SecureFX(R) 9.4.3 (Official) -- December 19, 2023 Copyright (C) 1995-2023 VanDyke Software, Inc. All rights reserved. This file contains the SecureFX product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration information, and contact information, please refer to SecureFX_README.txt (downloaded with this installation). Changes in SecureFX 9.4.3 (Official) -- December 19, 2023 --------------------------------------------------------- Vulnerability Fix: SSH2: For some algorithms, an attacker can manipulate the packets sent during key exchange to cause some packets to be removed, which compromises channel integrity. A "Strict KEX" extension was implemented to address this vulnerability (CVE-2023-48795). In order to use the "Strict KEX" extension, the extension must be supported by both the client and the server. Changes in SecureFX 9.4.2 (Official) -- November 14, 2023 --------------------------------------------------------- New Feature: - Added a compatibility mode for Azure Blob SFTP servers, which automatically disables SFTP extensions. Bug Fixes: - Windows: If a connection error occurred during the early stages of key exchange, SecureCRT could have crashed. - Windows: If the "Hide Session ANSI Color Page" global INI-file-only option was disabled, opening the Session Options dialog resulted in a crash. - Windows: When opening the Session Manager, performance may have been impacted due to the protocol specific session icons. A "Use Old Session Manager Icons" global INI-file-only option has been added to allow the use of the old generic icons. Changes in SecureFX 9.4.1 (Official) -- July 18, 2023 ----------------------------------------------------- Vulnerability fix: - Updated the included OpenSSL library to version 3.0.9, which addresses a relatively low-risk vulnerability related to processing X.509 certificates. The library update also addresses an issue where Windows 11 Defender reported libcrypto-3-x64.dll as vulnerable. Changes in SecureFX 9.4 (Official) -- June 8, 2023 -------------------------------------------------- No changes. Changes in SecureFX 9.4 (Beta 3) -- May 2, 2023 ----------------------------------------------- Bug Fixes: - When SFXCL was run with both the /Password and "/S " options and the specified session used a saved credential for authentication, the password in the saved credential could have been cleared. - When attempting to download a file from a Cisco system in which the user did not have the appropriate privilege, an empty file was created on the local system and the transfer was reported as successful. - Mac: When scrolling a large file listing in the local or remote window, SecureFX could have become sluggish. Changes in SecureFX 9.4 (Beta 2) -- April 13, 2023 -------------------------------------------------- No changes. Changes in SecureFX 9.4 (Beta 1) -- March 28, 2023 -------------------------------------------------- New Features: - A new option allows OpenSSL to be used for TLS connections, providing support for TLS 1.3 on Windows 10 as well as better compatibility with FTPS, HTTPS, and servers using OpenSSL. - Added the ability to manually accept or reject an unrecognized certificate for TLS sessions. - Added the ability to configure a sound that gets played when a synchronization operation completes. - Added the ability to open the containing folder for transferred files from the Transfer Queue context menu. - Added a session option to suppress the expired certificate warning. - Windows: Added a "System" display theme, which uses a light or dark display theme depending on whether the system set to Light or Dark Mode. - Windows: The icons used for sessions in the Session Manager and Connect dialog reflect the session's protocol. - Windows: For Windows 11, FTP/TLS, and HTTPS sessions now support TLS 1.3. - Windows: If the global option "Use OpenSSL for TLS" is set, OpenSSL will be used when an SSL certificate is created. - Windows: Added support for using x509v3-ecdsa-sha2* algorithms from RFC 6187 for keys stored in a .pfx or .p12 file. - Windows: Added an administrative option that prevents host keys from being saved. - Windows: Added an administrative option to migrate silently when the configuration settings need to be migrated. - Mac/Linux: Added support for creating self-signed certificates. Changes: - If an ad hoc session launched from Quick Connect, the connect bar, the command line, etc. prompts for a username, saved credentials can be used in the prompt. - For new installations, the option to always show filenames as UTF8 is on by default. - The license serial number is now included in trace output for SecureFX and SFXCL. - SFXCL: A /Version flag has been been added, which shows version information about SFXCL. - Windows: If the global option "Use trackable insertion caret" is set, when "Enter Passphrase" dialog is opened, focus is placed on the first radio button. Bug Fixes: - When transferring files over an FTPS connection, SecureFX and/or SFXCL could have crashed. - Under certain circumstances, when SecureFX was launched from the SecureCRT toolbar icon, SecureFX could have crashed. - Under rare circumstances, when a TLS connection was shutdown, SecureFX could have crashed. - When downloading a large file or directory structure over an FTPS connection, the file transfer could have hung. - When connecting to an OpenSSH server, if the password contained Unicode characters, authentication may have failed. - When connecting to an HTTP session that is redirected by the server to an HTTPS address, the connection could have failed with a "302 found" error. - When SecureCRT and SecureFX are integrated, if the "Store personal data separately" option was toggled, the configuration could have been migrated while one of the applications was still running. - When transferring files using the SCP protocol, if the network connection was interrupted, the transfers did not resume gracefully. - Windows: When FIPS mode was enabled, sessions that were migrated from an older version of the application may not have had the AES-CTR ciphers enabled. - Windows: After upgrading from SecureFX 9.2 to SecureFX 9.3, attempting to connect a session that uses CAPI or PKCS#11 for public-key authentication may have reported an error that the specified certificate was not found. - Windows: When launching from the command line with the /S session option, if the "Default" session was specified, a hostname prompt was displayed and the hostname entered was unexpectedly saved to the default session configuration. - Windows: When connecting to a Pragma Fortress server that was configured to use a X.509 host key, the connection failed due to a host key validation error. - Windows: If there were multiple certificates in CAPI that originated from smart cards and at least one of those smart cards was not available to the system, authenticating with a specific certificate in which the smart card was available could have resulted in an error requesting the selection of a different smart card device. - Windows: When opening a remote file via the "Open With..." dialog, certain applications (e.g., UltraEdit) may not have been listed on the dialog. - Windows: When the mouse-over pop-up was displayed for a session while an auto-hidden Session Manager was expanded, the pop-up was not dismissed after connecting to the session. - Windows: When opening SecureFX from a connected local shell session within SecureCRT, an error was displayed by SecureFX regarding the local shell session being invalid. - Windows: When moving the position of a list item (e.g., Cipher, MAC) using keyboard shortcuts, if the up or down button became disabled (due to the item being at the top most or bottom most position), the dialog itself lost keyboard focus. - Windows: If the toolbar item "Connect Bar" was resized, the new size was not saved and the old size was used when the application restarted. - Windows: If the digital signature failed to verify when launching the application, the error dialog displayed may not have shown the actual error. - Mac/Linux: Under certain circumstances, when checking if there was a crash to report at startup, the application could have hung. - Mac/Linux: When authenticating using an OpenSSH trusted certificate with the rsa-sha2-512-cert-v01@openssh.com algorithm, authentication could have failed. - Mac/Linux: When using the Session Manager, if a change to the session database was made on disk, closing and re-opening the Session Manager did not show those changes. - Mac: When connecting to an FTPS or HTTPS server and the server's certificate was self-signed, though stored in the user or system trusted certificate store, SecureFX would not validate the certificate. - Linux: On certain systems, when uploading a large number of files over an FTPS connection, the transfer may not have completed successfully. - Linux: When creating a TLS certificate, the Select Certificate File dialog appended both file extensions (*.pfx, *.p12) listed in the filter list to the base filename.