VShell(R) Server 4.1.2 (Official) -- October 13, 2015 Copyright (C) 1995-2015 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 4.1.2 (Official) -- October 13, 2015 ------------------------------------------------------ Changes: - UNIX: Prevent authentication by the root user if the DenyRoot option is enabled. Previously, the connection was rejected after authentication. Bug fixes: - Windows: The %USER% substitution variable was not resolved correctly when specified as the alias for a virtual root that was also the user's home directory. - A VShellConfig export operation would not always export all configured virtual roots. - A VShellConfig import operation using the "--install-dir" option to specify the current installation directory would not update the path of all configuration options. - SFTP connections were not sending the exit status as recommended in RFC 4254. - The command-line tools (vsh, vsftp, vcp) were not logging the new host key message to the log file. Changes in VShell 4.1.1 (Official) -- July 14, 2015 --------------------------------------------------- Vulnerabilities: - On Mac OS X, VShell FTPS now includes OpenSSL version 1.0.1o which addresses the TLS "Logjam" vulnerability. Please refer to the following pages for details: https://www.openssl.org/news/secadv_20150611.txt https://weakdh.org/ Changes: - In light of a potential vulnerability with SSH key exchange, similar to the TLS Logjam vulnerability, the diffie-hellman group1 key-exchange algorithm is no longer enabled by default and all 1024 bit primes have been removed from VShell's primes.txt file. Bug fixes: - Windows: Upgrading to VShell 4.1 from some older versions of VShell may not have correctly updated the public-key authentication module, causing public-key authentication to start failing. - Windows: VShell Monitor could have leaked memory when the application was left running while connections were coming into the server. - Windows: In rare circumstances, VShell could crash if multiple connections were attempting to load the same subconfiguration file simultaneously. - UNIX (Solaris): On servers that experience heavy load, vshelld could have stopped logging to syslog. Changes in VShell 4.1 (Official) -- May 5, 2015 ----------------------------------------------- Bug fixes: - UNIX: Files larger than two gigabytes could not be uploaded to VShell on AIX. Changes in VShell 4.1 (Beta 3) -- April 21, 2015 ------------------------------------------------ Bug fixes: - Windows: VShell FTPS could leak memory when a PORT data connection could not bind to the default source port. - Windows: In rare circumstances, VShell could crash if a session was disconnected while authentication was in process. - Windows: Modifications made to exisiting RunAs commands in the VShell Control Panel were not saved. - On certain UNIX platforms, if vshelld was configured to use subconfigurations, incoming connections could fail. Changes in VShell 4.1 (Beta 2) -- April 2, 2015 ----------------------------------------------- New features: - UNIX: Support for FreeBSD 10 has been added. - UNIX: Support for Ubuntu 14 has been added. Changes: - International domain name support is now provided by a native Microsoft API. Due to this change, Windows XP and Windows Server 2003 are no longer supported platforms. Bug fixes: - Windows: If the VShell log file could not be created at server startup or during log rotation, no data would be logged until the server was restarted. Changes in VShell 4.1 (Beta 1) -- March 10, 2015 ------------------------------------------------ New features: - Windows: File upload, download, and rename triggers now include a trigger action that allows the file to be transferred to a subsequent destination using the SFTP protocol. - Windows: User group support has been added to the VShell internal user database. - The ability to generate and use Elliptic Curve Digital Signature Algorithm (ECDSA) host keys has been added. - Support for Elliptic Curve Diffie-Hellman (ECDH) and diffie-hellman-group-exchange-sha256 key-exchange algorithms has been added. - The ability to generate and use RSA keys up to 16,384 bits has been added. - Windows: The virtual root a connecting user initially lands in can now be specified. This is useful for users with access to multiple virtual roots with a need to land in a specific one. - Windows: VShell can now check to see if a newer version of VShell is available and, if there is, optionally download and install it. - VShell now has an option that allows uploaded files to be timestamped with the current server time instead of preserving the existing file timestamp. - Windows: The ability to configure user groups has been added to the VShellConfig command line utility. - Windows: An option to launch all remote exec commands through the configured command shell has been added. - Windows: The VShell configuration can now be monitored for changes using Windows "Object Access" auditing. - Windows: VShell trigger actions can now be configured to run as a different user. - Windows: VShell FTPS adds the ability to use certificates that are password protected. - Windows: User subconfiguration support has been extended to include users from the internal database. - Windows: An option to restrict username lookups to the local user database and local system accounts if the username did not include a domain specification has been added. - UNIX: VShell now tracks failed authentications by IP address. Once an IP address has been added to the Deny Hosts file, VShell will not allow future connections from that address. - UNIX: Support for Red Hat Enterprise Linux 7 has been added. Changes: - Windows: VShell will now offer to create the specified deny hosts file if it does not exist. - Windows: A progress bar is now displayed on the host key generation dialog. - Windows: VShellConfig import now includes a "--overwrite" option that causes any existing files (e.g., host key files, deny host files, etc.) to be replaced with those embedded in the XML file. - Windows: The sorting order of the Virtual Roots in the VShell Control Panel is now preserved between instances. The roots can be sorted based on path, alias, or comment, and this sorting will determine the order in which the roots are presented to the user. - Added a compatibility mode to work around an issue in Avaya SFTP/SCP client software. - The virtual root alias name, along with the real path, is now logged for the connecting user's home directory. - Windows: Timing statistics were added to VShell debug logging for username lookup and authentication system calls. - UNIX: X.509 certificate and host key support has been removed from all UNIX based platforms. - vsftp: Added an option --no-flock, which turns off locking on local files for uploads and downloads. This prevents a potential hang if the source file is located on mounted storage, such as EMC NFS. Bug fixes: - Windows: VShell running on high traffic systems with limited thread resources could experience short periods of time where incoming connections were not accepted. - Windows: Changing the name of an internal user was not immediately propagated throughout the configuration. - Windows: VShellConfig could not be used to export or import a configuration if MSXML 3.0 had been removed from the system. - Windows: VShell may have logged "The system cannot find message text for message" after some download triggers were fired. - Windows: VShell would create registry entries for FTPS listen addresses when that service was not installed. - Windows: A trigger condition that used a virtual root alias of %USER% would never match due to %USER% being resolved to the actual username before the comparison. - Windows: Newlines in the body of a send email trigger action could be lost if the configuration was exported and imported using VShellConfig. - Windows: Quote characters explicitly placed in a send email trigger message body may have been removed. - UNIX: VShell would not correctly handle files or folders that had backslashes as part of their name.