VanDyke Software

SecureFX History

          SecureFX(R) 9.5.1 (Official) -- February 27, 2024

            Copyright (C) 1995-2024 VanDyke Software, Inc.
                       All rights reserved.

This file contains the SecureFX product history.  It includes lists of
new features, changes, and bug fixes sorted by release.  For a product
description, installation notes, registration information, and contact
information, please refer to SecureFX_README.txt (downloaded with this 

Changes in SecureFX 9.5.1 (Official) -- February 27, 2024

Vulnerability Fix:

  - Windows/Mac: SecureFX now includes OpenSSL version 3.1.5, which
    addresses CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, and

Bug Fix:

  - Windows: When focus was in the Connect Bar and the Enter key was
    pressed without entering a hostname or session, a connection was
    attempted using the "" hint text as the hostname.

Changes in SecureFX 9.5 (Official) -- January 16, 2024

No changes.

Changes in SecureFX 9.5 (Beta 3) -- December 19, 2023

Vulnerability Fix:

  - SSH2: For some algorithms, an attacker can manipulate the packets
    sent during key exchange to cause some packets to be removed,
    which compromises channel integrity.  A "Strict KEX" extension
    was implemented to address this vulnerability (CVE-2023-48795).
    In order to use the "Strict KEX" extension, the extension must be
    supported by both the client and the server.


  - Mac/Linux: When using a .LIC file to license the product, it can
    now be placed in a location that is common to all users.

Bug Fixes:

  - If SecureFX was launched with an invalid command line, a crash
    could have occurred.

  - When transferring a file to a Cisco system, if the main transport
    was disconnected due to an idle timeout, the transport created for
    the file transfer would have also been disconnected, causing the
    transfer to fail.

  - When parallel transfers were enabled, moving a directory structure
    from a remote system may have failed.

  - When connecting to a session and tabbed mode was disabled, the
    remote session window may have appeared in an unexpected location.

  - Windows: When the application was ran on a new system and a license
    was applied for the current user, the license data may have failed
    to be written to the registry.

  - Mac: When session passwords were saved to the system Keychain,
    attempting to modify the saved password from within SecureFX
    resulted in the password saved in the Keychain being cleared.

  - Mac: On Sonoma, when opening the application help, the help window
    may have been blank.

Changes in SecureFX 9.5 (Beta 2) -- November 21, 2023


  - Information about a session disconnecting immediately when SFTP
    subsystem is unavailable is now logged. 

Bug Fixes:

  - When transferring multiple files in parallel, the transfer
    window may not have shown an accurate count of the files

  - Mac: When opening the font selection dialog, the bold font
    weight was selected by default.

  - Mac/Linux: If a public-key upload was cancelled before the
    operation completed, a crash could have occurred.

Changes in SecureFX 9.5 (Beta 1) -- November 2, 2023

New Features:

  - For FTPS and HTTPS sessions, added TLS certificate validation
    options "Revocation checking enabled" and "Revocation checking
    only uses cache".

  - Added a compatibility mode for Azure Blob SFTP servers, which
    automatically disables SFTP extensions.

  - Passwords for saved credentials can be updated more easily via
    the Tools menu.


  - Hostnames containing multiple "@" characters are now supported,
    which allows jump hosts (e.g., CyberArk) to be specified in the

  - For failed SCP connections, the log message was changed from
    "The remote execute operation has been aborted." to
    "The operation was aborted because the channel closed."

  - Log messages for HTTPS connections no longer show the protocol as
    being HTTP.

  - When standalone SecureFX is installed, the button to launch
    SecureCRT is not shown on the toolbar.

  - SFXCL: When logging to a file, if authentication failed, the
    actual cause of the authentication failure would not have been
    logged to the file.

  - SFXCL: When a move is executed and /tracelevel is set to 2 (or
    higher), the log includes the attempt to delete the file and
    whether or not it succeeded.

  - Windows: When opening the Session Manager, performance may
    have been impacted due to the protocol-specific session icons.
    A "Use Old Session Manager Icons" global INI-only option has
    been added to allow the use of the old generic icons.

  - Windows: The USERNAME environment variable can be embedded
    within a string in the Username field (e.g., %USERNAME%.admin).

Bug Fixes:

  - If a malformed key file was specified as the global public key,
    opening the Global Options dialog resulted in a crash.

  - The "Accept and Save" button was not available when connecting
    to a session with multiple host keys for the same host, which
    resulted in the prompt to accept the host key being displayed
    every time the session connected.

  - When an open session was disconnected and reconnected, the
    directory listing for the current directory was not refreshed.

  - When a cross-platform substitution variable (e.g., VDS_CONFIG_PATH)
    was used as part of the path to a key to load into agent at
    startup, the variable was replaced with the actual path.

  - If SecureFX was opened from the command line with the /Firewall
    option and an instance of SecureFX was already running, the
    specified firewall was not used.

  - When the configuration path was specified on the command line via
    the "/F " option, SecureFX did not honor the option.

  - When opening a SecureCRT session from SecureFX, the "Open in a tab"
    option was not honored.

  - If a session was configured to authenticate with a certificate
    from CAPI or a smartcard and authentication failed, the
    dialog to select a public-key file was displayed instead of the
    dialog to select a certificate.

  - When creating a folder in the Session Manager, if the folder was
    renamed as part of the addition, a secondary folder with the
    original "New Folder" name was also added.

  - When debug logging level 9 was enabled and the Cisco SCP shell
    enable password was entered, the password was not obscured in
    the log output.

  - With a new configuration, both the Quick Connect dialog and the
    Session Manager could have be shown at startup.

  - When SecureCRT and SecureFX were installed integrated and
    the terminal protocol for a session was changed to "Local
    Shell" then back to SSH2, the SSH2 session options page
    could have appeared twice.

  - Windows: When SecureFX was running within SecureCRT's process,
    the applications could have crashed after waking the computer
    from sleep.

  - Windows: If the evaluation period ended and a license was
    applied from the expired license dialog, the application
    did not start automatically when the license wizard was

  - Windows: When using SFXCL to connect to an FTPS or HTTPS host,
    if the connection resulted in a certificate validation prompt,
    the save certificate option was unexpectedly allowed.

  - Windows: If the session database contained a very large number
    of sessions and the Session Manager filter field was used to
    filter the session list, a long delay may have occurred.

  - Windows: When focus was within the Session Manager session view
    or filter field, pressing the Tab key unexpectedly moved focus
    to the local window.

  - Windows: When the Session Manager and Command Manager were docked
    within the same window as tabs, selecting the tab that did not
    have focus may have caused the tabs to switch position.

  - Mac: If a session password saved in the keychain became
    invalid, attempting to save an updated password failed.

  - Mac: On certain open file dialogs (e.g., Select Identity
    Filename, Receive ASCII, etc.), the file type filter was
    not displayed as expected.