Versie historie van FileZilla Server

<<Terug naar software beschrijving

Veranderingen voor v0.9.50 - v0.9.51

  • Fixed vulnerabilities:
  • The code that checks that the peer's data connection IP address matches the control connection IP had been nonfunctional. Vulnerability discovered and reported by Amit Klein.
  • Added option to force TLS session resumption on the data connection to prevent data connection stealing
  • FileZilla Server now randomizes the port used for passive mode transfers to mitigate data connection stealing when using plain FTP
  • New features:
  • Added diagnostic message to the administration interface if FTP over TLS is disabled and if the configured certificate is expired or otherwise invalid
  • Added diagnostic message to the administration interface if no passive mode IP has been configured and the server appears to be behind a NAT router
  • The settings dialog layout had a spring cleaning. The security settings, passive mode settings and TLS settings pages have received the most cleanup.



Veranderingen voor v0.9.49 - v0.9.50

  • Bugfixes and minor changes:
  • Updated to OpenSSL 1.0.2a due to several security vulnerabilities in OpenSSL
  • Fixed default network buffer size to match its description
  • Fixed silent uninstallation



Veranderingen voor v0.9.48 - v0.9.49

  • Bugfixes and minor changes:
  • Updated OpenSSL library to due to several security vulnerabilties in OpenSSL
  • Fixed crash if updating permissions under load
  • Changing admin interface IP bindings did not recreate the listening socket on ::1
  • Fix display of welcome message and FEAT reply in log



Veranderingen voor v0.9.47 - v0.9.48

  • New features:
  • Allow use of the OPTS command prior to login
  • EPSV and EPRT support are now advertised in the reponse to the FEAT command
  • Minidumps are now automatically written in the installation directory in the unfortunate case of a server crash
  • Bugfixes and minor changes:
  • Updated OpenSSL libraries and fixed memory leaks when unloading OpenSSL



Veranderingen voor v0.9.46 - v0.9.47

  • New features:
  • Self-signed certificates created with FileZilla Server are now signed using SHA-256
  • Interface settings (as opposed to server settings) are now stored in %APPDATA%/FileZilla Server
  • Increased maximum IP filter size for users and groups by 50%
  • The administration protocol now allows up to 16 million users and groups
  • Bugfixes and minor changes:
  • Fix sporadic crashes when using FTP over TLS
  • Fix timestamps in LIST output being off up to 7 minutes in extreme cases
  • Speed up querying file attributes
  • Auoban did not work over IPv6
  • Fixed selection in user list sort dropdown behind the corresponding toolbar button



Veranderingen voor v0.9.45 - v0.9.46

  • New features:
  • FTP over TLS: Disallow insecure and weak cipher suites. Algorithms no longer supported include 3DES, RC4, MD5
  • Small performance improvements
  • Bugfixes and minor changes:
  • Fix stalling or improperly terminated connections when using FTP over TLS
  • Fix crash with enabled speed limits



Veranderingen voor v0.9.44 - v0.9.45

  • Fixed vulnerabilities:
  • Security fix: Update to OpenSSL 1.0.1h to address CVE-2014-0224
  • New features:
  • Clarified wording and offer additional help when setting up aliases
  • Bugfixes and minor changes:
  • Through the RMD command it was possible to delete aliases



Veranderingen voor v0.9.43 - v0.9.44

  • Fixed vulnerabilities:
  • pdate to OpenSSL 1.0.1g to address CVE-2014-0160
  • New features:
  • Improve alias description and guide user towards alias creation if multiple unrelated directories are being shared. Support for the old non-virtual alias configuration has been removed.
  • Display additional information if a certificate or key file cannot be loaded



Veranderingen voor v0.9.42 - v0.9.43

  • Fixed vulnerabilities:
  • Security fix: Disallow renaming and deleting of aliases through FTP commands
  • New features:
  • Removed outdated and untested Kerberos GSSAPI support
  • Removed support for the nonstandard OPTS UTF8 OFF command which is not part of the FTP specifications
  • Added TLS 1.2 support
  • Minimum RSA key size for generated certificates is now 1280 bit
  • Build system: Modernized and cleaned up workspace files for Visual Studio 2013
  • Build system: Removed all non-Unicode configurations
  • Bugfixes and minor changes:
  • Fix handling of leading/trailing whitespace in filenames
  • Fix display of file name at the end of a transfer
  • The 8+3 account setting is now stored in the correct XML element
  • Increase number of tries searching for a free port after the PASV/EPSV command
  • Fix text clipping on the miscellaneous page in the settings dialig
  • Fixed memory leaks when changing settings
  • The numbers to the PORT command are now always treated as decimal numbers as per the FTP specifications even if they have leading zeroes



Veranderingen voor v0.9.41 - v0.9.42

  • New features:
  • Last version ever to support Windows XP
  • More verbose replies to the transfer commands
  • Bugfixes and minor changes:
  • Fix an endless loop if a client closes a connection using the QUIT command while a speed limit was in effect on a low-latency connection
  • Fixed a rare memory leak
  • Correct handling of 0.0.0.0/0 in IP address filters
  • Use UTF8 in the distinguished names of created certificates



Veranderingen voor v0.9.40 - v0.9.41

  • Fix parsing of IP address filters ending with :0 or equivalent substringss.
  • Allow speed limits larger than 64 MiB/s.
  • Show more verbose error messages if transfer connection cannot be established.



Veranderingen voor v0.9.39 - v0.9.40

  • The service no longer crashes if onnecting with the administration interface when there are clients connected over IPv6
  • Close the connection if there is additional data in the input buffers when processing the AUTH command.
  • Display correct connection state item in administration interface when getting initial list of connected clients



Veranderingen voor v0.9.38 - v0.9.39

  • Bugfixes and minor changes:
  • Do not attempt to display a message box if creating an administration interface binding fails. This freezes the service on some machines.
  • On FTP over TLS connections, the socket address family was not initialized from the underlaying socket
  • Fix a bug in IPv4 address filters and increase their performance



Veranderingen voor v0.9.36 - v0.9.37

  • Advertise support for PBSZ and PROT in FEAT reply
  • Allow PROT after PORT/PASV/EPRT/EPSV but before transfer command
  • Use correct replies for RNTO, EPRT and MKD command
  • Reply with correct error code in response to transfer commands if PROT P is required but not set
  • Fix display of non-ASCII characters in log
  • Ignore read-only attribute on DELE



Veranderingen voor v0.9.35 - v0.9.36

  • Fix welcome message



Veranderingen voor v0.9.34 - v0.9.35

  • New features:
  • Administration interface is now Unicode enabled.
  • Bugfixes and minor changes:
  • Fix saving of speed-limit rules



Veranderingen voor v0.9.33 - v0.9.34

  • Show address of server in title bar of administration interface (patch submitted by eyebex)
  • Bugfixes and minor changes:
  • Disable some weak TLS/SSL ciphers such as DES-CBC-SHA which shouldn't be used anymore
  • Work around some obscure error reported by OpenSSL, fixes spurious transfer failures
  • Use case-insensitive comparison instead of always converting to lowercase in permissions handling. Fixes problems with sharing case-sensitive network resources.
  • Settings with empty data were not loaded from settings file correctly and reverted back to default values (patch submitted by eyebex)
  • Improve performance of (re-)loading settings



Veranderingen voor v0.9.31 - v0.9.32

  • New features:
  • Use thousands separator in output of large numbers.
  • Fixed bugs:
  • Disallow weak SSLv2.
  • Slightly reword FTP over TLS/SSL settings page
  • Adjust width of user and group lists on permissions dialogs.



Veranderingen voor v0.9.30 - v0.9.31

  • Fix buffer overflow in SSL code leading to a potential security vulnerability



Veranderingen voor v0.9.29 - v0.9.30

  • Fix a rare case in which SSL shutdown notifications were created but not actually sent.



Veranderingen voor v0.9.28 - v0.9.29

  • Executable path did not get quoted properly in service creation leading to a local privilege escalation vulnerability.



Veranderingen voor v0.9.26 - v0.9.28

  • Directly reject PROT C if PROT P is required instead of complaining after a transfer command
  • Fix race in transfer connection initialization leading to timeouts
  • No-transfer timeouts could not be disabled in 0.9.27
  • Server startup options in installer had no effect



Veranderingen voor v0.9.24 - v0.9.25

  • Implement OPTS MLST as required by RFC 3659
  • Add some more validation to prevent "Protocol Error, invalid data" errors
  • Attempt to fix problems with certificate loading some users are experiencing



<<Terug naar software beschrijving