FileZilla Server version 0.9.41 beta
Copyright 2001-2012
by Tim Kosse
http://filezilla-project.org/
Features:
Release Notes:
Please report any bugs immediately to tim.kosse@filezilla-project.org and don't forget to include some system details as it helps to identify the bugs.
The tray icon
From the tray icon you've access to different features of FileZilla Server. You can enable/disable, lock/unlock or exit the server as well as restoring it to normal size.
List of tray icon states: |
||
red | server offline | |
yellow | server online | |
green | client connected | |
flashing red-green | server will go offline or will exit when all clients are disconnected | |
flashing red-yellow | server is locked | |
flashing yellow-green | server is locked and clients are still connected |
Version History:
For a more detailed list of changes, please have a look at the SVN changelog located at http://filezilla-project.org/changelog.php?type=2.
Version 0.9.41
Fixed bugs:
- Fix parsing of IP address filters ending with :0 or equivalent substringss.
- Allow speed limits larger than 64 MiB/s.
- Show more verbose error messages if transfer connection cannot be established.
Version 0.9.40
Fixed bugs:Version 0.9.39
- The service no longer crashes if connecting with the administration interface when there are clients connected over IPv6
- Close the connection if there is additional data in the input buffers when processing the AUTH command.
- Display correct connection state item in administration interface when getting initial list of connected clients
Fixed bugs:Version 0.9.38
- Do not attempt to display a message box if creating an administration interface binding fails. This freezes the service on some machines.
- On FTP over TLS connections, the socket address family was not initialized from the underlaying socket
- Fix a bug in IPv4 address filters and increase their performance
New features:Version 0.9.37Incompatible changes:
- IPv6 support
Fixed bugs:
- Range, wildcard, regular expression and dot-decimal notation subnet IP address filters have been removed. These filter rules need to be recreated using CIDR notation.
- Upon /reload-config, notify all running instances, not just the first found.
- Report correct physical path of aliases in administration interface
- Fix reply code on permanent bans, not of 5yz type
- Increased default size of socket buffers
- Fix a crash when entering invalid IP filters
- Fixed a crash when a connection closes
- Updated to most recent OpenSSL version
Fixed bugs:
- Advertise support for PBSZ and PROT in FEAT reply
- Allow PROT after PORT/PASV/EPRT/EPSV but before transfer command
- Use correct replies for RNTO, EPRT and MKD command
- Reply with correct error code in response to transfer commands if PROT P is required but not set
- Fix display of non-ASCII characters in log
- Ignore read-only attribute on DELE
Version 0.9.36
Fixed bugs:
- Fix welcome message
Version 0.9.35
New features:Fixed bugs:
- Administration interface is now Unicode enabled.
- Fix saving of speed-limit rules
Version 0.9.34
New features:Fixed bugs:
- Show address of server in title bar of administration interface (patch submitted by eyebex)
- Disable some weak TLS/SSL ciphers such as DES-CBC-SHA which shouldn't be used anymore
- Work around some obscure error reported by OpenSSL, fixes spurious transfer failures
- Use case-insensitive comparison instead of always converting to lowercase in permissions handling. Fixes problems with sharing case-sensitive network resources.
- Settings with empty data were not loaded from settings file correctly and reverted back to default values (patch submitted by eyebex)
- Improve performance of (re-)loading settings
Version 0.9.33
New features:Fixed bugs:
- Add /servicename and /servicedisplayname options to change the (display) name of the server service.
- Fix potential double-delete in admin connection code, could be used for remote denial of service if using remote administration (not enabled by default).
- Increase minimum value for maximum allowed login attempts before autoban to 10.
Version 0.9.32
New features:Fixed bugs:
- Use thousands separator in output of large numbers.
- Disallow weak SSLv2.
- Slightly reword FTP over TLS/SSL settings page.
- Adjust width of user and group lists on permissions dialogs.
Version 0.9.31
Fixed bugs:
- Fix buffer overflow in SSL code leading to a potential security vulnerability.
Version 0.9.30
Fixed bugs:
- Fix a rare case in which SSL shutdown notifications were created but not actually sent.
Version 0.9.29
Fixed bugs:
- Executable path did not get quoted properly in service creation leading to a local privilege escalation vulnerability.
Version 0.9.28
Fixed bugs:
- Directly reject PROT C if PROT P is required instead of complaining after a transfer command
- Fix race in transfer connection initialization leading to timeouts
- No-transfer timeouts could not be disabled in 0.9.27
- Server startup options in installer had no effect
Version 0.9.27
Fixed bugs:
- An orderly SSL/TLS shutdown was not performed in all cases
- Disallow no-transfer timeouts smaller than 600 seconds
For a more detailed list of changes, please have a look at the CVS changelog located at http://filezilla-project.org/changelog.php?type=2.
Version 0.9.26
Fixed bugs:
- Downloading empty files over TLS connections no longer closes the connection prematurely
- Updated to latest OpenSSL version
Version 0.9.25
Fixed bugs:
- Implement OPTS MLST as required by RFC 3659
- Add some more validation to prevent "Protocol Error, invalid data" errors
- Attempt to fix problems with certificate loading some users are experiencing
Version 0.9.24
Fixed bugs:
- Fix MFMT command from not accepting all valid dates
- Fix keysize selection in certificate generation dialog
- Updated to latest OpenSSL version
Version 0.9.23
New features:Fixed bugs:
- Add support for MFMT command to change file modification time
- Add basic autoban implementation for the paranoid server admins
- Add TYPE L 8 as an alias for TYPE I
- Fix some timezone issues
- Fix CTRL+C for message log
Version 0.9.22
Fixed bugs:
- Fix denial of service vulnerability due to nullpointer dereference.
- Added support for broken clients sending CWD command without arguments.
Version 0.9.21
Changed features:Fixed bugs:
- The default address for the "Retrieve external IP address from:" option has changed.
- Fix SSL related issue on empty directory listings
Version 0.9.20
New features:Fixed bugs:
- Add option to ban user to the context menu of the connected users list.
- Fix SSL shutdown behaviour, fixes compatibility with some clients.
- Internal changes to allow larger lists of banned IP addresses.
- Improved datasocket creation in active mode.
Version 0.9.19
Fixed bugs:
- Updated to OpenSSL 0.9.8d due to security vulnerabilites in OpenSSL
Version 0.9.18
Fixed bugs:
- Fix MLSD command not displaying all aliases
- Fix keyboard nagivation in settings dialog
- Added OPTS UTF8 OFF command
Version 0.9.17
Fixed bugs:
- Fix critical buffer overflow in admin interface. Remote code execution with the rights of the user running the admin interface might have been possible. Only the interface was affected, the service was unaffected.
- Fix memory leak in service
- Compatibility fixes for systems with more than one CPU
Version 0.9.16
Fixed bugs:
- Fix conversion problem if any configuration data had a non-English character.
- Internal changes to make whole service use Unicode
- Fix explicit SSL (0.9.16a)
- Fix buffer overflow in settings dialog (0.9.16b)
- Fix problem with list of connected users (0.9.16c)
Version 0.9.15
New features:Fixed bugs:
- UTF-8 support as specified in RFC 2640. As result, the minimum required Windows version is now Windows 2000.
- SSL file truncation problem
- Compatiblity fix for NAT-in-NAT environments
- Compatibility with clients sending the STRU command
- Fix loading of aliases in UNC format
Version 0.9.14
Fixed bugs:
- Fixed problem with SSL transfers aborting or even crashing the server.
Version 0.9.13
New features:Fixed bugs:
- Option to not use external ip address in passive mode if client is within local network. Enabled by default.
- Option to ignore the address given in the PORT command if it's from an unrouteable address range, but the client has a routeable address. Enabled by default.
- Fixed problems with the case-(in)sensitivity of aliases
- (0.9.13b) Fixed passive mode problems introduced in 0.9.13
Version 0.9.12
New features:Fixed bugs:
- Alias targets can now be virtual paths as well
- Add option to allow reading of files which are opened for writing by another process
- Always require a set password even for local connections now. If you don't remember your password, delete it from FileZilla Server.xml
- Workaround for SMC routers with P@SW bug
- Added SITE NAMEFMT command with "1" as only supported naming format. Required by at least one client running on AS/400 server.
- Don't allow AUTH SSL/TLS command if already using SSL/TLS, broadcast SSL/TLS availability in FEAT response
Version 0.9.11
Fixed bugs:
- No longer freezes if using a password protected keyfile.
- It was not possible to access filenames starting with multiple dots
Version 0.9.10
New features:Version 0.9.9Fixed bugs:
- Option to force SSL login for selected users/groups
- SSL mode fixes, fix truncated downloads
- fix creation of multiple ports if not bound to all IP addresses
New features:Version 0.9.8cFixed bugs:
- Option to force PROT P for SSL/TLS connections.
- Now compiled against zlib 1.2.3 to fix potential security vulnerability
Fixed bugs:
- Sometimes file downloads aborted prematurely leading to incomplete files.
- Don't send MODE Z in FEAT response if MODE Z has been disabled.
Version 0.9.8b
New features:Fixed bugs:
- Added option to set socket buffer size, increased default buffer sizes
- Wildcards in argument to LIST command were not handled properly
- Use proper reply code for AUTH SSL and AUTH TLS commands
Version 0.9.8
New features:Fixed bugs:
- Service and Admin interface can be installed separately in the installer
- Infinite loop if user disconnects while throttled by anti-hammering code
- Accept PBSZ command if using SSL/TLS
Version 0.9.7
New features:Fixed bugs:
- Option to force explicit SSL
- Available bandwidth was not distributed properly if using speedlimits
- possible crash after closing client connections if using SSL
- time based speed limits over midnight did not work properly
- Connection freeze after SSL initialization
- taking server offline and back online did not work properly if used multiple times in a row
- fix infinite loop if speedlimits are enabled
Version 0.9.6a
fixed bugs:
- Sockets for admin interface or transfer connections could not be created on all systems
- Input box for the listen ports did not accept separator characters.
- reserved MSDOS device name did not work properly
Version 0.9.6
New features:Fixed bugs:
- SSL/TLS encryption. This feature is still experimental, use at your own risk.
- Infinite loop on file uploads or directory listings if using zlib compression
- Sending commands with filenames as arguments which did contain reserved MSDOS device names (such as NUL, CON, COM1, LPT1) could freeze FileZilla Server on older systems. Those filenames are now considered invalid
- Fixed crash if taking server offline
- Connection limits for users did not work as intended
- The /reload-config command line switch has been fixed
Version 0.9.5
fixed bugs:
- Typo in anti-hammering code, delayed connections were never unstalled
- Aliases for directories containing :u did not work if username did contain uppercase chars
- If renaming groups, adjust user accounts accordingly
- If deleting groups which are in use, ask what to do with the affected users
- Use same network interface for transfer connection as for the control connection to solve some firewall issues, patch by dartonw
Version 0.9.4e
fixed bugs:
- Fixed buffer overflow in admin interface
- Aliases did not always display in NLST listings
Version 0.9.4
new features:removed features:
- List of connected users displays more details: IP, current file, progress and speed. Based on patch by "Tropics"
- Admininterface reconnects automatically after connection loss
- Folders to which the user has no access, won't be displayed in directory listings
- All IP filters can now also filter hostnames using regular expressions, based on patch from Sebastian Schuberth
- implemented MLSD and MLST commands
- implemented ALLO command
- If user password in settings file is not 32 characters long (and thus not a MD5 hash) convert it to a MD5 hash.
fixed bugs:The permissions handling code has been simplified a lot. In the process some features as described above have been removed, partially due to better alternatives.
- Removed non-relative directory structure mode. It did expose the servers physical directory structure. Also there were some bugs regarding this mode in the previous code.
- Removed "Resolve Shortcuts" option. Aliases are more flexible since they allow username replacement (using :u) and don't depend on some files on your drive which could be replaced by other applications.
- Dashes as prefix for command line options did not work
- Time pickers in speedlimit rule dialog did change type to date pickers.
- Internal changes for 64bit portability
- Fixed rare crash which could occur whenever a user disconneced
- Fixed crashes if stopping server
- Use proper reply for MKD commands to already existing directories
- No longer display folder selection dialog for remote administration sessions.
- Internal changes to reduce CPU load
Version 0.9.3
new features:fixed bugs:
- Welcome messages can be hidden to no longer display in the interface and logfiles. Based on patch by Jason Jackson.
- Max. Welcome message size greatly increased
- security fix for zlib which could lead to denial of service attacks if MODE Z transfers are allowed.
Version 0.9.2
new features:
- increased speed of admin interface
- implemented anti-hammering code to prevent brute force password cracking. Can't be disabled for good reason.
Version 0.9.1
new features:fixed bugs:
- Directory aliases to simplify usage of virtual file system
- IP filter to limit access to server
- Users / groups can be disabled
- Comments field for users and groups
- Added HELP command (0.9.1b)
- ip filter did not work properly together with groups (0.9.1a)
- fixed deadlock in external IP check and speed limit code
- fixed infinite loop in zlib mode
- speed limits were not calculcated properly
- wrong timezone was used in speed limit rules
- global speed limits weren't initialized properly
- fixed error message if editing speed limit rules
- groups no longer duplicate if opening groups dialog on inactive servers without any user accounts
Version 0.9.0
new features:fixed bugs:
- MODE Z file transfer compression
- server listening socket can be bound to specific IPs
- server did not shutdown properly
Version 0.8.9
fixed bugs:
- Interface could crash if kicking user
- group ip based connection limit did not work
- fixed alignment of years in directory listings
- fixed crash if listening socket can't be created
- changed MKD return code to 257
Version 0.8.8
new features:fixed bugs:
- added hostname support for external PASV IP address
- support for remote IP detection scripts
- config file can be reloaded by calling "FileZilla Server.exe" /reload-config
- Fixed format of permissions field in directory listings
- group membership for user accounts wasn't set on startup
- somtimes the last few bytes were missing on uploaded files
- fixed missing titles of users and groups dialog
version 0.8.7
new features and improvements:fixed bugs:
- lots of performance improvements:
Thanks to Tom Diviney for a lot of testing.
- connection establishment is up to 100ms faster
- some optimizations in the welcome message, directory listing and permission code
- Improved behaviour of LIST and NLST with arguments, should fix the mget issue, fix provided by Bengt Johannesson
- Creation of transfer connection in active mode was not RFC 959 compatible.
- possible fix for stalling GSS transfers
version 0.8.6
new features:fixed bugs:
- new log window, it's now possible to select text
- due to a bug in the Windows api function CreateDirectory it was possible to create directories with one or more dots at the end of their name. Such directories can't be accessed or deleted by most programs. FileZilla Server now checks for dots at the end of diretories and denies creation of such directories. If you already have such directories on your disk, you can delete them in the console using rmdir \\?\<path>, replace path with the full path of the invalid directory.
- Usergroups no longer change randomly if there are more than one user group.
version 0.8.5:
new features:fixed bugs:
- Added server menu to interface with Active and Lock items (same funcionality as the first two icons)
- Users without delete permission could delete empty directories
- Files could be renamed over account boundaries
- Locking the server did not work
- Defatult width of users pane was zero if starting the interface on low resolution (800x600 or fewer) monitors.
version 0.8.4:
new features:
- Global as well as user specific speed limits can be set
- Added user groups
- Support for Kerberos GSSAPI authentication
- Transfer buffer size can now be set
version 0.8.3:
new features:
remote administration
logging to file
fixed bugs:
admin interface could hang during connect (fixed in 0.8.3a)
F2 to rename user accounts / dirs in users dialog now works correctly
sometimes files sent to clients were not sent correctly
version 0.8.2
fixed bugs:
fixed "account duplication" if taking server offline and back online
fixed timeouts, active clients no longer timeout without reason.
version 0.8.1
new features:
added settings converter due to popular request
fixed bugs:
not all account settings could be read correctly from xml file
fixed some bugs in the server <--> interface protocol
fixed buffer overflow in server side admin socket class
some minor fixes
version 0.8.0:
new features:
Separated server from the user interface, interface now runs in its own process
Sever now runs as service under Windows NT4, 2000 and XP
fixed bugs:
fixed problems with non relative paths and drive letters. This should also fix the compatibility to some versions of the IE and other browsers (fixed by TJ Drennan)
fixed crash if a directory did contain files with a year larger than 2038
server no longer sometimes stops responding after issuing shutdown
version 0.7.4:
new features:
installer now uses modernUI style
fixed bugs:
added warning if accepting a new connection failed. Some bad firewalls do allow creating listen sockets and pass through connection attempts but block accepting them.
fixed some problems with the socket class
fixed GDI-resource leak
version 0.7.3:
fixed bugs:
improved thread responsiveness to messages
fixed display of transferrate
reduced flicker of main window while resizing
when deleting a user, the user data could get mixed up
now no error message appears when "Enable custom PASV settings" is disabled
now NULL passwords are supported if an account does not require a password (anonymous for example)
"Maximum connection count" for user accounts did not work
version 0.7.2:
new features:
added custom PASV IP and port settings
added XCUP, XPWD, XMKD, XRMD and NOP commands
fixed bugs:
QUIT works without beeing logged on
Telnet commands no longer show up in message log
fixed cancel button in users dialog not working properly
added missing users dialog menu entry
version 0.7.1:
fixed bugs:
fixed problems with usernames containing uppercase characters
fixed installer creating source project shortcut in wrong directory
fixed security hole, could list directories outside your ftproot.
version 0.7:
enhanced features:
new Winsock wrapper class, should increase performance a little bit
prepared the use of format specifications in welcome message. If you had used a custom welcome message before using version 0.7, you would have to reenter the message.
fixed bugs:
fixed problem with LIST and NLST command and parameters
files are now stored with the names passed with the STOR command, no longer all lowercase
correct handling of quoted arguments
version 0.6:
new features:
custom welcome message
server port can be changed without having to manually close and reopen it.
increased performance under heavy load
added NLST and MDTM (last modified time) commands
crash log generation
fixed bugs:
fixed security hole that allowed to list directories within your ftp root without list permission.
fixed some more deadlocks
version 0.5.2 beta:
fixed bugs:
fixed problem with usernames containing uppercase characters
Server hanged when it was unable to get the homedir of a user
version 0.5.1 beta:
fixed bugs:
could not always determinate filesize correctly
version 0.5 beta:
new featurs:
NLST command added
a path can be passed to LIST and NLST as argument
start minimized option
fixed bugs:
multiple problems with files larger than 2GB
version 0.4 beta:
new features:
APPE and QUIT command added
fixed bugs:
sometimes permissions could not be retrieved due to a bug in GetRealDirectory(), permission was always denied.
when using APPE or "REST x" (x!=0), it was possible to upload new files in folders with append permission but no write permission.
fixed some minor bugs
version 0.3 beta:
new features:
ip limit per user
users can be renamed
transfer count and rate will be displayed
NOOP command implemented
enhanced features:
speed of directory listings improved
fixed bugs:
timeouts weren't calculated properly
version 0.2 beta:
new features:
ABOR and SYST commands added
login timeout integrated
users can be kicked
number of threads can be changed at runtime
fixed bugs:
MKD could not create multiple directory levels at once
files were not sent completely to clients
some problems in the users dialog
control channel now sends line endings with <CRLF> as specified in RFC 959 instead of <LF>
InitTransfer called too early in some rare cases
a whole bunch of bugs causing crashes or freezes
version 0.1 beta:
new featuers:
options dialog
timeout and no transfer timeout
port selection
number of threads can be selected
max number of users
user-specific bypass max user and local max user setting
all connected users are displayed on the right pane of the main window
added systray icon
bounce attack / fxp protection
ABOR command implemented
now only one file transfer and one directory listing can be active at the same time, so you can still browse the server during file transfers.
fixed bugs:
sometimes the threads were not shut down correctly with FileZilla
fixed some issues in the user account manager
Server could crash if a new transfer was initiated while another transfer is still active.
version 0.0.2 alpha:
new features:
non relative paths
file transfers
PASV mode support
delete files and directory
create directories
renaming of files/dirs
fixed bugs:
the message log now displays the seconds, too
version 0.0.1 alpha:
first public release
new features:
user account manager
browsing of directories
Windows shorcut files (.lnk files) resolving
multithreaded engine with very basic load balancing