VShell(R) Server 4.6 (Beta 1) -- November 5, 2020 Copyright (C) 1995-2020 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 4.6 (Beta 1) -- November 5, 2020 -------------------------------------------------- New features: - Added new trigger variable for file renaming (Filename) for the filename without the path. - Added new trigger variable for file renaming (FilenameBase) for the filename without the path or the extension. - Added new trigger variable for file renaming (FilenameExtension) for the filename extension. - Added new Logout trigger variable (FilesDownloadedList) for the list of files downloaded during a session. - Added new Logout trigger variable (NumFilesDownloaded) for the number of files downloaded during a session. - Added new Logout trigger variable (FilesUploadedList) for the list of files uploaded during a session. - Added new Logout trigger variable (NumFilesUploaded) for the number of files uploaded during a session. - For host keys and public-key authentication, added support for RSA SHA-256 and SHA-512 algorithms as defined in RFC 8332. - Added an option to prevent clients from using specific characters in file and directory names when uploading, renaming, creating directories, and creating links. - SSH2: For clients that support extension negotiation as specified in RFC 8308, upon request VShell will now send the list of public- key algorithms that it will accept. - HTTPS: Added an option to specify the host to be used when HTTP connections are redirected to HTTPS. - Windows: In the VShell Control Panel, you can now specify the SSH2, FTPS, and HTTPS idle timeouts in both minutes and seconds. - Windows, HTTPS: Added native Windows Single Sign On (SSO) capability to VShell Enterprise Edition with HTTPS. - Linux: Added support for Ubuntu 20.04 LTS. - Linux: Added support for Red Hat Enterprise Server 8 (RHEL 8). Changes: - When a trigger action changes a filename, the new filename is now logged. - Trigger actions now support multi-character alternatives to the single-character command substitution variable names. - SSH2: Removed support for weak ciphers (Blowfish and RC4) and MACs (SHA1-96 and MD5-96). - HTTPS: The jQuery library was updated to version 4.5.1. - HTTPS: Cookies set by VShell now have the "Secure" flag set. - HTTPS: Logs now include the reason why a session has been ended by the server. - Windows: In the VShell Control Panel, the Authentication Options now appear on the Common Server Options page. The bandwidth limit option was moved to the Advanced page. - Windows: A VShellConfig commands file may now include comments. Bug fixes: - When a folder monitor trigger action was configured to run as a different user, VShell could crash when the trigger fired. - Under rare circumstances, when VShell was checking the current user connection count during a new incoming connection, the server could crash. - When logging to a syslog server, the format of single digit days were incorrectly padded with a "0" instead of a space. - Email trigger actions using the %P parameter would return an incorrect value when the filename contained multibyte unicode characters. - HTTPS: When a remote directory name contained a "#" character, attempting to open the directory using the VShell User Web Interface may have failed. - HTTPS: When the VShell User Web Interface was displayed using Firefox and the HTTPS server certificate was not trusted, the server could crash if the Refresh button was clicked repeatedly. - HTTPS: A failed authentication attempt, immediately followed by a successful authentication attempt, could have caused the connection to hang. - HTTPS: The file download trigger would fire whenever a folder listing was performed. - Windows: When the Windows Access Control List (ACL) size limit was exceeded, attempts to add additional users could fail and cause all list entries to be cleared, or VShellConfig could crash. - Windows: When an SFTP trigger action was configured and the user's password contained a quote character, authentication to the remote server would fail. - Windows: When an IP address was added to the deny hosts file using the VShell Control Panel interface, any user specified comments on a line by themselves would be deleted. - Linux/Mac, SSH2: When an invalid cipher or MAC was specified in the vshelld_config file, the warning message's list of valid ciphers and MACs was truncated. - Linux/Mac, HTTPS: In the VShell User Web Interface, after authentication failure due to bad username, a browser restart was necessary for login to succeed. - Mac, SSH2: On certain systems, VShell may not have been able to load the system-provided GSSAPI library (e.g., libgssapi_krb5.dylib), causing Kerberos authentication to be unavailable.