VanDyke Software

VShell Server History

       VShell(R) Server 4.6 (Beta 1) -- November 5, 2020

         Copyright (C) 1995-2020 VanDyke Software, Inc.
                    All rights reserved.


This file contains a VShell product history.  It includes lists
of new features, changes, and bug fixes sorted by release.  For a
product description, installation notes, registration, and contact
information, please refer to readme.txt (downloaded with this
package).


Changes in VShell 4.6 (Beta 1) -- November 5, 2020
--------------------------------------------------

New features:

  - Added new trigger variable for file renaming (Filename) for the 
    filename without the path.

  - Added new trigger variable for file renaming (FilenameBase) for 
    the filename without the path or the extension.

  - Added new trigger variable for file renaming (FilenameExtension) 
    for the filename extension.

  - Added new Logout trigger variable (FilesDownloadedList) for the 
    list of files downloaded during a session.

  - Added new Logout trigger variable (NumFilesDownloaded) for the 
    number of files downloaded during a session.

  - Added new Logout trigger variable (FilesUploadedList) for the 
    list of files uploaded during a session.

  - Added new Logout trigger variable (NumFilesUploaded) for the 
    number of files uploaded during a session.

  - For host keys and public-key authentication, added support for 
    RSA SHA-256 and SHA-512 algorithms as defined in RFC 8332.

  - Added an option to prevent clients from using specific 
    characters in file and directory names when uploading, renaming, 
    creating directories, and creating links.

  - SSH2: For clients that support extension negotiation as specified 
    in RFC 8308, upon request VShell will now send the list of public- 
    key algorithms that it will accept.

  - HTTPS: Added an option to specify the host to be used when HTTP
    connections are redirected to HTTPS.

  - Windows: In the VShell Control Panel, you can now specify the
    SSH2, FTPS, and HTTPS idle timeouts in both minutes and seconds.

  - Windows, HTTPS: Added native Windows Single Sign On (SSO)
    capability to VShell Enterprise Edition with HTTPS.

  - Linux: Added support for Ubuntu 20.04 LTS.

  - Linux: Added support for Red Hat Enterprise Server 8 (RHEL 8).


Changes:

  - When a trigger action changes a filename, the new filename is now
    logged.

  - Trigger actions now support multi-character alternatives to the
    single-character command substitution variable names.

  - SSH2: Removed support for weak ciphers (Blowfish and RC4) and MACs 
    (SHA1-96 and MD5-96).

  - HTTPS: The jQuery library was updated to version 4.5.1.

  - HTTPS: Cookies set by VShell now have the "Secure" flag set.

  - HTTPS: Logs now include the reason why a session has been ended 
    by the server.

  - Windows: In the VShell Control Panel, the Authentication Options
    now appear on the Common Server Options page.  The bandwidth limit 
    option was moved to the Advanced page.

  - Windows: A VShellConfig commands file may now include comments.


Bug fixes:

  - When a folder monitor trigger action was configured to run as
    a different user, VShell could crash when the trigger fired.

  - Under rare circumstances, when VShell was checking the current 
    user connection count during a new incoming connection, the 
    server could crash.

  - When logging to a syslog server, the format of single digit days 
    were incorrectly padded with a "0" instead of a space.

  - Email trigger actions using the %P parameter would return an 
    incorrect value when the filename contained multibyte unicode 
    characters.

  - HTTPS: When a remote directory name contained a "#" character,
    attempting to open the directory using the VShell User Web 
    Interface may have failed.
 
  - HTTPS: When the VShell User Web Interface was displayed using 
    Firefox and the HTTPS server certificate was not trusted, the 
    server could crash if the Refresh button was clicked repeatedly.

  - HTTPS: A failed authentication attempt, immediately followed
    by a successful authentication attempt, could have caused the
    connection to hang.

  - HTTPS: The file download trigger would fire whenever a folder
    listing was performed.
    
  - Windows: When the Windows Access Control List (ACL) size limit was
    exceeded, attempts to add additional users could fail and cause all
    list entries to be cleared, or VShellConfig could crash.

  - Windows: When an SFTP trigger action was configured and the user's 
    password contained a quote character, authentication to the remote
    server would fail.

  - Windows: When an IP address was added to the deny hosts file
    using the VShell Control Panel interface, any user specified
    comments on a line by themselves would be deleted.

  - Linux/Mac, SSH2: When an invalid cipher or MAC was specified in 
    the vshelld_config file, the warning message's list of valid 
    ciphers and MACs was truncated.

  - Linux/Mac, HTTPS: In the VShell User Web Interface, after 
    authentication failure due to bad username, a browser restart 
    was necessary for login to succeed.

  - Mac, SSH2: On certain systems, VShell may not have been able to 
    load the system-provided GSSAPI library (e.g., 
    libgssapi_krb5.dylib), causing Kerberos authentication to be 
    unavailable.