SecureCRT® 4.1.11 (Official) -- May 5, 2005 Copyright © 1995-2005 VanDyke Software, Inc. All rights reserved. This file contains a SecureCRT product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration information, and contact information, please refer to Readme.txt (downloaded with this installation). Changes in SecureCRT 4.1.11 (Official) -- May 5, 2005 ----------------------------------------------------- Bug fixes: - The Wyse 50 default keymap was missing definitions for HOME, SHIFT+HOME, and SHIFT+TAB. - When smac or rmac were used, alternate characters were not displayed correctly. Changes in SecureCRT 4.1.10 (Official) -- February 3, 2005 ---------------------------------------------------------- Bug fixes: - In the Connect dialog, sometimes clicking on the first letter of a session to go to that session stopped working. - Changing the protocol from SSH1 to SSH2 for a session that had port forwards configured caused the port forwards to have bad syntax, resulting in an error when connecting. The port forwards are now converted to have the correct syntax. - The default Wyse 60 cursor key keymap was incorrect. - The keyboard-interactive authentication dialog did not display all the message text when the text was long, such as for a password change prompt. - Tooltips for custom toolbars were sometimes displayed incorrectly. - SecureCRT crashed when disconnecting from a session that used a misconfigured firewall. Changes in SecureCRT 4.1.9 (Official) -- October 26, 2004 --------------------------------------------------------- Bug fixes: - If a folder was renamed in the Connect dialog, all the sessions were deleted. - SecureCRT crashed if an SSH2 session was disconnected while sending ASCII. - ASCII uploads only send data while a menu was open. - In the Wyse 50 emulation, the down arrow and carriage return did not work correctly under some circumstances. - In the Wyse 50 emulation, added support for the answerback escape sequence. - Latvian character \362 was not displayed in Telnet sessions. Vulnerabilities: - When launching SecureCRT from a URL, it was possible to run a malicious logon script because of the ability to specify the configuration folder on the command line. SecureCRT no longer allows the configuration folder (/F option) to be specified on the command line for URLs. Other command-line arguments are still supported and must come before the URL. Changes in SecureCRT 4.1.8 (Official) -- August 19, 2004 -------------------------------------------------------- Bug fixes: - SecureCRT crashed if the middle mouse button was pressed when the session was disconnected and the global option "Paste on middle button" was set. - The text selection was invalidated when a status line was updated or the remote application refreshed. - After upgrading to SecureCRT 4.1.7 from 4.1.4, scrolling was noticeably slower for some users. Changes in SecureCRT 4.1.7 (Official) -- June 29, 2004 ------------------------------------------------------ Bug fixes: - When the global option "Save window state for each session" was set, the window state was not correct for maximized windows or the location of the window upon subsequent connections. - Text selections were invalidated when a status line was updated or the remote application refreshed. - SecureCRT started trying to write data to a raw log before the filename was specified. - The Global Options dialog read the configuration folder from the Van Dyke Technologies branch in the registry instead of from the VanDyke branch, when both branches existed. - When a .lic file was being used, the installer assumed the installation was new and did not ask about upgrading. - In the installer, if "install into new location" was chosen, the default install folder was the old location. - SSH2: If the hostname was specified on the command line for SecureCRT, VSH, or VCP, and was a different case than what was in the host key database, the host key was not recognized. Changes in SecureCRT 4.1.6 (Official) -- May 25, 2004 ----------------------------------------------------- Bug fixes: - When the option "Buffer pass-through printing" was used with the "Auto Print" feature, extra data was being printed. - SSH2: SecureCRT crashed on disconnect if the session option "Close on disconnect" was set. - SSH2: SecureCRT crashed when an application using port forwarding was closed. - SSH2: SecureCRT hung if the shell was exited while port forwards were active. Changes in SecureCRT 4.1.5 (Official) -- May 20, 2004 ----------------------------------------------------- Changes: - Added "Enable NAWS" option to the Telnet category in the Session Options dialog. - The "Buffer pass-through printing" option now also applies to the Auto Print feature. - The default custom menu Default.mnu was updated to include new Help menu item. Bug fixes: - SecureCRT crashed when more than one session was connected through the same port and "exit" or CTRL+D was typed at the prompt. - If using the Telnet protocol, SecureCRT crashed when the Disconnect button was pressed while data was streaming to the output. - Pasting text with multiple UNIX newline characters caused SecureCRT to hang. - In the Emulation category of the Session Options dialog, the "Logical columns" field was reported to be outside the valid range twice, with the range being different in each error message. - On Windows 98, SecureCRT crashed when the "Automate logon" option was checked and a script was run. - The installer was not deleting 4.0 shortcuts. Changes in SecureCRT 4.1.4 (Official) -- April 13, 2004 ------------------------------------------------------- Bug fixes: - SSH2: SecureCRT did not display text from input boxes in Keyboard Interactive mode if they used multiple lines. Changes in SecureCRT 4.1.3 (Official) -- March 18, 2004 ------------------------------------------------------- Bug fixes: - Keymap files that contain blank lines or comments generated syntax errors. - SSH2: The built-in authentication agent did not preserve the filename comment. Changes in SecureCRT 4.1.2 (Official) -- February 12, 2004 ---------------------------------------------------------- Changes: - Serial: It is now possible to manually enter the COM port specification in the Session Options dialog so that COM ports higher than 50 can be used. Bug fixes: - SecureCRT incorrectly displayed the "Connection closed" or "Connection aborted" dialog when the session was disconnected and the global option "Show confirm disconnect dialog" was set. - When running SecureCRT with the command-line flag "/ARG", if the argument that followed was quoted but contained a hyphen as the first character, the error "/ARG requires additional parameters" was reported. - The .ini extension on session file names had to be lower case. It is now case insensitive. - When printing to a file in raw mode using pass-through printing, the print job spooled, but never completed. - Under Windows 95/98, extra characters were appended to the text copied from the session window. - Under Windows 95 and ME, SecureCRT reported a "Hostname lookup failed" error when an IP address was used as the hostname. - SSH2: The "Auto Detect" SSH server option did not work correctly with DataFellows 2.0.13 servers. - SSH2: SecureCRT crashed when the remote host key was larger than 2048 bits. - VCP: When trying to upload a file under Windows 95/98, a read error was reported and VCP terminated abnormally. Changes in SecureCRT 4.1.1 (Official) -- January 15, 2004 --------------------------------------------------------- Changes: - If the Session Option "Use Unicode line drawing characters" is set and the font is VT100, SecureCRT forces the option to false because VT100 fonts do not map Unicode characters. Bug fixes: - When the global firewall type setting was set to "None", SecureCRT crashed on connect. - When the character encoding was set to "None" or "OEM", SecureCRT crashed on attempting to paste text. - If the cursor appearance for a session was changed from the Connect dialog before connecting, the changes did not take effect upon connecting. - Launching SecureCRT under Windows 95 resulted in the following error: "The SECURECRT.EXE file is linked to missing export USER32.DLL :GetAncestor". - When the Global Option "Use trackable insertion caret" was set, the cursor was visible and blinking when scrolling back in the session. Changes in SecureCRT 4.1 (Official) -- December 4, 2003 ------------------------------------------------------- Changes: - VSH: Added support for user@host syntax. - VSH: Added -nopty flag, which prevents vsh from requesting a pty. Bug fixes: - When pasting more than 4K of text, if the character send delay and line send delay were set to 0, SecureCRT could crash or fail to paste all the text. - The cursor did not clear if the session was disconnected by typing "exit" at the command prompt. - VCP: The -preserve flag was not working because the file attributes sent to the remote machine were the wrong format. Changes in SecureCRT 4.1 (Beta 5) -- November 25, 2003 ------------------------------------------------------ Bug fixes: - In SCO ANSI emulation, line drawing did not work correctly. - SSH2: The identity file specified using the /I command-line flag was not being used. Changes in SecureCRT 4.1 (Beta 4) -- November 13, 2003 ------------------------------------------------------ New features: - Emulation for Xterm. - Support for multi-byte character input. Changes: - The session name is now shown in the Reconnect prompt dialog. - When the "Disable pass-through printing" option is set, all host-based printing is disabled. - Added the ability to launch SSH1, SSH2, and rlogin sessions from a web browser. - SecureCRT now looks for the global configuration file in the SecureCRT install folder before looking up the location in the registry. - SSH2: Added the ability to map SSH functions to keys using the keymap editor. - SSH2: When using port forwarding, rather than displaying an error dialog when a port is in use, a message is sent to the trace output. - Serial: Added baud rates 380400, 460800, and 921600 and changed 230000 to 230400. Bug fixes: - SecureCRT was unresponsive when there was lots of output from the remote system. CTRL+C and CTRL+S now work correctly. - SecureCRT could hang when a large amount of text was pasted into a session window. - The window position coordinates specified using the /POS command-line flag were ignored. - Copy and paste did not work for certain fonts, such as OCRB. If the selected text cannot be converted to Unicode, it is now treated as ASCII. - Saving and loading keymaps for Wyse 50/60 emulation did not work correctly. - Pasting more than 500 lines into the chat window caused SecureCRT to lock up. - The Wyse 60 keymap did not have definitions for the extended arrow keys. - Telnet: SecureCRT was unable to Telnet to ports like 25 and 143. - Serial: Default session names are now Serial-COM1, Serial-COM2, etc. instead of COM1 and COM2 to avoid creating session files called COM1.ini, COM2.ini, etc. Changes in SecureCRT 4.1 (Beta 3) -- October 9, 2003 ---------------------------------------------------- Changes: - SSH2: For GSSAPI authentication, the option "Enable deprecated GSSAPI" can be set on the SSH2 page of the Global Options dialog. Because most servers do not yet support GSSAPI with MIC, this option is on by default. - SSH2: For GSSAPI authentication, added an "Auto Detect" method, which is the default. "Auto Detect" selects the correct method during authentication. - SSH2: If public key authentication is used, but no identity file is specified, SecureCRT prompts for the file and now saves it as the global identity file. Bug fixes: - Some printer drivers returned a null pointer as the printer port name, which caused SecureCRT to crash at start up. - The session INI file-only option "ZModem Receive Command" was not being honored. Changes in SecureCRT 4.1 (Beta 2) -- October 2, 2003 ---------------------------------------------------- New features: - SSH2: The Server Principal Name (SPN) can now be specified in the GSSAPI Properties dialog. Changes: - Newlines are no longer inserted in the session log file when a line wraps on the screen. - Added a property to the CRT.session script object called Path, which returns the path and name of the current SecureCRT session. - SSH2: Both "GSSAPI" and "GSSAPI-MIC" are supported as explicit options for doing GSSAPI authentication. GSSAPI-MIC is the recommended option if the remote system supports it. Bug fixes: - The script command WaitForStrings incorrectly matched the first string if that string occurred anywhere in the output. - The custom menu item MENU_PRINT_SETUP did not work. - SSH2: If a session requests a forward to a port that is already in use, SecureCRT will attempt to obtain the port rather than report an error. - SSH2: When SecureCRT and SecureFX were running and SecureCRT was restarted, SecureCRT prompted for the passphrase even though it was in the agent cache. Changes in SecureCRT 4.1 (Beta 1) -- September 18, 2003 ------------------------------------------------------- New features: - SSH2: Support for Kerberos v5 authentication via GSSAPI. - SSH2: Support for GSSAPI secured key exchange. Mechanisms supported depend on GSSAPI provider. Only the Kerberos v5 mechanism has been tested. - The ability to share the host key database with SecureFX. - SSH2: The private key agent cache is now shared between SecureCRT and SecureFX, eliminating the need to reenter the passphrase. - Improved support for scalable line-drawing fonts. - Dynamic log filename generation, with support for substitution of date, time, and environment variables. - VSH/VCP: added the option -kex KEX, which allows you to specify which key exchange algorithm to use. Valid algorithms are diffie-hellman, diffie-hellman-group, Kerberos, and any OID (in dotted number format) supported by the GSSAPI provider. Changes: - Added "Use ClearType to smooth edges of screen fonts" check box to the Appearances category of the Global Options dialog. This option is used under Windows XP to specify whether or not ClearType fonts should be rendered as ClearType fonts. - In the Session Options dialog, moved the character encoding option from the Advanced Emulation category to the Appearance category. - Strings sent by Send String can now be any length. - In the Wyse 50/60 emulation, added the ability to define F-keys and other extended keys using the ESC+Z and ESC+z sequences. - In the Wyse 50/60 emulation, added the ESC+{ mapping, which moves the cursor to home. - In the Wyse 50/60 emulation, added ESC+J and ESC+K mappings, which map to Page Up and Page Down, respectively. - In the Wyse 50/60 emulation, added support for shift-modified function keys. - In the Wyse 50/60 emulation, improved support for cursor style escape sequences. - SSH2 is the default protocol when creating a new session. - SSH2: Banner output is now displayed in the session window instead of a message box. - SSH2: The fingerprint of the public key is shown in the Public Key Properties dialog. - SSH2: Added support for 'break' over ssh for terminal servers. Use the TN_BREAK keymapping to access this functionality. - Significantly increased VCP file transfer speed by adding support for parallel SFTP read/write requests. - VCP and VSH try all agent keys before trying the user's key. - VSH/VCP: Will now only allow three failed passphrase attempts. Bug fixes: - In the Session Options dialog, leading spaces were not being removed from the Hostname field. - In the Wyse 50/60 emulation, the screen did not clear properly because the ESC+& and ESC+' sequences did not turn protect mode on and off, respectively. - In the Wyse 50/60 emulation, when line-drawing characters and foreign characters were both present, they were not displayed properly. - For custom toolbars, the stringtable entry could not be overridden for built-in commands. - Serial: Connecting a serial device sometimes failed because SecureCRT was not setting DTR. - Serial: SecureCRT sometimes disconnected when there was a serial error. - SSH1: Connections to Allied Telysn routers did not succeed because the router was not expecting a max packet size message. This message is no longer sent to this type of router. - SSH2: SecureCRT crashed when connecting to an ION Networks PRIISMS server because the server returned success on authentication with the None authentication type. - SSH2: SecureCRT could crash if a session was disconnected by the user before it had connected. - Piping input to VSH from a file reported the error, "The handle is invalid." - VSH could consume CPU and network resources if stdin was a pipe and EOF was read. Vulnerabilities: - When using Kerberos host and user authentication via GSSAPI, the connection could be vulnerable to a man-in-the-middle attack. GSSAPI with MIC has been introduced to eliminate this risk and the GSSAPI method has been removed. Although the trace output shows gssapi as the requested authentication, GSSAPI with MIC is actually what is requested.