Version 10.0.0

YOU ARE VULNERABLE IF YOU DON'T UPGRADE! Minimum safe version is 10.5.1.




CrushFTP 7.8.0 - 08/28/2017
New:
_0:released
_5:added replicate_jobs_sync for offline job edit sync
_7:ssl/tls client side renegotiation is blocked by default
_15:added support for preview and exif info generation from remote locations
_16:added control for webdav agent learning
_24:added failure message types to security alerts
_25:added custom http header configuration support
_26:fix for WinSCP uploads with temp names and upload events
_28:CrushTask re-factoring for compatibility with v8 features
_38:added support for SHA512Crypt password format
_49:added verbose flag for DMZ socket information (debug_socks_log)
_50:increased DMZ debug logging
_55:added support for text functions in LDAP plugin
_56:faster s3 VFS item access, and fix for saving preference items on DMZ instances
_58:dmz routes alerts through internal server
_60:added connection pooling support to CrushTask Move/Copy _62:added preliminary hadoop client support
_67:hadoop support
_69:added flag for controlling DMZ messaging mode using notify/wait or sleep.


Fixes: _1:fixed uploads via web browsers
_2:fix for run on dmz, all recursive
_3:fix for XML sanitization
_4:fix for PGP decrypt on the fly
_6:fix for session timeout on download when zipping on the fly and going through DMZ
_8:fix for inheritance of expiring accounts
_9:CrushTask build fix.
_10:fix for starting ServerBeat ports.
_11:fix for error scenarios with bad paths in the User Manager display
_12:fix for run all DMZ recursive Link tasks in Jobs.
_13:fix for AS2 incoming file handling
_14:fix for AS2 async incoming file handling and Preview generation on remote items
_17:sftp client library update
_18:fix for folder monitor deleting subitems when a folder's modified date was old, but subitems were new
_19:faster DMZ command processing
_20:fix for multi_journaling when not enabled
_21:fix for DMZ and bad SSH logins
_22:fix for recent drives
_23:fix for CrushTask delete and process first flag not being honored
_27:fix for replication and PGP on the fly scenarios
_29:fix for sharing with a required email from domain
_30:fix for outbound emails and some plugins
_31:fix for CSV imports and linked_vfs
_32:fix for SQL to XML export loosing blank email field
_33:updated SFTP libraries to fix public key parsing bug for OpenSSH public key files
_34:fix for expired SFTP license.
_35:fix for bad serve-u paths in sftp
_36:fix for debug logging about alerts
_37:fix to honor ASCII mode setting on Find/Copy actions in CrushTask.
_39:fix for deleting s3crush via task flow
_40:fix for bad OpenSSH public key format
_41:fix for replication with encrypted and unencrypted transfers going on
_42:fix for ssh keys with multiple optional fields on the end
_43:selfRegistration now works through the DMZ
_44:fix for missing httpOnly cookie flag and issues with bad FTP servers and finding files for CrushTask jobs
_45:fix for SFTP outbound connections not detecting failures properly and dmz stat caching fixes
_46:fix for failed DMZ to internal server logins
_47:fix for curl methods of adding a user's inheritance with setUserItem
_48:fix for MKDIR bug with FTP
_51:fix for DMZ race condition on old data sockets
_52:fix for AS2 task and no files being passed to it throwing error, and failing move task not logging error
_53:fix for download on the fly pgp decryption
_54:fix for username reset password token lookup
_57:fix for s3 caching
_59:fix for replicating 0 byte files
_61:fix for FTP client in Jobs config failing after one file transfer.

_64:replication status tracking
_65:fix for deleting expired template accounts
_68:XML handling fixes
_70:fix for http header issue, redirect bug, and xss issues

CrushFTP 7.7.0 - 07/06/2016

New:
_0:released
_1:added s3_sha256 support for EU west buckets
_7:added mime types to S3 uploads
_17:report admins can see a list of users
_23:added PROT C to outbound FTP client mode
_27:added forced reset with token link for expired passwords: expire_password_email_token_only

Fixes:
_2:fixed AS2 MDN processing.
_3:fix for sharing and {from} in reply-to
_4:fix for deadlock during session replication
_5:password masking in details of job URL fixes
_6:fix for manage shares and download count from DMZ
_8:improvements for cleaning large listings of session/job logs
_9:PGP library update for expired library
_10:fix for VFS collisions handling delete/rename actions
_11:fix for VFS collisions handling delete/rename actions
_12:fix for CrushTask VFS replication with renames
_13:fix for s3 signature issues
_14:fix for s3crush login with serverside encrypt
_15:fix for UNC paths
_16:fix for @ in filenames on windows in jobs, and as2 filename preservation.
_18:fix for serverbeat resets when changing other ports
_19:s3 retry improvements
_20:s3 fixes for signature calculations, and resume for S3Crush.
_21:s3 fixes for resuming downloads
_22:fixed user manager import from CSV using salted MD5 passwords
_24:fix for SFTP public key parsing errors
_25:Fix for Tunnel3 disconnects of FTP clients after 10 minutes
_26:fix for SFTP client uploads indicating can't overwrite a directory with a file.


Version 7.6.0 CrushFTP 7.6.0 - 05/07/2016

New:
_0:released
_1:saves backup copy of DMZ prefs when edited
_6:added gene6 import for user manager.
_8:now supports extra VFS controlling by limited admins
_13:added {working_dir} to hack username URL referencing
_16:temp share links with limited uses give a nice error screen now
_21:adds md5 hashes to PGP encrypted and decrypted files
_24:added replication to User Manager admin actions for new folders
_26:added SQL connection pooling to statistics DB
_30:allow for faster insecure session replication for segregated networks
_31:added "Strict-Transport-Security" by default for 1 year
_38:changed auth cookie to be HttpOnly
_43:added startup_delay to prefs for slow servers, and CrushFTPDrive fix for auto reconnecting after network change.
_49:added flag for ssh_sha1_group_kex_allowed, and adds auto retries for tunnel resets.
_52:optimized CrushSync startup scanning and error recovery for network disconnects
_54:CrushSync detects if sync folder is missing and creates it, and notifies on quota issues
_57:updated PGP libraries to latest version
_61:added copy/paste status and cancel button
_65:added sha256 to as2, and warning if JCE is not using strong cryptography
_69:added as2 mic alg control in prefs: as2_mic_alg
_70:added byte validation for image files in Preview generation

Fixes:
_2:fixes bug that doesn't block multiple job runs if saving state between steps is turned off
_3:fixes (DH_GEX group out of range: 1536 !< 1024 !< 8192) on some linux distros
_4:fix for PASV when using comma in PASV IP list
_5:fix for multi merged VFS not doing PGP encryption
_6:ignore bogus real name in PGP decrypt
_7:fix for sftp properties in copy/move step being inherited wrong
_9:updated builtin certificate to fix java compatibility issue.
_10:fix for DMZ slowness processing logins
_11:fix for extra_vfs items using underscore chars
_12:fixed issue with DELETE events not tracking non FILE protocol deletes
_14:fix for https port startup issue
_15:speed improvements to CrushTask dealing with Jump tasks and large numbers of items
_16:fixes for schedule timing
_17:fix for upload event triggered by rename action
_18:fix for server socket binding to all IPs
_19:fix for error event having no message on aborted downloads
_20:fix for SNI and FTP PASV
_22:fix for PGP encypt not calculating new file size
_23:fix for limited admins and extra VFS entries
_24:fix for hard coded java path on windows, and failed login count tracking
_25:fix for blocked filename chars
_27:fix tolerating bad schedule configurations
_28:fix for DMZ password request reset slowness
_29:fix for java service installs
_32:more java service fixes for windows scenarios. remove and reinstall for the path fix.
_33:updated SFTP libraries to fix SCP
_34:speed improvements for DMZ directory listings
_35:honors disabled ciphers for outbound S3 connections
_36:fix for daily log rolling being missed on systems with many session logs
_37:fix for replicated VFS
_39:fix for SFTP zipstream expansion
_40:fixes for logins in FF and some IE versions
_41:fix for direct linked URLs with user/pass embedded
_42:fix for sftp uploads in DMZ indicating a dir was being replaced and not working
_43:return user manager save errors to the browser
_44:fix for scheduling related to daylight savings time change
_45:fix for showing partially uploaded S3 files everywhere and not just in their faked path
_46:replicated VFS fix for deletes
_47:fixes for SFTP uploads with overwriting of a folder, DMZ and direct
_48:fixes for advanced mode applet not keeping current session
_50:multi_journal and replication stability improvements
_51:fix for CrushTunnel.jnlp logins
_52:fix for CrushSync when dealing with hundreds of thousands of files/folders and multiple sync agents.
_53:fix for CrushSycn startup downloading files with no date set
_55:fix for priorities in ServerBeat and CrushSync folder uploads
_56:added tweaks for multi_journal reliability
_57:fix for pgp encrypting on the fly for downloads
_58:more fixes for data multi_journal data replication
_59:blocks zombie anonymous users, and ssh library updates
_62:fix for long running paste operations
_63:fix for CrushTask Find leaving threads open
_64:fix for DMZ lookup of LDAP public key
_66:fix for temp job cleanup, and filename filters on HTTP downloads
_67:fix for slow PGP downloads
_68:fix for test login on S3CrushClient

Version 7.5.0

CrushFTP 7.5.0 has been released!


7.5.0 improves security, many additional features, bug fixes and ongoing updates to latest best practices for security.


CrushFTP 7.5.0 - 01/08/2016
New:
_1:added redirect in WebInterface for forced preview/download
_5:added flag to control "stor_pooling" for HTTP uploads.
_7:attachment redirector logging improvement, added delete & rename to AccountActivity Report.
_9:sped up the processing of large file lists in Jump task of jobs
_13:added SNI support for FTPES
_15:multithreaded deletes
_20:watches for changes in local DMZ prefs files too
_22:added sha1 flag for SSH, defaults to no sha1 key exchanges

Fixes:
_2:fixed multithreaded upload handling to same HTTP session.
_3:fixed bug with browser uploads
_4:fixed cipher suites for SNI HTTPS sockets.
_6:task error fix for null scenarios
_8:fix for SMB url username/pass replacement
_10:fixes for AttachmentRedirector and folder shares
_11:fix issue with transfer speedometer creating load on session replication. _12:fix for WriteTask and multiple writes to the same file from different locations
_14:fix for video streaming in safari
_16:fix for setting meta_info
_17:fix for unsafe filename char replacement in http uploads
_18:canceling upload in advanced mode didn't report it as canceled
_19:ServerBeat fixes for out of sync server times
_20:fix for ServerBeat and bringing serers back online.
_21:fix for age on ServerBeat
_22:fix for DNS PASV IP reply
_23:security patch

WebInterface changes:
- Fixed issues with events not being saved
- Fixed issue creating new server
- Direct link to preview files fixed
- Date formatting fixed for internal shares
- Explore zip fixed
- New upload customization : Max number of files allowed in a queue, Hide start upload button on individual item
- Fixed home directory not being saved while using plugin in events
- Fixed auto load applet customization issues
- Managing ciphers is easy now, UI updated
- Date format is honored now in reports
- Added TLS client versions
- User can use alternate media file in previews (h264, user defined)
- IE11 theme fix
- Sharing related issues fixed
- Added missing localizations
- VFS linking logic changed
- Fixed issues with removing users not getting removed from groups
- Buttons list is now organized with filters in UserManager
- Fixed ftpes issues
- Added max runtime for the job schedule
- Added support to get history of item and download older version
- Video player UI/progressbar updated
- Added reply-to in email templates
- SAML and LDAPGroup plugin fixes
- Fixed telnet UI issues
- Added export support to SSL items
- Added quick editing roles on SAMLSSO and LDAPGroup
- Added temporary job log settings in preferences
- Added new customizations


CrushFTP 7.4.0 - 11/02/2015
New:
Fixes:


CrushFTP 7.3.0 - 03/11/2015
New:
Fixes:


CrushFTP 7.2.0 - 10/28/2014
New: Fixes:

CrushFTP 7.1.0 - 07/08/2014
New: Fixes:
CrushFTP 7.0.0 - 02/03/2014