Softpedia >Windows >Internet >Servers >FTP Servers >Core FTP Server >  Changelog

Core FTP Server Changelog

What's new in Core FTP Server 2.0 Build 749

Jul 25, 2023
  • Issue when RSA, DSA and EC server keys were selected causing key mismatch error, fixed
  • Tracking of last login and total logins added
  • Added basic reporting (global options - reporting)
  • DB flush option added (global options - misc)
  • Added stat db for tracking stats (config.stat.dat)
  • Improvements to prevent unnecessary updating of config
  • Check path issue in global log name, fixed
  • Notification password encryption fix
  • Hostname lookup crash on startup, fixed
  • MKDIR issue fixed
  • Disabled TLS v1.3 option (due to lack of backward support of TLS 1.3 by Microsoft, will be adding OpenSSL option for TLS v1.3).

New in Core FTP Server 2.0 Build 743 (Oct 25, 2022)

  • Update to fix SFTP "zlib compression enabled" issues that caused clients connection issues
  • SFTP chacha cipher removed from default list (add manually via ssh/sftp "cipher algs")

New in Core FTP Server 2.0 Build 740 (Sep 30, 2022)

  • Path issues with /./
  • Logging by user option added (domain - logging)
  • Logging filename per user option added (user - miscellaneous)
  • MDTM issue with filenames with spaces
  • Added aes-gcm ciphers to SSH/SFTP FIPS mode
  • Registration proxy port problem issue
  • SSH version negotiation issues updated/fixes
  • FTP SIZE command issues (permission denied)
  • SFTP '.' returning wrong path for users not locked in home directory,
  • Build 735 introduced an issue with SFTP FIPS mode (aes-gcm ciphers), 737 fixes these issues.

New in Core FTP Server 2.0 Build 733 (Jun 1, 2022)

  • Additional checks for SFTP "Denied" and "File not found" errors in log
  • SFTP null FXP_REALPATH request modified to return home path
  • SFTP local window size increased (may increase transfer speeds)
  • SFTP directory fix/changes for false positive results being returned (on CHDIR)
  • Remove license prompt added
  • License upgrade option added
  • Minor GUI updates

New in Core FTP Server 2.0 Build 727 (Jan 20, 2022)

  • Allow symbolic links option - (misc options)
  • Extra checks for dead connections in GUI
  • SSH/SFTP overflow vulnerability fixes (issues in builds 715-725)
  • HTTPS path POST vulnerability, fixed

New in Core FTP Server 2.0 Build 725 (Nov 16, 2021)

  • FTP/SSL/TLS uploading directory issues during high loads, fixed
  • Additional checks related to SSH/SFTP negotiations (issues in builds 713-719)
  • Log updates/fixes
  • Minor GUI updates
  • Delete user prompt added

New in Core FTP Server 2.0 Build 719 (Sep 25, 2021)

  • Backward compatibility issue with per-user access rule changes not being updated, fixed
  • Password too long check added
  • Fixes for recent DH updates - memory overrun/crash in builds 713-715
  • Hmacs SHA256-etm and SHA512-etm added/updates (fixes hmac issues with build 717)

New in Core FTP Server 2.0 Build 717 (Sep 13, 2021)

  • Backward compatibility issue with per-user access rule changes not being updated, fixed
  • Password too long check added
  • Fixes for recent DH updates - memory overrun/crash in builds 713-715
  • Hmacs SHA256-etm and SHA512-etm added

New in Core FTP Server 2.0 Build 715 (Jul 27, 2021)

  • Added DHs (diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512)
  • Added DH/Kex/cipher/mac to log
  • Startup command added to global settings - misc (example: cmd.exe /c net use z: \machineshare)
  • SSH2_MSG_DISCONNECT fixes
  • SSH2_MSG_CHANNEL_CLOSE hanging issue fixed
  • Changes to prevent unnecessary "winsock error" messages in log on disconnect

New in Core FTP Server 2.0 Build 713 (Apr 28, 2021)

  • "localhost" now resolves and listens on multiple local addresses
  • Domain IP/Address not defaulting to "localhost" when empty, fixed
  • Issue with UTF8/extended ascii passwords, fixed
  • Logging cmd detail option added (uncheck to limit cmd information)
  • Logging user for SFTP added where missing in log
  • FTP/SSL/TLS server logs updated to format used by SFTP
  • Unchecking user "force password" issue fixed

New in Core FTP Server 2.0 Build 711 (Oct 21, 2020)

  • SSH.net/renci client SSH_FXP_REALPATH issues fixed
  • Silent option (/S) issues fixed
  • TLS v1.3 option added (Windows 10 1903 and later)
  • Added "Storage retries" option in domain - "misc options" -- (retry storage file open/access before failing)
  • "Copy" registration information added to About screen.
  • Build 711 corrects issues from builds 706-710 with SFTP SSH_FXP_STAT/SSH_FXP_REALPATH changes.

New in Core FTP Server 2.0 Build 705 (Aug 26, 2020)

  • Upload notification of zero byte files issue, fixed
  • Zero byte upload showing up as download in log, fixed
  • Transfer notification filename/paths messages with n in them fixed
  • Additional log info for failed notifications added
  • Additional log info for failed permission issues added
  • Transfer notification "force TLS" option added (for mail servers requiring TLS connections - AWS SMTP, etc)

New in Core FTP Server 2.0 Build 704 (Aug 11, 2020)

  • Option to modify all users without public keys to bypass key authentication
  • Resource fixes that may have been causing GUI issues in user settings
  • Minor log and GUI updates

New in Core FTP Server 2.0 Build 702 (Jul 7, 2020)

  • Active Directory crash for FTP/SSL/HTTPS issue, fixed
  • Ignore password complexity requirements option added (domain setup - misc)
  • "Key authentication" vulnerability fixes (pending VCE - P Rodrigues)
  • Servers that use the "key authentication" option and are seeing their server becoming non-responsive are highly recommended to upgrade to this build.

New in Core FTP Server 2.0 Build 697 (Apr 13, 2020)

  • Export of server OpenSSH public key issue fixed
  • Crash/Coredump fixes for service
  • Ipv4 option defaults to on for new domains
  • Overwrite warning for self-signed certs
  • Duplicate issue in self-signed certs fixed
  • Certificate path updates/fixes
  • Fingerprint display selection (md5,sha1,sha256 - ssh/sftp settings)

New in Core FTP Server 2.0 Build 695 (Mar 4, 2020)

  • Notification filename parameter (%1) SFTP issue fixed
  • SFTP rename not showing up in log, fixed
  • Curl agent/format support added to HTTPS
  • Registration "allow license access" option issue fixed
  • Registration dialog reg file not closed issue fixed
  • IPv4 option in domain setup (for internal hostnames that resolve to IPv6)
  • Service vulnerability (no quotes around filename) fixed

New in Core FTP Server 2.0 Build 694 (Nov 13, 2019)

  • "auth-agent-req" issue fix (fixes login problems with tectia)
  • Logging No GMT/local file timestamp options added
  • Global Log overwriting issue, fixed
  • SFTP password change request issue, fixed

New in Core FTP Server 2.0 Build 691 (Oct 30, 2019)

  • Notification select/deselect issue in user script/cmd properties fixed
  • Notification header/column issue fixed
  • Cert prompt for email notifications disabled
  • MFMT command support added
  • User passwords not sticking on server reboot, fixed
  • User password change added to log
  • Check for password change info in log

New in Core FTP Server 2.0 Build 689 (Sep 24, 2019)

  • TLS issues with email notifications fixed (alg bug caused failures)
  • TLS notification updates for hotmail, gmail, etc.
  • Dh-group1-sha1 removed from SFTP FIPS mode
  • HTTPS header issues with Chrome browser fixed (caused ERR_INVALID_::::_RESPONSE)
  • Auto restart count option added to global - restart options
  • (additional improvements to restart server after crash)

New in Core FTP Server 2.0 Build 687 (Aug 22, 2019)

  • Various additional SFTP leaks fixed
  • FTP/SSL password change not sticking, fixed
  • Connections not dropping from GUI for FTP/SSL, fixed
  • Password password change days issues fixed (use -1 for next login)
  • View activity button enabled in non-service mode
  • Connection list with service updates/fixes

New in Core FTP Server 2.0 Build 682 (Jul 25, 2019)

  • Auto-backup of configuration added
  • User script/cmd post download issue fixed
  • Reverse lookup option added (access rules - other)
  • SFTP auto-ban updates
  • SFTP logging updates/checks
  • SFTP memory leak fixes

New in Core FTP Server 2.0 Build 679 (May 31, 2019)

  • Additional checks for dead connections in list
  • SFTP Error log on directory not found, fixed
  • SFTP virt paths issues in root directory, fixed
  • Log filename changes/moved to %localappdata%
  • GUI updates (AD/about/logging)

New in Core FTP Server 2.0 Build 677 (May 2, 2019)

  • Active Directory fixes for remote servers
  • ECDSA host key option added
  • Host key selection options for RSA/DSA/ECDSA
  • Keypair certs 4096-bit option

New in Core FTP Server 2.0 Build 676 (Mar 21, 2019)

  • Updates for changing passwords from clients
  • Updates for CVE-2019-9648 for CVE-2019-9649 (reported by Kevin R)
  • CVE's above only affect FTP/SSL/TLS and not SSH/SFTP or HTTPS.

New in Core FTP Server 2.0 Build 674 (Feb 13, 2019)

  • Force password change options added
  • AES-GCM cipher added to SSH/SFTP
  • Additional SSH/SFTP security checks
  • Check for config.dat issue

New in Core FTP Server 2.0 Build 673 (Dec 24, 2018)

  • SSH/SFTP extensions issue fixed (caused negotiation errors)
  • SSH/SFTP rsa key-pair issues using sha2-256/512 fixed
  • SSH/SFTP ecdsa key-pair issues fixed
  • Logging fixes/updates

New in Core FTP Server 2.0 Build 671 (Dec 6, 2018)

  • SFTP issue with "." in UNC path caused virt paths to not list, fixed
  • Additional checks for SFTP key exchange (corruption)
  • SSL/TLS incorrect cert selection issues fixed

New in Core FTP Server 2.0 Build 668 (Oct 10, 2018)

  • ECDH/Curve25519 updates (must be selected in DH algorithms under SSH/SFTP settings)
  • Issues where host key selection was ignored causing "unverifiable host key", fixed
  • HTTPS footer crash fixed
  • GUI updates
  • Key authentication issues with builds 665-667, fixed

New in Core FTP Server 2.0 Build 659 (Sep 5, 2018)

  • STFP permissions / time attribute issue fixed
  • Domain deletion not deleting users from config, fixed
  • Cmd line -pubkey <domain> <user> <pubkey path/file>

New in Core FTP Server 2.0 Build 658 (Aug 27, 2018)

  • Cmd line -copyuser <domain> <user> <to-domain> <to-user> <to password> <optional folder> <optional expired days>
  • Global option to disable cmd line user account modifications.

New in Core FTP Server 2.0 Build 657 (Aug 14, 2018)

  • Cmd line -enableuser <domain> <user>

New in Core FTP Server 2.0 Build 656 (Jul 27, 2018)

  • Checks for malicious requests/flooding in FTP/SSL/HTTPS
  • Additional checks for invalid characters in commands for FTP/SSL/HTTPS

New in Core FTP Server 2.0 Build 653 (Jun 26, 2018)

  • SSH/SFTP welcome message fixes
  • SSH/SFTP not adding to global server ban for exceeding "conns per IP", fixed
  • SSH/SFTP issue with "max conns per IP" fixed (v2 issue)
  • Remove spaces for multiple URLs issue, fixed
  • HTTPS auto-ban too quick for logons with user/pw, fixed

New in Core FTP Server 2.0 Build 651 (Jun 4, 2018)

  • SSH/SFTP server would not show connections if any listening domain/addresses failed, fixed
  • SSH/SFTP per user session setting issue fixed (was not overriding domain setting)
  • SSH/SFTP per user timeout setting issue fixed (same issue as above)
  • FTP Directory listing not exiting loop (when connection lost) issue fixed
  • FTP/SSL/TLS file timestamps fixes (should now match SFTP)

New in Core FTP Server 2.0 Build 649 (Mar 27, 2018)

  • Global access rules deleting user access rules, fixed (may have accounted for lost user accounts with the word "access" in them)
  • SSH/SFTP host key algorithm rsa-sha2-256/512 added
  • SSH/SFTP server host key algorithm selection options added

New in Core FTP Server 2.0 Build 647 (Mar 7, 2018)

  • User session timeout issues fixed
  • AD additional error reporting
  • ODBC error message issues x64 version fixed
  • Additional fixes for malformed SSH/SFTP requests
  • Log "download denied" when successful fixed
  • SFTP channel logging issues fixed
  • Global/Temp ban GUI issues with service fixed

New in Core FTP Server 2.0 Build 645 (Jan 10, 2018)

  • User script/cmd post upload %1 parameter was bad, fixed
  • Virtual path issues fixed

New in Core FTP Server 2.0 Build 642 (Dec 21, 2017)

  • user does not require authentication" issues with key auth only mode fixed.
  • Fixed users connected list problem showing only 1 user in v2 when service running
  • SSH/SFTP port issues fixed. Fixes problem where repeated bans over time would use up memory, eventually causing port exhaustion on some servers (requiring server restart).
  • Fixes were also applied to the v1.2 build (589.42)
  • Strip upload filenames of invalid characters
  • Fixes for filenames with spaces (RETR/STOR)
  • PWD/CWD UTF8 errors fixed
  • Added PASS security updates/checks
  • Logging updates
  • Self signed certs bits value not set correctly, fixed
  • DH group1/group14 issues fixed
  • malformed request checks
  • version compatibility updates
  • SSH/SFTP group-exchange-sha1 fixes
  • hmac sha512/384 disabled for dh-group1/14
  • Fixes for forced key auth+password for putty based SFTP clients.
  • Logging updates
  • DH selection added (ssh/sftp)
  • Temp/global ban view/delete in access rules - other
  • Autoban for non-existent 'root' account
  • SSH/SFTP logging not turning off issue fixed
  • More logging updates/fixes
  • Autoban updates
  • Logging filename (offset hours) issues fixed
  • IPv6 banning updates
  • SSH/SFTP UTF8 option and related fixes/updates
  • OpenSSL updated to 1.0.2k
  • SHA512/384 hmacs added
  • Max items returned in LIST
  • No transfer timeout option added.
  • STOR filename issues (with UTF8 option unchecked)
  • Crash in user security properties fixed

New in Core FTP Server 2.0 Build 641 (Dec 13, 2017)

  • Fixed users connected list problem showing only 1 user in v2 when service running

New in Core FTP Server 2.0 Build 640 (Dec 5, 2017)

  • SSH/SFTP port issues fixed. Fixes problem where repeated bans over time would use up memory, eventually causing port exhaustion on some servers (requiring server restart).
  • Fixes were also applied to the v1.2 build (589.42)

New in Core FTP Server 2.0 Build 635 (Oct 20, 2017)

  • IPv6 support
  • UTF8 support
  • MLSD support
  • Extended pasv EPSV/EPRT added
  • Multiple listening address/ip/interfaces (ie: localhost,::1, separated by comma)
  • Empty directory issue resolved.
  • NLST overflow issue fixed.
  • TLS 1.1 & 1.2 options added
  • Self-signed certs, sha/sha256 added (required for TLS 1.2)
  • HMAC selection settings added (ssh/sftp)
  • DH selection settings added (ssh/sftp)
  • OpenSSL updated to 1.0.2k
  • Temp/global ban options in access rules added
  • v2 brings much needed functionality to Core FTP Server, along with the transition of the server into Unicode. On the surface it hasn't changed but a significant portion of internal functionality was touched on during this update - the main reason for the delay in this release (and to assure backward compatibility if needing to rollback to v1.2).
  • "localhost" will no longer resolve to loopback 127.0.0.1, something to be aware of for those who may still use it (more specifically the client). It can be added to the list of listening addresses if needed.

New in Core FTP Server 1.2 Build 589.41 (Sep 13, 2017)

  • Backward compatibility issues fixed (v2 config with v1 non-existent cipher/mac selection)
  • Additional checks for SSH/SFTP malformed requests

New in Core FTP Server 1.2 Build 589.38 (Aug 3, 2017)

  • SSH/SFTP DH-group1 exchange key issues fixed

New in Core FTP Server 1.2 Build 589.37 (Jun 22, 2017)

  • SSH/SFTP log not turning off issue fixed
  • Autoban updates

New in Core FTP Server 2.0 Build 625 Beta (Jun 22, 2017)

  • SSH/SFTP logging not turning off issue fixed
  • More logging updates/fixes
  • Autoban updates

New in Core FTP Server 2.0 Build 623 Beta (Jun 8, 2017)

  • IPv6 support
  • UTF8 support
  • MLSD support
  • Extended pasv EPSV/EPRT added
  • Multiple listening address/ip/interfaces (ie: localhost,::1, separated by comma)
  • Empty directory issue resolved.
  • NLST overflow issue fixed.
  • TLS 1.1 & 1.2 options added
  • Self-signed certs, sha/sha256 added (required for TLS 1.2)
  • HMAC selection settings added
  • OpenSSL updated to 1.0.2k

New in Core FTP Server 1.2 Build 589.36 (Jun 8, 2017)

  • Logging issues fixed (download/upload messages)

New in Core FTP Server 1.2 Build 589.35 (Apr 19, 2017)

  • Logging issues fixed (daily/monthly using GMT)
  • Minor SSL/TLS updates (checks/logging/FEAT)

New in Core FTP Server 1.2 Build 589.34 (Mar 16, 2017)

  • PostPosted: Wed Mar 15, 2017 4:39 am Post subject: Server build 589.34 Reply with quote
  • OpenSSL updated to 1.0.2k
  • User -> Security -> Access rules issues fixed.
  • FIPS mode for SSH/SFTP on by default.
  • LIST crash issue fixed.

New in Core FTP Server 1.2 Build 589.33 (Mar 15, 2017)

  • OpenSSL updated to 1.0.2k
  • User -> Security -> Access rules issues fixed.
  • FIPS mode for SSH/SFTP on by default.

New in Core FTP Server 2.0 Build 617 Beta (Feb 15, 2017)

  • STOR filename issues (with UTF8 option unchecked)
  • Crash in user security properties fixed

New in Core FTP Server 2.0 Build 611 Beta (Nov 22, 2016)

  • IPv6 support
  • UTF8 support
  • MLSD support
  • Extended pasv EPSV/EPRT added
  • Multiple listening address/ip/interfaces (ie: localhost,::1, separated by comma)
  • Empty directory issue resolved.
  • NLST overflow issue fixed.
  • TLS 1.1 & 1.2 options added
  • Self-signed certs, sha/sha256 added (required for TLS 1.2)
  • HMAC selection settings added
  • OpenSSL updated to 1.0.2j

New in Core FTP Server 1.2 Build 589.31 (Nov 22, 2016)

  • HMAC select options (SSH/SFTP)
  • OpenSSL updated to 1.0.2j (SSH/SFTP)
  • FIPS mode updates (SSH/SFTP)

New in Core FTP Server 1.2 Build 589.3 (Nov 22, 2016)

  • MODE S/Z command issue fixed
  • HTTPS field FILE_TIME_FTP added
  • SFTP cert not using cert selected bits fixed

New in Core FTP Server 1.2 Build 589.2 (Nov 22, 2016)

  • TLS v1.1, v1.2 options
  • Self-signed certificate updates (rsa required for TLS 1.2).
  • Certificate GUI updates
  • SSLv3 disabled by default for new domains.

New in Core FTP Server 1.2 Build 589.1 (Nov 22, 2016)

  • Potential administrator generated security issues with Windows accounts ("Enable WinNT users" option) identified by Tenable Network Security, fixed.
  • Overflow exploits fixed (applies to FTP/SSL/FTPS, not SFTP or HTTPS and in the 32-bit version - not the 64-bit).
  • Build 589.1 fixes an additional auto-ban problem where legitimate (frequent) logins were being banned.