Muutoshistoria ohjelmalle FileZilla Server
<<Takaisin ohjelman lataussivulle
Muutokset v0.9.50 - v0.9.51
- Fixed vulnerabilities:
- The code that checks that the peer's data connection IP address matches the control connection IP had been nonfunctional. Vulnerability discovered and reported by Amit Klein.
- Added option to force TLS session resumption on the data connection to prevent data connection stealing
- FileZilla Server now randomizes the port used for passive mode transfers to mitigate data connection stealing when using plain FTP
- New features:
- Added diagnostic message to the administration interface if FTP over TLS is disabled and if the configured certificate is expired or otherwise invalid
- Added diagnostic message to the administration interface if no passive mode IP has been configured and the server appears to be behind a NAT router
- The settings dialog layout had a spring cleaning. The security settings, passive mode settings and TLS settings pages have received the most cleanup.
Muutokset v0.9.49 - v0.9.50
- Bugfixes and minor changes:
- Updated to OpenSSL 1.0.2a due to several security vulnerabilities in OpenSSL
- Fixed default network buffer size to match its description
- Fixed silent uninstallation
Muutokset v0.9.48 - v0.9.49
- Bugfixes and minor changes:
- Updated OpenSSL library to due to several security vulnerabilties in OpenSSL
- Fixed crash if updating permissions under load
- Changing admin interface IP bindings did not recreate the listening socket on ::1
- Fix display of welcome message and FEAT reply in log
Muutokset v0.9.47 - v0.9.48
- New features:
- Allow use of the OPTS command prior to login
- EPSV and EPRT support are now advertised in the reponse to the FEAT command
- Minidumps are now automatically written in the installation directory in the unfortunate case of a server crash
- Bugfixes and minor changes:
- Updated OpenSSL libraries and fixed memory leaks when unloading OpenSSL
Muutokset v0.9.46 - v0.9.47
- New features:
- Self-signed certificates created with FileZilla Server are now signed using SHA-256
- Interface settings (as opposed to server settings) are now stored in %APPDATA%/FileZilla Server
- Increased maximum IP filter size for users and groups by 50%
- The administration protocol now allows up to 16 million users and groups
- Bugfixes and minor changes:
- Fix sporadic crashes when using FTP over TLS
- Fix timestamps in LIST output being off up to 7 minutes in extreme cases
- Speed up querying file attributes
- Auoban did not work over IPv6
- Fixed selection in user list sort dropdown behind the corresponding toolbar button
Muutokset v0.9.45 - v0.9.46
- New features:
- FTP over TLS: Disallow insecure and weak cipher suites. Algorithms no longer supported include 3DES, RC4, MD5
- Small performance improvements
- Bugfixes and minor changes:
- Fix stalling or improperly terminated connections when using FTP over TLS
- Fix crash with enabled speed limits
Muutokset v0.9.44 - v0.9.45
- Fixed vulnerabilities:
- Security fix: Update to OpenSSL 1.0.1h to address CVE-2014-0224
- New features:
- Clarified wording and offer additional help when setting up aliases
- Bugfixes and minor changes:
- Through the RMD command it was possible to delete aliases
Muutokset v0.9.43 - v0.9.44
- Fixed vulnerabilities:
- pdate to OpenSSL 1.0.1g to address CVE-2014-0160
- New features:
- Improve alias description and guide user towards alias creation if multiple unrelated directories are being shared. Support for the old non-virtual alias configuration has been removed.
- Display additional information if a certificate or key file cannot be loaded
Muutokset v0.9.42 - v0.9.43
- Fixed vulnerabilities:
- Security fix: Disallow renaming and deleting of aliases through FTP commands
- New features:
- Removed outdated and untested Kerberos GSSAPI support
- Removed support for the nonstandard OPTS UTF8 OFF command which is not part of the FTP specifications
- Added TLS 1.2 support
- Minimum RSA key size for generated certificates is now 1280 bit
- Build system: Modernized and cleaned up workspace files for Visual Studio 2013
- Build system: Removed all non-Unicode configurations
- Bugfixes and minor changes:
- Fix handling of leading/trailing whitespace in filenames
- Fix display of file name at the end of a transfer
- The 8+3 account setting is now stored in the correct XML element
- Increase number of tries searching for a free port after the PASV/EPSV command
- Fix text clipping on the miscellaneous page in the settings dialig
- Fixed memory leaks when changing settings
- The numbers to the PORT command are now always treated as decimal numbers as per the FTP specifications even if they have leading zeroes
Muutokset v0.9.41 - v0.9.42
- New features:
- Last version ever to support Windows XP
- More verbose replies to the transfer commands
- Bugfixes and minor changes:
- Fix an endless loop if a client closes a connection using the QUIT command while a speed limit was in effect on a low-latency connection
- Fixed a rare memory leak
- Correct handling of 0.0.0.0/0 in IP address filters
- Use UTF8 in the distinguished names of created certificates
Muutokset v0.9.40 - v0.9.41
- Fix parsing of IP address filters ending with :0 or equivalent substringss.
- Allow speed limits larger than 64 MiB/s.
- Show more verbose error messages if transfer connection cannot be established.
Muutokset v0.9.39 - v0.9.40
- The service no longer crashes if onnecting with the administration interface when there are clients connected over IPv6
- Close the connection if there is additional data in the input buffers when processing the AUTH command.
- Display correct connection state item in administration interface when getting initial list of connected clients
Muutokset v0.9.38 - v0.9.39
- Bugfixes and minor changes:
- Do not attempt to display a message box if creating an administration interface binding fails. This freezes the service on some machines.
- On FTP over TLS connections, the socket address family was not initialized from the underlaying socket
- Fix a bug in IPv4 address filters and increase their performance
Muutokset v0.9.36 - v0.9.37
- Advertise support for PBSZ and PROT in FEAT reply
- Allow PROT after PORT/PASV/EPRT/EPSV but before transfer command
- Use correct replies for RNTO, EPRT and MKD command
- Reply with correct error code in response to transfer commands if PROT P is required but not set
- Fix display of non-ASCII characters in log
- Ignore read-only attribute on DELE
Muutokset v0.9.35 - v0.9.36
- Fix welcome message
Muutokset v0.9.34 - v0.9.35
- New features:
- Administration interface is now Unicode enabled.
- Bugfixes and minor changes:
- Fix saving of speed-limit rules
Muutokset v0.9.33 - v0.9.34
- Show address of server in title bar of administration interface (patch submitted by eyebex)
- Bugfixes and minor changes:
- Disable some weak TLS/SSL ciphers such as DES-CBC-SHA which shouldn't be used anymore
- Work around some obscure error reported by OpenSSL, fixes spurious transfer failures
- Use case-insensitive comparison instead of always converting to lowercase in permissions handling. Fixes problems with sharing case-sensitive network resources.
- Settings with empty data were not loaded from settings file correctly and reverted back to default values (patch submitted by eyebex)
- Improve performance of (re-)loading settings
Muutokset v0.9.31 - v0.9.32
- New features:
- Use thousands separator in output of large numbers.
- Fixed bugs:
- Disallow weak SSLv2.
- Slightly reword FTP over TLS/SSL settings page
- Adjust width of user and group lists on permissions dialogs.
Muutokset v0.9.30 - v0.9.31
- Fix buffer overflow in SSL code leading to a potential security vulnerability
Muutokset v0.9.29 - v0.9.30
- Fix a rare case in which SSL shutdown notifications were created but not actually sent.
Muutokset v0.9.28 - v0.9.29
- Executable path did not get quoted properly in service creation leading to a local privilege escalation vulnerability.
Muutokset v0.9.26 - v0.9.28
- Directly reject PROT C if PROT P is required instead of complaining after a transfer command
- Fix race in transfer connection initialization leading to timeouts
- No-transfer timeouts could not be disabled in 0.9.27
- Server startup options in installer had no effect
Muutokset v0.9.24 - v0.9.25
- Implement OPTS MLST as required by RFC 3659
- Add some more validation to prevent "Protocol Error, invalid data" errors
- Attempt to fix problems with certificate loading some users are experiencing