Version 11.2.3_3

<br>
11.2.3 mainly has a password reset link vulnerability fix and job engine fixes<br/>
<h2>CrushFTP 11.2.3 been released!</h2><br>
<br/>
11.2.3<br/>
_3:share reporting fixes<br/>
_2:possible fix for cloudflare HTTP requests that CF destroys the chunked handling on<br/>
_1:improved job engine communication when working with large jobs, much more CPU and memory friendly<br/>
_0:released<br/>
11.2.2<br/>
_13:fixed bug with job scheduler not always enforcing one job running at a time.
_12:fixed bug related to cookie being tied to source IP<br/>
_11:added ability to re-route socket to another port based on IP banning rules<br/>
_10:attempting to fix version update cache issues with the WebInterface...browsers should stop having issues.<br/>
_9:fix for radius using PAP not giving a proper timeout message when bad credentials are used<br/>
_9:fix for MFA/OTP tokens with SFTP logins<br/>
_8:added sign and digest method to SAML plugin<br/>
_7:fixed automated update system to not leave behind tmp files on windows<br/>
_6:added flag for making SMB3 use old DNS resolution config (smb3_old_resolve_settings)<br/>
_6:added flag for all http connections to sue proxy (use_proxy_setings_for_all_http_call)<br/>
_5:added signing method to SAML plugin, default is still SHA1<br/>
_4:added config for SAML on Canonicalization Method and fixes bug with WinSCP and .filepart extensions for job flows<br/>
_3:fix for MFA tokens when going through DMZ<br/>
_2:improved update system to handle routing through DMZ or Internal server if one side is blocked and simplified the update mechanism<br/>
_1:remote job engines now use SSL for communication<br/>
_0:new version of SMB3 libraries to address slowness in DNS/reverse DNS resolution for shares<br/>
<br/>
11.2.1<br/>
_23:bug with server engine not passing responses to things back to jobs engine<br/>
_22:fixed bug with logging for jobs<br/>
_21:fixed invalid references to {path} variable in events</br>
_20:More improvements to Jobs engines running remotely<br/>
_19:Jobs engine has support for a pool of job servers now, no change for existing users by default, wiki articles coming soon.<br/>
_18:fixed an issue with memory leak of log data not being cleared in jobs engine<br/>
_17:converted update system to use our own HTTPClient mechanism to better support HTTP proxies for outbound connections<br/>
_16:fix for not getting login page but instead getting access denied page when you have a bad cookie<br/>
_15:efficiency improvements to jobs engine communication with server engine<br/>
_14:fixes for HTML emails and Link tasks with async job trigger<br/>
_13:fix for ServerBeat and shutdown process not always releasing the IP<br/>
_12:improvements to job engine to use less CPU when running events and scheduled jobs<br/>
_11:improvements to job engine communication to speed things up and prevent overloading issues<br/>
_10:SMB3 fixes for long delays on login/logoff, reading from zip files, and setting modified time of files<br/>
11.2.0<br/>
_9:fix for # characters in URLs<br/>
_8:added separate prefs controls for s3 uploaded_by and s3 md5<br/>
_7:fix same update popup notifications when there is no update, fix for url encoding of # character<br/>
_6:fix for never ban username not working<br/>
_5:added error checking for checking for updates to notify you if the server can't be reached<br/>
_4:updated SMB3 library with minor bug fixes<br/>
_3:fixes for share customizations and UI display issues<br/>
_2:fix for double url encoding on DMZ listings causing failures<br/>
_1:fix for javascript files not always downloading correctly<br/>
_0:Vulnerability patches for two different XSS exploits.  DMZ users are not affected by one of them.  CVE details will come later<br/>
_0:One XSS was related to a stored XSS vulnerability where an admin may trigger javascript at a later time, resulting in hidden changes being done from admin session<br/>
_0:2nd XSS was related to having a user click a specially crafted link...and if they were an admin, then hidden changes could be done from the admin session<br/>
_0:Updated SMB3 libraries for additional compatibility and bug fixes<br/>
<br/>
11.1.0<br/>
_0:VULNERABILITY PATCH FOR AUTHENTICATED SESSIONS.  DMZ users unaffected for now, but still should update immediately!<br/>
_1:fixed bug with admin actions being blocked<br/>
_2:fix bug with saving some jobs<br/>
_3:improved update status messages<br/>
_4:fixed Radius plugin so it works again<br/>
_5:many UI fixes for WebInterface shares and other minor UI tweaks.<br/>
_6:bug fix for HomeDirectory plugin in v11 not handling the user VFS config, and memory leak fix for Jobs engine<br/>
_7:improvements to Radius logging, and fix for replication allowing many threads to be opened when a replication server is not responding quickly<br/>
_8:fix for Radius based logins<br/>
_9:fix for MFA/OTP codes not displaying for entry on the WebInterface<br/>
_10:added logging for jobs engine communication object sizes<br/>
_11:fix for using DMZ for outbound connections in jobs and WebDAV fixes (reverted recent WebDAV changes)<br/>
_12:fix for using DMZ for outbound connections in jobs<br/>
_13:fix for jobs engine not honoring logging debug level<br/>
_14:fixed bug with S3Crush segmented downloads missing their last segment and downloads hanging<br/>
_15:fix issue with WebInterface not loading in _14<br/>
_16:fixes for URLs with special characters in the password due to changes starting with Java21 and WebInterface old code cleanup<br/>
_17:fix for IPs not always being tracked correctly in HTTP session<br/>
_18:rolled back password fixes for Java 21 that were causing problems for DMZ server connections<br/>
_19:rolled back IP changes for cookies, re-implemented password fixes for Java21<br/>
_20:fixed on remote job runs in managed agent, fix for sharepoint cache, rename retries for cut/paste, posix fix on VFS permissions, and renaming job fix for running jobs<br/>
_21:updated SFTP libraries to fix compatibility for some clients, fix for attaching files from remote locations in jobs, and fix for SMB3:// not being able to set modified time on files<br/>
<br/>
11.0.1<br/>
<b>Changes:</b><br/>
_11:jar file cleanup files<br/>
_12:updated javamail to latest, streamlined how SAML plugin operates to not need custom JVM flags<br/>
_13:updated all BouncyCastle jar files<br/>
_14:updated jQuery 1.12.1 to 1.13.2<br/>
_15:cleaned up old BouncyCastle jar files left over.<br/>
_17:cleanup of old beta code<br/>
_18:added some conditional Job logic capabilities<br/>
_19:re-written ServerBeat logic to handle more complex scenarios, as many priorities as needed, and as many servers as needed.<br/>
_20:updated BouncyCastle jars and SFTP libraries<br/>
_22:removed offending "bcprov-ext-jdk18on-1.78.jar" for being unsigned and causing all encryption activities to fail (Let'sEncrypt, SFTP, PGP, AS2, etc)<br/>
_23:improved Replication to avoid blocks when a server is offline<br/>
_25:the temporary acceptance of v10 codes in Crush v11 is no longer allowed, you must have an upgraded v11 code, not v10 code.<br/>
_26:architectural changes for the Replication with multiple servers and performance improvements for Jobs engine to server communication<br/>
<br/>
<b>Fixes:</b><br/>
_1:fixed recursive deletes on certain SMB3 servers<br/>
_2:fixed issues with WebSocket based transfers<br/>
_3:better logged in active session preservations across updates<br/>
_4:fixes for WebSocket based multiplexed downloads<br/>
_5:many fixes for WebSocket based transfers, and for Jobs engine running on Windows<br/>
_6:fix for pgp passwords stored in an old format<br/>
_7:fixes for WebSocket advanced upload/download and multi-threaded s3 downloads<br/>
_8:updated SFTP libraries to fix some StrictKex compatibility issues<br/>
_9:fixed problem where JOB_BROKER was stealing the update process...prior to _9 you may need to do a full restart</br>
_10:fixed I forgot my Password link not working.  There have also been fixes related to the ad-hoc sharing panel.<br/>
_13:fixed stop/pause/resume button not working on jobs<br/>
_16:fixed bug with email based PGP keys that were imported and had invalid names<br/>
_18:fixed proxy_protocol_ftp_pasv code that was not ported forward from v10<br/>
_21:changed how BouncyCastle is globally loaded<br/>
_24:fixed jobs to preserve sftp private key between find/copy steps<br/>
_27:fixes bug where user variables were not present in events they triggered<br/>
_28:fixes for jobs not running<br/>
_29:fixed some memory leaks related to replication and jobs engine<br/>
_30:fixed the restore user menu in the UserManager for difference User Connection Groups scenarios<br/> 
<br/>
<br/>