultanously, client certificate authentication could fail. - Windows: In VShell 4.4.1 and 4.4.2, the VShell Control Panel could continue to prompt for a certificate after one had already been entered. - Windows: In the unusual case where a system issue prevents the server from impersonating the user, the server could crash. Changes in VShell 4.4.2 (Official) -- April 11, 2019 ---------------------------------------------------- Changes: - Windows: Permissions that include the "ALL APPLICATION PACKAGES" object will be accepted for the internal user database file, the deny hosts file, and deny users file. - Windows: On a Server 2016 DC, the user picker dialog for access control and virtual roots did not include Service Accounts as one of the Object Types. Bug fixes: - In the rare case that the deny host file was reloaded at the same time that VShell was checking whether a connection was on the denied host list, VShell could crash. - Windows: The VShell User Web Interface did not display the progress dialog when an upload was done using drag & drop. - Windows: On rare occasions, when an HTTP PUT request was used to upload a file and the data was streamed using HTTP chunked transfer encoding, the file transfer could fail. Changes in VShell 4.4.1 (Official) -- December 6, 2018 ------------------------------------------------------ New features: - Added support for the curve25519-sha256 key exchange algorithm. - Windows: Added the ability to change or remove the tag line appearing at the lower right of the VShell User Web Interface. Changes: - Windows: A line is now written to the log if a client request is refused because the associated HTTPS method has been disabled; for example, when a client using WebDAV is unable to upload a file because the HTTPS PUT method has been disabled. Bug fixes: - Windows: On Windows Server 2008 SP2, the VShell Control Panel could crash when certain settings were changed. - Windows: VShell services could cause high CPU usage and hang when performing multiple LDAP authentications at the same time. - Windows: In the VShell Control Panel, there was no prompt to save changes when the red X was used to close the Control Panel. - Windows: When the number of FTPS connections exceeded any setting that restricts the number of allowed connections, the user's IP address would be added to the deny hosts file and any further attempts to connect from that IP address would be denied. - Windows: A VShell User Web Interface session would be automatically logged out if a file transfer took longer than the time limit specified for idle HTTPS sessions. - Windows: The VShell HTTPS server could become deadlocked when multiple connections were made by the same user. - Windows: In the VShell Control Panel, it was possible for the HTTP listen addresses to become enabled when they should have stayed disabled. Changes in VShell 4.4 (Official) -- August 14, 2018 --------------------------------------------------- Bug fixes: - Windows: When an existing FTPS Listen address was edited and the "Use global server settings" option was toggled, the new value was not saved. - Unix: With the OpenSSH SFTP client, part of the message logged when a user renames a file contained garbled characters. Changes in VShell 4.4 (Beta 4) -- July 12, 2018 ----------------------------------------------- Changes: - Internal user database passwords are now stored as salted SHA-512 hashes. - Idle Timeout ("Disconnect idle sessions after N minutes") was split into separate settings for SSH2, SFTP, FTPS, and HTTPS. - Increased the number of queued completion ports for servers with high connection volume. - Windows: When the maximum number of failed authentication attempts is reached, the message sent to the client no longer includes the domain name (for AD accounts) or the VShell host name (for local accounts). - Unix: Internal user database usernames now appear as "\username" rather than " username" in logs and as the value of the $U argument to trigger commands. - Unix: Changes made to the internal user database file no longer require a reload of the vshelld configuration in order to take effect. - Unix: Renamed the vshelld [-restart] argument to [-reload] to better reflect its function. Bug fixes: - vsh, vsftp, vcp: Usernames and passwords containing non-ANSI characters could not be entered at an interactive prompt. - Unix: When installed using dpkg -i on Ubuntu 16, insserv errors and warnings were generated. Changes in VShell 4.4 (Beta 3) -- June 5, 2018 ---------------------------------------------- Changes: - When logging to syslog over TCP, VShell now terminates messages with LF. Bug fixes: - Windows: Configuration changes made using the VShell Control Panel or VShellConfig could be lost when a second instance of VShell Control Panel or VShellConfig was run at the same time. - Windows: When displayed using certain high DPI settings, some parts of the VShell Control Panel had clipped or missing text. - Windows: VShell no longer needs to download the Microsoft Visual C++ 2017 Distributable Package in order to install successfully. - Windows: VShell 4.4 Beta 2 would fail to install on a Server 2012 R2 system that did not have the KB2919355 update installed. Changes in VShell 4.4 (Beta 2) -- May 15, 2018 ---------------------------------------------- New features: - Windows: SFTP Virtual Roots allow you to automatically connect the VShell server to a second SFTP server for file transfer connections. Uploads, downloads, and other file operations are performed on the second SFTP server. - Windows: Redesigned the GUI for the Virtual Roots page of the VShell Control Panel to be easier to use. - Windows: Added the ability to allow HTTPS "anonymous access" to a particular virtual root. This allows specified IP addresses to download files from a particular directory on the VShell server without authentication. - Unix: The internal user database is now supported on Linux, Unix, and Mac OS. - Added support for the SHA2-512-EtM and SHA2-256-EtM MAC algorithms. Changes: - Windows: When VShell FIPS mode is enabled but the Microsoft SChannel FIPS setting is not enabled then VShell will refuse FTPS and HTTPS connections. - Windows: Updated VShell User Web Interface to comply with U.S. Access Board Section 508. - Windows: In the VShell User Web Interface, CTRL+A now selects all files. - Windows: In the VShell User Web Interface, the login page is now centered within the browser. - Windows: Service packs are now required for VShell compatibility on some older OS's. Specifically: Windows Vista SP2, Windows 7 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 8.1 (S14). - Windows: VShell User Web Interface could hang when attempting to delete a large number of files (over 150) at the same time. - Windows: Decreased the time it takes for the VShell User Web Interface to render a directory with a very large number of folders in it. - Windows: Added the ability to set the idle timeout in seconds using the registry. Previously the idle timeout could only be specified in minutes. - Unix: Added support for Ubuntu 17. - Improved debug logging (at debug level 3 or greater) associated with RADIUS authentication. - Optimized authentication of connections using virtual roots with ConnectAs users in order to reduce the authentication time needed when a large number of virtual roots are configured. Bug fixes: - Windows: In the VShell User Web Interface, if a folder name included a space, clicking on the bread crumb link for the folder would produce an error message. - Windows: In the VShell User Web Interface, the "New Folder" button was only enabled when a folder in the list was selected. - Windows: In the VShell User Web Interface, the delete key did not work. - Windows: On the VShell User Web Interface, the upload button was disabled unless a folder was selected. - Windows: After uploading a file to a Windows DFS share using HTTPS, subsequent attempts to rename or delete the file using HTTPS would fail with an "access denied" error. - Fixed an error in logging that could occur when a trigger was set up to execute an action that would fail. Specifically, the line indicating when the trigger was executed and the line indicating that the trigger timed out could both have the same timestamp. - vcp: Server-to-server file transfers did not work if a wildcard was specified in the source path. - vcp: Server-to-server transfers did not work if the destination path was a folder. Changes in VShell 4.4 (Beta 1) -- November 14, 2017 ------------------------------------------------ New features: - New support for queueing trigger actions so that only a specified number of threads (or processes) will run at any one time. This improves performance when the VShell host is resource constrained or clients perform actions that cause many triggers to fire simultaneously. - Added ability to allow or deny certain SFTP commands, including SETSTAT & FSETSTAT(icacls, chmod, chown, chgrp), RMDIR(rmdir), REMOVE(rm, del), RENAME(rename, mv), and LINK(ln, mklink). - Windows: Added support for the HTTP/1.1 protocol. Users can now connect to VShell using their web browser with HTTP or HTTPS to view folder contents, upload and download files. Additionally, HTTP/S file upload and download can be automated using command-line tools such as cURL. - Windows: Added ability to deny connections from IP addresses after a specified number of authentication failures in a specified amount of time. - Windows: Added ability to re-allow SFTP and FTPS connections from denied IP addresses after a specified amount of time. - Windows: VShell Monitor now displays the session ID for each active connection. Changes: - Windows: In the VShell control panel, the Subconfiguration category now appears under Common rather than SSH2. - Windows: The fields to impersonate a different user in the Virtual Root Path Dialog were moved to a separate pop-up dialog. - Windows: The Common/Logging page of the VShell control panel no longer shows the option to turn off W3C Logging. Existing configurations are not affected by this change. - Windows: VShell control panel now "remembers" any changes that are made to list column widths in the GUI. - Unix: Upgraded Crypto++ library to latest version 5.6.5 released on Oct 11, 2016. Host keys and public/private key pairs generated by VShell are now compliant with the Federal Information Processing Standard (FIPS) 186-4 Digital Signature Standard. Bug fixes: - In rare cases the VShell SSH2 service could crash if a client sent bad data during key exchange. - Windows: In the VShell control panel, under the Subconfiguration / Location category, using the "Move Down" button to reorder entries could cause the entries to be displayed incorrectly. - Windows: In some locations on the VShell control panel, the Apply button was not enabled when a checkbox was toggled. - Windows: In VShell FTPS, some mnemonics on the FTPS page of the VShell control panel did not work. - Unix: If the Access Control List specification in the vshelld_config file was incorrect, the resulting error message included some but not all of the valid access types.