Version 11.3.2_0
11.3.2 mainly has an security patches and library updates to help with SMB3 connections. ServerBeat bug fix for servers out of sync on their time, Jobs engine improvements in efficiency, and WebSocket optimizations

CrushFTP 11.3.2 been released!



11.3.2
_0:Updated JNQ library for improved Amazon FsX compatibility
11.3.1
_32:fix for ServerBeat getting out of sync when server clocks are off by more then 5 seconds
_31:TOTP has enhancements to allow for SHA256 instead of SHA1...if you use an authenticator app that uses SHA256 (totp_hash_algorithm in prefs.XML)
_30:fix for auto update for all daily builds being ignored
_29:better error displays for WebSocket upload info, faster canceling of uploads, faster cancel and re-upload of same files in WebInterface, updated jar libraries
_28:fix for AS2 MDN responses coming through DMZ
_27:fix for WebSocket downloads that are overwhelming a client browser...now uses dedicated socket for acking chunks
_26:fix for clearing out all old job engine history after applying an update, faster job engine communication, and WebSocket upload/download stability improvements
_25:improvements to job engine communication, clearing old objects, and webdav improvements
_24:fix for ConenctionProfiles and limited admin not understanding an item is a connections profile
_23:fix for purging expired users and replication...race condition could break groups.XML or inheritance.XML
_22:fix for single ServerBeat server without any functional pair servers...it will still become master
_21:fix timeouts on sockets for replication, DMZ, and ServerBeat not correctly honoring the expected timeout for a failed connection
_20:fix for uploads not allowing re-upload of the same filename in the same session
_19:fix for OIDC and OAUTH buttons on login screen not working
_18:fix for TempAccounts and VFS permissions when using MFA via DMZ
_17:added ability to do a mass hashing of passwords on users
_16:increased logging on all cloud protocols and improved error handling on cloud protocols. (S3,OneDrive,Box,etc)
_15:improved feedback for slow azure uploads via WebInterface and improved JobEngine connections and closures
_14:improved job caching to save and reload local cache info avoiding need to re-cache on any restart
_13:improved job handling by utilizing cached job listing instead of making a new request every time
_12:fixed how various reports show user information across multiple User Connection Groups
_11:updated SMB libraries to fix issue with FSX servers and other special cases
_10:fix for blocking uploads for certain filename patterns that didn't match what we expected
_9:added support for un-archiving .tar and .tar.gz using the Unzip task
_9:added support for .tar, tar.gz, .7z archive creation using the Zip task
_8:updated Let'sEncrypt HTP connection handling
_7:added user created date filter for the User Usage report
_6:authentication fix (Credit:Outpost24) and event path trigger handling fixes
11.3.0
_5:updated SFTP library for some minor bug fixes
_4:s3 engine improvements and kms server side encryption fixes for amazon
_3:added ability to check encrypted sizes on SMB3:// locations for PGP downloads and reporting accurate size info. smb3_check_encrypted_header flag
_2:update thread name with current job info for better debugging
_1:added file extensions for WebInterface download blocking
_0:released

11.2.3
_27:updated SMB library to latest with many bug fixes and resolves MFA issues with SFTP through DMZ
_26:removed outdated UniSSO plugin
_25:fixes for MFA and expired passwords, download restrictions with zips, and limited admin directory navigation when multiple levels deep
_24:fix for upcoming share expiration notices
_23:fix for folder listings
_22:fixed expired passwords for SFTP not allowing client to change password
_21:fixes issue with double results of items in emails from events (not CrushTask)
_20:fixes logging bug created in build _19
_19:added flag daily_check_and_auto_update_on_idle to prefs.XML to allow for automated daily updating
_18:fixed bug with PGP keys not being loaded from the keystore correctly for the PGP task in jobs
_17:certificate export now correctly creates a zip of the der and pem encoded files
_16:supports limited admin utilizing connection profiles for remote VFS items
_15:better usage of our own hostname for ServerBeat and replicated servers (ignores our own hostname)
_14:fix for unzip logic and its retries in jobs
_13:updated apache commons jars to help with compression algorithm updates
_12:performance fix for webdav connections
_11:fix for geoip country banning
_10:various fixes and enhancements for PGP key management (rename, permanent delete, restore, hide deleted, change keystore password)
_9:added global geoip blocking options for the server
_8:Initial OIDC support added
_7:fixes for LinkTask when running on other servers
_6:fix for allowing jobs to run on the DMZ via a link task from the internal server Job Scheduler
_5:fix for paste actions in the WebInterface reporting an error
_4:fix for DMZ not tracking archived dashboard history snapshots
_3:share reporting fixes
_2:possible fix for cloudflare HTTP requests that CF destroys the chunked handling on
_1:improved job engine communication when working with large jobs, much more CPU and memory friendly
_0:released. password reset link vulnerability fix (CVE-2024-53552 - credit Stratascale Cyber Research Unit (CRU) team) and (CVE-2024-11986 - credit European Commission, Application Security Testing Services) 11/11/2024
11.2.2
_13:fixed bug with job scheduler not always enforcing one job running at a time. _12:fixed bug related to cookie being tied to source IP
_11:added ability to re-route socket to another port based on IP banning rules
_10:attempting to fix version update cache issues with the WebInterface...browsers should stop having issues.
_9:fix for radius using PAP not giving a proper timeout message when bad credentials are used
_9:fix for MFA/OTP tokens with SFTP logins
_8:added sign and digest method to SAML plugin
_7:fixed automated update system to not leave behind tmp files on windows
_6:added flag for making SMB3 use old DNS resolution config (smb3_old_resolve_settings)
_6:added flag for all http connections to sue proxy (use_proxy_setings_for_all_http_call)
_5:added signing method to SAML plugin, default is still SHA1
_4:added config for SAML on Canonicalization Method and fixes bug with WinSCP and .filepart extensions for job flows
_3:fix for MFA tokens when going through DMZ
_2:improved update system to handle routing through DMZ or Internal server if one side is blocked and simplified the update mechanism
_1:remote job engines now use SSL for communication
_0:new version of SMB3 libraries to address slowness in DNS/reverse DNS resolution for shares

11.2.1
_23:bug with server engine not passing responses to things back to jobs engine
_22:fixed bug with logging for jobs
_21:fixed invalid references to {path} variable in events
_20:More improvements to Jobs engines running remotely
_19:Jobs engine has support for a pool of job servers now, no change for existing users by default, wiki articles coming soon.
_18:fixed an issue with memory leak of log data not being cleared in jobs engine
_17:converted update system to use our own HTTPClient mechanism to better support HTTP proxies for outbound connections
_16:fix for not getting login page but instead getting access denied page when you have a bad cookie
_15:efficiency improvements to jobs engine communication with server engine
_14:fixes for HTML emails and Link tasks with async job trigger
_13:fix for ServerBeat and shutdown process not always releasing the IP
_12:improvements to job engine to use less CPU when running events and scheduled jobs
_11:improvements to job engine communication to speed things up and prevent overloading issues
_10:SMB3 fixes for long delays on login/logoff, reading from zip files, and setting modified time of files
11.2.0
_9:fix for # characters in URLs
_8:added separate prefs controls for s3 uploaded_by and s3 md5
_7:fix same update popup notifications when there is no update, fix for url encoding of # character
_6:fix for never ban username not working
_5:added error checking for checking for updates to notify you if the server can't be reached
_4:updated SMB3 library with minor bug fixes
_3:fixes for share customizations and UI display issues
_2:fix for double url encoding on DMZ listings causing failures
_1:fix for javascript files not always downloading correctly
_0:Vulnerability patches for two different XSS exploits. DMZ users are not affected by one of them. CVE details will come later
_0:One XSS was related to a stored XSS vulnerability where an admin may trigger javascript at a later time, resulting in hidden changes being done from admin session
_0:2nd XSS was related to having a user click a specially crafted link...and if they were an admin, then hidden changes could be done from the admin session
_0:Updated SMB3 libraries for additional compatibility and bug fixes

11.1.0
_0:VULNERABILITY PATCH FOR AUTHENTICATED SESSIONS. DMZ users unaffected for now, but still should update immediately!
_1:fixed bug with admin actions being blocked
_2:fix bug with saving some jobs
_3:improved update status messages
_4:fixed Radius plugin so it works again
_5:many UI fixes for WebInterface shares and other minor UI tweaks.
_6:bug fix for HomeDirectory plugin in v11 not handling the user VFS config, and memory leak fix for Jobs engine
_7:improvements to Radius logging, and fix for replication allowing many threads to be opened when a replication server is not responding quickly
_8:fix for Radius based logins
_9:fix for MFA/OTP codes not displaying for entry on the WebInterface
_10:added logging for jobs engine communication object sizes
_11:fix for using DMZ for outbound connections in jobs and WebDAV fixes (reverted recent WebDAV changes)
_12:fix for using DMZ for outbound connections in jobs
_13:fix for jobs engine not honoring logging debug level
_14:fixed bug with S3Crush segmented downloads missing their last segment and downloads hanging
_15:fix issue with WebInterface not loading in _14
_16:fixes for URLs with special characters in the password due to changes starting with Java21 and WebInterface old code cleanup
_17:fix for IPs not always being tracked correctly in HTTP session
_18:rolled back password fixes for Java 21 that were causing problems for DMZ server connections
_19:rolled back IP changes for cookies, re-implemented password fixes for Java21
_20:fixed on remote job runs in managed agent, fix for sharepoint cache, rename retries for cut/paste, posix fix on VFS permissions, and renaming job fix for running jobs
_21:updated SFTP libraries to fix compatibility for some clients, fix for attaching files from remote locations in jobs, and fix for SMB3:// not being able to set modified time on files

11.0.1
Changes:
_11:jar file cleanup files
_12:updated javamail to latest, streamlined how SAML plugin operates to not need custom JVM flags
_13:updated all BouncyCastle jar files
_14:updated jQuery 1.12.1 to 1.13.2
_15:cleaned up old BouncyCastle jar files left over.
_17:cleanup of old beta code
_18:added some conditional Job logic capabilities
_19:re-written ServerBeat logic to handle more complex scenarios, as many priorities as needed, and as many servers as needed.
_20:updated BouncyCastle jars and SFTP libraries
_22:removed offending "bcprov-ext-jdk18on-1.78.jar" for being unsigned and causing all encryption activities to fail (Let'sEncrypt, SFTP, PGP, AS2, etc)
_23:improved Replication to avoid blocks when a server is offline
_25:the temporary acceptance of v10 codes in Crush v11 is no longer allowed, you must have an upgraded v11 code, not v10 code.
_26:architectural changes for the Replication with multiple servers and performance improvements for Jobs engine to server communication

Fixes:
_1:fixed recursive deletes on certain SMB3 servers
_2:fixed issues with WebSocket based transfers
_3:better logged in active session preservations across updates
_4:fixes for WebSocket based multiplexed downloads
_5:many fixes for WebSocket based transfers, and for Jobs engine running on Windows
_6:fix for pgp passwords stored in an old format
_7:fixes for WebSocket advanced upload/download and multi-threaded s3 downloads
_8:updated SFTP libraries to fix some StrictKex compatibility issues
_9:fixed problem where JOB_BROKER was stealing the update process...prior to _9 you may need to do a full restart
_10:fixed I forgot my Password link not working. There have also been fixes related to the ad-hoc sharing panel.
_13:fixed stop/pause/resume button not working on jobs
_16:fixed bug with email based PGP keys that were imported and had invalid names
_18:fixed proxy_protocol_ftp_pasv code that was not ported forward from v10
_21:changed how BouncyCastle is globally loaded
_24:fixed jobs to preserve sftp private key between find/copy steps
_27:fixes bug where user variables were not present in events they triggered
_28:fixes for jobs not running
_29:fixed some memory leaks related to replication and jobs engine
_30:fixed the restore user menu in the UserManager for difference User Connection Groups scenarios