VanDyke Software

SecureFX History


            SecureFX(R) 9.3 (Official) -- November 3, 2022

            Copyright (C) 1995-2022 VanDyke Software, Inc.
                       All rights reserved.


This file contains the SecureFX product history.  It includes lists of
new features, changes, and bug fixes sorted by release.  For a product
description, installation notes, registration information, and contact
information, please refer to SecureFX_README.txt (downloaded with this 
installation).


Changes in SecureFX 9.3 (Official) -- November 3, 2022
------------------------------------------------------

Vulnerability addressed:

  - An external report claims that when using a brute-force attack,
    sensitive data, such as passwords, stored in the SecureCRT or
    SecureFX configuration without a configuration passphrase or with
    a weak configuration passphrase can be cracked in a relatively
    short amount of time.  Direct access to the configuration data is
    required in order to exploit this vulnerability.


Changes in SecureFX 9.3 (Beta 5) -- October 25, 2022
----------------------------------------------------

Changes:

  - Windows: Allow the use of ssh-rsa and ssh-dss algorithms for
    signature verification when FIPS mode is enabled.

Bug Fixes:

  - When authenticating with a public key that was invalid for the
    remote host, the key would be retried twice before falling back
    to the next authentication method.

  - When parsing an FTP server's 220 response string for the server's
    time specification, if the response string did not contain that
    information, SecureFX could have crashed.

  - When SecureFX was launched from an instance of SecureCRT that
    had a Local Shell session opened, SecureFX unexpectedly prompted
    for a hostname.

  - If a session file was renamed or deleted on disk while the
    application was running, raising the context menu for the
    session from within the Session Manager could result in a crash.


Changes in SecureFX 9.3 (Beta 4) -- September 29, 2022
------------------------------------------------------

Bug Fixes:

  - When merging a personal data configuration folder back into the
    main configuration, the operation could have failed due to a
    mismatch of session files that should have been ignored.

  - Windows: When moving the position of an authentication method
    using keyboard shortcuts, if the up or down button became
    disabled (due to the method being the topmost or bottom most
    position), the dialog itself lost keyboard focus.


Changes in SecureFX 9.3 (Beta 3) -- August 16, 2022
---------------------------------------------------

Bug Fixes:

  - If an SFTP connection was interrupted and re-established during a
    file transfer, the transfer did not continue as expected and
    interaction with the remote session was not possible.

  - When connecting to an Amazon S3 session that had an initial
    directory specified that included a trailing "/" character, the
    contents of the initial directory were not displayed.

  - If the value of the "Firewall Name" option in the session .INI
    file was empty, connecting to the session with SecureFX resulted
    in a "Firewall was not found in the database" error.

  - When the application license was stored in a license file (.lic)
    and the license data was included in a configuration export,
    importing the license on another machine may not have worked as
    expected.

  - When connecting to a remote system using a URL (e.g.,
    sftp://hostname), if the password was specified as part of the URL,
    the password was not obfuscated in the SecureFX log view or log
    file.

  - Windows: Under certain circumstances, the SFXCL process could hang
    during HTTP operations.

  - Windows: When starting the application using an alternate
    configuration path (via the /F command-line option), if the
    Global.ini file in the alternate location was incomplete, the
    Global.ini file in the default configuration location was reset.

  - Mac: On Monterey and later systems, if the application crashed
    and produced a core dump, the crash reporter dialog reported that
    no core dump was available.


Changes in SecureFX 9.3 (Beta 2) -- July 19, 2022
-------------------------------------------------

New Feature:

  - Windows: The Global Options and Session Options dialogs can be
    resized and the size is remembered.

Changes:

  - In the Session Options dialog, the column widths for the Keywords
    table in the Keyword Highlighting category are remembered.

  - The Manage Agent Keys dialog can be resized and the size is
    remembered.

Bug Fixes:

  - If SecureFX was installed as a standalone application and the
    New Session wizard was used to create a session, SecureFX
    crashed.

  - Windows: The Help Search tab did not work.


Changes in SecureFX 9.3 (Beta 1) -- June 28, 2022
-------------------------------------------------

New Features:

  - Added an option to check for updates automatically at startup.

  - Added the ability to duplicate a session in the Session Manager
    or Connect dialog.

  - Added an option that forces a prompt for the hostname when the
    session connects.

  - Added the ability to use the algorithms
    rsa-sha2-512-cert-v01@openssh.com and
    rsa-sha2-256-cert-v01@openssh.com as OpenSSH certificate types.

  - SSH2: Added support for using the x509v3-rsa2048-sha256 algorithm
    for authentication (RFC 6187).

  - Windows: Added support for using rsa-sha2-256 and rsa-sha2-512
    public-key algorithms as raw SSH2 keys for CAPI certificates
    (RFC 8332).

  - Windows: Added support for using x509v3-ecdsa-sha2* algorithms
    from RFC 6187 for keys in the CAPI store and as raw SSH2 keys.

  - Windows: Added an administrative option that suppresses the
    prompt for a configuration passphrase the first time the
    application runs.

Changes:

  - For new installations, the Session Manager is on by default.

  - The number of sessions that can be opened simultaneously before a
    warning is displayed can now be configured.

  - SSH2: Trace output for the host key now includes the type and
    size.

  - SSH2: The View Host Key dialog now includes the type and size
    for the selected host key.

Bug Fixes:

  - When connecting to an Arista switch, the file listing may not have
    been displayed as expected.

  - Windows: When selecting a recent session from the SecureFX taskbar
    icon, the session did not open as expected.

  - Windows: When selecting the "Connect..." or "Quick Connect..."
    options from the SecureFX taskbar icon, the expected dialog was
    not displayed.

  - Windows: When authenticating with a certificate from the
    personal CAPI store, if the "Use certificate as raw SSH2 key"
    option was enabled, the key was not correctly added to agent
    and a subsequent connection could fail with an agent signature
    error.

  - Windows: Multiple CAPI errors could have been reported when
    attempting to display a certificate fingerprint if the
    fingerprint for any certificate could not be obtained.

  - Windows: If the signature failed to verify for the protocol or
    Python DLLs, the file path displayed on the warning dialog may
    have been cut off.

  - Mac: If a network connection was unavailable while checking for
    an update via "Update Now", the error displayed did not report a
    helpful message.

  - Mac/Linux: When an SFTP session was connected to a remote UNIX
    server, uploading a file that contained a colon character as part
    of the filename would have been uploaded to the remote user's
    home directory instead of the current working directory.