SecureCRT(R) 9.4.3 (Official) -- December 19, 2023 Copyright (C) 1995-2023 VanDyke Software, Inc. All rights reserved. This file contains the SecureCRT product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration information, and contact information, please refer to SecureCRT_README.txt (downloaded with this installation). Changes in SecureCRT 9.4.3 (Official) -- December 19, 2023 ---------------------------------------------------------- Vulnerability Fix: SSH2: For some algorithms, an attacker can manipulate the packets sent during key exchange to cause some packets to be removed, which compromises channel integrity. A "Strict KEX" extension was implemented to address this vulnerability (CVE-2023-48795). In order to use the "Strict KEX" extension, the extension must be supported by both the client and the server. Changes in SecureCRT 9.4.2 (Official) -- November 14, 2023 ---------------------------------------------------------- Bug Fixes: - When zooming the session font, the top rows of the view may have been hidden. - Windows: If a connection error occurred during the early stages of key exchange, SecureCRT could have crashed. - Windows: If the "Hide Session ANSI Color Page" global INI-file-only option was disabled, opening the Session Options dialog resulted in a crash. - Windows: When opening the Session Manager, performance may have been impacted due to the protocol specific session icons. A "Use Old Session Manager Icons" global INI-file-only option has been added to allow the use of the old generic icons. - Mac: On Sonoma, after dismissing the font selection dialog, SecureCRT would hang. - Mac: When opening an ad-hoc local shell session, the system hostname was no longer used for the tab label. Changes in SecureCRT 9.4.1 (Official) -- July 18, 2023 ------------------------------------------------------ Vulnerability Fix: - Updated the included OpenSSL library to version 3.0.9, which addresses a relatively low-risk vulnerability related to processing X.509 certificates. The library update also addresses an issue where Windows 11 Defender reported libcrypto-3-x64.dll as vulnerable. Bug Fixes: - When using the Button Bar Manager to duplicate or rename an existing button bar, the buttons on the copied/renamed button bar may have been lost. - When zooming the session font, the top rows of the view may have been hidden. - When a connected session was configured to use the "System Color Scheme" color scheme and the system color mode was changed, the session's color scheme did not update as expected. - Windows: When the local shell arguments and/or initial folder options were set in the default local shell session, those settings were not used by new local shell sessions. - Mac: When the system was connected to an external high-resolution monitor and then the computer went to sleep and/or the external monitor was disconnected, the Session Manager and Command Manager auto-hidden tabs could disappear. Changes in SecureCRT 9.4 (Official) -- June 8, 2023 --------------------------------------------------- No changes. Changes in SecureCRT 9.4 (Beta 3) -- May 2, 2023 ------------------------------------------------ Bug Fix: - When certain options that should not have affected the window size were changed, the window unexpectedly resized. Changes in SecureCRT 9.4 (Beta 2) -- April 13, 2023 --------------------------------------------------- Change: - Added a session INI-file-only option that allows the maximum RDP version to be specified for an RDP session so that connecting and resizing work correctly if the remote system is running an older version of RDP. Bug Fixes: - When SecureCRT was launched from the command line with just the /Script option, the specified script did not run. - When raw logging was enabled, data shown in the view may have been duplicated in the log file. - Mac: When opening the built-in SecureCRT help, the help content failed to load. - Linux: When attempting to print or view the printer configuration page, SecureCRT may have disabled all printing even when a valid printer was configured on the system. Changes in SecureCRT 9.4 (Beta 1) -- March 28, 2023 --------------------------------------------------- New Features: - Added a system color scheme, which uses a light or dark color scheme for the session depending on whether the system is using Light Mode or Dark Mode. - Added support for Python 3.11. - An optional description can be added to a button on a button bar or a command in the Command Manager. The description is shown in the status bar and hover text. - Added the ability to specify saved credentials, a port number, and a session description when doing a text file import. - Added the ability to rename a keyword list for keyword highlighting. - Added a session option to suppress the expired certificate warning. - Added a session option to ignore bracketed paste mode. - Windows: Added a "System" display theme, which uses a light or dark display theme depending on whether the system set to Light or Dark Mode. - Windows: The icons used for sessions in the Session Manager and Connect dialog reflect the session's protocol. - Windows: Added the ability for RDP sessions to redirect the following: audio, printers, clipboard, keyboard shortcuts. - Windows: Added support for using x509v3-ecdsa-sha2* algorithms from RFC 6187 for keys stored in a .pfx or .p12 file. - Windows: Added an administrative option that prevents host keys from being saved. - Windows: Added an administrative option that disallows the anti-idle capabilities. - Windows: Added an administrative option to migrate silently when the configuration settings need to be migrated. - Windows: For Windows 11, FTP/TLS, and HTTPS sessions now support TLS 1.3. - Linux: Added support for Python 3.10. Changes: - If an ad hoc session launched from Quick Connect, the connect bar, the command line, etc. prompts for a username, saved credentials can be used in the prompt. - The Text Import Wizard dialog can be resized and the size is remembered. - The Button Bar and Selected Key dialogs can be resized and the size is remembered. - The Map Selected Key, Map Button, and Command Properties dialogs can be resized. - It's now possible for a script to close the tab that started the script. - In the Global Options dialog, the options for setting the tab width are more intuitive. - The TFTP server now validates the upload and download folder paths when it starts and displays a prompt if the folders don't exist. - When a TFTP upload or download folder path is being validated, the prompt that asks if the folder should be created can be canceled, allowing the folder path to be changed. - When a folder that doesn't exist is specified as the TFTP upload or download folder, the user is given the option to create it. - Parameter substitutions are supported in the TFTP server log file name. - If the system blink rate is set to None, the cursor is displayed regardless of the value of the session option "Blinking". - The option to ignore shift out (\016) escape sequences can be set in the Session Options dialog. - For new installations, the global option "Preserve window size when opening sessions" is on by default. - If a script attempts to connect an RDP session, an error is now reported. - OpenSSH keepalive messages are only displayed in trace output when the trace level is greater than or equal to 3. - The license serial number is now included in trace output. - Windows: If the global option "Use trackable insertion caret" is set, when "Enter Passphrase" dialog is opened, focus is placed on the first radio button. - Mac: The command-line tools are now included in the DMG installer. - Linux: The command-line utilities are now included in the installer. Bug Fixes: - When using the "New Session Wizard" to create a local shell session, the name of an existing session could have been specified, causing the existing session to be overwritten. - When SecureCRT and SecureFX are integrated, if the "Store personal data separately" option was toggled, the configuration could have been migrated while one of the applications was still running. - When connecting to an OpenSSH server, if the password contained Unicode characters, authentication may have failed. - If the Command Window's send mode was set to "Visible Sessions" and SecureCRT is started in tiled mode, the send mode was changed to "Send commands to active session". - When modifying the Default session and choosing to apply the change to all saved sessions, the change was unexpectedly applied to the default local shell session. - The Default session was loaded as a session if its Terminal protocol did not require a hostname and an invalid session was specified on the command line. - When keyword highlighting was enabled, words were not highlighted when they scrolled past the current view. - When keyword highlighting was enabled, not all phrases were highlighted as expected. - When a large amount of data was scrolling in the terminal view, the data flow may have appeared jumpy. - When attempting to send "\\w" or "\\s" strings from a logon action, if a saved credential was in use, incorrect data was sent. - If a blinking cursor was disabled at the system level, text that would have been shown blinking may not have been visible. - When downloading a file using ZModem, the terminal prompt may not have been shown after the transfer completed. - When importing sessions from a file, if an unknown protocol and Credentials were specified, the import had indeterminate results. - If a script was run with arguments from the Button Bar or Command Manager, running the same script from the Script menu did not clear the previously specified arguments. - When a disconnected session tab was reused by a different session, the font from the disconnected session was used. - When SecureCRT was launched from the command line with a save session, if any other options were specified along with the session name (e.g., /P ), SecureCRT displayed an error about a hostname being required. - VSFTP: If file locking failed when referencing a public-key file on an NFS mount, the key would not have been used. - Windows: If an RDP session that was connected via a script was closed and a non-RDP session was then connected, SecureCRT could have crashed. - Windows: When importing settings from a text file, if the Text Import Wizard dialog was closed during the import, SecureCRT could have crashed. - Windows: Under unknown circumstances, when attempting to use a button on the Button Bar, SecureCRT could have crashed. - Windows: Under rare circumstances, when launching SecureFX from a SecureCRT window, SecureFX could have crashed. - Windows: When using the JAWS screen reader, characters displayed in the terminal were not always read as expected. - Windows: When launching from the command line with the /S session option, if the "Default" session was specified, a hostname prompt was displayed and the hostname entered was unexpectedly saved to the default session configuration. - Windows: When a remote server rejected a shell request, SecureCRT displayed an error dialog and if that dialog was not dismissed, subsequent connections stalled during authentication. - Windows: If the customize toolbar dialog was opened while there were multiple top-level windows, SecureCRT could have hung. - Windows: When FIPS mode was enabled, sessions that were migrated from an older version of the application may not have had the AES-CTR ciphers enabled. - Windows: After upgrading from SecureCRT 9.2 to SecureCRT 9.3, attempting to connect a session that uses CAPI or PKCS#11 for public-key authentication may have reported an error that the specified certificate was not found. - Windows: If there were multiple certificates in CAPI that originated from smart cards and at least one of those smart cards was not available to the system, authenticating with a specific certificate in which the smart card was available could have resulted in an error requesting the selection of a different smart card device. - Windows: When connecting to a Pragma Fortress server that was configured to use a X.509 host key, the connection failed due to a host key validation error. - Windows: If the "Use Windows copy and paste hotkeys" option was enabled for the Default session, using "Ctrl+v" to paste into the connect bar stopped working after an initial paste operation. - Windows: The "Answerback" and "Terminal type" session options could never be enabled. - Windows: When connected to an xrdp server on certain Linux distributions (e.g., Debian 11), resizing the window could have resulted in SecureCRT becoming unresponsive for several seconds. - Windows: When the mouse-over pop-up was displayed for a session while an auto-hidden Session Manager was expanded, the pop-up was not dismissed after connecting to the session. - Windows: On the session options Logon Actions page, using the mnemonic for the "Arguments" field when the field was disabled could have caused the dialog to unexpectedly close. - Windows: When certain dialogs were displayed for a connected session, output within that session stalled until the dialog was dismissed. - Windows: When using the backspace key in a Local Shell session, whole words were deleted at a time instead of single characters. - Windows: When opening SecureFX from a connected local shell session within SecureCRT, an error was displayed by SecureFX regarding the local shell session being invalid. - Windows: If the toolbar item "Connect Bar" was resized, the new size was not saved and the old size was used when the application restarted. - Windows: When moving the position of a list item (e.g., Cipher, MAC) using keyboard shortcuts, if the up or down button became disabled (due to the item being at the top most or bottom most position), the dialog itself lost keyboard focus. - Windows: If the digital signature failed to verify when launching the application, the error dialog displayed may not have shown the actual error. - Mac/Linux: If the "Initial send commands to" global option was set to "Visible Sessions" and SecureCRT started in tiled window mode, sending a command from the Command Window could have resulted in a crash. - Mac/Linux: Under certain circumstances, when checking if there was a crash to report at startup, the application could have hung. - Mac/Linux: When authenticating using an OpenSSH trusted certificate with the rsa-sha2-512-cert-v01@openssh.com algorithm, authentication could have failed. - Mac/Linux: When the default Local Shell session was configured to automatically open at startup, the Local Shell session was not opened. - Mac/Linux: When using the Session Manager, if a change to the session database was made on disk, closing and re-opening the Session Manager did not show those changes. - Mac: When multiple SecureCRT windows were open and one of the windows was closed while the toolbar was toggled on or off, SecureCRT could have crashed. - Linux: When the operating system was suspended while there were connected sessions, the sessions' connection state did not update as expected. - Linux: When creating a TLS certificate, the Select Certificate File dialog appended both file extensions (*.pfx, *.p12) listed in the filter list to the base filename.