SecureCRT(R) 9.5.1 (Official) -- February 27, 2024 Copyright (C) 1995-2024 VanDyke Software, Inc. All rights reserved. This file contains the SecureCRT product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration information, and contact information, please refer to SecureCRT_README.txt (downloaded with this installation). Changes in SecureCRT 9.5.1 (Official) -- February 27, 2024 ---------------------------------------------------------- Vulnerability Fix: - Windows/Mac: SecureCRT now includes OpenSSL version 3.1.5, which addresses CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, and CVE-2024-0727. Bug Fix: - Windows: When focus was in the Connect Bar and the Enter key was pressed without entering a hostname or session, a connection was attempted using the "" hint text as the hostname. Changes in SecureCRT 9.5 (Official) -- January 16, 2024 ------------------------------------------------------- Bug Fix: - Windows: Closing an RDP session tab could have caused SecureCRT to hang. Changes in SecureCRT 9.5 (Beta 3) -- December 19, 2023 ------------------------------------------------------ Vulnerability Fix: - SSH2: For some algorithms, an attacker can manipulate the packets sent during key exchange to cause some packets to be removed, which compromises channel integrity. A "Strict KEX" extension was implemented to address this vulnerability (CVE-2023-48795). In order to use the "Strict KEX" extension, the extension must be supported by both the client and the server. Changes: - Windows: When the administrative option "Disable Port Forwarding" is set, dependent sessions are now allowed. - Mac/Linux: When using a .LIC file to license the product, it can now be placed in a location that is common to all users. Bug Fixes: - When a session was configured with the "Scale the font" resize method and the main window was maximized, the font did not scale when the terminal size changed. - When passing arguments to a script, the total character count of the arguments was limited to 511. The limit has been changed to 4095. - Windows: When the application was run on a new system and a license was applied for the current user, the license data may have failed to be written to the registry. - Windows: When using the NVDA screen reader, bold text displayed in the terminal view may not have been read correctly. - Windows: If a matched keyword-highlighting word wrapped across a line and the word was changed such that it no longer matched, the highlighting was not cleared from the first line. - Windows: If a keyword highlighting word wrapped across a line, the first part of the keyword that appeared on the wrapped line may not have been highlighted as expected. - Mac/Linux: Adding a new keyword list from the terminal view could have caused SecureCRT to crash. - Mac: When session passwords were saved to the system Keychain, attempting to modify the saved password from within SecureCRT resulted in the password saved in the Keychain being cleared. - Linux: When a default printer was configured, interacting with session tabs (e.g., connecting, cloning, switching) caused unexpected delays. Changes in SecureCRT 9.5 (Beta 2) -- November 21, 2023 ------------------------------------------------------ Bug Fixes: - If the terminal view contents were cleared in some way, the top of the scrollbar could not be reached using the scrollbar. - Mac/Linux: If a public-key upload was cancelled before the operation completed, a crash could have occurred. Changes in SecureCRT 9.5 (Beta 1) -- November 2, 2023 ----------------------------------------------------- New Features: - Added the ability to map a button, command, or key to send the password or username, or username and password together, from a set of saved credentials. - Passwords for saved credentials can be updated more easily via the Tools menu. - Windows: Added the ability to configure default RDP settings separately from the Default session. - Windows: RDP session scaling options now include 250% and 300%. Changes: - Hostnames containing multiple "@" characters are now supported, which allows jump hosts (e.g., CyberArk) to be specified in the hostname. - The width for the status indicator color rectangles can be set in the Global Options dialog. - When standalone SecureCRT is installed, the button to launch SecureFX is not shown on the toolbar. - Removed the "Open Sessions in a Tab/Tile" option from the Session Manager right-click menu. This option can still be set in the Global Options dialog. - SSH1/SSH2: When connecting to a session with the "Prompt" option set and a non-blank hostname, the "Hostname" field in the prompt dialog is pre-populated with the hostname specified for the session. - vsftp: The command line is now included in the vsftp log file. - Windows: The 2.7 Python engine is no longer installed by default, but the installer includes an option for installing it. - Windows: When opening the Session Manager, performance may have been impacted due to the protocol-specific session icons. A "Use Old Session Manager Icons" global INI-only option has been added to allow the use of the old generic icons. - Windows: The USERNAME environment variable can be embedded within a string in the Username field (e.g., %USERNAME%.admin). - Windows: When new buttons are added to the default toolbar, the user's customizations are now retained. - Windows: The administrative option that disables port forwarding now allows X11 forwarding. - Windows: The toolbar now includes a button for connecting local shell sessions. - Windows: For RDP sessions, information about connection attempts, disconnects, and errors is logged. Bug Fixes: - If a credential username and/or password was sent from a button or command when no sessions were opened, SecureCRT could have crashed. - When exporting the configuration, if a session referenced a login script that was not accessible, SecureCRT could have crashed. - When a configuration export or import was in progress, dismissing the export/import progress dialog using the Esc key could have resulted in a crash. - If a malformed key file was specified as the global public key, opening the Global Options dialog resulted in a crash. - When deleting a button from a button bar, if the button bar displayed was switched (possibly due to a session tab closing) before confirming the delete operation, SecureCRT could have crashed. - If a username or password specified in a credential included a backslash character and that username or password was sent to the remote via a button or command, the backslash character was incorrectly treated as an escape character. - If a session was configured to authenticate with a certificate from CAPI or a smartcard and authentication failed, the dialog to select a public-key file was displayed instead of the dialog to select a certificate. - The "Accept and Save" button was not available when connecting to a session with multiple hostkeys for the same host, which resulted in the prompt to accept the host key being displayed every time the session connected. - If the hostname "Prompt" option was enabled, reconnecting a disconnected session that had initially prompted for the hostname may not have reconnected to the correct host. - If a keyboard shortcut that was mapped to the Menu->Paste operation was used from the Command window and the command was being sent to multiple sessions, the pasted text may have been duplicated in each session. - When the session line wrap option was disabled, data scrolling in the view may have been slower. - When an "OSC 8" hyperlink escape sequence was received, SecureCRT misinterpreted the sequence as a title change request. - When selecting text using the mouse, if the mouse pointer moved off to the side of the window, the text selection was not highlighted. - If a session was closed while in full screen mode, the "Preserve window size when opening sessions" option was not honored when the session was reconnected. - If the main window size was adjusted while a session was disconnected, reconnecting the session and opening the Session Options dialog could have cause the window to unexpectedly resize. - If a locked session tab was reconnected automatically, the tab became unlocked. - When a cross-platform substitution variable (e.g., VDS_CONFIG_PATH) was used as part of the path to a key to load into agent at startup, the variable was replaced with the actual path. - When configuring a local shell session, the anti-idle "Send string" option was unexpectedly disabled. - When importing hosts from a text file, if certain fields contained leading or trailing spaces, those spaces were not stripped prior to creating the session. - When a disconnected session tab was re-used by a different session, the keyword highlighting settings from the disconnected session were unexpectedly used. - When using keyword highlighting, if double-wide characters appeared on the same row as the keyword, the incorrect word may have been highlighted. - When creating a folder in the Session Manager, if the folder was renamed as part of the addition, a secondary folder with the original "New Folder" name was also added. - When a "Run Script" or "Launch Application" mapped key included arguments, those arguments were not displayed on the mapped key page. - When SecureCRT was launched from the command line with the /SCRIPT option, subsequent connections made from the Connect Bar unexpectedly ran the same script. - When a script connect call resulted in a prompt and reconnect, the connect call completed before the reconnect. - When "Auto Save Options" was disabled, selecting the "Save Settings Now" menu item did not save the Session Manager or Command Manager state. - When SecureCRT and SecureFX were installed integrated and the terminal protocol for a session was changed to "Local Shell" then back to SSH2, the SSH2 session options page could have appeared twice. - With a new configuration, both the Quick Connect dialog and the Session Manager could have be shown at startup. - When creating a new session, if the keyboard arrow keys were used to switch the protocol, focus moved away from the protocol selection dropdown when the Local Shell or RDP protocol was selected. - vkeygen: When attempting convert an Ed25519 key to OpenSSH format, the operation may have failed. - Windows: If the session protocol was switched from Local Shell or RDP to TAPI, SecureCRT could have crashed. - Windows: When SecureFX was running within SecureCRT's process, the applications could have crashed after waking the computer from sleep. - Windows: If an installation of Python on the system failed to initialize when SecureCRT started, a crash could have occurred. - Windows: If multiple connections were initiated by a script and the connections failed due to a disabled key-exchange, cipher, or MAC algorithm, SecureCRT could have crashed after prompting the user to enable the algorithm and reconnect. - Windows: When a session was copied prior to connecting to a session in a new window, SecureCRT could have hung. - Windows: When launching SecureCRT from the command line with an ad-hoc hostname or IP address, the connection to the host was not opened. - Windows: When the local shell color scheme, font, or cursor settings were changed for the default local shell session, those settings were not used by new local shell sessions. - Windows: When multiple items were selected in the Session Manager and focus was moved away from session list, the selection color was not updated as expected. - Windows: When a Telnet connection timed out, the dialog reporting the error may have appeared behind the SecureCRT window. - Windows: When the "Minimize drawing" option was enabled and the Page Up key was used to scroll data in the view, certain lines may have been duplicated while the lines were scrolling. - Windows: If the session database contained a very large number of sessions and the Session Manager filter field was used to filter the session list, a long delay may have occurred. - Windows: When using the Quick Connect dialog to connect to an ad hoc session in a new window, the host was not connected. - Windows: For RDP sessions with the "Keyboard shortcuts" option off, the Ctrl+F4 accelerator to close the tab was not honored. - Windows: If a credential username was using the %USERNAME% variable, sending that credential username via a button or command did not expand the variable to the current user. - Windows: When the Session Manager and Command Manager were docked within the same window as tabs, selecting the tab that did not have focus may have caused the tabs to switch position. - Windows: When multiple SecureCRT windows were open and certain window elements (e.g., Status Bar) were toggled on or off in one of the windows, connections to new sessions may have failed and context menus would have stopped displaying. - Windows: If the Session and Command Managers were docked within the same pane and the Session Manager was then disabled and re-enabled, the Command Manager may have contained sessions instead of commands. - Windows: If the customize toolbar dropdown element was disabled due to multiple top-level windows being open, it was not re-enabled when only a single window was open. - Windows: When attempting to edit a script for the first time, the primary scratchpad file may have been opened unexpectedly. - Windows: If a scratchpad session was set as the first auto session to open at startup, other terminal auto sessions may not have had the correct geometry. - Windows: When dragging a session tab to a new tab group, the Active Sessions Manager may have displayed an incorrect session order. - Windows: If the configuration path included an environment variable, menu and toolbar customization would not be saved. - Windows: If an inactive tab name changed, the title shown on the Windows Taskbar thumbnail preview incorrectly displayed the name of the inactive tab. - Windows: If the Quick Connect dialog was displayed at startup, dismissing the dialog could have caused the focus to be moved to a location that prevented full-screen mode from being toggled with the Alt+Enter shortcut. - Windows: If the evaluation period ended and a license was applied from the expired license dialog, the application did not start automatically when the license wizard was dismissed. - Mac/Linux: When the global INI-file-only option "Launch New Windows in a Separate Process" was set, it was still possible to select "Clone in New Window" or "Send to New Window" from the tab or tile context menu. - Mac/Linux: In very rare cases, when using ECDSA public keys for authentication, the key signature may have failed to verify, causing authentication to fail. - Mac/Linux: When a disconnected session tab was re-used by a different session, the session emulation displayed on on the status bar was not updated accordingly. - Mac: On Sonoma, if the system region was set to Iran and the system clock used the 12-hour format, SecureCRT crashed at startup. - Mac: On Sonoma, after dismissing the font selection dialog, SecureCRT would hang. - Mac: On Sonoma, when the "Receive ASCII..." transfer option was selected, a "Save file operation failed" error message was displayed. - Mac: On Sonoma, the session font selection dialog unexpectedly displayed non fixed-width font collections. - Mac: On certain open file dialogs (e.g., Select Identity Filename, Receive ASCII, etc.), the file type filter was not displayed as expected. - Mac: If a session password saved in the keychain became invalid, attempting to save an updated password failed. - Mac: When the main window was closed, some menu items on the application menu bar did not function as expected. - Mac: When starting the TFTP server for the first time, there may have been an error connecting to the TFTP server helper application. - Linux: When attempting to print or view the printer configuration page, SecureCRT may have disabled all printing even when a valid printer was configured on the system. - Linux: When there were many session tabs opened, causing the session tab names to be truncated, the Window menu unexpectedly displayed the truncated session names. - Linux: If a session tab was renamed to include ampersand characters, the session name displayed under the Window menu contained extra ampersands.