Version 10.0.0

YOU ARE VULNERABLE IF YOU DON'T UPGRADE! Minimum safe version is 10.5.1.

CrushFTP 7.8.0 - 08/28/2017
New:
_0:released
_5:added replicate_jobs_sync for offline job edit sync
_7:ssl/tls client side renegotiation is blocked by default
_15:added support for preview and exif info generation from remote locations
_16:added control for webdav agent learning
_24:added failure message types to security alerts
_25:added custom http header configuration support
_26:fix for WinSCP uploads with temp names and upload events
_28:CrushTask re-factoring for compatibility with v8 features
_38:added support for SHA512Crypt password format
_49:added verbose flag for DMZ socket information (debug_socks_log)
_50:increased DMZ debug logging
_55:added support for text functions in LDAP plugin
_56:faster s3 VFS item access, and fix for saving preference items on DMZ instances
_58:dmz routes alerts through internal server
_60:added connection pooling support to CrushTask Move/Copy _62:added preliminary hadoop client support
_67:hadoop support
_69:added flag for controlling DMZ messaging mode using notify/wait or sleep.

Fixes: _1:fixed uploads via web browsers
_2:fix for run on dmz, all recursive
_3:fix for XML sanitization
_4:fix for PGP decrypt on the fly
_6:fix for session timeout on download when zipping on the fly and going through DMZ
_8:fix for inheritance of expiring accounts
_9:CrushTask build fix.
_10:fix for starting ServerBeat ports.
_11:fix for error scenarios with bad paths in the User Manager display
_12:fix for run all DMZ recursive Link tasks in Jobs.
_13:fix for AS2 incoming file handling
_14:fix for AS2 async incoming file handling and Preview generation on remote items
_17:sftp client library update
_18:fix for folder monitor deleting subitems when a folder's modified date was old, but subitems were new
_19:faster DMZ command processing
_20:fix for multi_journaling when not enabled
_21:fix for DMZ and bad SSH logins
_22:fix for recent drives
_23:fix for CrushTask delete and process first flag not being honored
_27:fix for replication and PGP on the fly scenarios
_29:fix for sharing with a required email from domain
_30:fix for outbound emails and some plugins
_31:fix for CSV imports and linked_vfs
_32:fix for SQL to XML export loosing blank email field
_33:updated SFTP libraries to fix public key parsing bug for OpenSSH public key files
_34:fix for expired SFTP license.
_35:fix for bad serve-u paths in sftp
_36:fix for debug logging about alerts
_37:fix to honor ASCII mode setting on Find/Copy actions in CrushTask.
_39:fix for deleting s3crush via task flow
_40:fix for bad OpenSSH public key format
_41:fix for replication with encrypted and unencrypted transfers going on
_42:fix for ssh keys with multiple optional fields on the end
_43:selfRegistration now works through the DMZ
_44:fix for missing httpOnly cookie flag and issues with bad FTP servers and finding files for CrushTask jobs
_45:fix for SFTP outbound connections not detecting failures properly and dmz stat caching fixes
_46:fix for failed DMZ to internal server logins
_47:fix for curl methods of adding a user's inheritance with setUserItem
_48:fix for MKDIR bug with FTP
_51:fix for DMZ race condition on old data sockets
_52:fix for AS2 task and no files being passed to it throwing error, and failing move task not logging error
_53:fix for download on the fly pgp decryption
_54:fix for username reset password token lookup
_57:fix for s3 caching
_59:fix for replicating 0 byte files
_61:fix for FTP client in Jobs config failing after one file transfer.

_64:replication status tracking
_65:fix for deleting expired template accounts
_68:XML handling fixes
_70:fix for http header issue, redirect bug, and xss issues

CrushFTP 7.7.0 - 07/06/2016

New:
_0:released
_1:added s3_sha256 support for EU west buckets
_7:added mime types to S3 uploads
_17:report admins can see a list of users
_23:added PROT C to outbound FTP client mode
_27:added forced reset with token link for expired passwords: expire_password_email_token_only

Fixes:
_2:fixed AS2 MDN processing.
_3:fix for sharing and {from} in reply-to
_4:fix for deadlock during session replication
_5:password masking in details of job URL fixes
_6:fix for manage shares and download count from DMZ
_8:improvements for cleaning large listings of session/job logs
_9:PGP library update for expired library
_10:fix for VFS collisions handling delete/rename actions
_11:fix for VFS collisions handling delete/rename actions
_12:fix for CrushTask VFS replication with renames
_13:fix for s3 signature issues
_14:fix for s3crush login with serverside encrypt
_15:fix for UNC paths
_16:fix for @ in filenames on windows in jobs, and as2 filename preservation.
_18:fix for serverbeat resets when changing other ports
_19:s3 retry improvements
_20:s3 fixes for signature calculations, and resume for S3Crush.
_21:s3 fixes for resuming downloads
_22:fixed user manager import from CSV using salted MD5 passwords
_24:fix for SFTP public key parsing errors
_25:Fix for Tunnel3 disconnects of FTP clients after 10 minutes
_26:fix for SFTP client uploads indicating can't overwrite a directory with a file.

Version 7.6.0 CrushFTP 7.6.0 - 05/07/2016

New:
_0:released
_1:saves backup copy of DMZ prefs when edited
_6:added gene6 import for user manager.
_8:now supports extra VFS controlling by limited admins
_13:added {working_dir} to hack username URL referencing
_16:temp share links with limited uses give a nice error screen now
_21:adds md5 hashes to PGP encrypted and decrypted files
_24:added replication to User Manager admin actions for new folders
_26:added SQL connection pooling to statistics DB
_30:allow for faster insecure session replication for segregated networks
_31:added "Strict-Transport-Security" by default for 1 year
_38:changed auth cookie to be HttpOnly
_43:added startup_delay to prefs for slow servers, and CrushFTPDrive fix for auto reconnecting after network change.
_49:added flag for ssh_sha1_group_kex_allowed, and adds auto retries for tunnel resets.
_52:optimized CrushSync startup scanning and error recovery for network disconnects
_54:CrushSync detects if sync folder is missing and creates it, and notifies on quota issues
_57:updated PGP libraries to latest version
_61:added copy/paste status and cancel button
_65:added sha256 to as2, and warning if JCE is not using strong cryptography
_69:added as2 mic alg control in prefs: as2_mic_alg
_70:added byte validation for image files in Preview generation

Fixes:
_2:fixes bug that doesn't block multiple job runs if saving state between steps is turned off
_3:fixes (DH_GEX group out of range: 1536 !< 1024 !< 8192) on some linux distros
_4:fix for PASV when using comma in PASV IP list
_5:fix for multi merged VFS not doing PGP encryption
_6:ignore bogus real name in PGP decrypt
_7:fix for sftp properties in copy/move step being inherited wrong
_9:updated builtin certificate to fix java compatibility issue.
_10:fix for DMZ slowness processing logins
_11:fix for extra_vfs items using underscore chars
_12:fixed issue with DELETE events not tracking non FILE protocol deletes
_14:fix for https port startup issue
_15:speed improvements to CrushTask dealing with Jump tasks and large numbers of items
_16:fixes for schedule timing
_17:fix for upload event triggered by rename action
_18:fix for server socket binding to all IPs
_19:fix for error event having no message on aborted downloads
_20:fix for SNI and FTP PASV
_22:fix for PGP encypt not calculating new file size
_23:fix for limited admins and extra VFS entries
_24:fix for hard coded java path on windows, and failed login count tracking
_25:fix for blocked filename chars
_27:fix tolerating bad schedule configurations
_28:fix for DMZ password request reset slowness
_29:fix for java service installs
_32:more java service fixes for windows scenarios. remove and reinstall for the path fix.
_33:updated SFTP libraries to fix SCP
_34:speed improvements for DMZ directory listings
_35:honors disabled ciphers for outbound S3 connections
_36:fix for daily log rolling being missed on systems with many session logs
_37:fix for replicated VFS
_39:fix for SFTP zipstream expansion
_40:fixes for logins in FF and some IE versions
_41:fix for direct linked URLs with user/pass embedded
_42:fix for sftp uploads in DMZ indicating a dir was being replaced and not working
_43:return user manager save errors to the browser
_44:fix for scheduling related to daylight savings time change
_45:fix for showing partially uploaded S3 files everywhere and not just in their faked path
_46:replicated VFS fix for deletes
_47:fixes for SFTP uploads with overwriting of a folder, DMZ and direct
_48:fixes for advanced mode applet not keeping current session
_50:multi_journal and replication stability improvements
_51:fix for CrushTunnel.jnlp logins
_52:fix for CrushSync when dealing with hundreds of thousands of files/folders and multiple sync agents.
_53:fix for CrushSycn startup downloading files with no date set
_55:fix for priorities in ServerBeat and CrushSync folder uploads
_56:added tweaks for multi_journal reliability
_57:fix for pgp encrypting on the fly for downloads
_58:more fixes for data multi_journal data replication
_59:blocks zombie anonymous users, and ssh library updates
_62:fix for long running paste operations
_63:fix for CrushTask Find leaving threads open
_64:fix for DMZ lookup of LDAP public key
_66:fix for temp job cleanup, and filename filters on HTTP downloads
_67:fix for slow PGP downloads
_68:fix for test login on S3CrushClient

Version 7.5.0

CrushFTP 7.5.0 has been released!

7.5.0 improves security, many additional features, bug fixes and ongoing updates to latest best practices for security.

CrushFTP 7.5.0 - 01/08/2016
New:
_1:added redirect in WebInterface for forced preview/download
_5:added flag to control "stor_pooling" for HTTP uploads.
_7:attachment redirector logging improvement, added delete & rename to AccountActivity Report.
_9:sped up the processing of large file lists in Jump task of jobs
_13:added SNI support for FTPES
_15:multithreaded deletes
_20:watches for changes in local DMZ prefs files too
_22:added sha1 flag for SSH, defaults to no sha1 key exchanges

Fixes:
_2:fixed multithreaded upload handling to same HTTP session.
_3:fixed bug with browser uploads
_4:fixed cipher suites for SNI HTTPS sockets.
_6:task error fix for null scenarios
_8:fix for SMB url username/pass replacement
_10:fixes for AttachmentRedirector and folder shares
_11:fix issue with transfer speedometer creating load on session replication. _12:fix for WriteTask and multiple writes to the same file from different locations
_14:fix for video streaming in safari
_16:fix for setting meta_info
_17:fix for unsafe filename char replacement in http uploads
_18:canceling upload in advanced mode didn't report it as canceled
_19:ServerBeat fixes for out of sync server times
_20:fix for ServerBeat and bringing serers back online.
_21:fix for age on ServerBeat
_22:fix for DNS PASV IP reply
_23:security patch

WebInterface changes:
- Fixed issues with events not being saved
- Fixed issue creating new server
- Direct link to preview files fixed
- Date formatting fixed for internal shares
- Explore zip fixed
- New upload customization : Max number of files allowed in a queue, Hide start upload button on individual item
- Fixed home directory not being saved while using plugin in events
- Fixed auto load applet customization issues
- Managing ciphers is easy now, UI updated
- Date format is honored now in reports
- Added TLS client versions
- User can use alternate media file in previews (h264, user defined)
- IE11 theme fix
- Sharing related issues fixed
- Added missing localizations
- VFS linking logic changed
- Fixed issues with removing users not getting removed from groups
- Buttons list is now organized with filters in UserManager
- Fixed ftpes issues
- Added max runtime for the job schedule
- Added support to get history of item and download older version
- Video player UI/progressbar updated
- Added reply-to in email templates
- SAML and LDAPGroup plugin fixes
- Fixed telnet UI issues
- Added export support to SSL items
- Added quick editing roles on SAMLSSO and LDAPGroup
- Added temporary job log settings in preferences
- Added new customizations

CrushFTP 7.4.0 - 11/02/2015
New:

_2:adds flag to block quota logging in FTP logs. hide_ftp_quota_log
_16:added locked permission for a folder in the VFS, sub items are not locked.
_23:added UI component for importing CSV user lists in the User Manager
_24:added hash_algorithm to prefs to control MD5 or SHA256 hash to use for tasks references
_29:allows passing in parameters via URL for inclusion in forms
_32:adds control for S3 multi-threading.
_39:internal session replicated servers keep prefs synced.
_50:added max URL length to prevent overrun on NTFS file systems
_51:DMZ passes error events to internal servers
_56:added signature validation for sync MDN
_57:added SAMLSSO plugin
_62:made job scheduler more robust
_63:added http hammering connection settings
_65:added s3crush replication
_67:adds batch complete event hook to as2 files received.
_69:added job/event to be triggered when a temp share expires
_81:added support for OPTS MLST command variations
_85:performance improvements for user manager with many thousands of users
_93:support for multi-page PDF files.
_94:adds support for dns lookup for PASV ip reply
_95:added minimum speed warn and alert configuration
_103:added variable VFS names in file listings
_104:updated PGP libraries to latest build including bouncycastle
_105:added flag for optional global ASCII PGP encoding instead of binary
_106:added SHA3 password hashing storage method
_109:fix for ascii pgp encoding and header size info
_110:added max upload and download counts
_116:added logging to track where a job was called from with remote job runs
_127:added separate s3 threads counts for upload and download
_134:added support for limited admin to view lob list without being able to view job.
_135:enhanced AttachmentRedirector so its easier to setup and use
_136:added multi-threading to delete task
_142:SMB root items the user doesn't have access to now disappear and faster VFS root dir lookup
_143:updated to latest SFTP client libraries
_146:updated jQuery libraries

Fixes:

_1:fix for speedometer thread leak
_2:fix for duplicate name on top downloads and uploads report
_3:fix for job scheduled running at a minutely interval
_4:fix for password reuse.
_5:fixes for multi write VFS system
_6:fix for VFS local merge
_7:fix for VFS merge
_8:better cache management for DMZ and file listings.
_9:fix for shares being created through DMZ
_10:fixes for AS2 through DMZ
_11:fix for email from addresses, and crushtask copy with temp name
_13:fix for SFTP through DMZ under load throwing error during file transfer, and port cleanup
_14:fix for DMZ uploads disconnects not being reported properly on internal server
_15:fix for login counts for success/failure on dashboard
_17:updated ssh library for threading fix.
_18:fix for events treating files as directories.
_19:ui fix for ftp settings in copy task, + sign in add after copy, and ftpclient stat processing.
_20:fix for fast SFTP transfers and setting modified times at the end of a transfer
_21:fix for DMZ uploads with network timeout and reporting error in event.
_22:fix for user sessions being left listed as active in DMZ scenario.
_25:new ssh library to fix deadlock scenario.
_26:fix for race condition in DMZ with upload and rename
_27:fixed timeout for session replication
_28:fix for events running on disconnect before disconnect
_30:fix for potential logging loop with plugins
_31:fix for aborting uploads through DMZ and events.
_33:fix for concurrency issues with uploads through DMZ
_34:fix for replicated users with one server offline for extended period of time.
_35:tunnelv3 is more stable and handles server restarts
_36:sftp library update to fix issues with non conforming clients.
_37:sftp race condition fix for fasts uploads
_38:fix for dmz file being canceled and event not tracking it properly
_40:improvements for memory handling in S3 with slow users connected.
_41:fix for removing plugin instance
_42:fix for rename issue in list view
_43:fix for dmz scenario with copy/paste of larger files
_44:fix for stats saving performance
_45:fix for aborting file in DMZ/multiple internal server scenario.
_46:fix for share permissions with quota value.
_47:fix for s3 zipped folder download
_48:fix for mis-calculated size of encrypted PGP files
_49:fix for logged user data when making user changes
_52:fix for logging bug
_53:pass as2info to internal server in error scenarios
_54:prevent sftp client logging
_55:fix for job designer when zoomed out dragging was broken.
_58:CrushTask logging fix
_59:CrushTask logging fix
_60:fix session logging error.
_61:added ability to not save job items to disk to save memory
_62:fix for machine's hostname that can't be resolved and session replication.
_63:fix for next run scheduled job display time
_64:fix for tunnel3 in CrushTask
_65:fix for bad SFTP server listings from our client
_66:fix for doubling of buttons in WebInterface for SQL Users
_68:fix for fixed width import in CrushTask
_70:fix for utf8 chars in s3 buckets
_71:fix for failed PGP in-stream alterations leaving file in use when in error
_72:fix for applet retries on permanent failure.
_73:fix for space character and S3
_74:fix for + signs in new url encoded s3crush
_75:fix for s3 logins needing a bucket name.
_77:fix for AS2 race condition with multiple internal servers and events
_78:fix for job replication in HA scenario
_80:fix for AS2 in DMZ and multiple internal servers
_82:fix for password reset by token
_83:fix for mlst format and FileZilla.
_84:fix for user manager events loop in UI.
_85:fix for repeating lines in share email body
_86:additional debug logging for DMZ port handling to internal server.
_87:AS2 fix for non DMZ scenario, and calculating MIC with SHA even if not signing.
_88:fix for recycle being attempted for remote connections.
_90:fix for SAML/SSO ACL usage.
_91:fix for log view access not being able to choose alternate logs.
_92:fix for oracle result sets in CrushTask.
_96:fix for bug with blocking characters in upload
_98:fix for SAML cleanup thread
_99:fix for user manager limited admin with bad event item
_100:fix for Tunnel3 and abrupt disconnects
_101:fix for tempaccount expire date display in admin view
_102:fix for # sign in passwords with CrushClient.
_105:fix for {share_ variable usage.
_106:fix for zero byte files in SFTP
_107:better MIC tolerance in AS2
_108:uses better random generator
_109:blocks CRLF in header request
_111:fix for stuck sftp threads, and differential upload fixes going through DMZ
_112:fix for sharing an item that uses PGP for decryption
_113:fix for tunnel3 memory usage
_114:fixed relative paths for custom event triggering by button
_115:improves detection of bad S3Crush items
_117:fixes issue with stand alone client and blocked file uploads
_118:fix for browser uploads of 0 byte files
_119:fix for job scheduler and left over old XML files
_120:fix for downloads not excluding invisible items
_121:tunnel3 memory fixes
_122:fix for webdav large uploads
_123:fix for copy task multi-threaded
_124:fixes for memory handling in Tunnel3, and performance improvements, fixed Move task folder issue
_125:fixed for SAML signing authN request.
_126:fix for bad ftp client upload check
_128:another bad ftp client fix
_129:fix for job using FTPES and client cert auth and updated Base64 implementation
_130:fix for SAML base64, and Win10,Win2012 CrushFTPDrive
_131:fix for multiple internal servers and session replication delay
_132:url encoding fix for keystore import
_133:URL encoding fixes for importing SSL certs
_137:fix for job browse for file system items
_138:fix for upload and rename events and ssl keystore password decryption
_139:fix for find and max items in jobs
_140:outbound SSL connections will now use TLS1.2 if available
_141:fix for find task and don't add folders with limited amount of find items
_144:fix for S3 using IAM temporary credentials
_145:fix for User Manager server's file listing
_146:fix for resuming S3Crush uploads
_147:fix for next run displayed date calculation for a job.
_148:fix for LDAP reverse group lookup and referenced template user

CrushFTP 7.3.0 - 03/11/2015
New:

_1:added check for update to check build
_2:added sort task item
_14:added download of HTTP response item in CrushTask
_17:added {protocol} variable for crushtask.
_18:allow controlling max outgoing http buffer (GDrive).
_19:posix group supports variables.
_25:crushtask error scenarios pass in the item of error now for variable references
_28:added block overwrite pattern to crushtask copy/move
_29:added append mode for CrushTask
_36:improved job report schedule to give more details.
_38:FTP now uses configured TLS versions
_40:added CrushTask process only first item flags across most task items
_44:tunnel version 3 is now available
_45:added session cache async to disk
_46:individual session logging can be disabled
_47:adds copy unique name pattern
_48:added custom user session log location
_52:CrushClient can handle command line file transfers and be scripted out.
_54:Added support for DES: scheme on passwords.
_59:auto remove old expired internal share references
_62:added new report for failed logins
_63:added randomize home folder name for LDAP
_67:allows forcing delays between commands in SFTP protocol.
_70:jobs can be limited to one instance per server, or per cluster of servers
_74:added type variable for deletes and renames
_75:added type variable for downloads and uploads
_78:added support for custom upload form meta info from DMZ
_84:added priority to serverbeat
_85:added ability to run a linked job on a DMZ server.
_87:added ability to do chunked native uploads in web browsers for faster upload speeds.
_94:added pack200, Z,XZ,LZMA compress/decompress types for CrushTask
_96:added support for connection profiles in jobs.
_97:added user and count info for security user hammering alert
_98:added alert type for when CrushFTP is restarted
_99:dmz security alerts are forwarded to internal server
_101:added trim function support for text functions and auto trims alert_msg
_102:added additional ban security alert.
_110:added remote file client for running processes as a user in windows.
_113:added ability to route as2 connections out through a DMZ.
_117:added as2 message signature validation options
_120:added ability to compute basic math expressions in CrushTask variables
_125:added event for when a suer shares
_126:added tag to log output, and support for google captcha v2, and logging tags at the start of the line
_130:added custom event type
_132:http sessions can now honor session timeout configurations overriding the http session timeout value
_135:added ability for Link job task to run on other internal servers and other where to run choices.
_138:added support for bind_ip parts in template user
_139:added auto retry on loading usernames from XML
_144:added resume support for S3Crush
_145:improved DMZ logging, added alert type for month items
_146:added 's3_max_buffer_download' flag to control memory usage on S#Crush downloads.
_147:added segmenting support to s3crushclient to overcome resume issues on large files
_150:added max upload/downlaod day and month available amount value support for web listings
_153:csrf protection is enabled by default now
_154:sped up S3 plain connections via caching
_157:added cwd_stat flag for ftp client
_160:added support for dir size calculations in WebInterface.
_162:added ASCII flag for PGP ecnryption on the fly for VFS.
_164:added temp_name feature to coyp and mvoe tasks.
_165:dmz prefs now have new properties added by default
_166:faster job jump/link scenarios with less delay.
_169:added EXPORT ciphers to permanent disable list.
_174:enhanced advanced mode transfers on resuming, and overwrite scenarios.

Fixes:

_3:fix for rapid user logins potentially causing one to fail
_5:fix for colliding VFS not allowing listings
_6:webdav client fix over https
_7:added comments to internal shares
_8:added LDAP support for SSH key based auth lookup
_9:fixed saving users in User Manager
_11:fixed job cleanup for temp user event jobs
_12:fixed bug with & in registration name and preferences
_15:rolled back to acl2 mode for default operations
_20:capture error on ftp logout when login didn't work, and don't make folders in popimap task
_22:fix for dmz and linked VFS
_23:fix for S3 downloads of entire folders.
_24:fix for DMZ memory leak.
_26:fix for CrushSync startup re-uploading offline deleted files on windows, and keyword creation for zip files.
_29:fix for crossing data socks in multithreaded http upload in same session (crushsync)
_30:fix for session replication clearing old sessions
_31:fixed mecmache to have folders as well as files
_32:fixed no content popimap bug
_34:fixes for bad firewalls on FTP connect
_37:fixes bad user.xml writes under load
_39:fix for restoring jobs
_41:more heavy load protection for single user account writes
_42:race condition when downloading tiny files with SFTP
_43:fixed job progress line tracking
_45:fixed session cache and session cache on exit
_46:allow sha or sha-1 AS2 mic responses
_49:no longer checks for encrypted header size when items are internal VFS references
_50:fix for DMZ/internal server with replication deadlock
_51:fix for copy/paste folder in DMZ
_53:fix for popimap task
_55:fixed bug with session replication frequency
_57:don't save prefs.xml file as regularly.
_58:fixed bug with task to run when account is disabled.
_60:fixed bug with manage shares removing valid references.
_61:multiple ldap configs were not being checked properly.
_64:fixed reverse proxy.
_65:fixed password history logic.
_66:fixed temp filename extension renaming when done
_66:fixed move task not closing SFTP connections.
_68:fixed url and name replacement variables in CrushTask.
_69:fixed bug with server not tracking last_logins for reports.
_71:fixed bug with DMZ downloads and advanced downloads
_72:fixes potential deadlock issue under high load
_76:fix for upload file type
_77:fix for date variables in CrushTasks.
_79:fix for viewing suer log
_80:fixed caching bug with password history validation
_82:fixed as2 task sending when dealing with many files.
_83:fixed default threading issue with s3 not uploading large files.
_86:fix for http uploading
_89:fix for serverbeat master scenario
_93:tunnel3 protocol is stable now.
_95:fix for urldecode issue in cut/paste, and socks proxy by IP
_100:fix for alerts missing the msg part.
_103:fixed webinterface uploads timing out when they are slow to start
_111:fixed RFile to work with service
_112:fixed PGP trailer size for SCP
_114:fix for importing trusted keys into PFX file
_116:fixed bug with PASV response and private IPs
_117:fixed pasv IP response scenarios for private networks and public
_118:as2 variable fixes
_120:fixed bug with upload form data going through DMZ
_121:fixed loading connection profile for uservariables
_122:fix for finishing a file upload
_123:fix for receiving MDN through DMZ
_124:hides column on expiring account report for not in use.
_128:fixes issue with session timeout in clustered environment
_129:fix for creating share in DMZ mode
_130:fix for running multiple same named events at the same time, and fix for replicated DMZ share creation.
_131:fixed bug with DMZ and multiple VFS locations
_133:fix for client cert auth with CN at end of subject
_134:fix for sending trust store for client cert auth to DMZ
_135:fix for password issue in DMZ
_136:fix for & in browser uploaded names
_137:changed redirection to use relative path
_140:fixed bug with keystores in memory in DMZ and AS2
_141:fix for excessive memory usage on really large file uploads with S3.
_142:fixed delayed initial login window
_143:fixes for log rolling to be less abusive of CPU
_148:fix for sftp uploads where session is closing before upload is completed
_149:fix for double security alert notifications for bad_login and DMZ
_151:fix for DMZ race condition missing replies.
_152:fix for FTP proxy scenario for bad FTP servers that don't start you in / and don't implement stat properly.
_152:fix for deleting partial failed uploads when suing a temp extension during upload
_155:fix for http task and cookies
_156:fixed s3 url selection bug
_158:fixes for star_stat mode for proxying to windows IIS FTP servers
_159:performance fix for star_stat and large directories
_161:fix for ensuring http upload completes on tiny files
_163:ftpclient proxy speed improvement
_164:fixed memory usage in S3Crush.
_167:allow file XML errors to be logged
_168:fix for path consistancy on delete CrushTask
_170:fix for raw S3 throwing errors when finding files that were in progress
_171:fix for anon and null ciphers
_172:fix for multiple http uploads in same single session having socket issues
_173:fix for dir listings paths with filter
_174:fix for job scheduler run timing issue.
_175:fix for SFTP memory issue
_176:fix for SFTP upload queueing.

CrushFTP 7.2.0 - 10/28/2014
New:

tunnel improvements for disconnected sockets
multi segment downloading from S3 bucket
thumbnail previews now operates on VFS items and not just local file:// references (SMB, FTP, SFTP)
task have {working_dir} variable they can access
added link task
added support for Job references in folder monitor, alerts, and events
allow access to server_info variables
support custom java classes for task type
added additional cache options for FindCache, Copy/Move cache
added date time scenarios for Wait task
allow settings the supported MACs for SFTP
sftp can do multithreaded listings
support and / or operator for WebInterface search
added alert type for monitoring server variables
hide actual file path from upload exceptions
improved SQL speed for users stored in a DB by using better caching methods
allow mass updating of users as a limited admin, not just full admins
supports MSSQL for StatsDB now and reports
ignores requests for getadminxmllisting by non admins and limitedadmins
allow share generation to suggest a user/pass to utilize
support s3crush revision tracking
allow a user to upload and overwrite a file that was in use by them (from a leftover dead connection)
increased SFTP buffer size default to improve Linux performance issues
stop excessive user backups done at every login
allow events to be applied to only shared accounts a user makes
removed duplicate login event call
added user usage report
improved job monitor speed to ask for less info unless needed
server log now set to click to activate
added minimum upload speed, and minimum download speed restrictions for alerts. (negative value to trigger an alert)
multithreaded CrushSync uploads and downloads
tunnel improvements for disconnected sockets
added accelerated multi segmented downloads from S3
better memory handling to keep caches clean dup after they won’t be used again
added ability to cache all local file items in memory for faster searches
added magic ports starting with 444 in tunnels to know if the port is FTP or HTTP
added test VFS button
crushftp defaults to TLS mode by default, SSLv3 is optional. (Poodle vulnerability fix)
supports unencrypted DMZ connection for speed
webInterface supports file sizes on folders when uploading with advanced mode
added memory based filesystem support for temps storage location
added {working_dir} variable to CrushTask
added Link task to link in other jobs to a job.
more variables are accessible to crush task action now, all sever_info items
added support for custom CrushTask java task items from 3rd parties.
added support for modifying FindCache references in CrushTask for Copy and Move actions
added date and time scenarios to WaitTask until…
added support to “touch” a file sign a rename
added garbageCollection on demand calls to CrushTask.
added MD5 file hash calculations on file copies in CrushTask
added file timing on CrushTask Copy actions
added {full_log} variable reference for CrushTask which could be embedded in emails
AS2 supports HTTPS client cert auth
added completion types for CrushTask of killed, cancelled, or completed
allow setting custom headers in HTTP CrushTask items
PGP task supports hinting on decrypted file size
added looping on email ask to attach one file at a time
added support for starttls on PopImap task
drastically improved the speed of short running jobs
added {MMMM} for full month names in CrushTask
allows any heap memory size for CrushFTPDrive and CrushSync
added sync now menu item to force a sync in CrushSync
added growl style notifications in CrushSync to warn you if sync is offline
added last_login tracking for User Manager accounts
added max_logins onto User Usage report
added {web_link_end} variable for Share email body
support quota usage for plugin based users
added support to generate heap dumps for admin users for troubleshooting
added support for Radius challenge / response system for one time use codes
added max expiration day config for shares and default expiration days
added support for responding with failed MDN messages
added reverse connections for ports in DMZ scenarios
added audit report and started tracking additional audit items like rename, delete
added support for events running in async mode event by event
added support to find user for password reset when in SQL mode for users
added history tracking for current uploads/downloads in progress for admin UI graphs
added per user password salting support
added job queueing for async events
added salt to tab delimited import
increased ACL lookup speed for LDAP ACL mode
added {size} for sharing email
added net mask support for ServerBeat
added support for events and statistics on copy/paste actions
added control for max event threads.
supports smtp mail From with pretty formatting
hides MACOSX garbage items from zip previews
added flag to control writing session logs
added progress bars for searching in WebInterface
added date/time localization support and many other enhancements for localization
added login page themes in the prefs for quick customizations
added new report JobSchedules
added new report AuditSummary
added hover over info in dashboard to see transfers that were in progress during bandwidth usage
check for update now looks for new builds too
added more controls in PGP task for signing and verifying
added port forward server time type
added mass update for banning list to past in text
enhanced radius plugin supporting more custom folders at login
enhanced LDAP plugin to support individual key mapping
enhanced job monitor to add breakpoints between all steps or clear breakpoints
added sort task item
added test button for custom VFS items in the User Manager
added option to optionally not save state or history if so desired for jobs/events
added multithreading capability to CrushSync for faster transfers of small items

Fixes:

fixed some SMB issues for rename move actions
fixed bug with find task when no times begin found not throwing an error
fixed multiple s3 buckets in single VFS
fixed name reference when times are unzipped
fixed job restoring after a server restart (multiple threads scenario)
webdav fixes
fixed max login time and dmz scenario
fixed encrypting the URL in VFS
fixed VIP movement issues with ServerBeat when both machines are offline
fixed memory leak with prior FTP sessions
fixed missing log entries for HTTP/SFTP RETR & STOR operations
fixed SSL manager error with blank trusted cert list
fixed csrf on downloads
Jobs UI fixes
login.html file redirection link restriction fix
sftp logging fix
fix overwrite not working on File objects when specified
fix for s3 downloads no closing properly
fixed client cert auth connects for HTTPS
fixed symlink support for SFTP client instead of removing them from listings
fixed SMB authentication errors
fixed DMZ internally routing connections through internal server not working
fixed bugs with known_host file support in SFTP client
fixed restoring a job after server restart and loading up prior cached file info
fixed names on CrushTask unzipped items
fixed file length references on CrushTask copied items
fixed UserList task on how it calls its subtask items
fixed closing connections bug with CopyTask actions
fixed bug with running multiple copies of the same job simultaneously (called from an event)
CrushSync threading fixes when multiple syncs are configured at a time
protects against getting banned during an upgrade
increased time-out for CrushSync and really slow dir listings
fixed bug with email templates with spaces in their name
restored http header access for plugins
fixed issue with TempAccounts and DMZ mode
fixed dir listings for FTPES clients and empty folders
fixed date locale for miniURLs
don’t waste connections on TempAccounts with a limit configured
fixed bug with upper/lower username case flag
fix race condition for plugin loosing active username info
fixed bug with access-allow-origin not working
fixed bug when log rolling greater than 20 days
fixed deadlocks scenario where the server could freeze under the right scenario
fixed bug taking down DMZ instance
improved socket cleanup for high load
fixed reverse proxy not matching path too
fixed default SQL config with datediff
fixed keystore arrangement of certs when adding in trusted certs
fixed bug with change password while having SMB or S3 filesystem
fixed bug in SSL test not testing the keystore properly
fixed bug where field login count wasn’t reset on success
fixed excessive logging in WebInterface actions
fixed DMZ bug with bad username/email requests
fixed linked vfs and SQL User Manager.
no temp rename on upload for S3Crush objects
fixed missing keep-alive header on redirect
fixed locked auth object for SMTP email
improved CSR generation for UK customers
fixed as2 message ids
fixed issues using TLSv1.1 and TLSv1.2
fixed hanging dir in SFTP when no files existed
fixed errors on mass uploads where cleanup is discarding them
fixes for UNC paths and Preview generation
fixed media playback with MP4 files and improved slideshow handling of MP4
fixed issues in the job monitor for active jobs not refreshing right
fixed issue with duplicating events

CrushFTP 7.1.0 - 07/08/2014
New:

Introducing AttachmentRedirector - redirect Outlook attachments through your corporate CrushFTP server for Enterprise users.
http://www.crushftp.com/crush7wiki/Wiki.jsp?page=AttachmentRedirector
ServerBeat has been rewritten to be more robust and no longer uses JGroups. Allows for active/passive job handling too.
Allow binding session replication to a specific IP
Allows greater than and less than signs in emails
SessionReplication now handles error conditions and higher load.
All around session handling has been significantly improved.
Improved WebInterface slideshow
Improved WebInterface streaming movie player
Re-activated WebInterface drag and drop support.
Added support for delayed uploads that will start at a later specified time.
Added page/tab title upload percentage tracking.
Added localization language selector into WebInterface for dynamic changing of the language.
Job designer improvements for displaying the active job progress and items each step processed.
Added submenu capability to WebInterface buttons.
Added duplicate VFS item and ability to copy VFS item from one user to the next.
Supports routing Execute CrushTask commands through a DMZ server with Enterprise licenses.
Uses internal URL handling for HTTP commands in CrushTask HTTPTask items.
Added KillTask, DecompressTask, and CompressTask items
Allows use of expired PGP keys.
Added functions for CrushTask to handle substring, replace, and split operations during variable replacement
Added false scenario route for the Jump task
Added route tracking on tasks
MoveTask can better handle moving a folder structure
Added warnings about PGP key sizes needing Java policy files
Added PGP verify and sign support to PGPTask
UserVariable can now target the first or last item in the list, and also “pop” it off the list.
HTTPTask can now upload the file contents
FindCache can now reference items locally or remotely.
Support routing a connection through a specific DMZ instance
Added SOCKS and HTTP proxy for routing outgoing connections
Added SMB protocol support to VFS and CrushTask items.
Support multithreaded S3 transfers and other major improvements to S3 protocol.
Added S3Crush protocol for CrushTask and VFS to allow fast interactions with S3.
Added OS/400 protocol support with its terrible system of folder simulation.
CrushTunnel now minimizes into the systray/menubar and can be revealed on demand.
DMZ communication now "sticks" a connection to a server unless the server goes offline.
PGP in stream usage now uses binary mode and not ascii mode for faster transfers
Advanced mode applet does zip64 to support very large files and still allowing compression
CrushFTPDrive supports more variables in the JNLP file for startup configs.
CrushFTPDrive can route through a proxy now.
CrushFTPDrive reconnects after machine sleep or other interruptions much better now.
CrushFTPDrive uses a system driver to simplify the initial installation requiring no reboots.
CrushSync now makes installing a startup shortcut optional
CrushSync can route through a proxy now
CrushSync supports only checking the size of files
CrushSync supports realtime only mode only capturing events that happen while running.
CrushLDAPGroup now has a browse function to help you choose the right path to choose.
Allow setting the full permissions to use when doing a Full Access temporary share.
AS2 adds SHA256 support.
UserFolderPermissions report adds the notes field to the report.
SMTP email supports more Auth modes.
Hack detection can be based on a URL pattern or HOST header.
Max expiration days for Shares is the default setting in the User Manager customizations.
Added WingFTP import
Remembers bad usernames for TempAccount attempts to prevent abuse.
More support for PFX and PKCS12 formatted kesytores.
Show the user when their account will expire.
Added CSRF protection to prevent hacking.
Allow defaulting a username for the login form
Supports only allowing a single instance of a job to run at a time.
Added ShareBodyEmailClient to have a separate text only body for opening in email client.
Added publish and attach for temp shares
Added convert passwords function to force all passwords into a particular hash mode if they are currently DES.
SSL improvements to assist with CSR handling. (Simple 3 step process now.)
Added offline update handling once users are on 7.1
Added support for quota reporting when going through DMZ
Supports multiple server session replication (3+)
Internal code cleanup and refactoring to help with HTTP session racking and simplify further development.
Added SharesSummary report item
Performance improvements, better memory management
Allows temp share by Copy mode for non local items.
SSL SNI support is possible when using Java 8
iCal fixes for WebDAV calendar requests
Better event item grouping and tracking

Fixes:

dealing with more than 400 items in a list with CrushTask
multithreading in complex task scenarios.
email address formatting in PopImapTask
replace all LINE references in CrushTask and not just the first one
"not" condition on the jump task was ignored
browsing inside a zip using windows.
space encoding issue for webdav servers
modified date bug in SFTP client.
FTPES files transfers of 0 byte files
Java applet uploader fixes with file size of sub items
pgp decrypt and encrypt both at the same time in-stream was only doing one, not both
fixed bug starting multiple tunnels at one time
fixed bug with start on login for CrushFTPDrive /CrushSync and newer Windows OS versions
fixed CrushSync downloading a file as a folder.
service install / uninstall fixes for Windows.
fixed issues with old job cleanup
bug fixes for slow socks5 proxy clients
bug with cut/paste and a CrushSync agent monitoring the folder
fixed issues with some linux distress free disk space reports
fixed issue with lost events on run immediate and a fast client logout after the transfer.
fixed issue with abusive sftp clients and DMZ mode
fixed various bugs in internal ReverseProxy implementation and deployed it as front end for crushftp.com
DMZ mode and download as zip fix
AS2 MIC calculation bug
copy/paste bugs in WebInterface when pointing to non local folders
fixed bug with temp job cleanup
fixed email password and email token for pass reset in DMZ mode
fix for DownloadAsZip when your in an invisible folder.
reports now indicate if no data was found for sport instead of just being blank
fixes bug in log rolling when log folder has other items in it
many DMZ improvements ins speed and stability
WebInterface added missing localizations.
ie8 issues fixed in WebInterface
fixed issue with CrushFTPv6 import of jobs using references to global plugins.
various fixes on Browse popups in WebInterface to correctly choose paths.
fixed issue with cloning plugins

CrushFTP 7.0.0 - 02/03/2014

New:
Dashboard for server administrators
Role based administration so you can delegate some administration tasks to users.
Job scheduler (Enterprise only), and events have a new Task designer interface that greatly simplifies creating task flows, and monitoring in realtime the progress of a Task.
MP4 streaming playback in WebInterface with ability to skip to any point in the file.
SSL Certificate manager to simplify using existing certificates, and requesting new ones.
Automatic port forwarding using UPNP and PMP to simplify router configurations.
Built in self diagnostics and testing for server ports to quickly verify outside connectivity is working, and get meaningful suggestions for the issue.
Quick find system to search for a parameter, setting, user, etc. quickly with a hot key.
OS X journaling tool improvement for CrushSync tracking in realtime the changes being made so they can be synchronized.
Users sharing files can automate the attaching of the file into the email.
Full file indexing can be enabled to allowing searching file contents.
Limited user admin can make and manage their own sub groups.
Session replicated and clustered servers have their settings saved between multiple servers, and user manager changes sync also.
Outgoing connections through the VFS or Jobs/Tasks can be routed out through a DMZ server instance.
Shares can have limitations put on the usage of the expiring link allowing a limited number of uses.
Better log grouping for HTTP sessions that may span multiple different sockets.
Internal shares can automatically issue an email to the recipient, or attach the file.
Individual accounts can be disabled after too many attempted logins, or a general IP can just be banned from trying anything.
Zip files can be opened, and navigated through all protocols, and individual files can be downloaded from inside of them.
GDrive integration where the back end file system can be a Google drive.
CrushLDAPGroup can honor ACL permissions assigned in NTFS for authenticated users.
Hashed password stored in CrushFTP can have a salt applied to make them more unique.
Tasks can survive server restarts, resume where they left off.
Tasks can be clustered where multiple servers can take over the same tasks if one server goes down.
Supports acting as a Socks proxy, and HTTP Forwarding proxy server.
Jump task items have more controls on the logic (Enterprise only)