Softpedia >Windows >Internet >Servers >WEB Servers >VShell >  Changelog

VShell Changelog

What's new in VShell 4.9.1 Build 3219

Dec 19, 2023
  • Vulnerability fix:
  • SSH2: For some algorithms, an attacker can manipulate the packets sent during key exchange to cause some packets to be removed, which compromises channel integrity. A "Strict KEX" extension was implemented to address this vulnerability (CVE-2023-48795)
  • In order to use the "Strict KEX" extension, the extension must be supported by both the client and the server
  • New feature:
  • Windows: SFTP Virtual Roots can now be used to connect to an Azure Blob SFTP server
  • Change:
  • Windows: the Short Thread Pool Size maximum value has been increased to 2048, and the default (minimum) value increased to the larger of 16 or 4 times the number of logical processors
  • Bug fix:
  • Windows: When a user disconnects and that user's profile was not loaded during the initial connection, VShell will no longer attempt to enumerate network resources that may have been opened during profile loading, potentially causing a slowdown

New in VShell 4.8.1 Build 2978 (Feb 7, 2023)

  • Bugs fixed:
  • Under certain scenarios, when VShell was running with a license that included a "Features" field and a user subconfiguration was configured, VShell could crash when a user connected to the server.
  • When VShell was configured to load a subconfiguration and the server was processing a large number of parallel connections, VShell could crash.
  • HTTPS: The server could leak memory when performing directory listings.
  • Windows: When RADIUS authentication was used and there was latency between the VShell host and the RADIUS server, a crash could occur.
  • Windows: VShell could crash when it failed to do a user lookup while responding to a WMI processing request.

New in VShell 4.8.0 Build 2905 (Nov 3, 2022)

  • Vulnerabilities addressed:
  • Windows: Using a brute-force attack, it may be possible to crack sensitive data such as passwords stored in the VShell configuration in a relatively short amount of time. Direct access to the configuration by a user with Administrator privileges is required in order to exploit this vulnerability.
  • Bug fixes:
  • Windows: On certain systems, when Windows is configured with additional protection for the Local Security Authority (LSA) process using the RunAsPPL option, public-key authentication via the LSA module could fail.

New in VShell 4.7.0 Build 2693 Beta 2 (Feb 4, 2022)

  • Bug fixes:
  • Under rare circumstances, if a client sent invalid data as part of the key-exchange process, VShell could crash.
  • Windows: During some types of VShell upgrades, the service configuration could be changed unexpectedly.

New in VShell 4.6.3 Build 2690 (Feb 2, 2022)

  • Vulnerabilities addressed:
  • Windows: When a trigger action was configured to run a script that echoed specific parameters, a malicious user could have specified the parameters in such a way as to cause an arbitrary command to be launched on the VShell host machine.
  • Windows: With certain SFTP clients, an authenticated user could send a maliciously crafted path to VShell on Windows that would allow access to the file system outside the virtual root folder(s), causing folder access to be restricted only by NTFS permissions.
  • Bug fixes:
  • Windows: When using VShellConfig to export the configuration using the "virtual-roots" include directive and any virtual roots impersonate a user, credentials are no longer exported unless the "saved-credentials" option is specified.
  • Windows: When importing a configuration with an internal user database, any internal database users/groups were omitted from the imported ACLs.

New in VShell 4.7.0 Build 2659 Beta (Jan 5, 2022)

  • New features:
  • New options allow restriction of uploads according to file extension.
  • Idle timeout values for SSH2, FTPS, and HTTPS can now be subconfigured by location, user, or group.
  • The "Enable Sharing for SFTP Open" option can now be subconfigured for specific users, groups, or locations.
  • Windows, SFTP, FTPS, HTTPS: Added an option to not list system files.
  • Windows, SFTP, FTPS, HTTPS: Added an option to not list hidden files.
  • Windows: Added the ability to copy a trigger.
  • Windows: Added support for Windows 11.
  • Windows, SSH2/SFTP: For RADIUS authentication, added an option to strip the domain from the username.
  • Changes:
  • In FIPS mode, digital signatures that use SHA-1 as the hashing algorithm can no longer be used because they are not allowed by the upgraded version of the FIPS library module.
  • For newly-generated RSA host keys, the minimum size is now 1024 bits.
  • When permissions of the internal database system user prevent a user's home directory from being automatically created, a message is logged.
  • Added an option to prevent clients from using ssh-rsa (SHA-1) as the algorithm for host key or publickey authentication.
  • HTTPS: Cookies now have the HttpOnly flag enabled.
  • HTTPS: Updated several of the jQuery libraries used, including update of jQuery UI to version 1.13.0.
  • HTTPS: Folder upload now works with mobile browsers.
  • HTTPS: The Login page no longer automatically capitalizes the username when a mobile browser is used.
  • HTTPS: When connected with Safari on an iOS device, a long click on a file or folder now displays the context menu.
  • HTTPS: When connected with Chrome on an Android device, double tapping (clicking) on a folder now opens the folder.
  • Windows: Added an option (registry-only) to check, after authentication, whether each and every virtual root is available. This option is on by default.
  • Windows: The VShell Control Panel now displays an error for an invalid SSH2 configuration with no key exchange algorithms.
  • Windows: In the VShell Control Panel, the Certificate Options page now appears under the Common Category.
  • Bug fixes:
  • HTTPS: If the permissions for a virtual root were changed while there were active connections to the server, file access results for those connections could be inconsistent.
  • HTTPS: When the DELETE, PUT, or HEAD methods were disabled, VShell's response to the OPTIONS command would incorrectly indicate that they were all enabled.
  • HTTPS: Specifying an alternate log file folder using a subconfiguration did not change the destination to which HTTPS messages were written.
  • Windows: In the unusual case where a system issue prevents the server from impersonating the user while establishing the virtual file system, the server could crash.
  • Windows: When an LDAP server was used for authentication, connections could be counted incorrectly for the per-user connection limit.
  • Windows: When connected to an LDAP server with over 1000 users or groups, all the users or groups may not have been displayed.
  • Windows: The VShellConfig "sftp add" command could be used to unexpectedly create a virtual root with an empty path.
  • Windows: In the unusual case that a virtual root was created with an empty path, it was treated as an "<Unrestricted>" virtual root.
  • Windows: In some cases, the VShell Control Panel could crash if a user was added to the Access Control or SFTP Commands pages but no permissions were selected before switching to a different page.
  • Windows: When configuring a remote SFTP virtual root to a remote server that only supported the Diffie-Hellman Group Exchange key exchange algorithm, the connection would fail.
  • Windows: If the configured RADIUS server was inaccessible during a RADIUS authentication attempt, a VShell service restart was required after the RADIUS server was reachable again.
  • Linux/Mac: If configured to log to a remote Syslog server, when client disconnected some messages would not sent to the Syslog server and an error about "The specified network name is no longer available" would be written to the VShell log.
  • Linux/Mac: When using a vshell.lic file that included the demarcation lines for the start or end of a license block, VShell would fail to parse the actual license data.

New in VShell 4.6.2 Build 2549 (Jul 27, 2021)

  • Bug fixes:
  • If an SFTP client did not honor the negotiated maximum packet size, file transfers could fail with an "Invalid packet header" error.
  • In the unusual case that it fails to retrieve the socket address of an incoming connection, VShell could crash.
  • FTPS: If the server was shut down while there were incoming connections, in rare circumstances, VShell could crash.
  • Windows, HTTPS: When a virtual root had read access permissions disabled, the contents of the virtual root folder could not be listed.

New in VShell 4.6.1 Build 2490 (May 11, 2021)

  • Bug fixes:
  • If an incoming RSA public-key packet had the algorithm name set to something other than "ssh-rsa" (in violation of RFC 8332), VShell would fail to load the public key.
  • Windows: In the rare event that the listening socket for an incoming connection failed, VShell could crash.
  • Windows: If VShell was configured to use an RSA X.509 certificate as a host key, connections to the server could have failed.
  • Changes:
  • Restored the ability to use the SHA1-96 and MD5-96 MACs.

New in VShell 4.6.0 Build 2422 Beta 4 (Feb 10, 2021)

  • Bug fixes:
  • Windows: On the VShell Control Panel Authentication page, some check boxes could not be reached via keyboard shortcuts.
  • Changes:
  • HTTPS: The jQuery Datatables plug-in was updated to 1.10.23.

New in VShell 4.6.0 Build 2379 Beta 3 (Jan 28, 2021)

  • Bug fixes:
  • Windows: On a high-DPI monitor scaled at 125%, text was cut off in one of the dialogs in the VShell Control Panel.

New in VShell 4.5.4 Build 2297 (Sep 1, 2020)

  • Bug fixes:
  • SSH2: In the unlikely event that upload or download triggers have not yet been processed and the SFTP channel closes unexpectedly, the server could crash.
  • Windows, SSH2: Under rare circumstances, when authenticating to the server using RADIUS, the server could crash.
  • Windows, SSH2: In the unusual case where a system issue prevents the server from impersonating the user when an SFTP connection is closed, the server could crash.

New in VShell 4.5.3 Build 2243 (Jun 23, 2020)

  • Bug fixes:
  • TTPS: If a connection from a non-browser file transfer client was idle, it would be disconnected after two minutes, regardless of the configured idle timeout period.
  • Windows: In the VShell Control Panel, particularly with a large number of users, there could be a delay before the Access Control page or Virtual Roots Folder Options page was displayed.
  • Windows: On Server 2019, attempts by clients to create new directories within a virtual root on a network share could fail.
  • Linux/Mac: With port forwarding, when a connection was made but no service was listening on the remote port, CPU usage could increase and remain close to 100%.

New in VShell 4.5.2 Build 2132 (Jan 29, 2020)

  • Vulnerabilities addressed:
  • HTTPS: Given a maliciously crafted URL, VShell was vulnerable to a directory traversal attack using HTTP requests, allowing potentially unauthorized access to the file system.
  • Bug fixes:
  • Using a non-standard encoding of a file path, an authenticated user could have access to files and folders permitted by the underlying file system, but outside the user's Virtual Root.
  • Windows: In the VShell Control Panel, changes to the Authentication timeout value were not honored.

New in VShell 4.5.1 Build 2101 (Dec 17, 2019)

  • Changes:
  • HTTPS: "Host" headers sent by the client are ignored.
  • SSH2: The default length of newly created RSA host keys has been
  • increased to 3072 bits.
  • Windows, FTPS: If VShell is unable to look up the authentication
  • package MICROSOFT_AUTHENTICATION_PACKAGE_V1_0, the "Error" topic
  • is now used for the log message.
  • Bug fixes:
  • Windows: In the VShell Control Panel, changes to the RADIUS
  • authentication order option would not save correctly.

New in VShell 4.5.0 Build 2062 (Oct 29, 2019)

  • Mac OS installers are now notarized by Apple.

New in VShell 4.4.3 Build 1966 (Jun 25, 2019)

  • Bug fixes:
  • In the rare event that multiple connections require access
  • to a certificate map file simultanously, client certificate
  • authentication could fail.
  • Windows: In VShell 4.4.1 and 4.4.2, the VShell Control Panel
  • could continue to prompt for a certificate after one had
  • already been entered.
  • Windows: In the unusual case where a system issue prevents the
  • server from impersonating the user, the server could crash.

New in VShell 4.4.2 Build 1912 (Apr 11, 2019)

  • Changes:
  • Windows: Permissions that include the "ALL APPLICATION PACKAGES" object will be accepted for the internal user database file, the deny hosts file, and deny users file.
  • Windows: On a Server 2016 DC, the user picker dialog for access control and virtual roots did not include Service Accounts as one of the Object Types.
  • Bug fixes:
  • In the rare case that the deny host file was reloaded at the same time that VShell was checking whether a connection was on the denied host list, VShell could crash.
  • Windows: The VShell User Web Interface did not display the progress dialog when an upload was done using drag & drop.
  • Windows: On rare occasions, when an HTTP PUT request was used to upload a file and the data was streamed using HTTP chunked transfer encoding, the file transfer could fail.

New in VShell 4.4.1 Build 1816 (Dec 7, 2018)

  • New features:
  • Added support for the curve25519-sha256 key exchange algorithm.
  • Windows: Added the ability to change or remove the tag line
  • appearing at the lower right of the VShell User Web Interface.
  • Changes:
  • Windows: A line is now written to the log if a client request
  • is refused because the associated HTTPS method has been
  • disabled; for example, when a client using WebDAV is unable to
  • upload a file because the HTTPS PUT method has been disabled.
  • Bug fixes:
  • Windows: On Windows Server 2008 SP2, the VShell Control Panel
  • could crash when certain settings were changed.
  • Windows: VShell services could cause high CPU usage and hang
  • when performing multiple LDAP authentications at the same time.
  • Windows: In the VShell Control Panel, there was no prompt to
  • save changes when the red X was used to close the Control Panel.
  • Windows: When the number of FTPS connections exceeded any
  • setting that restricts the number of allowed connections, the
  • user's IP address would be added to the deny hosts file and any
  • further attempts to connect from that IP address would be denied.
  • Windows: A VShell User Web Interface session would be automatically
  • logged out if a file transfer took longer than the time limit
  • specified for idle HTTPS sessions.
  • Windows: The VShell HTTPS server could become deadlocked when
  • multiple connections were made by the same user.
  • Windows: In the VShell Control Panel, it was possible for the
  • HTTP listen addresses to become enabled when they should have
  • stayed disabled.

New in VShell 4.4.0 Build 1720 (Aug 16, 2018)

  • Bug Fixes:
  • Windows: When an existing FTPS Listen address was edited and the "Use global server settings" option was toggled, the new value was not saved.
  • Unix: With the OpenSSH SFTP client, part of the message logged when a user renames a file contained garbled characters.

New in VShell 4.3.3 Build 1628 (Apr 10, 2018)

  • Change:
  • Windows: The "?" button on VShell control panel was removed since context sensitive help is not currently supported. Use the Help button to display the VShell Help manual.
  • Bug fixes:
  • Windows: Using the "?" button could cause the VShell Control Panel to crash on Windows 2016 Server Core.

New in VShell 4.3.2 Build 1566 (Jan 16, 2018)

  • Changes:
  • Authentication of connections using virtual roots with ConnectAs users was optimized to reduce authentication time needed when a large number of virtual roots are configured.
  • Bug fixes:
  • The VShell SSH2 service crashed in rare cases if a client sent bad data during key exchange.

New in VShell 4.3.1 Build 1500 (Oct 24, 2017)

  • New features:
  • Command Line Utilities vcp/vsftp/vsh: A new command-line
  • option --hostkeyalgorithm allows the host key algorithm to be
  • specified.
  • Bug fixes:
  • The VShell Control Panel could crash when the
  • Common / LDAP page was used to open the settings for an LDAP
  • server and the Base Distinguished Name browser was used to
  • expand an item.
  • When upgrading from 4.2.3 and later, if the Everyone
  • group had access to the <Unrestricted> virtual root, and there
  • was also at least one other virtual root, modifying one of the
  • other virtual roots would unexpectedly remove the Everyone group
  • from the <Unrestricted> virtual root, thereby making it appear
  • as if there was only a single virtual root and causing access to
  • the <Unrestricted> virtual root to be denied.
  • The group box on the LDAP user/group picker was cut off
  • on the bottom of the dialog.

New in VShell 4.3.0 Build 1432 Beta 3 (Jul 27, 2017)

  • Changes:
  • VShell now logs disconnect messages received from clients as informational instead of as errors
  • Bug fixes:
  • Windows: The "Use single virtual root" option was not being honored when set via a subconfiguration and

New in VShell 4.3.0 Build 1416 Beta 2 (Jul 7, 2017)

  • New features:
  • Windows: Added support for multiple backup LDAP servers. If a configured LDAP server is down, VShell will automatically fall back to the next enabled LDAP server. The fall back behavior will only happen when an LDAP server is unreachable.
  • Windows: Added an option to control whether VShell will automatically accept and save an SSL certificate sent by an LDAP server.
  • Changes:
  • Windows: The base64 encoded SHA-2 fingerprint is now displayed for all host keys on the VShell Control Panel Host Keys page.
  • Windows: Added an option that prevents VShell's management provider (WMI) from logging to the Windows Event log. The WMI logging is used for debugging
  • purposes only, so the logging is disabled by default.
  • Bug fixes:
  • VShell could crash under some circumstances if the deny hosts file in use had the wrong file permissions.
  • Windows: When the "Attempt Interactive Logon" registry only option was disabled, subconfiguration files were not loaded for users from the internal user database.
  • VShell FTPS was not sending the correct file size for files larger than 4GB when the client used the LIST command for directory listings.

New in VShell 4.2.5 Build 1322 (Mar 3, 2017)

  • Changes:
  • The default host key generated for new installations is now an RSA 2048 bit key.
  • Windows: The default filename displayed on the host key generation dialog now includes the host key algorithm as part of the name.
  • Windows: When adding or editing a virtual root, any forward slashes that appear in the path are now automatically replaced with backslashes. This is to fix an issue where forward slashes were allowed to be entered in the path, but would fail when VShell attempted to resolve the path when a user connected.
  • Windows: On the VShell Control Panel Email Server page, increased the space used to display results from sending a test email.
  • Bug fixes:
  • Windows: Shell connections to VShell running on Windows Server 2016 would sporadically fail with a ReadConsoleOutput error.
  • Windows: After upgrading from VShell version 2.6 or earlier to version 3.8 or later, access to virtual roots failed due to incorrect file and folder access permissions.
  • Windows: VShell could crash if the internal user database was changed while authentication was in process for a user in the database.
  • Windows: VShell Control Panel could crash when specifying a certificate and the store contained a certificate with an algorithm that was not supported.
  • VShellConfig could crash if MIT Kerberos was installed on the system and an export configuration operation was attempted.

New in VShell 4.2.4 Build 1255 (Dec 9, 2016)

  • Changes:
  • By default, the Windows "Everyone" group has unrestricted access to the file system on the machine VShell is installed on. To help VShell administrators lock down the VShell server, the Everyone group will automatically be removed from the root when a new virtual root is added, or an existing virtual root is modified. A "Preserve access to for Everyone group" option has been added to prevent the removal of this group.
  • Bug fixes:
  • In rare circumstances, VShell could crash if a connection was closed while the server was checking the idle time for that session.
  • Windows: VShell could crash while performing diffie-hellman key-exchange with certain clients.

New in VShell 4.2.3 Build 1188 (Sep 13, 2016)

  • New features:
  • Added support for DSA host keys larger than 1024 bits
  • Bug fixes:
  • VShell would allow authentication attempts from certain clients even if the connecting user was specified in a DenyUsers file
  • AIX 7.1: The vshelld startup script may not have worked with certain shells

New in VShell 4.2.2 Build 1121 (Jul 11, 2016)

  • Changes:
  • Windows: Added a registry-only option, "Disable Extra Newline in TTY Mode", which prevents VShell (when TTY mode is enabled) from echoing an extra newline character each time a client sends a command.
  • Bug fixes:
  • VShell FTPS: The "Use single virtual root" option was not honored if a virtual root was set as a user's home directory.
  • Windows: VShell could crash during RADIUS authentication if the connecting user did not exist on the VShell machine.

New in VShell 4.2.1 Build 1051 (Mar 21, 2016)

  • Changes:
  • Windows: Automatically quote the %P trigger parameter if the filename contains a "&" character.
  • Bug fixes:
  • Windows: Virtual root ConnectAs would fail if the user to impersonate was the same user connecting.
  • Windows: VShell could not load a certificate map file that contained a byte order mark (BOM).
  • Windows: VShell could crash while processing multiple send email triggers.
  • VShell FTPS: An FTP MLST command could cause a download trigger to fire.
  • VShell FTPS: File uploads would fail if the user did not have read access on the virtual root.
  • VShell FTPS could potentially use 100% CPU if the control
  • connection was closed unexpectedly.

New in VShell 4.2.0 Build 980 (Jan 29, 2016)

  • Bug fixes:
  • Windows: FTPS certificate authentication failed for VShell internal user database users.
  • Some error messages were not being logged correctly in the VShell log.

New in VShell 4.2.0 Build 944 Beta 1 (Nov 6, 2015)

  • New features:
  • Windows: Virtual roots can now optionally be accessed as a different user than the logged on user. This adds an easy way to provide access to network resources to users connecting with public-key only authentication.
  • Windows: The VShell configuration can now be exported or imported directly from the VShell Control Panel.
  • Windows: Added support for X.509 authentication using the x509v3-ssh-rsa and x509v3-ssh-dss algorithms as specified in RFC 6187.
  • Windows: Added the ability to select the signature algorithm used (SHA-1 or SHA-2) when generating a certificate for use by VShell FTPS. SHA-2 is the default.
  • Windows: VShell Monitor can now be minimized to the system tray.
  • Windows: VShell Monitor tray app can optionally display notifications when a user connects or disconnects from the server.
  • Windows: Option to automatically launch VShell Monitor at administrator logon, including the ability to start the app minimized to the system tray.
  • Windows: The ability to launch the VShell Control Panel and VShell Help directly from the VShell Monitor tray app.
  • Windows: VShell FTPS now supports SSL/TLS client certificate authentication.
  • Windows: Allow direct management of the deny host file and deny user file from the VShell Control Panel.
  • Windows: Added the ability to generate certificates with 4096 bit key size.
  • Windows: VShell FTPS allows SSL encryption options and client certificate authentication options to be set on a per listen address basis.
  • Windows: Increase the security of sensitive data stored in the registry by using an automatically generated passphrase for encryption.
  • Windows: VShellConfig now requires a passphrase when exporting sensitive data (e.g., host keys, saved credentials, FTPS certificate files, etc.). This is used to encrypt the data in the exported XML file. The same passphrase used during export will be required on import.
  • Windows: Improved reliability of output displayed by the Windows Command Shell (cmd.exe) for clients interacting with the remote shell through VShell.
  • VShell can now deny connections based on username, similar to the deny hosts functionality. This helps to free up resources by short circuiting authentication attempts for usernames that do not exist on the system.
  • IP addresses can now be added to a white list, which will prevent the address from being added to the deny host file after failed authentication.
  • Key-exchange methods, Ciphers, MACs, Compression, and Compression Level can now be specified in a per location subconfiguration.
  • All logging options (including log folder location, log topics, debug log level, etc.) can now be specified in a per location, user, or group subconfiguration.
  • UNIX: New option to disable logging attempts to the Basic Security Module (BSM) auditing tool.
  • Added a "Force Sftp Version" registry only option that allows the administrator to configure the SFTP version that the server requires. This option can be specified in a per location, user, or group subconfiguration.
  • Changes:
  • Remove the "Preferred Sftp Version" option. This was a registry only option that allowed the administrator to configure the SFTP version the server prefers. The option did not prevent the SFTP client from renegotiating the SFTP version, so in real world use, the option had no effect.
  • VShell FTPS: When creating a certificate, the default key size is now 2048 bits.
  • Bug fixes:
  • Windows: If VShell was attempting to add multiple IP addresses to the deny host file simultaneously, one or more of those additions may have failed.
  • Windows: VShell Monitor would not display a protocol for an SSH connection that did not request a shell.

New in VShell 4.1.2 Build 928 (Oct 14, 2015)

  • Bug fixes:
  • The %USER% substitution variable was not resolved correctly when specified as the alias for a virtual root that was also the user's home directory.
  • A VShellConfig export operation would not always export all configured virtual roots.
  • A VShellConfig import operation using the "--install-dir" option to specify the current installation directory would not update the path of all configuration options.
  • SFTP connections were not sending the exit status as recommended in RFC 4254.
  • The command-line tools (vsh, vsftp, vcp) were not logging the new host key message to the log file.

New in VShell 4.1.1 (Oct 14, 2015)

  • Changes:
  • In light of a potential vulnerability with SSH key exchange, similar to the TLS Logjam vulnerability, the diffie-hellman group1 key-exchange algorithm is no longer enabled by default and all 1024 bit primes have been removed from VShell's primes.txt file.
  • Bug fixes:
  • Upgrading to VShell 4.1 from some older versions of VShell may not have correctly updated the public-key authentication module, causing public-key authentication to start failing.
  • VShell Monitor could have leaked memory when the application was left running while connections were coming into the server.
  • In rare circumstances, VShell could crash if multiple connections were attempting to load the same subconfiguration file simultaneously.

New in VShell 4.1 Beta 3 (May 6, 2015)

  • Bug fixes:
  • Windows: VShell FTPS could leak memory when a PORT data connection could not bind to the default source port
  • Windows: In rare circumstances, VShell could crash if a session was disconnected while authentication was in process
  • Windows: Modifications made to exisiting RunAs commands in the VShell Control Panel were not saved
  • On certain UNIX platforms, if vshelld was configured to use subconfigurations, incoming connections could fail

New in VShell 4.1 Beta 2 (May 6, 2015)

  • Changes:
  • International domain name support is now provided by a native Microsoft API. Due to this change, Windows XP and Windows Server 2003 are no longer supported platforms
  • Bug fixes:
  • Windows: If the VShell log file could not be created at server startup or during log rotation, no data would be logged until the server was restarted

New in VShell 4.1 Beta 1 (May 6, 2015)

  • New features:
  • Windows: File upload, download, and rename triggers now include a trigger action that allows the file to be transferred to a subsequent destination using the SFTP protocol.
  • Windows: User group support has been added to the VShell internal user database.
  • The ability to generate and use Elliptic Curve Digital Signature Algorithm (ECDSA) host keys has been added.
  • Support for Elliptic Curve Diffie-Hellman (ECDH) and diffie-hellman-group-exchange-sha256 key-exchange algorithms has been added.
  • The ability to generate and use RSA keys up to 16,384 bits has been added.
  • Windows: The virtual root a connecting user initially lands in can now be specified. This is useful for users with access to multiple virtual roots with a need to land in a specific one.
  • Windows: VShell can now check to see if a newer version of VShell is available and, if there is, optionally download and install it.
  • VShell now has an option that allows uploaded files to be timestamped with the current server time instead of preserving the existing file timestamp.
  • Windows: The ability to configure user groups has been added to the VShellConfig command line utility.
  • Windows: An option to launch all remote exec commands through the configured command shell has been added.
  • Windows: The VShell configuration can now be monitored for changes using Windows "Object Access" auditing.
  • Windows: VShell trigger actions can now be configured to run as a different user.
  • Windows: VShell FTPS adds the ability to use certificates that are password protected.
  • Windows: User subconfiguration support has been extended to include users from the internal database.
  • Windows: An option to restrict username lookups to the local user database and local system accounts if the username did not include a domain specification has been added.
  • UNIX: VShell now tracks failed authentications by IP address.
  • Once an IP address has been added to the Deny Hosts file, VShell will not allow future connections from that address.
  • UNIX: Support for Red Hat Enterprise Linux 7 has been added.
  • Changes:
  • Windows: VShell will now offer to create the specified deny hosts file if it does not exist.
  • Windows: A progress bar is now displayed on the host key generation dialog.
  • Windows: VShellConfig import now includes a "--overwrite" option that causes any existing files (e.g., host key files, deny host files, etc.) to be replaced with those embedded in the XML file.
  • Windows: The sorting order of the Virtual Roots in the VShell Control Panel is now preserved between instances. The roots can be sorted based on path, alias, or comment, and this sorting will determine the order in which the roots are presented to the user.
  • Added a compatibility mode to work around an issue in Avaya SFTP/SCP client software.
  • The virtual root alias name, along with the real path, is now logged for the connecting user's home directory.
  • Windows: Timing statistics were added to VShell debug logging for username lookup and authentication system calls.
  • vsftp: Added an option --no-flock, which turns off locking on local files for uploads and downloads. This prevents a potential hang if the source file is located on mounted storage, such as EMC NFS.
  • Bug fixes:
  • Windows: VShell running on high traffic systems with limited thread resources could experience short periods of time where incoming connections were not accepted.
  • Windows: Changing the name of an internal user was not immediately propagated throughout the configuration.
  • Windows: VShellConfig could not be used to export or import a configuration if MSXML 3.0 had been removed from the system.
  • Windows: VShell may have logged "The system cannot find message text for message" after some download triggers were fired.
  • Windows: VShell would create registry entries for FTPS listen addresses when that service was not installed.
  • Windows: A trigger condition that used a virtual root alias of USER% would never match due to %USER% being resolved to the actual username before the comparison.
  • Windows: Newlines in the body of a send email trigger action could be lost if the configuration was exported and imported using VShellConfig.
  • Windows: Quote characters explicitly placed in a send email trigger message body may have been removed.

New in VShell 4.0.5 Build 698 (Jan 5, 2015)

  • Changes:
  • VShell FTPS: In order to address the POODLE attack, SSL 3.0 is now disabled by default.
  • VShell FTPS: SSL protocol negotiation information was not logged for FTPS implicit connections.
  • UNIX: If a system call fails with an "Interrupted system call" or "Resource temporarily unavailable" error, VShell will now retry the call for up to five minutes.
  • Bug fixes:
  • The %C trigger parameter could have had a value of 0, indicating success, when a transfer was interrupted.
  • Windows: VShell could have launched multiple upload triggers and crashed if an SCP transfer was interrupted.
  • Windows: When running the VShell installation as the SYSTEM user, custom actions (e.g., starting services, registering VShell Monitor, creating shortcuts, etc.) may not have succeeded.
  • VShell FTPS: Changed the source port that VShell binds to for PORT data connections to be the listen address port minus one, as specified in RFC 959.

New in VShell 4.0.4 (Jan 5, 2015)

  • New features:
  • Windows: For those installing VShell using automated deployment tools that must run as system, two new command-line options have been added to help facilitate this: The INSTALLTO option allows the VShell installation directory to be specified.
  • The STARTSERVICES option allows control over whether to start the installed services after installation completes.
  • Changes:
  • UNIX: If a system call results in an "Interrupted system call" error, VShell will now retry the call up to ten times.
  • Bug fixes:
  • VShell was not correctly advertising support for the SFTP file hashing extension.
  • VShell was incorrectly applying double quotes when the %P trigger parameter was combined with other non-substitution text.
  • When certain trigger parameters (%S, %C, %G) were part of an uploaded filename, the %P (filename) parameter may have had those parameters replaced with the actual values.
  • Windows: In rare cases, VShell could have crashed due to a Microsoft system call failing in an unexpected way.
  • Windows: File downloads could fail from VShell when using Bitvise's SFTP client with the "Auto Std" transfer mode enabled.
  • Windows: VShell was not installing for all users when the installation was ran in silent mode.
  • Windows: If both VShell and VShell FTPS services are installed and using the deny hosts file, one of the services may have failed to read changes due to a file sharing issue.

New in VShell 4.0.3 Build 566 (Jun 30, 2014)

  • Vulnerabilities:
  • VShell-FTPS was only vulnerable to CVE-2014-0224.
  • Bug fixes:
  • Windows: VShell Login and Logout triggers would not fire if they were conditionalized for a specific user.

New in VShell 4.0.2 Build 519 (May 7, 2014)

  • New features:
  • UNIX: Added support for AIX 7.1.
  • Bug fixes:
  • Windows: VShell file copy and move trigger actions were not properly expanding substitution parameters.
  • Windows: The "Destination Filename" field on the file copy and move trigger action dialog could not be cleared once a value had been specified.
  • Windows: VShell minor upgrade installations were causing an unnecessary system reboot.
  • Windows: VShellConfig could crash when exporting the virtual root settings if a user from the internal database had access to one or more of the roots.
  • UNIX: Some triggers were firing as the user connecting to vshelld, instead of as the user running vshelld.

New in VShell 4.0.1 (May 7, 2014)

  • New features:
  • Windows: VShell now interprets VT emulation arrow key sequences, which allows for command history and cursor movement at the command shell.
  • Bug fixes:
  • Windows: On certain systems, the VShell control panel could have crashed after adding a virtual root, internal user, or RunAs command.
  • Windows: On Windows XP, SFTP connections could not be established.
  • Windows: VShell could crash if an authentication trigger had a wait period configured.
  • Windows: In rare circumstances, VShell's command shell wrapper (Scraper) could crash if a terminal size of zero was requested.
  • VShell FTPS could crash when a connection was closed.

New in VShell 4.0 (May 7, 2014)

  • New features:
  • Support for Windows Server 2012 R2.

New in VShell 4.0 Beta 3 (May 7, 2014)

  • New features:
  • A user configurable response to the FTPS SYST command can now be specified.

New in VShell 4.0 Beta 2 (May 7, 2014)

  • New features:
  • Windows: Added a comment field to the trigger configuration that allows notes to be entered related to the trigger.
  • Changes:
  • Windows: Removed unneeded quotes that were placed around paths when using the %P (path) parameter in an email trigger action.
  • Windows: VShell will now be installed for all administrators by default.

New in VShell 4.0 Beta 1 (May 7, 2014)

  • New features:
  • Windows: Multiple triggers of the same type can now be configured. For example, two login triggers that have different actions depending on who logged on.
  • Windows: Added support for multiple actions for each trigger event.
  • Windows: Triggers can now be conditionalized on a per user or group basis.
  • Windows: File and folder based triggers can now be conditionalized on a per virtual root basis.
  • Windows: All triggers now have a built-in method for sending email notifications.
  • Windows: File based triggers (i.e., File upload, download, and rename) now have a built-in trigger action that allows the file to be moved or copied to another location on the server.
  • Windows: New VShell control panel page that allows SMTP server configuration used by the "send email" trigger action.
  • Windows: The internal user database now provides user access to shell, remote exec, port forward, and remote port forward services, in addition to file transfer.
  • VShell server bandwidth can be configured (throttled) on a global, user/group, or location basis.
  • Windows: VShell can optionally be installed using a common profile. This allows other administrators on the system the ability to modify the installation.
  • Windows: Added autocomplete support to file and directory edit fields in all VShell control panel pages and dialogs.
  • Windows: Added the ability to select the VShell internal user database system username using the user/group picker.
  • Windows: VShellConfig can now optionally export or import only the virtual root settings in the VShell configuration.
  • Windows: Ability to add comments to the virtual root configurations. This is helpful to note information related to the virtual root.
  • Windows: Added a confirmation dialog when deleting connection filter or port forward filter entries.
  • Added support for SHA-2 MAC algorithms.
  • Added new trigger parameter to track the session ID of the connection.
  • VShell FTPS: Added support for the APPE (append) command.
  • UNIX: Support for Ubuntu 13 x86 and x64 platforms.
  • Changes:
  • Windows: VShell's WMI management provider now logs any errors encountered to the Windows application event log.
  • Windows: The "Add User from Database" buttons in the VShell control panel are now disabled instead of hidden when the user database is disabled.
  • Windows: SFTP file listings are now sent in UNIX format by default.
  • VShell FTPS now logs when a certificate file that is associated with a Personal Information Exchange (.pfx) file is loaded.
  • Mac OS X: VShell now uses the launchd facility to manage the daemon.
  • Bug fixes:
  • VShell could have used the same session ID for different connections.
  • Windows: It was possible to specify a non-existent file in the VShell control panel subconfiguration browse dialog.
  • Windows: VShellConfig import operation could have logged an invalid path error when a virtual root path contained a substitution parameter (i.e., %USER%).
  • Support for a secondary public-key folder that is common to all users.
  • UNIX: VShell on Mac OS X may not have loaded the user's login keychains correctly.
  • VRALib: VRALib could crash if the remote server went away (e.g., disconnected or crashed) during a file transfer.
  • VRALib: The IFileObject.DateLastModified function sometimes returned an incorrect time.

New in VShell 3.9.3 Build 656 (Sep 19, 2013)

  • Changes:
  • VShell now logs the number of connections that are currently open to the server.
  • Bug fixes:
  • Under certain high load circumstances, VShell could have stopped accepting new connections for a short period of time.
  • On certain platforms, connections that used public-key authentication and loaded the user's profile may have caused the Windows LSASS process to leak memory.
  • VShell may have crashed if an unknown packet type was received.
  • VShell FTPS could have crashed while processing an incoming data connection.
  • VShell may have failed to upload files or create new folders if the destination folder had the Owner Rights security principal specified in the access control list.
  • The VShell Control Panel license evaluation dialog was not automatically dismissed after valid license information was entered.

New in VShell 3.9.2 Build 556 (May 8, 2013)

  • New features:
  • Windows: Added a "saved-credentials" export option to VShellConfig to allow the export of the username and password options that are stored (encrypted) in the registry.
  • Windows: Added an "all" keyword to VShellConfig to allow the export or import of all VShell registry options and referenced files.
  • Windows: Optimized the lookup of user public-key files to first try opening the file with the public key's md5 fingerprint as its filename before iterating through all the files in the public-key folder.
  • Changes:
  • Windows: VShellConfig no longer exports sensitive data by default. This includes the host key files, FTPS certificate files, user database file, and all username and password
  • options that are stored (encrypted) in the registry.
  • Windows: VShell no longer caches all impersonation failures of the domain controller user. VShell will only cache a failure if the domain controller user was required, but was not configured.
  • Bug fixes:
  • VShell could have crashed while decoding certain invalid public-key data.
  • Windows: On certain platforms, public-key authentications could cause the memory usage of the Windows LSASS process to slowly increase.
  • Windows: On some platforms, access to virtual roots on network shares may have been denied if the user did not have the Windows "Log on locally" security right.
  • Windows: On the VShell control panel "Common" page, the "Apply" button was not enabled when changing the value of the "Disconnect idle sessions" option.
  • Windows: The %E download trigger parameter would not always be set correctly when downloading files with certain SFTP clients.
  • UNIX: VShell FTPS was not translating line endings for ASCII transfers correctly.

New in VShell 3.9.1 Build 494 (Feb 11, 2013)

  • New features:
  • The "Log Topic Debug Level" option can now be specified in a per user, group, or location subconfiguration.
  • Changes:
  • Windows: Restrict the clickable hotspot for several options in the VShell Control Panel to the immediate option text area.
  • Bug fixes:
  • VShell was not displaying the system error text in the log for some file transfer errors.
  • Windows: In some cases, access to virtual roots on network shares was denied.
  • Windows: On the VShell Control Panel Subconfiguration/Location page, the "Config" field was extended so that longer subconfiguration paths can be displayed in full.

New in VShell 3.9.0 Build 433 (Nov 21, 2012)

  • New features:
  • Support for Windows Server 2012
  • Support for Windows 8 (excluding Metro)

New in VShell 3.8.5 Build 411 (Apr 23, 2012)

  • Bug fixes:
  • Windows: VShell could crash if the username specified for a RunAs command was not a valid user on the system.

New in VShell 3.8.3 Build 292 (Nov 19, 2011)

  • New features:
  • Added the ability to customize or suppress the version information that is sent by the VShell FTPS server.
  • Bug fixes:
  • Files could have been corrupted when transferred through an SFTP file system share.
  • VShell would be installed into the default location when using an answer file that specified a non-default installation directory.
  • An "Unknown file format" error was logged due to VShell trying to load the PasswordAttempts.txt file as a public key. This file is created under the user's public-key folder when public-key authentication is required and the user was given the option to initially authenticate with only a password in order to upload a public key.

New in VShell 3.8.2 (Nov 19, 2011)

  • VShell would leak memory and could have crashed if VShellMonitor was running while connections were coming into the server.
  • VShellConfig would export binary certificate files as text if they did not have a file extension.
  • VShell RunAs commands may have failed to run for users that were allowed access to the command.
  • VShell could crash under load while checking if the user had login, shell, exec, port-forward, remote-forward, sftp, or scp access.
  • In rare and non-deterministic circumstances, it was possible for VShell to mishandle impersonation of the client user.

New in VShell 3.8.1 (Nov 19, 2011)

  • Virtual root access control checks were not properly enforced. Customers using virtual roots should upgrade immediately.
  • VShellConfig would not export the virtual root file and directory access permissions.
  • Using VShellConfig to add a user to an existing virtual root resulted in the file and directory access permissions for that user to be disabled.

New in VShell 3.8.0 (Nov 19, 2011)

  • Increased logging of username lookup and translation errors

New in VShell 3.8.0 Build 164 Beta 5 (May 19, 2011)

  • GSSAPI key exchange could have failed in some cases with a protocol error.
  • VRALib: The ITextStream object method ReadUntil() caused a crash when used with Visual Basic.

New in VShell 3.6.6 Build 741 (Apr 27, 2011)

  • VShell could have crashed when a user connected using public-key authentication and there was a passphrase protected private key in the users public-key folder.
  • VShell FTPS: File transfers to the server could have failed when an SSL alert packet was of a certain size.

New in VShell 3.8.0 Build 137 Beta 3 (Apr 21, 2011)

  • Bug fixes:
  • The License wizard could not be started from the VShell evaluation dialog.
  • VShell FTPS: Port data connections would not always originate from the correct IP on machines that have multiple network interfaces or multiple IP addresses.

New in VShell 3.8.0 Build 110 Beta (Mar 18, 2011)

  • New features:
  • VShell Monitor: New application that allows the VShell administrator to view and disconnect active connections to the server in real-time. The VShell Monitor displays username, login time, client IP address, protocol, number of bytes transferred, and average throughput.
  • Windows: File and folder access permissions can now be set on a per user, per virtual root basis. Permissions include file read, write, delete, and folder list, create, and delete.
  • VShell will automatically create a user's Virtual Root path that uses the %USER% environment variable when that user connects.
  • Windows: Added registry only option that will force VShell to return file listings in UNIX format.
  • Added new trigger parameter that will track the protocol (SFTP, SCP, FTPS, FTP) being used for the file operation.
  • VShell FTPS: New option that will require only authentication to be encrypted. All data sent after authentication may be unencrypted if this option is used.
  • Changes:
  • Added a button to the VShell Control Panel Common page that starts the new VShell Monitor.
  • Enhanced logging when certificates are used for authentication.
  • IP or netmask connection filters that would allow a connection will no longer fail if a later hostname or domain name filter fails the required reverse DNS lookup.
  • If the VShell service experiences a crash, the crash dump file will be created in the installation folder.
  • The diffie-hellman-group14-sha1 key-exchange method is now enabled by default and is ordered first in the list.
  • Enhanced W3C logging to include the client username, IP address, and port in more VShell log messages.
  • Bug fixes:
  • VShell Control Panel could crash when adding an Active Directory user or group and the security identifier could not be resolved.
  • A connection filter that allowed a specific IP address could fail if a later domain or hostname filter failed the reverse DNS lookup.
  • VShell could have crashed when a user connected using public-key authentication and there was a passphrase protected private key in the users public-key folder.
  • The connection limit set in a per user/group subconfiguration would only override the main connection limit setting if the value of the option was smaller.
  • A user's connection count was not tracked correctly when the "Connection Limit" option was specified in a per user/group subconfiguration and authentication was canceled.
  • VShell FTPS: The server could have crashed if an authentication timeout or idle session timeout occurred at the same moment that a user aborted the connection.

New in VShell 3.6.5 Build 615 (Mar 18, 2011)

  • Bug fixes:
  • Windows: Under heavy input load, the shell channel could have crashed or mismanaged SSH flow control.
  • VShell was not parsing the "--" argument that is sent by scp included with OpenSSH 5.4 and later.
  • VShell could have gotten into a state where it was using 100% of the CPU after an SCP file transfer.
  • File upload trigger would not fire when an SCP upload was interrupted in some way.
  • VShell may not have saved changes after editing the RunAS command arguments field.

New in VShell 3.6.4.555 (Aug 11, 2010)

  • Bug fixes:
  • VShell would fail to send log messages to syslog if the port configured was already in use on the VShell machine.
  • File changes made through an SFTP file system drive may not have been saved correctly.
  • VShell could leak memory when certain SFTP clients transferred several large files in parallel.
  • Clients that did not support SFTP extensions may not have received a directory listing after connecting to VShell.
  • Windows: VShell's Control Panel would fail to start when launched from Windows Control Panel on machines with User Account Control (UAC) enabled.
  • VShell FTPS: In some cases, files uploaded to the server could have been truncated when SSL encryption was used.

New in VShell 3.6.3.490 (Aug 11, 2010)

  • Changes:
  • Updated VShellConfig usage message and Help page to include all settings that can be excluded or included during an import or export operation.
  • UNIX: Only logs the "Logging to the BSM failed" message if debug logging is enabled.
  • Bug fixes:
  • Windows: Public-key authentication could have failed for non-administrative users if VShell was running on a domain controller.
  • Windows: A crash could have occured if an SFTP client sent file system requests prior to VShell loading the file system environment.
  • VShell FTPS: Uploading multiple small files could have resulted in some of the files being truncated to zero bytes.
  • vcp/vsftp: Files that began with "." were not transferred.

New in VShell 3.6.2.446 (Mar 11, 2010)

  • New features:
  • VShell FTPS: When generating a self-signed certificate, a key
  • size of either 1024 or 2048 can now be specified.
  • Changes:
  • The VShell version in the Windows uninstall "DisplayVersion"
  • registry key now contains the point release number in addition
  • to the major and minor version numbers.
  • Windows: Updated the sample installer answer file that is
  • included in the VShell Help.
  • Bug fixes:
  • On Windows 2000, an incorrect file size was logged when files
  • greater than 4GB were transferred.
  • Windows: VShell could have crashed when certain SFTP clients
  • connected and the user's profile was not being loaded.
  • VShell FTPS: A crash could have occurred if the connection was
  • unexpectedly killed during a transfer.

New in VShell 3.6.1.410 (Jan 22, 2010)

  • Bug fixes:
  • VShell FTPS: The server could have crashed when a connection was closed after multiple failed data connections.

New in VShell 3.6.0.371 Beta 5 (Dec 3, 2009)

  • Changes:
  • VShell FTPS: The connect string sent to the client now includes the version of the server.
  • Bug fixes:
  • Windows: VShell could temporarily stop accepting incoming connections while large roaming profiles were unloaded after disconnect.

New in VShell 3.6.0.358 Beta 4 (Nov 11, 2009)

  • Changes:
  • VRALib: Added the function "GetConfigValue" to the Connection object which when called with the string "Enable FIPS Mode" will allow a VRALib script to determine whether or not FIPS mode is enabled.
  • Bug fixes:
  • Removing a user from the Virtual Root access control list could have caused the path and alias fields to be cleared.
  • VShell FTPS: Authentication of VShell internal user database users could have failed even with a valid password.

New in VShell 3.6.0.346 Beta 3 (Oct 29, 2009)

  • New features:
  • Added an option to control the preferred SFTP version sent to the client. Some clients have the ability to renegotiate the SFTP version after the connection is established, which will override this server setting.
  • Bug fixes:
  • Fixed VShell's WMI provider to prevent future backwards compatibility problems

New in VShell 3.6.0.335 Beta 2 (Oct 16, 2009)

  • VShell 3.6 (beta 2) server lets you limit access to SSH2 commands and services by public key, set environment variables via SSH2, and audit vshelld events with the Solaris Basic Security Module.

New in VShell 3.6.0.324 Beta 1 (Oct 2, 2009)

  • New features:
  • X-command and X-subsystem private use headers in public-key
  • files are now supported. This provides the ability to restrict
  • a user to a particular command or subsystem when a specific
  • public key is used for authentication.
  • Environment variables can now be set via the SSH2 protocol.
  • Windows: The 64-bit version of VShell now uses a FIPS 140-2
  • validated cryptographic library. VShell can be installed in
  • "FIPS Mode", which uses the validated cryptographic library
  • and only allows FIPS-approved algorithms. The 32-bit version
  • of VShell has supported FIPS mode since version 2.6.
  • Windows: VShell internal user database users can now connect
  • using public-key authentication.
  • Windows: When using x.509 certificate authentication, the User
  • Principal Name can now be retrieved from the certificate's
  • Subject Alternative Name field. This allows an alternative to
  • using username certificate map files.
  • Windows: Option to only load user profiles that are set to
  • local.
  • Windows: The Kerberos Protocol Transition option is now
  • available through the VShell Control Panel Authentication page.
  • Windows: VShellConfig can now modify Access Control and Virtual
  • Root settings for users from VShell's internal user database.
  • Windows FTPS: An alternate IP address can now be sent for PASV
  • data connections.
  • VShell FTPS: Wildcards are now supported during file listings.
  • VShell FTPS: A range of ports VShell FTPS uses for data
  • connections can now be specified on the FTPS page of the
  • VShell Control Panel.
  • VShell FTPS: A Certificate Signing Request (CSR) file is
  • now generated when the VShell administrator creates a self-
  • signed certificate from the Control Panel.
  • VShell FTPS: The expiration date can now be specified when
  • creating a self-signed certificate used by the FTPS server.
  • UNIX: vshelld login and logout events can now be audited using
  • the Solaris Basic Security Module (BSM).
  • UNIX: File based logging can now be configured by specifying
  • the log folder location.
  • UNIX: W3C Extended Log File format can now be used when file
  • based logging is enabled.
  • VRALib is a library that allows SSH2 connections to be scripted
  • from Windows. The API functions can be called from VBScript,
  • C++, or any scripting platform that supports COM.
  • vcp/vsftp: Added support for moving files (--move). In vsftp,
  • move can be specified as an argument to get and put.
  • vcp/vsftp: Added the flag --http-proxy, which allows an
  • unauthenticated http proxy to be used during connection.
  • vsftp: Added the flag --nopreserve, which specifies that the
  • file permissions and timestamp should not be preserved.
  • vkeygen: Added the flag --capi, which can be used during a key
  • generation or passphrase change operation to specify that the
  • private key should be encrypted using MS CAPI instead of a
  • passphrase.
  • Changes:
  • Windows: Internal user database authentications are now
  • logged in more detail.
  • Windows: The default value for the "Automatically delete log
  • files older than days" option was changed from 30
  • days to 90 days.
  • Windows: A .pfx file extension is now automatically appended
  • to self-signed certificates created from the VShell Control
  • Panel.
  • Windows: The Deny Host filename edit box was enlarged to use
  • all available space.
  • Bug fixes:
  • The session ID was not logged for some public-key
  • authentication messages.
  • Incorrect file size was logged when files greater than 4GB
  • were transferred.
  • VShell SCP would sometimes send an exit status after the
  • channel had been closed.
  • Windows: VShell could potentially hang if loading the user's
  • profile failed.
  • Windows: Public-key authentication could fail if the domain
  • controller did not respond to requests in a reasonable amount
  • of time.
  • Windows: The Windows shell prompt may not have been displayed
  • on some connections.
  • Windows: An incorrect error about file permissions was logged
  • when the specified user database file did not exist.
  • Windows: Connections would appear to hang when a command was
  • remotely executed and "Remote Execution" access had been
  • denied.
  • Windows: The Apply button on the Virtual Roots and RunAs
  • Command dialogs was not disabled after changes had been
  • applied.
  • Windows: The LSA authentication module did not honor the W3C
  • logging format option.
  • Windows: When two Virtual Roots with different aliases pointed
  • to the same physical location, only the first would be
  • available.
  • Windows: VShellConfig failed to export Access Control and
  • Virtual Root configurations that included internal database
  • users.
  • Windows: VShellConfig was not logging an error when a
  • configuration import failed due to an installation directory
  • conflict.
  • Windows FTPS: Incorrect reply codes were sent in response to
  • some FTP commands.
  • VShell FTPS: Commands sent by the client were not being
  • logged.
  • UNIX: Ulimit values were incorrect for some users on some
  • platforms.
  • UNIX: The vshelld PAM configuration file on RHEL 5 systems
  • was specifying the use of a deprecated PAM module.
  • vkeygen: Generated keys could not be saved in the root of a
  • physical drive.

New in VShell 3.5.4.630 (Sep 17, 2009)

  • Changes:
  • Windows: The default value for the "Automatically delete log files older than days" option was changed from 30 days to 90 days.
  • Bug fixes:
  • Windows FTPS: Incorrect reply codes were sent in response to some FTP commands.
  • Windows: VShellConfig was not logging an error when a configuration import failed due to an installation directory conflict.

New in VShell 3.5.3 Build 516 (Apr 1, 2009)

  • New features:
  • Official support for Windows 2008.
  • VShell FTPS: A Certificate Signing Request (CSR) file is
  • now generated when the VShell administrator creates a self-
  • signed certificate from the Control Panel.
  • VShell FTPS: The expiration date can now be specified when
  • creating a self-signed certificate used by the FTPS server.
  • Changes:
  • Added FTPS to the Access Control category in the VShell Help.
  • Bug fixes:
  • In rare circumstances, VShell could respond with a prime
  • that was outside of the size requested by the client during
  • Diffie-Hellman key exchange.

New in VShell 3.5.2 Build 423 (Dec 3, 2008)

  • Changes:
  • Windows: Accounts defined in the VShell internal user
  • database are no longer case sensitive.
  • The default cipher list has been modified to prefer the AES
  • ciphers in CTR mode. This change was made to address a
  • potential vulnerability. See the following web page for more
  • information.
  • http://www.vandyke.com/go.php?id=pa120255g
  • The cipher change is currently available on Windows, FreeBSD,
  • and Mac OS X platforms.
  • The change is not yet available on AIX, HP-UX, RedHat Enterprise
  • Linux, and Solaris platforms.
  • Bug fixes:
  • Windows: VShell FTPS was not properly shutting down the
  • SSL/TLS connection.
  • UNIX: SCP file transfer operations could fail with very
  • large files on some AIX systems.

New in VShell 3.5 (Sep 9, 2008)

  • New Editions of VShell with FTP over SSL (FTPS) support.
  • New W3C extended log file format.
  • VShell Control Panel Makeover.
  • Internal User Database.
  • Disconnect Active Sessions using "who" command-line utility.
  • RunAs Commands.
  • VShell Service Control.

New in VShell 3.0.2.536 (Dec 10, 2007)

  • Added the ability to enter VShell Features that are specified in the license letter into the VShell License wizard
  • Bug fixes

New in VShell 3.0.2.536 (Nov 9, 2007)

  • Changes: Windows: The "Use Kerberos Protocol Transition" option is now off by default
  • Bug fixes: Public-key authentication could fail if the user had not been granted the "Log on locally" user right
  • Bug fixes: vsh: Redirecting input from NUL, an LPT port, or a serial port would result in an invalid handle error

New in VShell 3.0.0.429 Beta 3 (Jun 13, 2007)

  • Changes:
  • Windows: Increased the size of the tree view area in the VShell Control Panel to prevent scroll bars from appearing when all categories are expanded.
  • Windows: The "Use Kerberos Protocol Transition" option is now on by default.
  • Windows: Starting the VShell Control Panel could have caused the Windows SideBySide component to log system event warnings related to not finding the Mfcloc.dll. To prevent these warnings, redistribute the Microsoft Mfcloc.dll as part of the VShell installation.
  • Bug fixes:
  • Windows: A "Deny Host" file handle error could have been logged after changing VShell configuration options.
  • Windows: The installer was not adding the VShell installation directory or the VShell "bin" directory to the system path.
  • UNIX: File listing of a symbolically linked directory was not displayed for some SFTP clients.

New in VShell 3.0 Beta 2 (May 9, 2007)

  • Windows: VShellConfig now logs an error when the Microsoft
  • XML Parser (MSXML) could not be loaded. MSXML version 3.0 or
  • later is required for VShellConfig export/import functionality.
  • Bug fixes:
  • Windows: SFTP operations could fail if the SFTP root path
  • specified in the VShell Control Panel ended with a trailing
  • backslash ().
  • Windows: VShellConfig failed to run when connected to VShell
  • remotely on a Windows Vista system with User Access Control
  • enabled.
  • Windows: SFTP operations could have failed when VShell was
  • running on a Windows Vista system with User Access Control
  • enabled.
  • VShell could crash during simultaneous loading of a malformed
  • or missing subconfiguration file.