Send us a question or comment
       VShell(R) Server 4.2.5 (Official) -- March 2, 2017

         Copyright (C) 1995-2017 VanDyke Software, Inc.
                    All rights reserved.

This file contains a VShell product history.  It includes lists
of new features, changes, and bug fixes sorted by release.  For a
product description, installation notes, registration, and contact
information, please refer to readme.txt (downloaded with this

Changes in VShell 4.2.5 (Official) -- March 2, 2017


  - The default host key generated for new installations is now an
    RSA 2048 bit key.

  - Windows: The default filename displayed on the host key
    generation dialog now includes the host key algorithm as part
    of the name.

  - Windows: When adding or editing a virtual root, any forward
    slashes that appear in the path are now automatically replaced
    with backslashes.  This is to fix an issue where forward
    slashes were allowed to be entered in the path, but would fail
    when VShell attempted to resolve the path when a user

  - Windows: On the VShell Control Panel Email Server page,
    increased the space used to display results from sending a
    test email.

Bug fixes:

  - Windows: Shell connections to VShell running on Windows Server
    2016 would sporadically fail with a ReadConsoleOutput error.

  - Windows: After upgrading from VShell version 2.6 or earlier
    to version 3.8 or later, access to virtual roots failed
    due to incorrect file and folder access permissions.

  - Windows: VShell could crash if the internal user database was
    changed while authentication was in process for a user in the

  - Windows: VShell Control Panel could crash when specifying a
    certificate and the store contained a certificate with an
    algorithm that was not supported.

  - VShellConfig could crash if MIT Kerberos was installed on the
    system and an export configuration operation was attempted.

Changes in VShell 4.2.4 (Official) -- December 8, 2016


  - Windows: By default, the Windows "Everyone" group has
    unrestricted access to the file system on the machine VShell
    is installed on.  To help VShell administrators lock down the
    VShell server, the Everyone group will automatically be
    removed from the  root when a new virtual root
    is added, or an existing virtual root is modified.  A
    "Preserve access to  for Everyone group" option
    has been added to prevent the removal of this group.

Bug fixes:

  - In rare circumstances, VShell could crash if a connection was
    closed while the server was checking the idle time for that

  - Windows: VShell could crash while performing diffie-hellman
    key-exchange with certain clients.

Changes in VShell 4.2.3 (Official) -- September 13, 2016

New features:

  - Added support for DSA host keys larger than 1024 bits.

Bug fixes:

  - VShell would allow authentication attempts from certain
    clients even if the connecting user was specified in a
    DenyUsers file.

  - AIX 7.1: The vshelld startup script may not have worked with
    certain shells.

Changes in VShell 4.2.2 (Official) -- June 16, 2016


  - Windows: Added a registry-only option, "Disable Extra Newline
    in TTY Mode", which prevents VShell (when TTY mode is enabled)
    from echoing an extra newline character each time a client
    sends a command.

Bug fixes:

  - VShell FTPS: The "Use single virtual root" option was not
    honored if a virtual root was set as a user's home directory.

  - Windows: VShell could crash during RADIUS authentication if
    the connecting user did not exist on the VShell machine.

Changes in VShell 4.2.1 (Official) -- March 17, 2016


  - Windows: Automatically quote the %P trigger parameter if the
    filename contains a "&" character.

Bug fixes:

  - Windows: Virtual root ConnectAs would fail if the user to
    impersonate was the same user connecting.

  - Windows: VShell could not load a certificate map file that
    contained a byte order mark (BOM).

  - Windows: VShell could crash while processing multiple send
    email triggers.

  - VShell FTPS: An FTP MLST command could cause a download
    trigger to fire.

  - VShell FTPS: File uploads would fail if the user did not have
    read access on the virtual root.

  - VShell FTPS could potentially use 100% CPU if the control
    connection was closed unexpectedly.

Changes in VShell 4.2 (Official) -- December 17, 2015

Bug fixes:

  - Windows: FTPS certificate authentication failed for VShell
    internal user database users.

  - Some error messages were not being logged correctly in the
    VShell log.

Changes in VShell 4.2 (Beta 3) -- December 8, 2015

No changes.

Changes in VShell 4.2 (Beta 2) -- November 24, 2015

New features:

  - Windows: User public-key folders and files can now be included
    in configuration import/export operations.

  - Windows: Filtering support has been added to the Deny Host and
    Deny User management interface.

  - An IP address/netmask combination can now be specified for the
    Deny Host White List.

  - VShell Monitor: Added a row color indicator and new column
    indicating whether an active connection has authenticated.

Bug fixes:

  - Windows: Changes to the specified FTPS certificate password
    were not always saved.

  - Windows: Entries added to the deny host file or deny user
    file using the new management interface may have been lost.

Changes in VShell 4.2 (Beta 1) -- November 3, 2015

New features:

  - Windows: Virtual roots can now optionally be accessed as a
    different user than the logged on user.  This adds an easy way
    to provide access to network resources to users connecting
    with public-key only authentication.

  - Windows: The VShell configuration can now be exported or
    imported directly from the VShell Control Panel.

  - Windows: Added support for X.509 authentication using the
    x509v3-ssh-rsa and x509v3-ssh-dss algorithms as specified in
    RFC 6187.

  - Windows: Added the ability to select the signature algorithm
    used (SHA-1 or SHA-2) when generating a certificate for use
    by VShell FTPS.  SHA-2 is the default.

  - Windows: VShell Monitor can now be minimized to the system

  - Windows: VShell Monitor tray app can optionally display
    notifications when a user connects or disconnects from the

  - Windows: Option to automatically launch VShell Monitor at
    administrator logon, including the ability to start the app
    minimized to the system tray.

  - Windows: The ability to launch the VShell Control Panel and
    VShell Help directly from the VShell Monitor tray app.

  - Windows: VShell FTPS now supports SSL/TLS client certificate

  - Windows: Allow direct management of the deny host file and
    deny user file from the VShell Control Panel.

  - Windows: Added the ability to generate certificates with 4096
    bit key size.

  - Windows: VShell FTPS allows SSL encryption options and client
    certificate authentication options to be set on a per listen
    address basis.

  - Windows: Increase the security of sensitive data stored in
    the registry by using an automatically generated passphrase
    for encryption.

  - Windows: VShellConfig now requires a passphrase when
    exporting sensitive data (e.g., host keys, saved credentials,
    FTPS certificate files, etc.).  This is used to encrypt the
    data in the exported XML file.  The same passphrase used
    during export will be required on import.

  - Windows: Improved reliability of output displayed by the
    Windows Command Shell (cmd.exe) for clients interacting with
    the remote shell through VShell.

  - VShell can now deny connections based on username, similar to
    the deny hosts functionality.  This helps to free up resources
    by short circuiting authentication attempts for usernames that
    do not exist on the system.

  - IP addresses can now be added to a white list, which will
    prevent the address from being added to the deny host file
    after failed authentication.

  - Key-exchange methods, Ciphers, MACs, Compression, and
    Compression Level can now be specified in a per location

  - All logging options (including log folder location, log topics,
    debug log level, etc.) can now be specified in a per location,
    user, or group subconfiguration.

  - UNIX: New option to disable logging attempts to the Basic
    Security Module (BSM) auditing tool.

  - Added a "Force Sftp Version" registry only option that allows
    the administrator to configure the SFTP version that the
    server requires.  This option can be specified in a per
    location, user, or group subconfiguration.


  - Remove the "Preferred Sftp Version" option.  This was a
    registry only option that allowed the administrator to
    configure the SFTP version the server prefers.  The option
    did not prevent the SFTP client from renegotiating the SFTP
    version, so in real world use, the option had no effect.

  - VShell FTPS: When creating a certificate, the default key size
    is now 2048 bits.

Bug fixes:

  - Windows: If VShell was attempting to add multiple IP addresses
    to the deny host file simultaneously, one or more of those
    additions may have failed.

  - Windows: VShell Monitor would not display a protocol for an
    SSH connection that did not request a shell.