VShell(R) Server 4.6 (Beta 4) -- February 9, 2021 Copyright (C) 1995-2021 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 4.6 (Beta 4) -- February 9, 2021 -------------------------------------------------- Bug fixes: - Windows: On the VShell Control Panel Authentication page, some check boxes could not be reached via keyboard shortcuts. Changes: - HTTPS: The jQuery Datatables plug-in was updated to 1.10.23. Changes in VShell 4.6 (Beta 3) -- December 15, 2020 --------------------------------------------------- Bug fixes: - Windows: On a high-DPI monitor scaled at 125%, text was cut off in one of the dialogs in the VShell Control Panel. Changes in VShell 4.6 (Beta 2) -- December 1, 2020 -------------------------------------------------- New features: - A new option to remove duplicate path separators provides compatibility with Cisco ISE, Cisco ACI, and other clients that prepend a "/" to paths. - Windows: Added an option to configure the size of the short thread pool. Changes: - HTTPS: The jQuery Datatables plug-in was updated to 1.10.22. - HTTPS: The jQuery FileUpload plug-in was updated to 10.31.0. - Windows: When an SFTP Transfer trigger action is added, at least one authentication method is now required in order to prevent the trigger from failing. Bug fixes: - Windows: In the VShell Control Panel, under rare circumstances, attempts to remove a key from the list of host keys may have appeared successful but did not remove the key. - Windows, SSH2: In the VShell Control Panel's Authentication Options category, one of the spin controls could become enabled unexpectedly. - Windows, HTTPS: When legacy Edge was used to display the VShell User Web Interface and the idle timeout warning was displayed, the next action would result in an error. Changes in VShell 4.6 (Beta 1) -- November 5, 2020 -------------------------------------------------- New features: - Added new trigger variable for file renaming (Filename) for the filename without the path. - Added new trigger variable for file renaming (FilenameBase) for the filename without the path or the extension. - Added new trigger variable for file renaming (FilenameExtension) for the filename extension. - Added new Logout trigger variable (FilesDownloadedList) for the list of files downloaded during a session. - Added new Logout trigger variable (NumFilesDownloaded) for the number of files downloaded during a session. - Added new Logout trigger variable (FilesUploadedList) for the list of files uploaded during a session. - Added new Logout trigger variable (NumFilesUploaded) for the number of files uploaded during a session. - For host keys and public-key authentication, added support for RSA SHA-256 and SHA-512 algorithms as defined in RFC 8332. - Added an option to prevent clients from using specific characters in file and directory names when uploading, renaming, creating directories, and creating links. - SSH2: For clients that support extension negotiation as specified in RFC 8308, upon request VShell will now send the list of public- key algorithms that it will accept. - HTTPS: Added an option to specify the host to be used when HTTP connections are redirected to HTTPS. - Windows: In the VShell Control Panel, you can now specify the SSH2, FTPS, and HTTPS idle timeouts in both minutes and seconds. - Windows, HTTPS: Added native Windows Single Sign On (SSO) capability to VShell Enterprise Edition with HTTPS. - Linux: Added support for Ubuntu 20.04 LTS. - Linux: Added support for Red Hat Enterprise Server 8 (RHEL 8). Changes: - When a trigger action changes a filename, the new filename is now logged. - Trigger actions now support multi-character alternatives to the single-character command substitution variable names. - SSH2: Removed support for weak ciphers (Blowfish and RC4) and MACs (SHA1-96 and MD5-96). - HTTPS: The jQuery library was updated to version 4.5.1. - HTTPS: Cookies set by VShell now have the "Secure" flag set. - HTTPS: Logs now include the reason why a session has been ended by the server. - Windows: In the VShell Control Panel, the Authentication Options now appear on the Common Server Options page. The bandwidth limit option was moved to the Advanced page. - Windows: A VShellConfig commands file may now include comments. Bug fixes: - When a folder monitor trigger action was configured to run as a different user, VShell could crash when the trigger fired. - Under rare circumstances, when VShell was checking the current user connection count during a new incoming connection, the server could crash. - When logging to a syslog server, the format of single digit days were incorrectly padded with a "0" instead of a space. - Email trigger actions using the %P parameter would return an incorrect value when the filename contained multibyte unicode characters. - HTTPS: When a remote directory name contained a "#" character, attempting to open the directory using the VShell User Web Interface may have failed. - HTTPS: When the VShell User Web Interface was displayed using Firefox and the HTTPS server certificate was not trusted, the server could crash if the Refresh button was clicked repeatedly. - HTTPS: A failed authentication attempt, immediately followed by a successful authentication attempt, could have caused the connection to hang. - HTTPS: The file download trigger would fire whenever a folder listing was performed. - Windows: When the Windows Access Control List (ACL) size limit was exceeded, attempts to add additional users could fail and cause all list entries to be cleared, or VShellConfig could crash. - Windows: When an SFTP trigger action was configured and the user's password contained a quote character, authentication to the remote server would fail. - Windows: When an IP address was added to the deny hosts file using the VShell Control Panel interface, any user specified comments on a line by themselves would be deleted. - Linux/Mac, SSH2: When an invalid cipher or MAC was specified in the vshelld_config file, the warning message's list of valid ciphers and MACs was truncated. - Linux/Mac, HTTPS: In the VShell User Web Interface, after authentication failure due to bad username, a browser restart was necessary for login to succeed. - Mac, SSH2: On certain systems, VShell may not have been able to load the system-provided GSSAPI library (e.g., libgssapi_krb5.dylib), causing Kerberos authentication to be unavailable.