SecureFX(R) 9.5.1 (Official) -- February 27, 2024
Copyright (C) 1995-2024 VanDyke Software, Inc.
All rights reserved.
This file contains the SecureFX product history. It includes lists of
new features, changes, and bug fixes sorted by release. For a product
description, installation notes, registration information, and contact
information, please refer to SecureFX_README.txt (downloaded with this
installation).
Changes in SecureFX 9.5.1 (Official) -- February 27, 2024
---------------------------------------------------------
Vulnerability Fix:
- Windows/Mac: SecureFX now includes OpenSSL version 3.1.5, which
addresses CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, and
CVE-2024-0727.
Bug Fix:
- Windows: When focus was in the Connect Bar and the Enter key was
pressed without entering a hostname or session, a connection was
attempted using the "" hint text as the hostname.
Changes in SecureFX 9.5 (Official) -- January 16, 2024
------------------------------------------------------
No changes.
Changes in SecureFX 9.5 (Beta 3) -- December 19, 2023
-----------------------------------------------------
Vulnerability Fix:
- SSH2: For some algorithms, an attacker can manipulate the packets
sent during key exchange to cause some packets to be removed,
which compromises channel integrity. A "Strict KEX" extension
was implemented to address this vulnerability (CVE-2023-48795).
In order to use the "Strict KEX" extension, the extension must be
supported by both the client and the server.
Change:
- Mac/Linux: When using a .LIC file to license the product, it can
now be placed in a location that is common to all users.
Bug Fixes:
- If SecureFX was launched with an invalid command line, a crash
could have occurred.
- When transferring a file to a Cisco system, if the main transport
was disconnected due to an idle timeout, the transport created for
the file transfer would have also been disconnected, causing the
transfer to fail.
- When parallel transfers were enabled, moving a directory structure
from a remote system may have failed.
- When connecting to a session and tabbed mode was disabled, the
remote session window may have appeared in an unexpected location.
- Windows: When the application was ran on a new system and a license
was applied for the current user, the license data may have failed
to be written to the registry.
- Mac: When session passwords were saved to the system Keychain,
attempting to modify the saved password from within SecureFX
resulted in the password saved in the Keychain being cleared.
- Mac: On Sonoma, when opening the application help, the help window
may have been blank.
Changes in SecureFX 9.5 (Beta 2) -- November 21, 2023
-----------------------------------------------------
Change:
- Information about a session disconnecting immediately when SFTP
subsystem is unavailable is now logged.
Bug Fixes:
- When transferring multiple files in parallel, the transfer
window may not have shown an accurate count of the files
transferred.
- Mac: When opening the font selection dialog, the bold font
weight was selected by default.
- Mac/Linux: If a public-key upload was cancelled before the
operation completed, a crash could have occurred.
Changes in SecureFX 9.5 (Beta 1) -- November 2, 2023
----------------------------------------------------
New Features:
- For FTPS and HTTPS sessions, added TLS certificate validation
options "Revocation checking enabled" and "Revocation checking
only uses cache".
- Added a compatibility mode for Azure Blob SFTP servers, which
automatically disables SFTP extensions.
- Passwords for saved credentials can be updated more easily via
the Tools menu.
Changes:
- Hostnames containing multiple "@" characters are now supported,
which allows jump hosts (e.g., CyberArk) to be specified in the
hostname.
- For failed SCP connections, the log message was changed from
"The remote execute operation has been aborted." to
"The operation was aborted because the channel closed."
- Log messages for HTTPS connections no longer show the protocol as
being HTTP.
- When standalone SecureFX is installed, the button to launch
SecureCRT is not shown on the toolbar.
- SFXCL: When logging to a file, if authentication failed, the
actual cause of the authentication failure would not have been
logged to the file.
- SFXCL: When a move is executed and /tracelevel is set to 2 (or
higher), the log includes the attempt to delete the file and
whether or not it succeeded.
- Windows: When opening the Session Manager, performance may
have been impacted due to the protocol-specific session icons.
A "Use Old Session Manager Icons" global INI-only option has
been added to allow the use of the old generic icons.
- Windows: The USERNAME environment variable can be embedded
within a string in the Username field (e.g., %USERNAME%.admin).
Bug Fixes:
- If a malformed key file was specified as the global public key,
opening the Global Options dialog resulted in a crash.
- The "Accept and Save" button was not available when connecting
to a session with multiple host keys for the same host, which
resulted in the prompt to accept the host key being displayed
every time the session connected.
- When an open session was disconnected and reconnected, the
directory listing for the current directory was not refreshed.
- When a cross-platform substitution variable (e.g., VDS_CONFIG_PATH)
was used as part of the path to a key to load into agent at
startup, the variable was replaced with the actual path.
- If SecureFX was opened from the command line with the /Firewall
option and an instance of SecureFX was already running, the
specified firewall was not used.
- When the configuration path was specified on the command line via
the "/F " option, SecureFX did not honor the option.
- When opening a SecureCRT session from SecureFX, the "Open in a tab"
option was not honored.
- If a session was configured to authenticate with a certificate
from CAPI or a smartcard and authentication failed, the
dialog to select a public-key file was displayed instead of the
dialog to select a certificate.
- When creating a folder in the Session Manager, if the folder was
renamed as part of the addition, a secondary folder with the
original "New Folder" name was also added.
- When debug logging level 9 was enabled and the Cisco SCP shell
enable password was entered, the password was not obscured in
the log output.
- With a new configuration, both the Quick Connect dialog and the
Session Manager could have be shown at startup.
- When SecureCRT and SecureFX were installed integrated and
the terminal protocol for a session was changed to "Local
Shell" then back to SSH2, the SSH2 session options page
could have appeared twice.
- Windows: When SecureFX was running within SecureCRT's process,
the applications could have crashed after waking the computer
from sleep.
- Windows: If the evaluation period ended and a license was
applied from the expired license dialog, the application
did not start automatically when the license wizard was
dismissed.
- Windows: When using SFXCL to connect to an FTPS or HTTPS host,
if the connection resulted in a certificate validation prompt,
the save certificate option was unexpectedly allowed.
- Windows: If the session database contained a very large number
of sessions and the Session Manager filter field was used to
filter the session list, a long delay may have occurred.
- Windows: When focus was within the Session Manager session view
or filter field, pressing the Tab key unexpectedly moved focus
to the local window.
- Windows: When the Session Manager and Command Manager were docked
within the same window as tabs, selecting the tab that did not
have focus may have caused the tabs to switch position.
- Mac: If a session password saved in the keychain became
invalid, attempting to save an updated password failed.
- Mac: On certain open file dialogs (e.g., Select Identity
Filename, Receive ASCII, etc.), the file type filter was
not displayed as expected.