Version 10.5.2_20 10.5.1 has a critical security patch and 10.5.2 has an important security fixes everyone needs to install ASAP!

_0:released with important fixes for SMB3 library compatibility
_14:improvements to hack username checks for immediate bans
_15:enhancements to the OneDrive protocol to improve upload speeds
_16:DB drivers can no longer be dynamically loaded and must be part of your plugins/lib folder (change for upcoming CVE)

_1:fixed missing thread names on PGP encrypt/decrypt streams
_2:fix for blocked thread on replication of prefs/users/jobs/reports/etc preventing future updates
_3:new pgp library to fix speed issues with pgp ascii armor
_4:fix for starting up job schedules when there are lots of jobs scheduled for the same minute
_5:fix for a rare scenario where a FILE item gets treated as a folder during a Copy task
_6:fix for job scheduler possibly skipping a minute when under extremely super high load
_7:fix for security issue awaiting disclosure.10.5.0 and 10.5.1 are the same, just version bump for notifications. Credit Ryan Emmons
_8:performance improvement for many jobs running at the same time
_9:job scheduling fix for daily/weekly/monthly jobs skipping a day/month/week potentially
_10:updated SFTP libraries to fix private key loading issue for very old key formats using sshtools
_11:another fix for weekly job runs to calculate the correct next run time on new saves of a job
_12:fix for multi-segmented transfers and PGP instream changes
_13:fix for Azure connections that don't get cleaned up until logout of a client which uses memory when they uploads lots of little files
_17:fix for connecting to statisticsDB when not using Derby (builtin)
_18:fix for zipstream uploads not extracting correctly with corrupted files
_19:fix for when SFTP clients open many channels on one connection and logout before all file transfers are finished
_20:fixes for share button in wi not showing, and additional log details for CrushTasks of protocol errors

_0:updated SFTP, SMB3, PGP libraries
_4:updated BouncyCastle libraries to latest 1.72 (used for PGP)
_5:changed how PGP encrypt/decrypt task works in a job for S3 locations to avoid any rename situations and just output the actual file
_8:updated SFTP libraries to improve KEX compatibility
_9:AzureClient now attempts multiple retries in case there i a temporary server issue, and added {0group}, {1gorup}, {group0} variables for user info
_16:SMB3 library updated to latest with improved kerberos support
_19:finished support for SOCKS5 protocol support. user/pass auth, logging flag, and protocol control in user manager
_22:major improvements to job info caching and job monitoring, flag to disable job summary lookup on dashboard job_summary_on_dashboard
_24:removed some jars used for JMS, if you use JMS, you need to manually re-add some jars to keep JMS support. This was required due to prior vulnerabilities in the older JMS jars. See wiki.
_25:significantly sped up the Jobs viewer when dealing with thousands of Jobs. Both in editing and saving jobs and in viewing prior run jobs
_32:added ability to do multiple jobs in testJobSchedule and changeJobStatus

_0:new SMB3 library fixes issues with Amazon FSX servers
_1:fix for some Tectia SSH servers and outbound SFTP connections from CrushFTP
_2:fix for ip restrictions and public key auth with SFTP
_3:2nd fix for ip restrictions and public key auth with SFTP
_6:fix for CopyTask bug with S3 locations and SFTP client not liking null characters in folder names
_7:fix for CopyTask bug with S3 locations
_10:fix bug related to expire users inheriting from group user
_11:fix for jobs not running at their scheduled time when the system was too overloaded with job schedules to process
_12:fixed bugs related to Move task with folder structures and being on the same disk
_13:fixed bug with Move task when absolute paths had been used in Find task
_14:fixed bug with Move task related to certain event scenarios
_15:fix for merged VFS items now showing when out of sync with SMB/SMB3
_16:fix for multi-threaded Move task handling folder creations
_17:fix for move task leaving behind folders when the source was a FTP server location
_18:fix for WebInterface when using SQL user mode
_20:socks4/socks5 auth fixes
_21:fix for uploads failing with WebInterface
_22:fixes for search process with bad directories in the memCache
_23:fix for remote agentRegistration in a HA environment
_25:fix for broken java -jar CrushFTP.jar scenario due to a malformed file. java -jar plugins/lib/CrushFTPJarProxy.jar was unaffected and still worked fine
_26:fix for connection pooling in CrushTask/Jobs with Copy/move steps not always doing pooling
_27:fixes for change password email delays
_28:minor SMB3 library update with some bug fixes
_29:fix for merged VFS download all items failing in certain scenarios
_30:socket usage improvements for Azure client protocol
_31:connections fixes for azure client
_33:rolled back JNQ SMB3 Library to prior version due to some connectivity issues for a customers
_34:fixed merged VFS scenario where all VFS items had different root names and zip download failed
_35:fix for failing dir listings caused by _34
_36:updated PGP supporting libraries to fix a PGP zipexception error on decrypt
_37:fix for DMZ server not allowing uploads for local accounts (pass through to internal was fine.)

_0:updated SSH libraries to support PUTTy v3 key type and support for ED448 key types
_5:added active_jobs_shutdown_wait_secs parameter to allow CrushFTP to wait for jobs to finish before allowing a friendly service shutdown
_20:automatically disabled multi-segmented downloading when memory is low
_21:updated SFTP libraries to latest version
_21:fix for FTPES uploads to FZ servers because they complain bout TLS closure and disagree with how java does it
_23:re-wrote the HTTPClient multi-segmented download handling to be more memory safe
_25:updated sftp libraries to latest version
_26:updated SMB3 libraries which had various bug fixes (deadlocks and better connection handling)
_28:validates SQL connections from the pool before using them for looking up user info when using SQL mode
_29:added ability to reload keystores for internal and dmz by making a local file 'reload_ssl'
_29:fix for a DOS related to password encryption, credit to Matt Moreschi
_31:updated JNQ SMB3 library with minor fixes
_33:triggers GarbageCollection before triggering low_memory level 3 alert...just in case memory really isn't that low
_35:added VFS items at login log line to help track VFS config in archived logs
_36:changes default for sftp to not use sftp_transport_blocking to improve compatibility
_37:updated SMB3 library for minor bug fixes
_43:added advanced list management capabilities to UserVariable task in Jobs. See wiki CrushTask Functions
_44:allow deletion of read-only flagged files on SMB3...the same as Windows SMB allows
_45:updated to final sftp library update
_46:updating users with updated expiration date/time is now asynchronous
_53:support for JKS sharing between cluster nodes with Let'sEncrypt plugin.
_58:faster directory listings
_59:additional logging for CrushTask debugging
_61:added flags for 'ssh_client_*' in prefs.XML to control allowed ciphers, kex, and macs

_1:new memory tracking algorithm for html transfers to better track and fix memory consumption issues
_2:fix for delete on overwrite with similar named directory paths
_3:fix for slow memory creep when using multi segmented transfers through DMZ and slow downloads
_4:fix for sftp rename bug
_6:fix for memory usage not being freed immediately when a multi segmented download transfer fails.
_7:fix for failing sftp downloads
_8:fix for failing sftp downloads
_9:fix for FTPS/FTPES outbound connections potentially having a thread leak
_10:fix for SFTP not honoring the lack of delete directory permission in some scenarios
_11:fix for LDAP plugins not properly honoring group membership
_12:fix for thread leak when running CrushFTP as a SFTP proxy
_13:CrushTask multi-threading fixes for Delete task and error catching for zip/copy tasks
_14:fix for DMZ UI not loading preferences
_15:fix for dmz memory usage for multi-segmented transfer downloads
_16:fix for dmz memory usage for multi-segmented transfer downloads
_17:fix for memory not being cleared quickly when an error is encountered on file download
_18:fix for html5 memory usage on DMZ for slow downloads
_19:fix for failing dmz downloads created by build _17.
_21:fix for SCP doubling filename when renaming file
_22:rolled back SFTP libraries
_24:fix for non-serializable item getting into areas where it should not have been
_27:fix for split_prefs and dmz servers for server_list items
_30:re-implemented window space control for SFTP to allow buggy JSCH implementations to not crash
_32:fix for memory race condition when allowing multi-segmented chunks download
_34:fix for job task item URL's loosing their final character
_37:fix for DMZ quota lookups
_38:updated sftp libraries for a fix for the 'paramiko' SFTP client
_39:rolled back sftp libraries..still has fix for paramiko, but not working at high performance level for now
_40:rolled back sftp libraries to last known stable version...
_41:updated sftp libraries to a new stable version that protects against a memory issue, and compatibility issues
_42:fix for Jobs loosing the path to items after their first copy was performed
_44:fix for an admin bug causing deletion of all users, credit for Jean Calvin Mugabo of Trustwave SpiderLabs
_47:fix for sharepoint VFS client
_48:fix for ignoring errors during a Move task
_49:fix for uploads not showing speed on dashboard
_50:added additional full disk protection for job scheduler
_51:fix for potential socket getting stuck in DMZv5 mode and all other sockets stuck behind it.
_52:fix for limited admin and using @AutoHost on server ports
_54:honors the hidden flag on SMB/SMB3 servers now
_55:fixed bug with proxy protocol v1/v2 and SFTP server ports hanging sometimes
_56:fix for routing connections through DMZ
_57:fix for SFTP public key auth with disabled user manager users
_58:fix for @AutoDomain limited administrators in the UserManager
_60:bug fix for overlapping settings config in CrushTask scenarios
_62:fixed issue where ssh_client_* parameters not used for Job configs (was VFS only)
_63:fixed missing encrypted url support for SQL mode storage of user configurations
_64:fix for items being lost for events when zipping on the fly with nested folders


_2:more efficient XML cache handling for user.XML loading
_3:more efficient FindTask execution by processing the filter while building the lists of items
_4:added support for SAML sub names
_6:added control for user manager to set 2nd factor requirement.
_12:CSP (Content Security Policy) improvements and fixes to give better scanning scores
_13:user session logs now capture session specific debug stack traces too
_14:SSH sessions track errors in user session logs now too
_15:support for zip on the fly MD5 calculations in logs
_17:added automated {heap_dump} capability and additional low memory alert types
_20:DMZ will not start it server ports if the template user is missing or invalid
_20:updated faster-xml jackson libraries to latest
_21:DMZ template user is auto generated on first DMZ start

_1:fix for making servers slow if they happened to be missing inheritance.XML or groups.XML as it attempted to search for them
_3:fix for Find task duplicating items when it runs in a loop waiting for files to appear matching criteria
_7:fixes for special characters in filenames for azure
_8:added automatic fallback method for SMTP servers to fallback on TLS versions in case they don't support more modern versions
_9:fixed issues with saml_assertion_subname to allow differentiating SAML configurations
_10:fixes for WebInterface login page prepending a slash to usernames or not functioning at all
_11:Carlo Di Dato and Francesco Gnocchi for Deloitte Risk Advisory Italy discovered an XSS issue that has been fixed.
_12:fix for SMB3 and non existent file downloads
_14:fix for spaces in folder names when using certain admin controls
_16:fix for SFTP port counter growing when using proxy protocol v1/v2.
_16:fix for SAML not working when going through DMZ
_18:fix for scan_vfs_for_initial_listing flag causing problems for single file share items
_19:added fix for same userid opening second session and overwriting file that was in sue in the prior session
_20:fix for Azure password char encoding issue
_22:fix for sockets getting stuck in some scenarios with proxy protocol v1
_23:fix for ascii PGP uploads getting a PGP trailer for size added on them


_0:CrushFTP v10 New Features
_1:added support for cipher and for KEX in SFTP
_1:Updated SFTP libraries to latest
_2:changed SFTP client to default to doing a "ls" command with blank value instead of ".". Controlled by pref: sftpclient_ls_dot
_4:partial white labeling support
_5:implemented newer SMB3 library version with some additional bug fixes for DFS
_8:log memory buffering improvements
_15:added new vfs bad config alert type
_16:added GROUPBY capability to CrushTask Jump
_22:added test keystore buttons for AS2 certificates and added SSH character encodings to SFTP sessions control
_24:changed replication to sue path from the URL and not the entire URL
_25:updated SMB3 library to latest version
_33:added custom char encoding for outbound SFTP connections
_36:updated log4j library from 1.2.17 to v2.16 even though it was NOT vulnerable. This is not a security patch, its just to appease security departments.
_37:better public key validation when two factor is enabled (more compatible with sftp clients)
_39:updated log4j libraries to 2.17 due to other issues which don't affect CrushFTP...
_40:updated jars across various areas to more current versions (letsencrypt,hadoop)
_41:added ecdsa and ed25519 server host key support for SFTP (defaults to enabled)
_43:automatically remove invalid or dead linked events when saving a user
_46:updated log4j to 2.17.1 libraries
_47:added change phone option and OTP valid for X days
_48:logging improvements for alerts
_49:added faster native md5sum calculations on file transfers
_50:changed update idle behavior to update DMZ first, then update main, and updated log4j to 2.17.1 to appease organizations that don't understand its usage in CrushFTP
_51:faster Windows UNC dir listings and added created time for listings on FILE:// locations in WebInterface
_52:end user ability to subscribe to reverse event notifications.
_56:added ability to do dual banning mode for hammering passwords, first by username, then by IP. Separate dual mode items with comma.
_58:added password blacklist file support
_59:added additional login frequency failure alert info
_62:updated PGP libraries for additional key compatibility
_65:new build of Let'sEncrypt plugin with improved handling of errors
_66:updated SMB3:// libraries with JNQ
_67:ldap cache now applies to users and groups
_70:added performance metrics checking for quotaWorker at startup to reduce server load
_71:improved thread dumps for HTML5Downlaod transfers
_73:added support for rename overwrite to HTTPClient to help with multi_journal
_75:fix for Citrix LoadBalancers not knowing how to properly do ProxyProtocolV1 so CrushFTP has to do magic to make the proxy header come through for SFTP
_77:speed improvements for Azure and storage class controls for S3
_79:memory usage throttling for segmented downloads improved
_82:updated SMB3:// libraries to use the latest version.

_2:fixes for OneDrive VFS protocol
_3:fix for AzureClient
_6:fix for async quota using a lot of CPU
_7:fixes for async quota and parent quota dir configurations
_9:fix for incorrect s3 listings under simultaneous listings from multiple clients
_10:fix for restart bug on Windows where service did not auto restart (since build_4 roughly)
_11:fix for sending dmz logs to internal server sometimes stopping
_12:fix for SMB DFS, to keep it enabled if its ever toggled enabled
_13:SMB DFS defaults to enabled for "smb://" protocol now.
_14:fix for PGP encrypt job not detecting failures correctly and zip/unzip tasks not handling dfs_enabled flags.
_16:XSS mitigation for user manager admin accounts
_17:fix for rename failures with SMB and PGP task, attempts a copy/delete source if encountered
_18:faster failures through DMZ for bad VFS configurations
_20:fixes for http errors being relayed to CrushClient
_21:fixes for async quota calculations and logging more information
_22:fixes for quota results through DMZ
_23:fix for AS2 incoming issues due to BouncyCastle jar updates
_24:fix for AS2 sends to HTTP URLs (only HTTPS) were allowed
_25:fixed VFS replication URLs to only look at the path of the URL and not compare entire URL
_26:fix for Radius not working due to missing old library from BouncyCastle
_27:fix for login failures
_28:fix for generating SSL keystores not working due to missing old library from BouncyCastle
_29:fix for broken share by reference in certain scenarios
_30:fix for cached time stamps on newly uploaded files via SFTP
_31:fix for TEXT mode in SFTP v4 clients
_32:additional support for custom runtime system properties (proxy for updating, etc)
_34:fix for outbound ftp client connections in active mode
_35:fix for thread leak in outbound ftp client connections
_38:fix for LetsEncrypt and log4j issues due to missing jars
_40:fix for out of sync md5 hashes for CrushClient uploads across multiple threads
_40:fix for viewing recent jobs on a server that has a different time zone than the browser
_42:fixed bug with UI not showing ecdsa and ed25519 keys were enabled when they were (enabled by default)
_44:fix for MicrosoftMail being more restrictive on Content-Type headers
_45:fix for events being deleted when editing a user
_48:fix for alerts being triggered on hack usernames
_53:fix for FTP downloads with zip on the fly
_54:fix for download as zip when going through DMZ and using segmented downloads
_55:fix for subdir quotas with async_quota enabled
_57:fixes for variable replacements in alerts
_58:fix for OTP validation
_60:fixes for alerts on login frequency
_61:fix for update when idle for DMZ
_62:fix for AS2 jobs getting stuck
_63:fix for PGP private keys for decryption failing
_64:re-published fix for AS2 jobs getting stuck as build _62 did not publish correctly
_66:fix for SAML XML signing order of the Signature tag being before the Issuer tag
_67:fix for html5 transfer memory leak in specific scenarios
_68:fix for additional html5 download memory leak
_69:fixes for missing username in some alerts and missing failed port startup log entries
_72:updated SFTP libraries to fix compatibility with Azure SFTP server
_73:fixes for Azure client being too slow to handle quick uploads
_74:fix for case insensitive CSRF token
_76:fix for plugin based logins not functioning
_78:fix for proxy protocol v1/v2 with SSL ports
_80:fixes for Find task logging and logic for skipping 2nd listing, and fix for memory issues in segmented downloads through the DMZ
_81:fix for alerts triggered in DMZ and relayed through internal server
_82:fix for ed25519 keys getting auto enabled, and for tomorrow date variable being yesterday instead
_82:fix for replicated servers and multiple users writing group and inheritance changes at the same time.


_0:cleaned up unneeded jar files, v10 ui published
_4:updates for SMTP OAuth support
_6:improved upload handling and support for expect-100 PUT validation
_7:added faster webdav timeouts (10 seconds)
_10:DMZ logging fixes to provide more debug info on failures
_11:added additional control for s3 multi threaded download buffer chunk size
_12:added shares with relative path, and encrypted URLs for Jobs
_13:faster single threaded s3 downloads
_16:added restart when idle feature and shutdown when idle feature (transfers, and jobs must stop before it will kick in)
_23:DMZ UI speed improvements.
_25:added automated debugging tool for sending logs to support via thread_dump_port config
_27:added -TOGGLEVFSENCRYPTION launch flag to encrypt/decrypt VFS URLs.
_29:added socketTimeout for SQL connections with SQL users to be 5 seconds
_32:added future dates for variables. Tomorrow, next week, next month.
_34:support for simpler AS2 ID's where the cert validates the user profile
_35:support for md5 application validation
_41:additional prometheus metrics and version syntax
_43:better handling for consistent MDN and .encrypted files for AS2 processing
_44:simplified ServerBeat command handling, dropped plumb/unplumb support
_47:added vfs_lazy_load config item to prevent VFS items from being hit unnecessarily during the login and first directory phase
_49:added async quota calculations
_51:added user level quotas (VFS individual quota still overrides user level)

_1:fixed bug allowing v9 codes in build 0
_2:fix for login event blocking by plugins
_3:fix for some sftp clients connecting when trying to enable gzip compression
_5:fix for geoip errors
_8:fix for slow stat file lookups
_9:fix for stats commands
_14:fix for non HTTP(s) DMZ logins failing at times
_15:fixed timeout issue for S3 connections
_17:fix for async replication
_18:fixes for slow S3 downloads and large s3 memory buffers
_19:fix for delays caused by slow logging speeds
_20:fixed bug where SFTP didn't do recursive makedirs like FTP did
_21:simplified PASV logic for FTP IP response, defaults to enabled: pasv_simple_logic
_22:fix for multi segmented html5 download through DMZ
_23:major fix for overall http communication throughout DMZ, and VFS, and client usage
_24:fix for DMZv5 tunnel not having a timeout
_26:fix for download/upload speeds not always showing up on admin panel graphs
_30:fix for stop_dmz_ports_internal_down not working with DMZ v5 mode
_31:fix for block access patterns and WebInterface
_33:fixes for SMB:// and SMB3:// recursive folder creation
_35:faster webdav response time when no content-length header provided
_36:fix for rename bug in SMB3 VFS scenarios
_37:fix for server.root items not being allowed for keystore item types.
_38:fix for SFTP job downloads failing
_39:fix for s3 testVFS right click menu not working
_40:fix for redirect and prometheus metrics
_42:fix for AS2 MDN info being missing at times
_43:various fixes for AS2 handling and MDN responses
_44:fix for PGP global encryption not functioning
_45:fix for DMZ port stops not triggering port alert
_46:fix for MariaDB URL notation
_48:fix for replication journal getting stuck on empty folders
_50:fix for hadoop file listings
_51:fix for encrypted job URL syntax