VShell(R) Server 3.6 (Beta) -- December 3, 2009 Copyright (C) 1995-2009 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 3.6 (Beta 5) -- December 3, 2009 -------------------------------------------------- Changes: - VShell FTPS: The connect string sent to the client now includes the version of the server. Bug fixes: - Windows: VShell could temporarily stop accepting incoming connections while large roaming profiles were unloaded after disconnect. Changes in VShell 3.6 (Beta 4) -- November 11, 2009 --------------------------------------------------- Changes: - VRALib: Added the function "GetConfigValue" to the Connection object which when called with the string "Enable FIPS Mode" will allow a VRALib script to determine whether or not FIPS mode is enabled. Bug fixes: - Removing a user from the Virtual Root access control list could have caused the path and alias fields to be cleared. - VShell FTPS: Authentication of VShell internal user database users could have failed even with a valid password. Changes in VShell 3.6 (Beta 3) -- October 29, 2009 -------------------------------------------------- New features: - Added an option to control the preferred SFTP version sent to the client. Some clients have the ability to renegotiate the SFTP version after the connection is established, which will override this server setting. Bug fixes: - Fixed VShell's WMI provider to prevent future backwards compatibility problems. Changes in VShell 3.6 (Beta 2) -- October 15, 2009 -------------------------------------------------- Changes: - vcp/vsftp/vsh: When an RSA key is used for authentication, only the private key is required, which makes it easier to use Amazon EC2 keys. Bug fixes: - Windows: VShell was leaking memory when the service was shutdown. - VRALib: A script that read an ASCII file could cause all memory to be consumed, which caused the script to crash. - VRALib: All instances of "Hostkey" were changed to "HostKey". Changes in VShell 3.6 (Beta 1) -- October 1, 2009 ------------------------------------------------- New features: - X-command and X-subsystem private use headers in public-key files are now supported. This provides the ability to restrict a user to a particular command or subsystem when a specific public key is used for authentication. - Environment variables can now be set via the SSH2 protocol. - Windows: The 64-bit version of VShell now uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which uses the validated cryptographic library and only allows FIPS-approved algorithms. The 32-bit version of VShell has supported FIPS mode since version 2.6. - Windows: VShell internal user database users can now connect using public-key authentication. - Windows: When using x.509 certificate authentication, the User Principal Name can now be retrieved from the certificate's Subject Alternative Name field. This allows an alternative to using username certificate map files. - Windows: Option to only load user profiles that are set to local. - Windows: The Kerberos Protocol Transition option is now available through the VShell Control Panel Authentication page. - Windows: VShellConfig can now modify Access Control and Virtual Root settings for users from VShell's internal user database. - Windows FTPS: An alternate IP address can now be sent for PASV data connections. - VShell FTPS: Wildcards are now supported during file listings. - VShell FTPS: A range of ports VShell FTPS uses for data connections can now be specified on the FTPS page of the VShell Control Panel. - VShell FTPS: A Certificate Signing Request (CSR) file is now generated when the VShell administrator creates a self- signed certificate from the Control Panel. - VShell FTPS: The expiration date can now be specified when creating a self-signed certificate used by the FTPS server. - UNIX: vshelld login and logout events can now be audited using the Solaris Basic Security Module (BSM). - UNIX: File based logging can now be configured by specifying the log folder location. - UNIX: W3C Extended Log File format can now be used when file based logging is enabled. - VRALib is a library that allows SSH2 connections to be scripted from Windows. The API functions can be called from VBScript, C++, or any scripting platform that supports COM. - vcp/vsftp: Added support for moving files (--move). In vsftp, --move can be specified as an argument to get and put. - vcp/vsftp: Added the flag --http-proxy, which allows an unauthenticated http proxy to be used during connection. - vsftp: Added the flag --nopreserve, which specifies that the file permissions and timestamp should not be preserved. - vkeygen: Added the flag --capi, which can be used during a key generation or passphrase change operation to specify that the private key should be encrypted using MS CAPI instead of a passphrase. Changes: - Windows: Internal user database authentications are now logged in more detail. - Windows: The default value for the "Automatically delete log files older than days" option was changed from 30 days to 90 days. - Windows: A .pfx file extension is now automatically appended to self-signed certificates created from the VShell Control Panel. - Windows: The Deny Host filename edit box was enlarged to use all available space. Bug fixes: - The session ID was not logged for some public-key authentication messages. - Incorrect file size was logged when files greater than 4GB were transferred. - VShell SCP would sometimes send an exit status after the channel had been closed. - Windows: VShell could potentially hang if loading the user's profile failed. - Windows: Public-key authentication could fail if the domain controller did not respond to requests in a reasonable amount of time. - Windows: The Windows shell prompt may not have been displayed on some connections. - Windows: An incorrect error about file permissions was logged when the specified user database file did not exist. - Windows: Connections would appear to hang when a command was remotely executed and "Remote Execution" access had been denied. - Windows: The Apply button on the Virtual Roots and RunAs Command dialogs was not disabled after changes had been applied. - Windows: The LSA authentication module did not honor the W3C logging format option. - Windows: When two Virtual Roots with different aliases pointed to the same physical location, only the first would be available. - Windows: VShellConfig failed to export Access Control and Virtual Root configurations that included internal database users. - Windows: VShellConfig was not logging an error when a configuration import failed due to an installation directory conflict. - Windows FTPS: Incorrect reply codes were sent in response to some FTP commands. - VShell FTPS: Commands sent by the client were not being logged. - UNIX: Ulimit values were incorrect for some users on some platforms. - UNIX: The vshelld PAM configuration file on RHEL 5 systems was specifying the use of a deprecated PAM module. - vkeygen: Generated keys could not be saved in the root of a physical drive.