SecureCRT(R) 9.3.2 (Official) -- February 7, 2023 Copyright (C) 1995-2023 VanDyke Software, Inc. All rights reserved. This file contains the SecureCRT product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration information, and contact information, please refer to SecureCRT_README.txt (downloaded with this installation). Changes in SecureCRT 9.3.2 (Official) -- February 7, 2023 --------------------------------------------------------- Bug Fixes: - When using "Receive ASCII" to capture data from the remote system, the captured data may have been corrupt. - When keyword highlighting was enabled, not all phrases were highlighted as expected. - Windows: When using the JAWS screen reader, characters displayed in the terminal were sometimes not read as expected. - Mac: When updating the application on macOS Ventura via "Update now...", the installation may have been corrupted. - Mac: If the application path specified for a "Launch Application" action contained four or fewer characters, SecureCRT could have crashed when that action was launched. - Mac/Linux: When using OpenSSH trusted certificates for authentication, if the rsa-sha2-512-cert-v01@openssh.com algorithm was used, authentication could have failed. Changes in SecureCRT 9.3.1 (Official) -- December 6, 2022 --------------------------------------------------------- Bug Fix: - When authenticating using an OpenSSH trusted RSA certificate, authentication failed with OpenSSH version 7.7p1 and earlier. Changes in SecureCRT 9.3 (Official) -- November 3, 2022 ------------------------------------------------------- Vulnerability addressed: - An external report claims that when using a brute-force attack, sensitive data, such as passwords, stored in the SecureCRT or SecureFX configuration without a configuration passphrase or with a weak configuration passphrase can be cracked in a relatively short amount of time. Direct access to the configuration data is required in order to exploit this vulnerability. Change: - Windows: When the command-line utilities are installed with the SecureCRT standalone installer, the install path is added to the PATH environment variable. Changes in SecureCRT 9.3 (Beta 5) -- October 25, 2022 ----------------------------------------------------- Changes: - Windows: Allow the use of ssh-rsa and ssh-dss algorithms for signature verification when FIPS mode is enabled. Bug Fixes: - When authenticating with a public key that was invalid for the remote host, the key was retried twice before falling back to the next authentication method. - If a session file was renamed or deleted on disk while the application was running, raising the context menu for the session from within the Session Manager could have resulted in a crash. - If the scrollback buffer size was set to zero, attempting to extend a text selection into the non-existent scrollback resulted in a crash. - When an existing configuration was migrated to the new encryption standard, Session Logon Actions may have failed to migrate and could have been reset to default settings. - Keyword highlighting changes for a connected session were not applied to the current session view. - Windows: When connecting to an RDP host from a script and an invalid credentials file was referenced, the RDP tab could not be closed. - Command-line tools: If the host key algorithm preference list was specified on the command line, the algorithm order was not always honored. Changes in SecureCRT 9.3 (Beta 4) -- September 29, 2022 ------------------------------------------------------- Bug Fixes: - When merging a personal data configuration folder back into the main configuration, the operation could have failed due to a mismatch of session files that should have been ignored. - When SecureCRT was started from the command line with a script that automatically reconnects the session, an error stating "Only one script can be run at a time" would be displayed if the session was disconnected. - Windows: Under certain circumstances, if a script was cancelled during a sleep operation, SecureCRT could have crashed once the sleep operation completed. - Windows: When running grep with color options enabled on a large amount of output, the SecureCRT UI could have been slow to respond. - Windows: When multiple top-level SecureCRT windows were open, if the Command Window was toggled on in one of the windows, the right-click context menu could have failed to display in various locations. - Windows: If a large number of tabs were open, causing the tab widths to be truncated, renaming a tab label via a script could have resulted in the tab size expanding to full width, then resizing to the correct truncated size. - Windows: When moving the position of an authentication method using keyboard shortcuts, if the up or down button became disabled (due to the method being the topmost or bottom most position), the dialog itself lost keyboard focus. Changes in SecureCRT 9.3 (Beta 3) -- August 16, 2022 ---------------------------------------------------- Bug Fixes: - Under certain cases, if a script was cancelled during a sleep operation, SecureCRT could crash once the sleep completed. - If the "Preserve window size when opening sessions" option was enabled, connecting to a session that reused a disconnected tab caused the window to unexpectedly resize. - When launching the application with a new configuration, the Quick Connect dialog was not displayed at startup as expected. - If there were a large number of tabs open, causing the tab widths to be truncated, renaming a tab label via a script could have resulted in the tab size expanding to full width, then resizing to the correct truncated size. - When the application license was stored in a license file (.lic) and the license data was included in a configuration export, importing the license on another machine may not have worked as expected. - Windows: When starting the application using an alternate configuration path (via the /F command-line option), if the Global.ini file in the alternate location was incomplete, the Global.ini file in the default configuration location would have been reset. - Mac: When "Scale the font" resize method was configured for a session, the text displayed in the terminal view could become unreadable with certain window sizes. - Mac: On Monterey and later systems, if the application crashed and produced a core dump, the crash reporter dialog reported that no core dump was available. Changes in SecureCRT 9.3 (Beta 2) -- July 19, 2022 -------------------------------------------------- New Feature: - Windows: The Global Options and Session Options dialogs can be resized and the size is remembered. Changes: - In the Session Options dialog, the column widths for the Keywords table in the Keyword Highlighting category are remembered. - The Manage Agent Keys dialog can be resized and the size is remembered. Bug Fixes: - Windows: The Help Search tab did not work. - Windows: When running a Perl script, setting the Screen object's IgnoreCase property to true had no effect. - Windows: When running a Perl script, the IgnoreCase parameter in the ReadString and WaitForString methods was interpreted as the timeout parameter. - Windows: If the "Enable alternate screen switching" option was disabled while the "Add alternate screen output to scrollback" sub-option was enabled, the sub-option was shown as enabled after re-opening the Session Options dialog. Changes in SecureCRT 9.3 (Beta 1) -- June 28, 2022 -------------------------------------------------- New Features: - Added an option to check for updates automatically at startup. - Added the ability to specify saved credentials in "Send" Logon Actions. - Added a global option that preserves the application window size when a session is opened. - For keyword highlighting, the "Match case" option can now be specified per keyword. Previously, it could only be specified for the entire keyword list. - For keyword highlighting, attributes such as bold and reverse video can now be specified for individual keywords. - Added the ability to resize the Keyword List Properties dialog. - Added an option that forces a prompt for the hostname when the session connects. - Added the ability to disable individual local and remote port forwards. - Added the ability to duplicate a session in the Session Manager or Connect dialog. - Added the ability to duplicate local and remote port forwards. - Added the ability to correlate a PKCS#11 private key to an OpenSSH Trusted Certificate for public-key authentication. - Added the ability to configure the session font from the tab right-click menu. - Added a global INI-file-only option to disable tooltips for tabbed sessions. - Added the ability to use the algorithms rsa-sha2-512-cert-v01@openssh.com and rsa-sha2-256-cert-v01@openssh.com as OpenSSH certificate types. - SSH2: Added support for using the x509v3-rsa2048-sha256 algorithm for authentication (RFC 6187). - Windows: Added support for using rsa-sha2-256 and rsa-sha2-512 public-key algorithms as raw SSH2 keys for CAPI certificates (RFC 8332). - Windows: Added support for using x509v3-ecdsa-sha2* algorithms from RFC 6187 for keys in the CAPI store and as raw SSH2 keys. - Windows: Added the ability to import RDP sessions using the Text Import wizard. - Windows: Added an administrative option that suppresses the prompt for a configuration passphrase the first time the application runs. - Windows: Added an administrative option that disables Expect/Send logon actions and logon scripts. - Windows: Added an administrative option for disabling non-secure file transfers. - Windows: Added the ability to pass command-line arguments to the shell for local shell sessions. - Windows: Added an icon for the "Keyword Highlighting" menu item, which can also be used when customizing the toolbar. - Windows: A suite of separate command-line utilities (formerly the VanDyke ClientPack) for securely automating file transfer, shell, and public-key administration tasks is included with SecureCRT. - Mac/Linux: The tarball installer includes a suite of separate command-line utilities (formerly the VanDyke ClientPack) for securely automating file transfer, shell, and public-key administration tasks. Changes: - Improved speed of terminal output display when the host sends screen changes that do not cause scrolling. - Increased the character limit for keywords from 246 to 2048, which allows more complex regular expressions to be specified for keyword highlighting. - In the Edit Keyword dialog, the keyword text box is larger, which makes it easier to edit complex regular expressions for keyword highlighting. - The session option "Alternate Screen Output Added To Scrollback" can now be set in the Session Options dialog. - The "New Input" connection status indicator can be turned off. - The number of sessions that can be opened simultaneously before a warning is displayed can now be configured. - The session name is now included in the trace output. - SSH2: Trace output for the host key now includes the type and size. - SSH2: The View Host Key dialog now includes the type and size for the selected host key. - Windows: If there's a signature failure when attempting to load a Python DLL, a prompt is displayed, which allows the signature failure to be ignored once or always, or disable Python scripting. - Windows: When the Quick Connect dialog is displayed, initial focus is placed in the Protocol field when the global option "Use trackable insertion caret" is checked. Otherwise, initial focus is placed in the Hostname field. - Windows: Added the ability to set the "Close on disconnect" option for RDP sessions. - Windows: Added "Find" to the right-click menu for the scratchpad and script editor. - Windows: The default search direction is down when doing a find in a scratchpad or script editor. - Mac/Linux: When the Quick Connect dialog is displayed, initial focus is placed in the Hostname field. Bug Fixes: - Under unknown conditions, a TFTP transfer from a Cisco device could have resulted in a crash. - If a script referenced a tab object for a tab that had been closed, SecureCRT could have crashed. - Modifying keyword highlighting settings could have caused SecureCRT to go unresponsive. - When connecting to multiple sessions sequentially, if the "Exit when last session is disconnected" option was enabled and the first session failed to connect, the application window closed, preventing subsequent sessions from connecting. - When resizing the window while there was text selected in the terminal view, the selection would not be cleared, resulting in the selection moving to a different block of text. - If keyword highlighting was disabled for a connected session, the highlighting was not cleared in the scrollback buffer. - When using the "Retain size and font" or "Scale the font" session resize options and all text in the view was selected, the selection may not have been cleared when the session window was resized. - When a YModem transfer over a serial connection between two paired COM ports successfully completed or was canceled, the Transfer menu items remained disabled. - Under certain scenarios, when using public-key authentication with agent forwarding enabled, keys were added to the remote agent. - If a session was disconnected while an alternate screen application (e.g., screen, mc) was running, the scrollback buffer was disabled if another session re-used the disconnected tab. - When setting the tab caption via a script, the window title was updated when the tab running the script did not have focus. - When a newly connected session re-used a disconnected tab, the "Add alternate screen output to scrollback" option state for the disconnected tab was used. - Windows: Under rare circumstances, when closing the application while an RDP session was connected, a crash could have occurred. - Windows: If the "Connect to multiple sessions sequentially" option was enabled and multiple RDP sessions attempted to connect at once, only one session connected. - Windows: If a Local Shell session was disconnected or closed while processing a large amount of scrolling data, SecureCRT could have become unresponsive. - Windows: When authenticating with a certificate from the personal CAPI store, if the "Use certificate as raw SSH2 key" option was enabled, the key was not correctly added to agent and a subsequent connection could have failed with an agent signature error. - Windows: When connecting to a server that used an X.509 certificate for the host key and the certificate met all requirements for automatic acceptance of the host key by the client, the application still prompted the user to manually accept and save the key. - Windows: When a Python 2 script was run from the Button Bar or Command Manager and the script was sent to multiple connected sessions, a dialog reporting a "Codec Registry" error may have been displayed. - Windows: When searching for text within a scratchpad or script editor session, the view did not scroll with the search. - Windows: When the "Single Instance" option was enabled, opening the "Connect..." or "Quick Connect..." options from the SecureCRT taskbar icon failed. - Windows: Multiple CAPI errors could have been reported when attempting to display a certificate fingerprint if the fingerprint for any certificate could not be obtained. - Windows: If the signature failed to verify for the protocol or Python DLLs, the file path displayed on the warning dialog may have been cut off. - Mac: When "Scale the font" resize method was configured for a session, the text displayed in the terminal view could have become unreadable with certain window sizes. - Mac: When the abbreviated SecureCRT menu bar was displayed (e.g., when the SecureCRT main window was closed to the dock), the "Update Now..." menu item failed to launch the update utility. - Mac: If a network connection was unavailable while checking for an update via "Update Now", the error displayed did not report a helpful message. - Mac/Linux: If the Command Manager was pinned or floating, sending a command to a session did not move focus to the terminal view. - Mac/Linux: When connected to a remote UNIX server using the SFTP tab, uploading a file that contained a colon character as part of the name would have been uploaded to the remote user's home directory instead of the current working directory. - VSFTP (Mac/Linux): When connected to a remote UNIX server, uploading a file that contained a colon character as part of the filename would have been uploaded to the remote user's home directory instead of the current working directory.