Version 11.2.3_0
11.2.3 mainly has a password reset link vulnerability fix and job engine fixes
CrushFTP 11.2.3 been released!
11.2.3
_0:released
11.2.2
_13:fixed bug with job scheduler not always enforcing one job running at a time.
_12:fixed bug related to cookie being tied to source IP
_11:added ability to re-route socket to another port based on IP banning rules
_10:attempting to fix version update cache issues with the WebInterface...browsers should stop having issues.
_9:fix for radius using PAP not giving a proper timeout message when bad credentials are used
_9:fix for MFA/OTP tokens with SFTP logins
_8:added sign and digest method to SAML plugin
_7:fixed automated update system to not leave behind tmp files on windows
_6:added flag for making SMB3 use old DNS resolution config (smb3_old_resolve_settings)
_6:added flag for all http connections to sue proxy (use_proxy_setings_for_all_http_call)
_5:added signing method to SAML plugin, default is still SHA1
_4:added config for SAML on Canonicalization Method and fixes bug with WinSCP and .filepart extensions for job flows
_3:fix for MFA tokens when going through DMZ
_2:improved update system to handle routing through DMZ or Internal server if one side is blocked and simplified the update mechanism
_1:remote job engines now use SSL for communication
_0:new version of SMB3 libraries to address slowness in DNS/reverse DNS resolution for shares
11.2.1
_23:bug with server engine not passing responses to things back to jobs engine
_22:fixed bug with logging for jobs
_21:fixed invalid references to {path} variable in events
_20:More improvements to Jobs engines running remotely
_19:Jobs engine has support for a pool of job servers now, no change for existing users by default, wiki articles coming soon.
_18:fixed an issue with memory leak of log data not being cleared in jobs engine
_17:converted update system to use our own HTTPClient mechanism to better support HTTP proxies for outbound connections
_16:fix for not getting login page but instead getting access denied page when you have a bad cookie
_15:efficiency improvements to jobs engine communication with server engine
_14:fixes for HTML emails and Link tasks with async job trigger
_13:fix for ServerBeat and shutdown process not always releasing the IP
_12:improvements to job engine to use less CPU when running events and scheduled jobs
_11:improvements to job engine communication to speed things up and prevent overloading issues
_10:SMB3 fixes for long delays on login/logoff, reading from zip files, and setting modified time of files
11.2.0
_9:fix for # characters in URLs
_8:added separate prefs controls for s3 uploaded_by and s3 md5
_7:fix same update popup notifications when there is no update, fix for url encoding of # character
_6:fix for never ban username not working
_5:added error checking for checking for updates to notify you if the server can't be reached
_4:updated SMB3 library with minor bug fixes
_3:fixes for share customizations and UI display issues
_2:fix for double url encoding on DMZ listings causing failures
_1:fix for javascript files not always downloading correctly
_0:Vulnerability patches for two different XSS exploits. DMZ users are not affected by one of them. CVE details will come later
_0:One XSS was related to a stored XSS vulnerability where an admin may trigger javascript at a later time, resulting in hidden changes being done from admin session
_0:2nd XSS was related to having a user click a specially crafted link...and if they were an admin, then hidden changes could be done from the admin session
_0:Updated SMB3 libraries for additional compatibility and bug fixes
11.1.0
_0:VULNERABILITY PATCH FOR AUTHENTICATED SESSIONS. DMZ users unaffected for now, but still should update immediately!
_1:fixed bug with admin actions being blocked
_2:fix bug with saving some jobs
_3:improved update status messages
_4:fixed Radius plugin so it works again
_5:many UI fixes for WebInterface shares and other minor UI tweaks.
_6:bug fix for HomeDirectory plugin in v11 not handling the user VFS config, and memory leak fix for Jobs engine
_7:improvements to Radius logging, and fix for replication allowing many threads to be opened when a replication server is not responding quickly
_8:fix for Radius based logins
_9:fix for MFA/OTP codes not displaying for entry on the WebInterface
_10:added logging for jobs engine communication object sizes
_11:fix for using DMZ for outbound connections in jobs and WebDAV fixes (reverted recent WebDAV changes)
_12:fix for using DMZ for outbound connections in jobs
_13:fix for jobs engine not honoring logging debug level
_14:fixed bug with S3Crush segmented downloads missing their last segment and downloads hanging
_15:fix issue with WebInterface not loading in _14
_16:fixes for URLs with special characters in the password due to changes starting with Java21 and WebInterface old code cleanup
_17:fix for IPs not always being tracked correctly in HTTP session
_18:rolled back password fixes for Java 21 that were causing problems for DMZ server connections
_19:rolled back IP changes for cookies, re-implemented password fixes for Java21
_20:fixed on remote job runs in managed agent, fix for sharepoint cache, rename retries for cut/paste, posix fix on VFS permissions, and renaming job fix for running jobs
_21:updated SFTP libraries to fix compatibility for some clients, fix for attaching files from remote locations in jobs, and fix for SMB3:// not being able to set modified time on files
11.0.1
Changes:
_11:jar file cleanup files
_12:updated javamail to latest, streamlined how SAML plugin operates to not need custom JVM flags
_13:updated all BouncyCastle jar files
_14:updated jQuery 1.12.1 to 1.13.2
_15:cleaned up old BouncyCastle jar files left over.
_17:cleanup of old beta code
_18:added some conditional Job logic capabilities
_19:re-written ServerBeat logic to handle more complex scenarios, as many priorities as needed, and as many servers as needed.
_20:updated BouncyCastle jars and SFTP libraries
_22:removed offending "bcprov-ext-jdk18on-1.78.jar" for being unsigned and causing all encryption activities to fail (Let'sEncrypt, SFTP, PGP, AS2, etc)
_23:improved Replication to avoid blocks when a server is offline
_25:the temporary acceptance of v10 codes in Crush v11 is no longer allowed, you must have an upgraded v11 code, not v10 code.
_26:architectural changes for the Replication with multiple servers and performance improvements for Jobs engine to server communication
Fixes:
_1:fixed recursive deletes on certain SMB3 servers
_2:fixed issues with WebSocket based transfers
_3:better logged in active session preservations across updates
_4:fixes for WebSocket based multiplexed downloads
_5:many fixes for WebSocket based transfers, and for Jobs engine running on Windows
_6:fix for pgp passwords stored in an old format
_7:fixes for WebSocket advanced upload/download and multi-threaded s3 downloads
_8:updated SFTP libraries to fix some StrictKex compatibility issues
_9:fixed problem where JOB_BROKER was stealing the update process...prior to _9 you may need to do a full restart
_10:fixed I forgot my Password link not working. There have also been fixes related to the ad-hoc sharing panel.
_13:fixed stop/pause/resume button not working on jobs
_16:fixed bug with email based PGP keys that were imported and had invalid names
_18:fixed proxy_protocol_ftp_pasv code that was not ported forward from v10
_21:changed how BouncyCastle is globally loaded
_24:fixed jobs to preserve sftp private key between find/copy steps
_27:fixes bug where user variables were not present in events they triggered
_28:fixes for jobs not running
_29:fixed some memory leaks related to replication and jobs engine
_30:fixed the restore user menu in the UserManager for difference User Connection Groups scenarios