VanDyke Software

VShell Server History

       VShell(R) Server 4.3.3 (Official) -- April 10, 2018

         Copyright (C) 1995-2018 VanDyke Software, Inc.
                    All rights reserved.

This file contains a VShell product history.  It includes lists
of new features, changes, and bug fixes sorted by release.  For a
product description, installation notes, registration, and contact
information, please refer to readme.txt (downloaded with this

Changes in VShell 4.3.3 (Official) -- April 10, 2018


  - Windows: The "?" button on VShell control panel was removed since
    context-sensitive help is not currently supported.  Use the Help 
    button to display the VShell Help manual.

Bug fixes: 

   - Windows: Using the "?" button could cause the VShell Control Panel 
     to crash on Windows 2016 Server Core.  

Changes in VShell 4.3.2 (Official) -- January 16, 2018


  - Authentication of connections using virtual roots with ConnectAs 
    users was optimized to reduce authentication time needed when a 
    large number of virtual roots are configured.

Bug fixes:

  - The VShell SSH2 service crashed in rare cases if a client sent
    bad data during key exchange.

Changes in VShell 4.3.1 (Official) -- October 24, 2017

New features:

  - Command Line Utilities vcp/vsftp/vsh: A new command-line 
    option --hostkeyalgorithm allows the host key algorithm to be 

Bug fixes:

  - Windows: The VShell Control Panel could crash when the 
    Common / LDAP page was used to open the settings for an LDAP 
    server and the Base Distinguished Name browser was used to 
    expand an item. 

  - Windows: When upgrading from 4.2.3 and later, if the Everyone 
    group had access to the  virtual root, and there 
    was also at least one other virtual root, modifying one of the 
    other virtual roots would unexpectedly remove the Everyone group 
    from the  virtual root, thereby making it appear 
    as if there was only a single virtual root and causing access to 
    the  virtual root to be denied.

  - Windows: The group box on the LDAP user/group picker was cut off 
    on the bottom of the dialog.

Changes in VShell 4.3.0 (Official) -- August 8, 2017

No changes.

Changes in VShell 4.3 (Beta 3) -- July 27, 2017


  - VShell now logs disconnect messages received from clients as
    informational instead of as errors.

  - UNIX: Changed the VShell installers to no longer explicitly
    create the directories where the VShell files will be placed.
    If the directories do not exist, they will be implicitly created
    as part of the file copy.  This addresses an issue on rpm based
    platforms (RHEL, CentOS, Suse) in which VShell would be listed
    as the package owner of these system directories.

Bug fixes:

  - Windows: The "Use single virtual root" option was not being
    honored when set via a subconfiguration and the user's virtual
    root had the home checkbox selected.

Changes in VShell 4.3 (Beta 2) -- July 6, 2017

New features:

  - Windows: Added support for multiple backup LDAP servers.  If a
    configured LDAP server is down, VShell will automatically fall
    back to the next enabled LDAP server.  The fall back behavior
    will only happen when an LDAP server is unreachable.

  - Windows: Added an option to control whether VShell will
    automatically accept and save an SSL certificate sent by an
    LDAP server.


  - Windows: The base64 encoded SHA-2 fingerprint is now displayed
    for all host keys on the VShell Control Panel Host Keys page.

  - Windows: Added an option that prevents VShell's management
    provider (WMI) from logging to the Windows Event log.  The WMI
    logging is used for debugging purposes only, so the logging is
    disabled by default.

Bug fixes:

  - VShell could crash under some circumstances if the deny hosts
    file in use had the wrong file permissions.

  - Windows: When the "Attempt Interactive Logon" registry only
    option was disabled, subconfiguration files were not loaded
    for users from the internal user database.

  - VShell FTPS was not sending the correct file size for files
    larger than 4GB when the client used the LIST command for
    directory listings.

Changes in VShell 4.3 (Beta 1) -- May 18, 2017

New features:

  - Windows: Added support for user authentication via an external
    LDAP server.  LDAP users can be granted or denied access to
    all VShell services, including all file transfer, shell, port
    forwarding, and remote execute.

  - Windows: Streamlined the process of setting up public-key
    authentication by adding a new interface that allows the
    administrator to easily view, add, and remove user public keys
    stored on the server.

  - Added support for the
    authenticated encryption cipher.

  - Windows: Added an option to limit the total number of
    concurrent connections allowed to the server.

  - Windows: Added a registry only option that allows the
    administrator to control whether VShell will attempt an
    interactive logon (Logon Type 2) before a network logon (Logon
    Type 3).  If the option is disabled, VShell will only attempt
    a network logon.

  - Windows: The VShell Control Panel Host Keys page now displays
    the SHA-2 fingerprint of each host key.

  - Added support for the UMAC-128 MAC algorithm.

  - UNIX: File and folder access permissions can now be set on a
    per user, per virtual root basis.  Permissions include file
    read, write, delete, and folder list, create, and delete.

  - UNIX: The virtual root a connecting user is initially placed
    in can now be specified.  This is useful for users with access
    to multiple virtual roots with a need to land in a specific

  - Support added for Windows Server 2016.

  - Support added for Ubuntu 16.


  - Windows: VShell now performs public-key assistant operations
    (add, delete, list) in the context of the VShell service
    account (SYSTEM by default).  This avoids needing to set
    permissions on the public-key folder that could end up being
    too permissive.

  - Windows: The VShell configuration key is now stored in the
    registry instead of a file to allow for more cluster-friendly

  - Windows: The default filename displayed on the host key
    generation dialog now includes the host key algorithm as part
    of the name.

  - Windows: When adding or editing a virtual root, any forward
    slashes that appear in the path are now automatically replaced
    with backslashes.  This is to fix an issue where forward
    slashes were allowed to be entered in the path, but would fail
    when VShell attempted to resolve the path when a user

  - Windows: On the VShell Control Panel Email Server page,
    increased the space used to display results from sending a
    test email.

  - Windows: Internal user database users that are specified in a
    Deny Users file are now denied immediately upon connecting.
    Previously, these users would be allowed to go through the
    authentication process before being denied.

  - VShell FTPS now ignores invalid flags that a client may
    include as part of a LIST command.

  - vsftp/vcp: Because it caused problems for some servers, vsftp
    and vcp no longer send lstat, stat, or RealPath on "./.".

  - vcp/vsh/vsftp: The trace output shows the SHA-2 host key
    fingerprint as base64 in addition to hexadecimal. 

  - vkeygen: The SHA-2 fingerprint is now shown in hexadecimal and
    base64 format when keys are created or displayed using the -l
    and -f flags.

  - vkeygen: The output when vkeygen is run with the -l and -f
    flags now includes the bit size of the key.

Bug fixes:

  - Windows: Shell connections to VShell running on Windows Server
    2016 would sporadically fail with a ReadConsoleOutput error.

  - Windows: Unexpected failures could occur if an internal user
    database file was specified as part of a location

  - Windows: After upgrading from VShell version 2.6 or earlier
    to version 3.8 or later, access to virtual roots failed
    due to incorrect file and folder access permissions.

  - Windows: When using the Apply button in the VShell Control
    Panel to save changes, all options were written out to the
    registry whether they had been changed or not.

  - VShell could crash when attempting to add an IP address to a
    deny hosts file that did not have the correct permissions.

  - VShell FTPS could crash if a user disconnected at the same
    time the connection was closed by the server due to an idle

  - Large file downloads by certain SFTP clients could fail with
    an insufficient resources error.  Added a registry only
    option ("SFTP Send Queue Byte Limit") that allows
    administrators to fine tune VShell's allowance for
    consecutive read requests.

  - UNIX: VShell would errantly log a "Lookup failed for child"
    error after a trigger operation completed.

  - vcp/vsftp: Uploading files to a Serv-U SFTP server that only
    had write permissions in the target directory did not work.