VShell(R) Server 3.6.6 (Official) -- April 26, 2011 Copyright (C) 1995-2011 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 3.6.6 (Official) -- April 26, 2011 ---------------------------------------------------- Bug fixes: - VShell could have crashed when a user connected using public-key authentication and there was a passphrase protected private key in the users public-key folder. - VShell FTPS: File transfers to the server could have failed when an SSL alert packet was of a certain size. Changes in VShell 3.6.5 (Official) -- October 28, 2010 ------------------------------------------------------ Bug fixes: - Windows: Under heavy input load, the shell channel could have crashed or mismanaged SSH flow control. - VShell was not parsing the "--" argument that is sent by scp included with OpenSSH 5.4 and later. - VShell could have gotten into a state where it was using 100% of the CPU after an SCP file transfer. - File upload trigger would not fire when an SCP upload was interrupted in some way. - VShell may not have saved changes after editing the RunAS command arguments field. Changes in VShell 3.6.4 (Official) -- August 10, 2010 ----------------------------------------------------- Bug fixes: - VShell would fail to send log messages to syslog if the port configured was already in use on the VShell machine. - File changes made through an SFTP file system drive may not have been saved correctly. - VShell could leak memory when certain SFTP clients transferred several large files in parallel. - Clients that did not support SFTP extensions may not have received a directory listing after connecting to VShell. - Windows: VShell's Control Panel would fail to start when launched from Windows Control Panel on machines with User Account Control (UAC) enabled. - VShell FTPS: In some cases, files uploaded to the server could have been truncated when SSL encryption was used. Changes in VShell 3.6.3 (Official) -- May 11, 2010 -------------------------------------------------- Changes: - Updated VShellConfig usage message and Help page to include all settings that can be excluded or included during an import or export operation. - UNIX: Only logs the "Logging to the BSM failed" message if debug logging is enabled. Bug fixes: - Windows: Public-key authentication could have failed for non-administrative users if VShell was running on a domain controller. - Windows: A crash could have occured if an SFTP client sent file system requests prior to VShell loading the file system environment. - VShell FTPS: Uploading multiple small files could have resulted in some of the files being truncated to zero bytes. - vcp/vsftp: Files that began with "." were not transferred. Changes in VShell 3.6.2 (Official) -- March 11, 2010 ---------------------------------------------------- New features: - VShell FTPS: When generating a self-signed certificate, a key size of either 1024 or 2048 can now be specified. Changes: - The VShell version in the Windows uninstall "DisplayVersion" registry key now contains the point release number in addition to the major and minor version numbers. - Windows: Updated the sample installer answer file that is included in the VShell Help. Bug fixes: - On Windows 2000, an incorrect file size was logged when files greater than 4GB were transferred. - Windows: VShell could have crashed when certain SFTP clients connected and the user's profile was not being loaded. - VShell FTPS: A crash could have occurred if the connection was unexpectedly killed during a transfer. Changes in VShell 3.6.1 (Official) -- January 21, 2010 ------------------------------------------------------ Bug fixes: - VShell FTPS: The server could have crashed when a connection was closed after multiple failed data connections. Changes in VShell 3.6 (Official) -- December 10, 2009 ----------------------------------------------------- No changes. Changes in VShell 3.6 (Beta 5) -- December 3, 2009 -------------------------------------------------- Changes: - VShell FTPS: The connect string sent to the client now includes the version of the server. Bug fixes: - Windows: VShell could temporarily stop accepting incoming connections while large roaming profiles were unloaded after disconnect. Changes in VShell 3.6 (Beta 4) -- November 11, 2009 --------------------------------------------------- Changes: - VRALib: Added the function "GetConfigValue" to the Connection object which when called with the string "Enable FIPS Mode" will allow a VRALib script to determine whether or not FIPS mode is enabled. Bug fixes: - Removing a user from the Virtual Root access control list could have caused the path and alias fields to be cleared. - VShell FTPS: Authentication of VShell internal user database users could have failed even with a valid password. Changes in VShell 3.6 (Beta 3) -- October 29, 2009 -------------------------------------------------- New features: - Added an option to control the preferred SFTP version sent to the client. Some clients have the ability to renegotiate the SFTP version after the connection is established, which will override this server setting. Bug fixes: - Fixed VShell's WMI provider to prevent future backwards compatibility problems. Changes in VShell 3.6 (Beta 2) -- October 15, 2009 -------------------------------------------------- Changes: - vcp/vsftp/vsh: When an RSA key is used for authentication, only the private key is required, which makes it easier to use Amazon EC2 keys. Bug fixes: - Windows: VShell was leaking memory when the service was shutdown. - VRALib: A script that read an ASCII file could cause all memory to be consumed, which caused the script to crash. - VRALib: All instances of "Hostkey" were changed to "HostKey". Changes in VShell 3.6 (Beta 1) -- October 1, 2009 ------------------------------------------------- New features: - X-command and X-subsystem private use headers in public-key files are now supported. This provides the ability to restrict a user to a particular command or subsystem when a specific public key is used for authentication. - Environment variables can now be set via the SSH2 protocol. - Windows: The 64-bit version of VShell now uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which uses the validated cryptographic library and only allows FIPS-approved algorithms. The 32-bit version of VShell has supported FIPS mode since version 2.6. - Windows: VShell internal user database users can now connect using public-key authentication. - Windows: When using x.509 certificate authentication, the User Principal Name can now be retrieved from the certificate's Subject Alternative Name field. This allows an alternative to using username certificate map files. - Windows: Option to only load user profiles that are set to local. - Windows: The Kerberos Protocol Transition option is now available through the VShell Control Panel Authentication page. - Windows: VShellConfig can now modify Access Control and Virtual Root settings for users from VShell's internal user database. - VShell FTPS: An alternate IP address can now be sent for PASV data connections. - VShell FTPS: Wildcards are now supported during file listings. - VShell FTPS: A range of ports VShell FTPS uses for data connections can now be specified on the FTPS page of the VShell Control Panel. - VShell FTPS: A Certificate Signing Request (CSR) file is now generated when the VShell administrator creates a self- signed certificate from the Control Panel. - VShell FTPS: The expiration date can now be specified when creating a self-signed certificate used by the FTPS server. - UNIX: vshelld login and logout events can now be audited using the Solaris Basic Security Module (BSM). - UNIX: File based logging can now be configured by specifying the log folder location. - UNIX: W3C Extended Log File format can now be used when file based logging is enabled. - VRALib is a library that allows SSH2 connections to be scripted from Windows. The API functions can be called from VBScript, C++, or any scripting platform that supports COM. - vcp/vsftp: Added support for moving files (--move). In vsftp, --move can be specified as an argument to get and put. - vcp/vsftp: Added the flag --http-proxy, which allows an unauthenticated http proxy to be used during connection. - vsftp: Added the flag --nopreserve, which specifies that the file permissions and timestamp should not be preserved. - vkeygen: Added the flag --capi, which can be used during a key generation or passphrase change operation to specify that the private key should be encrypted using MS CAPI instead of a passphrase. Changes: - Windows: Internal user database authentications are now logged in more detail. - Windows: The default value for the "Automatically delete log files older than days" option was changed from 30 days to 90 days. - Windows: A .pfx file extension is now automatically appended to self-signed certificates created from the VShell Control Panel. - Windows: The Deny Host filename edit box was enlarged to use all available space. Bug fixes: - The session ID was not logged for some public-key authentication messages. - Incorrect file size was logged when files greater than 4GB were transferred. - VShell SCP would sometimes send an exit status after the channel had been closed. - Windows: VShell could potentially hang if loading the user's profile failed. - Windows: Public-key authentication could fail if the domain controller did not respond to requests in a reasonable amount of time. - Windows: The Windows shell prompt may not have been displayed on some connections. - Windows: An incorrect error about file permissions was logged when the specified user database file did not exist. - Windows: Connections would appear to hang when a command was remotely executed and "Remote Execution" access had been denied. - Windows: The Apply button on the Virtual Roots and RunAs Command dialogs was not disabled after changes had been applied. - Windows: The LSA authentication module did not honor the W3C logging format option. - Windows: When two Virtual Roots with different aliases pointed to the same physical location, only the first would be available. - Windows: VShellConfig failed to export Access Control and Virtual Root configurations that included internal database users. - Windows: VShellConfig was not logging an error when a configuration import failed due to an installation directory conflict. - Windows FTPS: Incorrect reply codes were sent in response to some FTP commands. - Windows: VShell SCP transfers would fail if an MSDOS style path was used. - VShell FTPS: Commands sent by the client were not being logged. - UNIX: Ulimit values were incorrect for some users on some platforms. - UNIX: The vshelld PAM configuration file on RHEL 5 systems was specifying the use of a deprecated PAM module. - vkeygen: Generated keys could not be saved in the root of a physical drive.