Viewing file: readme.htm (37.71 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
FileZilla Server version 0.9.41 beta
Copyright 2001-2012
by Tim Kosse
http://filezilla-project.org/
Features:
- almost unlimited number of users
- multi-threaded engine
- runs as service under 2000 and XP, Vista and Windows 7
- anti fxp / bounce attack filter
- secure password storage (as MD5 hash)
- real-time user/group management
-
all options can be set at runtime, there's no need to take
the server offline
-
no-transfer timeout which can kick idle users which use
basic keep alive systems
- Server and user/group speed limits based on rule sets.
- MODE Z file transfer compression
Release Notes:
Please report any bugs immediately to tim.kosse@filezilla-project.org
and don't forget to include some system details as it helps to identify the
bugs.
The tray icon
From the tray icon you've access to different features of
FileZilla Server. You can enable/disable, lock/unlock or exit the server as well
as restoring it to normal size.
List of tray icon states:
|
red |
|
server offline |
yellow |
|
server online |
green |
|
client connected |
flashing red-green |
|
server will go offline or will exit when all clients are disconnected |
flashing red-yellow |
|
server is locked |
flashing yellow-green |
|
server is locked and clients are still connected |
Version History:
For a more detailed list of changes, please have a look at the SVN changelog located at http://filezilla-project.org/changelog.php?type=2.
Version 0.9.41
Fixed bugs:
- Fix parsing of IP address filters ending with :0 or equivalent substringss.
- Allow speed limits larger than 64 MiB/s.
- Show more verbose error messages if transfer connection cannot be established.
Version 0.9.40
Fixed bugs:
- The service no longer crashes if connecting with the administration interface when there are clients connected over IPv6
- Close the connection if there is additional data in the input buffers when processing the AUTH command.
- Display correct connection state item in administration interface when getting initial list of connected clients
Version 0.9.39
Fixed bugs:
- Do not attempt to display a message box if creating an administration interface binding fails. This freezes the service on some machines.
- On FTP over TLS connections, the socket address family was not initialized from the underlaying socket
- Fix a bug in IPv4 address filters and increase their performance
Version 0.9.38
New features:
Incompatible changes:
- Range, wildcard, regular expression and dot-decimal notation subnet IP address filters have been removed. These filter rules need to be recreated using CIDR notation.
Fixed bugs:
- Upon /reload-config, notify all running instances, not just the first found.
- Report correct physical path of aliases in administration interface
- Fix reply code on permanent bans, not of 5yz type
- Increased default size of socket buffers
- Fix a crash when entering invalid IP filters
- Fixed a crash when a connection closes
- Updated to most recent OpenSSL version
Version 0.9.37
Fixed bugs:
- Advertise support for PBSZ and PROT in FEAT reply
- Allow PROT after PORT/PASV/EPRT/EPSV but before transfer command
- Use correct replies for RNTO, EPRT and MKD command
- Reply with correct error code in response to transfer commands if PROT P is required but not set
- Fix display of non-ASCII characters in log
- Ignore read-only attribute on DELE
Version 0.9.36
Fixed bugs:
Version 0.9.35
New features:
- Administration interface is now Unicode enabled.
Fixed bugs:
- Fix saving of speed-limit rules
Version 0.9.34
New features:
- Show address of server in title bar of administration interface (patch submitted by eyebex)
Fixed bugs:
- Disable some weak TLS/SSL ciphers such as DES-CBC-SHA which shouldn't be used anymore
- Work around some obscure error reported by OpenSSL, fixes spurious transfer failures
- Use case-insensitive comparison instead of always converting to lowercase in permissions handling. Fixes problems with sharing case-sensitive network resources.
- Settings with empty data were not loaded from settings file correctly and reverted back to default values (patch submitted by eyebex)
- Improve performance of (re-)loading settings
Version 0.9.33
New features:
- Add /servicename and /servicedisplayname options to change the (display) name of the server service.
Fixed bugs:
- Fix potential double-delete in admin connection code, could be used for remote denial of service if using remote administration (not enabled by default).
- Increase minimum value for maximum allowed login attempts before autoban to 10.
Version 0.9.32
New features:
- Use thousands separator in output of large numbers.
Fixed bugs:
- Disallow weak SSLv2.
- Slightly reword FTP over TLS/SSL settings page.
- Adjust width of user and group lists on permissions dialogs.
Version 0.9.31
Fixed bugs:
- Fix buffer overflow in SSL code leading to a potential security vulnerability.
Version 0.9.30
Fixed bugs:
- Fix a rare case in which SSL shutdown notifications were created but not actually sent.
Version 0.9.29
Fixed bugs:
- Executable path did not get quoted properly in service creation leading to a local privilege escalation vulnerability.
Version 0.9.28
Fixed bugs:
- Directly reject PROT C if PROT P is required instead of complaining after a transfer command
- Fix race in transfer connection initialization leading to timeouts
- No-transfer timeouts could not be disabled in 0.9.27
- Server startup options in installer had no effect
Version 0.9.27
Fixed bugs:
- An orderly SSL/TLS shutdown was not performed in all cases
- Disallow no-transfer timeouts smaller than 600 seconds
For a more detailed list of changes, please have a look at the CVS changelog located at http://filezilla-project.org/changelog.php?type=2.
Version 0.9.26
Fixed bugs:
- Downloading empty files over TLS connections no longer closes the connection prematurely
- Updated to latest OpenSSL version
Version 0.9.25
Fixed bugs:
- Implement OPTS MLST as required by RFC 3659
- Add some more validation to prevent "Protocol Error, invalid data" errors
- Attempt to fix problems with certificate loading some users are experiencing
Version 0.9.24
Fixed bugs:
- Fix MFMT command from not accepting all valid dates
- Fix keysize selection in certificate generation dialog
- Updated to latest OpenSSL version
Version 0.9.23
New features:
- Add support for MFMT command to change file modification time
- Add basic autoban implementation for the paranoid server admins
- Add TYPE L 8 as an alias for TYPE I
Fixed bugs:
- Fix some timezone issues
- Fix CTRL+C for message log
Version 0.9.22
Fixed bugs:
- Fix denial of service vulnerability due to nullpointer dereference.
- Added support for broken clients sending CWD command without arguments.
Version 0.9.21
Changed features:
- The default address for the "Retrieve external IP address from:" option has changed.
Fixed bugs:
- Fix SSL related issue on empty directory listings
Version 0.9.20
New features:
- Add option to ban user to the context menu of the connected users list.
Fixed bugs:
- Fix SSL shutdown behaviour, fixes compatibility with some clients.
- Internal changes to allow larger lists of banned IP addresses.
- Improved datasocket creation in active mode.
Version 0.9.19
Fixed bugs:
- Updated to OpenSSL 0.9.8d due to security vulnerabilites in OpenSSL
Version 0.9.18
Fixed bugs:
- Fix MLSD command not displaying all aliases
- Fix keyboard nagivation in settings dialog
- Added OPTS UTF8 OFF command
Version 0.9.17
Fixed bugs:
- Fix critical buffer overflow in admin interface. Remote code execution with the rights of the user running the admin interface might have been possible. Only the interface was affected, the service was unaffected.
- Fix memory leak in service
- Compatibility fixes for systems with more than one CPU
Version 0.9.16
Fixed bugs:
- Fix conversion problem if any configuration data had a non-English character.
- Internal changes to make whole service use Unicode
- Fix explicit SSL (0.9.16a)
- Fix buffer overflow in settings dialog (0.9.16b)
- Fix problem with list of connected users (0.9.16c)
Version 0.9.15
New features:
- UTF-8 support as specified in RFC 2640. As result, the minimum required Windows version is now Windows 2000.
Fixed bugs:
- SSL file truncation problem
- Compatiblity fix for NAT-in-NAT environments
- Compatibility with clients sending the STRU command
- Fix loading of aliases in UNC format
Version 0.9.14
Fixed bugs:
- Fixed problem with SSL transfers aborting or even crashing the server.
Version 0.9.13
New features:
- Option to not use external ip address in passive mode if client is within local network. Enabled by default.
- Option to ignore the address given in the PORT command if it's from an unrouteable address range, but the client has a routeable address. Enabled by default.
Fixed bugs:
- Fixed problems with the case-(in)sensitivity of aliases
- (0.9.13b) Fixed passive mode problems introduced in 0.9.13
Version 0.9.12
New features:
- Alias targets can now be virtual paths as well
- Add option to allow reading of files which are opened for writing by another process
- Always require a set password even for local connections now. If you don't remember your password, delete it from FileZilla Server.xml
- Workaround for SMC routers with P@SW bug
- Added SITE NAMEFMT command with "1" as only supported naming format. Required by at least one client running on AS/400 server.
Fixed bugs:
- Don't allow AUTH SSL/TLS command if already using SSL/TLS, broadcast SSL/TLS availability in FEAT response
Version 0.9.11
Fixed bugs:
- No longer freezes if using a password protected keyfile.
- It was not possible to access filenames starting with multiple dots
Version 0.9.10
New features:
- Option to force SSL login for selected users/groups
Fixed bugs:
- SSL mode fixes, fix truncated downloads
- fix creation of multiple ports if not bound to all IP addresses
Version 0.9.9
New features:
- Option to force PROT P for SSL/TLS connections.
Fixed bugs:
- Now compiled against zlib 1.2.3 to fix potential security vulnerability
Version 0.9.8c
Fixed bugs:
- Sometimes file downloads aborted prematurely leading to incomplete files.
- Don't send MODE Z in FEAT response if MODE Z has been disabled.
Version 0.9.8b
New features:
- Added option to set socket buffer size, increased default buffer sizes
Fixed bugs:
- Wildcards in argument to LIST command were not handled properly
- Use proper reply code for AUTH SSL and AUTH TLS commands
Version 0.9.8
New features:
- Service and Admin interface can be installed separately in the installer
Fixed bugs:
- Infinite loop if user disconnects while throttled by anti-hammering code
- Accept PBSZ command if using SSL/TLS
Version 0.9.7
New features:
- Option to force explicit SSL
Fixed bugs:
- Available bandwidth was not distributed properly if using speedlimits
- possible crash after closing client connections if using SSL
- time based speed limits over midnight did not work properly
- Connection freeze after SSL initialization
- taking server offline and back online did not work properly if used multiple times in a row
- fix infinite loop if speedlimits are enabled
Version 0.9.6a
fixed bugs:
- Sockets for admin interface or transfer connections could not be created on all systems
- Input box for the listen ports did not accept separator characters.
- reserved MSDOS device name did not work properly
Version 0.9.6
New features:
- SSL/TLS encryption. This feature is still experimental, use at your own risk.
Fixed bugs:
- Infinite loop on file uploads or directory listings if using zlib compression
- Sending commands with filenames as arguments which did contain reserved MSDOS device names (such as NUL, CON, COM1, LPT1) could freeze FileZilla Server on older systems. Those filenames are now considered invalid
- Fixed crash if taking server offline
- Connection limits for users did not work as intended
- The /reload-config command line switch has been fixed
Version 0.9.5
fixed bugs:
- Typo in anti-hammering code, delayed connections were never unstalled
- Aliases for directories containing :u did not work if username did contain uppercase chars
- If renaming groups, adjust user accounts accordingly
- If deleting groups which are in use, ask what to do with the affected users
- Use same network interface for transfer connection as for the control connection to solve some firewall issues, patch by dartonw
Version 0.9.4e
fixed bugs:
- Fixed buffer overflow in admin interface
- Aliases did not always display in NLST listings
Version 0.9.4
new features:
- List of connected users displays more details: IP, current file, progress and speed. Based on patch by "Tropics"
- Admininterface reconnects automatically after connection loss
- Folders to which the user has no access, won't be displayed in directory listings
- All IP filters can now also filter hostnames using regular expressions, based on patch from Sebastian Schuberth
- implemented MLSD and MLST commands
- implemented ALLO command
- If user password in settings file is not 32 characters long (and thus not a MD5 hash) convert it to a MD5 hash.
removed features:
The permissions handling code has been simplified a lot. In the process
some features as described above have been removed, partially due to
better alternatives.
-
Removed non-relative directory structure mode.
It did expose the servers physical directory structure.
Also there were some bugs regarding this mode in the previous code.
-
Removed "Resolve Shortcuts" option. Aliases are more flexible since
they allow username replacement (using :u) and don't depend on
some files on your drive which could be replaced by other applications.
fixed bugs:
- Dashes as prefix for command line options did not work
- Time pickers in speedlimit rule dialog did change type to date pickers.
- Internal changes for 64bit portability
- Fixed rare crash which could occur whenever a user disconneced
- Fixed crashes if stopping server
- Use proper reply for MKD commands to already existing directories
- No longer display folder selection dialog for remote administration sessions.
- Internal changes to reduce CPU load
Version 0.9.3
new features:
-
Welcome messages can be hidden to no longer display in the interface and logfiles.
Based on patch by Jason Jackson.
- Max. Welcome message size greatly increased
fixed bugs:
-
security fix for zlib which could lead to denial of service attacks
if MODE Z transfers are allowed.
Version 0.9.2
new features:
- increased speed of admin interface
- implemented anti-hammering code to prevent brute force password cracking.
Can't be disabled for good reason.
Version 0.9.1
new features:
- Directory aliases to simplify usage of virtual file system
- IP filter to limit access to server
- Users / groups can be disabled
- Comments field for users and groups
- Added HELP command (0.9.1b)
fixed bugs:
- ip filter did not work properly together with groups (0.9.1a)
- fixed deadlock in external IP check and speed limit code
- fixed infinite loop in zlib mode
- speed limits were not calculcated properly
- wrong timezone was used in speed limit rules
- global speed limits weren't initialized properly
- fixed error message if editing speed limit rules
- groups no longer duplicate if opening groups dialog on inactive servers without any user accounts
Version 0.9.0
new features:
- MODE Z file transfer compression
- server listening socket can be bound to specific IPs
fixed bugs:
- server did not shutdown properly
Version 0.8.9
fixed bugs:
- Interface could crash if kicking user
- group ip based connection limit did not work
- fixed alignment of years in directory listings
- fixed crash if listening socket can't be created
- changed MKD return code to 257
Version 0.8.8
new features:
- added hostname support for external PASV IP address
- support for remote IP detection scripts
- config file can be reloaded by calling "FileZilla Server.exe" /reload-config
fixed bugs:
- Fixed format of permissions field in directory listings
- group membership for user accounts wasn't set on startup
- somtimes the last few bytes were missing on uploaded files
- fixed missing titles of users and groups dialog
version 0.8.7
new features and improvements:
- lots of performance improvements:
- connection establishment is up to 100ms faster
- some optimizations in the welcome message, directory listing and permission code
Thanks to Tom Diviney for a lot of testing.
- Improved behaviour of LIST and NLST with arguments, should fix the mget issue, fix provided by Bengt Johannesson
fixed bugs:
- Creation of transfer connection in active mode was not RFC 959 compatible.
- possible fix for stalling GSS transfers
version 0.8.6
new features:
- new log window, it's now possible to select text
fixed bugs:
- due to a bug in the Windows api function CreateDirectory it was possible to create directories with one or more dots at the end of their name.
Such directories can't be accessed or deleted by most programs.
FileZilla Server now checks for dots at the end of diretories and denies creation of such directories.
If you already have such directories on your disk, you can delete them in the console using rmdir \\?\<path>, replace path with the full path of the invalid directory.
- Usergroups no longer change randomly if there are more than one user group.
version 0.8.5:
new features:
- Added server menu to interface with Active and Lock items (same funcionality as the first two icons)
fixed bugs:
- Users without delete permission could delete empty directories
- Files could be renamed over account boundaries
- Locking the server did not work
- Defatult width of users pane was zero if starting the interface on low resolution (800x600 or fewer) monitors.
version 0.8.4:
new features:
- Global as well as user specific speed limits can be set
- Added user groups
- Support for Kerberos GSSAPI authentication
- Transfer buffer size can now be set
version 0.8.3:
new features:
-
remote administration
-
logging to file
fixed bugs:
-
admin interface could hang during connect (fixed in 0.8.3a)
-
F2 to rename user accounts / dirs in users dialog now works correctly
-
sometimes files sent to clients were not sent correctly
version 0.8.2
fixed bugs:
-
fixed "account duplication" if taking server offline and back
online
-
fixed timeouts, active clients no longer timeout without reason.
version 0.8.1
new features:
fixed bugs:
-
not all account settings could be read correctly from xml
file
-
fixed some bugs in the server <--> interface protocol
-
fixed buffer overflow in server side admin socket class
-
some minor fixes
version 0.8.0:
new features:
-
Separated server from the user interface, interface now runs in
its own process
-
Sever now runs as service under Windows NT4, 2000 and XP
fixed bugs:
-
fixed problems with non relative paths and drive letters.
This should also fix the compatibility to some versions of the IE and other
browsers (fixed by TJ Drennan)
-
fixed crash if a directory did contain files with a year
larger than 2038
-
server no longer sometimes stops responding after issuing
shutdown
version 0.7.4:
new features:
fixed bugs:
-
added warning if accepting a new connection failed. Some
bad firewalls do allow creating listen sockets and pass through connection
attempts but block accepting them.
-
fixed some problems with the socket class
-
fixed GDI-resource leak
version 0.7.3:
fixed bugs:
-
improved thread responsiveness to messages
-
fixed display of transferrate
-
reduced flicker of main window while resizing
-
when deleting a user, the user data could get mixed up
-
now no error message appears when "Enable custom PASV settings"
is disabled
-
now NULL passwords are supported if an account does not require
a password (anonymous for example)
-
"Maximum connection count" for user accounts did not work
version 0.7.2:
new features:
-
added custom PASV IP and port settings
-
added XCUP, XPWD, XMKD, XRMD and NOP commands
fixed bugs:
-
QUIT works without beeing logged on
-
Telnet commands no longer show up in message log
-
fixed cancel button in users dialog not working properly
-
added missing users dialog menu entry
version 0.7.1:
fixed bugs:
-
fixed problems with usernames containing uppercase
characters
-
fixed installer creating source project shortcut in wrong
directory
-
fixed security hole, could list directories outside your
ftproot.
version 0.7:
enhanced features:
-
new Winsock wrapper class, should increase performance a little bit
-
prepared the use of format specifications in welcome message. If
you had used a custom welcome message before using version 0.7, you would have
to reenter the message.
fixed bugs:
-
fixed problem with LIST and NLST command and parameters
-
files are now stored with the names passed with the STOR command, no
longer all lowercase
-
correct handling of quoted arguments
version 0.6:
new features:
-
custom welcome message
-
server port can be changed without having to manually close and
reopen it.
-
increased performance under heavy load
-
added NLST and MDTM (last modified time) commands
-
crash log generation
fixed bugs:
version 0.5.2 beta:
fixed bugs:
version 0.5.1 beta:
fixed bugs:
version 0.5 beta:
new featurs:
fixed bugs:
version 0.4 beta:
new features:
fixed bugs:
-
sometimes permissions could not be retrieved due to a bug in
GetRealDirectory(), permission was always denied.
-
when using APPE or "REST x" (x!=0), it was possible to upload
new files in folders with append permission but no write permission.
-
fixed some minor bugs
version 0.3 beta:
new features:
enhanced features:
fixed bugs:
version 0.2 beta:
new features:
fixed bugs:
-
MKD could not create multiple directory levels at once
-
files were not sent completely to clients
-
some problems in the users dialog
-
control channel now sends line endings with <CRLF> as specified
in RFC 959 instead of <LF>
-
InitTransfer called too early in some rare cases
-
a whole bunch of bugs causing crashes or freezes
version 0.1 beta:
new featuers:
-
options dialog
-
timeout and no transfer timeout
-
port selection
-
number of threads can be selected
-
max number of users
-
user-specific bypass max user and local max user setting
-
all connected users are displayed on the right pane of the
main window
-
added systray icon
-
bounce attack / fxp protection
-
ABOR command implemented
-
now only one file transfer and one directory listing can
be active at the same time, so you can still browse the server during file
transfers.
fixed bugs:
-
sometimes the threads were not shut down correctly with
FileZilla
-
fixed some issues in the user account manager
-
Server could crash if a new transfer was initiated while
another transfer is still active.
version 0.0.2 alpha:
new features:
fixed bugs:
version 0.0.1 alpha:
first public release
new features:
|