Version 10.3.0_49
New:
_0:released
_0:updated SSH libraries to support PUTTy v3 key type and support for ED448 key types
_5:added active_jobs_shutdown_wait_secs parameter to allow CrushFTP to wait for jobs to finish before allowing a friendly service shutdown
_20:automatically disabled multi-segmented downloading when memory is low
_21:updated SFTP libraries to latest version
_21:fix for FTPES uploads to FZ servers because they complain bout TLS closure and disagree with how java does it
_23:re-wrote the HTTPClient multi-segmented download handling to be more memory safe
_25:updated sftp libraries to latest version
_26:updated SMB3 libraries which had various bug fixes (deadlocks and better connection handling)
_28:validates SQL connections from the pool before using them for looking up user info when using SQL mode
_29:added ability to reload keystores for internal and dmz by making a local file 'reload_ssl'
_29:fix for a DOS related to password encryption, credit to Matt Moreschi
_31:updated JNQ SMB3 library with minor fixes
_33:triggers GarbageCollection before triggering low_memory level 3 alert...just in case memory really isn't that low
_35:added VFS items at login log line to help track VFS config in archived logs
_36:changes default for sftp to not use sftp_transport_blocking to improve compatibility
_37:updated SMB3 library for minor bug fixes
_43:added advanced list management capabilities to UserVariable task in Jobs. See wiki CrushTask Functions
_44:allow deletion of read-only flagged files on SMB3...the same as Windows SMB allows
_45:updated to final sftp library update
_46:updating users with updated expiration date/time is now asynchronous

Fixes:
_1:new memory tracking algorithm for html transfers to better track and fix memory consumption issues
_2:fix for delete on overwrite with similar named directory paths
_3:fix for slow memory creep when using multi segmented transfers through DMZ and slow downloads
_4:fix for sftp rename bug
_6:fix for memory usage not being freed immediately when a multi segmented download transfer fails.
_7:fix for failing sftp downloads
_8:fix for failing sftp downloads
_9:fix for FTPS/FTPES outbound connections potentially having a thread leak
_10:fix for SFTP not honoring the lack of delete directory permission in some scenarios
_11:fix for LDAP plugins not properly honoring group membership
_12:fix for thread leak when running CrushFTP as a SFTP proxy
_13:CrushTask multi-threading fixes for Delete task and error catching for zip/copy tasks
_14:fix for DMZ UI not loading preferences
_15:fix for dmz memory usage for multi-segmented transfer downloads
_16:fix for dmz memory usage for multi-segmented transfer downloads
_17:fix for memory not being cleared quickly when an error is encountered on file download
_18:fix for html5 memory usage on DMZ for slow downloads
_19:fix for failing dmz downloads created by build _17.
_21:fix for SCP doubling filename when renaming file
_22:rolled back SFTP libraries
_24:fix for non-serializable item getting into areas where it should not have been
_27:fix for split_prefs and dmz servers for server_list items
_30:re-implemented window space control for SFTP to allow buggy JSCH implementations to not crash
_32:fix for memory race condition when allowing multi-segmented chunks download
_34:fix for job task item URL's loosing their final character
_37:fix for DMZ quota lookups
_38:updated sftp libraries for a fix for the 'paramiko' SFTP client
_39:rolled back sftp libraries..still has fix for paramiko, but not working at high performance level for now
_40:rolled back sftp libraries to last known stable version...
_41:updated sftp libraries to a new stable version that protects against a memory issue, and compatibility issues
_42:fix for Jobs loosing the path to items after their first copy was performed
_44:fix for an admin bug causing deletion of all users, credit for Jean Calvin Mugabo of Trustwave SpiderLabs
_47:fix for sharepoint VFS client
_48:fix for ignoring errors during a Move task
_49:fix for uploads not showing speed on dashboard



10.2.0

New:
_0:released
_2:more efficient XML cache handling for user.XML loading
_3:more efficient FindTask execution by processing the filter while building the lists of items
_4:added support for SAML sub names
_6:added control for user manager to set 2nd factor requirement.
_12:CSP (Content Security Policy) improvements and fixes to give better scanning scores
_13:user session logs now capture session specific debug stack traces too
_14:SSH sessions track errors in user session logs now too
_15:support for zip on the fly MD5 calculations in logs
_17:added automated {heap_dump} capability and additional low memory alert types
_20:DMZ will not start it server ports if the template user is missing or invalid
_20:updated faster-xml jackson libraries to latest
_21:DMZ template user is auto generated on first DMZ start

Fixes:
_1:fix for making servers slow if they happened to be missing inheritance.XML or groups.XML as it attempted to search for them
_3:fix for Find task duplicating items when it runs in a loop waiting for files to appear matching criteria
_7:fixes for special characters in filenames for azure
_8:added automatic fallback method for SMTP servers to fallback on TLS versions in case they don't support more modern versions
_9:fixed issues with saml_assertion_subname to allow differentiating SAML configurations
_10:fixes for WebInterface login page prepending a slash to usernames or not functioning at all
_11:Carlo Di Dato and Francesco Gnocchi for Deloitte Risk Advisory Italy discovered an XSS issue that has been fixed.
_12:fix for SMB3 and non existent file downloads
_14:fix for spaces in folder names when using certain admin controls
_16:fix for SFTP port counter growing when using proxy protocol v1/v2.
_16:fix for SAML not working when going through DMZ
_18:fix for scan_vfs_for_initial_listing flag causing problems for single file share items
_19:added fix for same userid opening second session and overwriting file that was in sue in the prior session
_20:fix for Azure password char encoding issue
_22:fix for sockets getting stuck in some scenarios with proxy protocol v1
_23:fix for ascii PGP uploads getting a PGP trailer for size added on them



10.1.0

New:
_0:released
_0:CrushFTP v10 New Features
_1:added support for chacha20-poly1305@openssh.com cipher and curve25519-sha2@libssh.org for KEX in SFTP
_1:Updated SFTP libraries to latest
_2:changed SFTP client to default to doing a "ls" command with blank value instead of ".". Controlled by pref: sftpclient_ls_dot
_4:partial white labeling support
_5:implemented newer SMB3 library version with some additional bug fixes for DFS
_8:log memory buffering improvements
_15:added new vfs bad config alert type
_16:added GROUPBY capability to CrushTask Jump
_22:added test keystore buttons for AS2 certificates and added SSH character encodings to SFTP sessions control
_24:changed replication to sue path from the URL and not the entire URL
_25:updated SMB3 library to latest version
_33:added custom char encoding for outbound SFTP connections
_36:updated log4j library from 1.2.17 to v2.16 even though it was NOT vulnerable. This is not a security patch, its just to appease security departments.
_37:better public key validation when two factor is enabled (more compatible with sftp clients)
_39:updated log4j libraries to 2.17 due to other issues which don't affect CrushFTP...
_40:updated jars across various areas to more current versions (letsencrypt,hadoop)
_41:added ecdsa and ed25519 server host key support for SFTP (defaults to enabled)
_43:automatically remove invalid or dead linked events when saving a user
_46:updated log4j to 2.17.1 libraries
_47:added change phone option and OTP valid for X days
_48:logging improvements for alerts
_49:added faster native md5sum calculations on file transfers
_50:changed update idle behavior to update DMZ first, then update main, and updated log4j to 2.17.1 to appease organizations that don't understand its usage in CrushFTP
_51:faster Windows UNC dir listings and added created time for listings on FILE:// locations in WebInterface
_52:end user ability to subscribe to reverse event notifications.
_56:added ability to do dual banning mode for hammering passwords, first by username, then by IP. Separate dual mode items with comma.
_58:added password blacklist file support
_59:added additional login frequency failure alert info
_62:updated PGP libraries for additional key compatibility
_65:new build of Let'sEncrypt plugin with improved handling of errors
_66:updated SMB3:// libraries with JNQ
_67:ldap cache now applies to users and groups
_70:added performance metrics checking for quotaWorker at startup to reduce server load
_71:improved thread dumps for HTML5Downlaod transfers
_73:added support for rename overwrite to HTTPClient to help with multi_journal
_75:fix for Citrix LoadBalancers not knowing how to properly do ProxyProtocolV1 so CrushFTP has to do magic to make the proxy header come through for SFTP
_77:speed improvements for Azure and storage class controls for S3
_79:memory usage throttling for segmented downloads improved
_82:updated SMB3:// libraries to use the latest version.

Fixes:
_2:fixes for OneDrive VFS protocol
_3:fix for AzureClient
_6:fix for async quota using a lot of CPU
_7:fixes for async quota and parent quota dir configurations
_9:fix for incorrect s3 listings under simultaneous listings from multiple clients
_10:fix for restart bug on Windows where service did not auto restart (since build_4 roughly)
_11:fix for sending dmz logs to internal server sometimes stopping
_12:fix for SMB DFS, to keep it enabled if its ever toggled enabled
_13:SMB DFS defaults to enabled for "smb://" protocol now.
_14:fix for PGP encrypt job not detecting failures correctly and zip/unzip tasks not handling dfs_enabled flags.
_16:XSS mitigation for user manager admin accounts
_17:fix for rename failures with SMB and PGP task, attempts a copy/delete source if encountered
_18:faster failures through DMZ for bad VFS configurations
_20:fixes for http errors being relayed to CrushClient
_21:fixes for async quota calculations and logging more information
_22:fixes for quota results through DMZ
_23:fix for AS2 incoming issues due to BouncyCastle jar updates
_24:fix for AS2 sends to HTTP URLs (only HTTPS) were allowed
_25:fixed VFS replication URLs to only look at the path of the URL and not compare entire URL
_26:fix for Radius not working due to missing old library from BouncyCastle
_27:fix for login failures
_28:fix for generating SSL keystores not working due to missing old library from BouncyCastle
_29:fix for broken share by reference in certain scenarios
_30:fix for cached time stamps on newly uploaded files via SFTP
_31:fix for TEXT mode in SFTP v4 clients
_32:additional support for custom runtime system properties (proxy for updating, etc)
_34:fix for outbound ftp client connections in active mode
_35:fix for thread leak in outbound ftp client connections
_38:fix for LetsEncrypt and log4j issues due to missing jars
_40:fix for out of sync md5 hashes for CrushClient uploads across multiple threads
_40:fix for viewing recent jobs on a server that has a different time zone than the browser
_42:fixed bug with UI not showing ecdsa and ed25519 keys were enabled when they were (enabled by default)
_44:fix for MicrosoftMail being more restrictive on Content-Type headers
_45:fix for events being deleted when editing a user
_48:fix for alerts being triggered on hack usernames
_53:fix for FTP downloads with zip on the fly
_54:fix for download as zip when going through DMZ and using segmented downloads
_55:fix for subdir quotas with async_quota enabled
_57:fixes for variable replacements in alerts
_58:fix for OTP validation
_60:fixes for alerts on login frequency
_61:fix for update when idle for DMZ
_62:fix for AS2 jobs getting stuck
_63:fix for PGP private keys for decryption failing
_64:re-published fix for AS2 jobs getting stuck as build _62 did not publish correctly
_66:fix for SAML XML signing order of the Signature tag being before the Issuer tag
_67:fix for html5 transfer memory leak in specific scenarios
_68:fix for additional html5 download memory leak
_69:fixes for missing username in some alerts and missing failed port startup log entries
_72:updated SFTP libraries to fix compatibility with Azure SFTP server
_73:fixes for Azure client being too slow to handle quick uploads
_74:fix for case insensitive CSRF token
_76:fix for plugin based logins not functioning
_78:fix for proxy protocol v1/v2 with SSL ports
_80:fixes for Find task logging and logic for skipping 2nd listing, and fix for memory issues in segmented downloads through the DMZ
_81:fix for alerts triggered in DMZ and relayed through internal server
_82:fix for ed25519 keys getting auto enabled, and for tomorrow date variable being yesterday instead
_82:fix for replicated servers and multiple users writing group and inheritance changes at the same time.


10.0.0

New:
_0:cleaned up unneeded jar files, v10 ui published
_4:updates for SMTP OAuth support
_6:improved upload handling and support for expect-100 PUT validation
_7:added faster webdav timeouts (10 seconds)
_10:DMZ logging fixes to provide more debug info on failures
_11:added additional control for s3 multi threaded download buffer chunk size
_12:added shares with relative path, and encrypted URLs for Jobs
_13:faster single threaded s3 downloads
_16:added restart when idle feature and shutdown when idle feature (transfers, and jobs must stop before it will kick in)
_23:DMZ UI speed improvements.
_25:added automated debugging tool for sending logs to support via thread_dump_port config
_27:added -TOGGLEVFSENCRYPTION launch flag to encrypt/decrypt VFS URLs.
_29:added socketTimeout for SQL connections with SQL users to be 5 seconds
_32:added future dates for variables. Tomorrow, next week, next month.
_34:support for simpler AS2 ID's where the cert validates the user profile
_35:support for md5 application validation
_41:additional prometheus metrics and version syntax
_43:better handling for consistent MDN and .encrypted files for AS2 processing
_44:simplified ServerBeat command handling, dropped plumb/unplumb support
_47:added vfs_lazy_load config item to prevent VFS items from being hit unnecessarily during the login and first directory phase
_49:added async quota calculations
_51:added user level quotas (VFS individual quota still overrides user level)

Fixes:
_1:fixed bug allowing v9 codes in build 0
_2:fix for login event blocking by plugins
_3:fix for some sftp clients connecting when trying to enable gzip compression
_5:fix for geoip errors
_8:fix for slow stat file lookups
_9:fix for stats commands
_14:fix for non HTTP(s) DMZ logins failing at times
_15:fixed timeout issue for S3 connections
_17:fix for async replication
_18:fixes for slow S3 downloads and large s3 memory buffers
_19:fix for delays caused by slow logging speeds
_20:fixed bug where SFTP didn't do recursive makedirs like FTP did
_21:simplified PASV logic for FTP IP response, defaults to enabled: pasv_simple_logic
_22:fix for multi segmented html5 download through DMZ
_23:major fix for overall http communication throughout DMZ, and VFS, and client usage
_24:fix for DMZv5 tunnel not having a timeout
_26:fix for download/upload speeds not always showing up on admin panel graphs
_30:fix for stop_dmz_ports_internal_down not working with DMZ v5 mode
_31:fix for block access patterns and WebInterface
_33:fixes for SMB:// and SMB3:// recursive folder creation
_35:faster webdav response time when no content-length header provided
_36:fix for rename bug in SMB3 VFS scenarios
_37:fix for server.root items not being allowed for keystore item types.
_38:fix for SFTP job downloads failing
_39:fix for s3 testVFS right click menu not working
_40:fix for redirect and prometheus metrics
_42:fix for AS2 MDN info being missing at times
_43:various fixes for AS2 handling and MDN responses
_44:fix for PGP global encryption not functioning
_45:fix for DMZ port stops not triggering port alert
_46:fix for MariaDB URL notation
_48:fix for replication journal getting stuck on empty folders
_50:fix for hadoop file listings
_51:fix for encrypted job URL syntax