VanDyke Software

VShell Server History

       VShell(R) Server 4.6 (Beta 4) -- February 9, 2021

         Copyright (C) 1995-2021 VanDyke Software, Inc.
                    All rights reserved.

This file contains a VShell product history.  It includes lists
of new features, changes, and bug fixes sorted by release.  For a
product description, installation notes, registration, and contact
information, please refer to readme.txt (downloaded with this

Changes in VShell 4.6 (Beta 4) -- February 9, 2021

Bug fixes:

  - Windows: On the VShell Control Panel Authentication page, some
    check boxes could not be reached via keyboard shortcuts.


  - HTTPS: The jQuery Datatables plug-in was updated to 1.10.23.

Changes in VShell 4.6 (Beta 3) -- December 15, 2020

Bug fixes:

  - Windows: On a high-DPI monitor scaled at 125%, text was
    cut off in one of the dialogs in the VShell Control Panel.

Changes in VShell 4.6 (Beta 2) -- December 1, 2020

New features:

  - A new option to remove duplicate path separators provides
    compatibility with Cisco ISE, Cisco ACI, and other clients 
    that prepend a "/" to paths.

  - Windows: Added an option to configure the size of the short 
    thread pool.


  - HTTPS: The jQuery Datatables plug-in was updated to 1.10.22.

  - HTTPS: The jQuery FileUpload plug-in was updated to 10.31.0.

  - Windows: When an SFTP Transfer trigger action is added, at least 
    one authentication method is now required in order to prevent the
    trigger from failing.

Bug fixes:

  - Windows: In the VShell Control Panel, under rare circumstances,
    attempts to remove a key from the list of host keys may have
    appeared successful but did not remove the key.

  - Windows, SSH2: In the VShell Control Panel's Authentication
    Options category, one of the spin controls could become enabled 

  - Windows, HTTPS: When legacy Edge was used to display the VShell
    User Web Interface and the idle timeout warning was displayed,
    the next action would result in an error.

Changes in VShell 4.6 (Beta 1) -- November 5, 2020

New features:

  - Added new trigger variable for file renaming (Filename) for the 
    filename without the path.

  - Added new trigger variable for file renaming (FilenameBase) for 
    the filename without the path or the extension.

  - Added new trigger variable for file renaming (FilenameExtension) 
    for the filename extension.

  - Added new Logout trigger variable (FilesDownloadedList) for the 
    list of files downloaded during a session.

  - Added new Logout trigger variable (NumFilesDownloaded) for the 
    number of files downloaded during a session.

  - Added new Logout trigger variable (FilesUploadedList) for the 
    list of files uploaded during a session.

  - Added new Logout trigger variable (NumFilesUploaded) for the 
    number of files uploaded during a session.

  - For host keys and public-key authentication, added support for 
    RSA SHA-256 and SHA-512 algorithms as defined in RFC 8332.

  - Added an option to prevent clients from using specific 
    characters in file and directory names when uploading, renaming, 
    creating directories, and creating links.

  - SSH2: For clients that support extension negotiation as specified 
    in RFC 8308, upon request VShell will now send the list of public- 
    key algorithms that it will accept.

  - HTTPS: Added an option to specify the host to be used when HTTP
    connections are redirected to HTTPS.

  - Windows: In the VShell Control Panel, you can now specify the
    SSH2, FTPS, and HTTPS idle timeouts in both minutes and seconds.

  - Windows, HTTPS: Added native Windows Single Sign On (SSO)
    capability to VShell Enterprise Edition with HTTPS.

  - Linux: Added support for Ubuntu 20.04 LTS.

  - Linux: Added support for Red Hat Enterprise Server 8 (RHEL 8).


  - When a trigger action changes a filename, the new filename is now

  - Trigger actions now support multi-character alternatives to the
    single-character command substitution variable names.

  - SSH2: Removed support for weak ciphers (Blowfish and RC4) and MACs 
    (SHA1-96 and MD5-96).

  - HTTPS: The jQuery library was updated to version 4.5.1.

  - HTTPS: Cookies set by VShell now have the "Secure" flag set.

  - HTTPS: Logs now include the reason why a session has been ended 
    by the server.

  - Windows: In the VShell Control Panel, the Authentication Options
    now appear on the Common Server Options page.  The bandwidth limit 
    option was moved to the Advanced page.

  - Windows: A VShellConfig commands file may now include comments.

Bug fixes:

  - When a folder monitor trigger action was configured to run as
    a different user, VShell could crash when the trigger fired.

  - Under rare circumstances, when VShell was checking the current 
    user connection count during a new incoming connection, the 
    server could crash.

  - When logging to a syslog server, the format of single digit days 
    were incorrectly padded with a "0" instead of a space.

  - Email trigger actions using the %P parameter would return an 
    incorrect value when the filename contained multibyte unicode 

  - HTTPS: When a remote directory name contained a "#" character,
    attempting to open the directory using the VShell User Web 
    Interface may have failed.
  - HTTPS: When the VShell User Web Interface was displayed using 
    Firefox and the HTTPS server certificate was not trusted, the 
    server could crash if the Refresh button was clicked repeatedly.

  - HTTPS: A failed authentication attempt, immediately followed
    by a successful authentication attempt, could have caused the
    connection to hang.

  - HTTPS: The file download trigger would fire whenever a folder
    listing was performed.
  - Windows: When the Windows Access Control List (ACL) size limit was
    exceeded, attempts to add additional users could fail and cause all
    list entries to be cleared, or VShellConfig could crash.

  - Windows: When an SFTP trigger action was configured and the user's 
    password contained a quote character, authentication to the remote
    server would fail.

  - Windows: When an IP address was added to the deny hosts file
    using the VShell Control Panel interface, any user specified
    comments on a line by themselves would be deleted.

  - Linux/Mac, SSH2: When an invalid cipher or MAC was specified in 
    the vshelld_config file, the warning message's list of valid 
    ciphers and MACs was truncated.

  - Linux/Mac, HTTPS: In the VShell User Web Interface, after 
    authentication failure due to bad username, a browser restart 
    was necessary for login to succeed.

  - Mac, SSH2: On certain systems, VShell may not have been able to 
    load the system-provided GSSAPI library (e.g., 
    libgssapi_krb5.dylib), causing Kerberos authentication to be