Version 10.0.0
YOU ARE VULNERABLE IF YOU DON'T UPGRADE! Minimum safe version is 10.5.1.
https://www.crushftp.com/crush9wiki/Wiki.jsp?page=CrushFTPUpgrade
CrushFTP 8.3.3 has been released!
Overall 8.3.3 has security patches and updates internal libraries for
PGP and SFTP. v8 is end of life as of October, 2020.
CrushFTP 8.2.1 - 12/13/2017
New:
_0:released
_2:improved testURL command to handle more VFS property items
_5:changes mime_type in S3 when renaming file extension
_14:speed improvements for job monitor handling, added POSIX config for VFS
items
_15:added search_file_contents_also for literal grepping
_16:added ServerBeat change alert type to provide notifications if VIP fails
over
_17:added multi_journal_timeout to control how fast VFS replication times
out
_21:creating shares when you have a quota set propagates the quota config to
the shares
_23:improved S3 speed for getting item info
_24:improved S3 speed with caching of stat calls to lookup item info
_26:major improvements in S3 caching when going through DMZ
_29:added support for custom VFS clients
_31:added support for change password through DMZ mode
_32:reduced dir listing object size for large directories in WebInterface
_40:added ability to load mime types for email attachments in email task
_42:PGP in stream can decide if file is encrypted or not before handling
_43:higher priority for DMZ queue threads
_48:added additional JOB_SCHEDULER logging category
_52:added setting for max_http_header_length to allow adjusting from default
2000
_53:added max upload count for http sessions
_54:added password_reset_message_browser_bad for ambiguity
_56:speed improvements for FindCache and Find task when handling lots of
files and excluding items
_73:SAML can now handle the name id format to use custom domains to be
ignored, or custom attributes to use as the username
_74:allow VFS clients to block uploads, and WebInterface login page shows
cookie acknowledgement banner.
_76:added s3 header for CrushFTP on uploaded-by
Fixes:
_1:fix for linked VFS's not in sync
_3:fix for s3 recursive directory creation
_4:fix for URL parsing
_6:fix for downloading empty files over FTPS
_7:fix for multi domain uploading through load balancer
_8:fix for lost serverside encryption header on S3
_9:added CrushSSO plugin for enterprise users
_10:fix for folder downloads forgetting filename
_11:fix for space in filenames on newer S3 regions
_12:fix for testing OTP configuration, s3-accelerate on AWSv4, and new job
scheduling
_13:fix for DMZ SSH public key lookup with @AutoDomain
_18:fix for searching file contents if search_file_contents_also is true
_19:fix for SSH key lookup from DMZ, and bug with shares created on a remote
VFS item
_20:fix for report showing full urls
_21:fix for not match pattern on windows with backslashes for folder
monitor
_22:fix for GDrive protocol's missing steps to activate
_25:fix for sftp port not starting in _24
_27:fix for s3 lookups on deleted folders
_28:fix for mainframe HTTP clients and not authenticating
_30:fix for infinite loop scenario deleting s3 item
_31:fix for special case VFS listing bug
_32:fix for hadoop verbose logging
_33:fix for more hadoop verbose logging
_34:fix for TempAccounts and incorrect displayed buttons through DMZ
_35:fix for corrupted web uploads being too big
_36:fix for WebInterface uploads timing out.
_37:fix for expired password change through DMZ
_38:fix for AS2 through DMZ
_39:fix for password change requirements not coming across correctly
_41:updated SFTP client library to fix initial key negotiation with some
servers
_42:DMZ ping/pong tests no longer get slowed by network traffic
_44:fix for Move task that attempted a rename
_45:fix for uploading tiny files getting stuck with HTML5 mode
_46:fix for transferring files less than 38 bytes long getting garbage
_47:fix for not all DMZ logging data being sent to internal when enabled
_48:fix for SFTP outbound host key signature mis-calculated lengths
_49:fix for multiple SFTP ports causing configuration overlap and failure at
server startup
_50 fix for uploaded_md5 tag on s3 items
_51:fix for small PGP file encryption with hinted size, and copy/move task
not operating properly
_54:fix for FTP listing of a Windows server pretending to be Unix like
_55:fix for SQL users and blank event configurations
_56:added flag to disable PGP checking since some remote connections may not
allow it (pgp on the fly):pgp_check_downloads
_57:fix for OTP timing of token
_58:fix for ssh key auth introduced by prior build _57
_59:fix for URL variables not being updated when creating directories at
login
_60:fix for aggressive HTML5 retry logic, added low memory alert, and
partial hour timezone offset.
_61:fix for Tunnel not detecting dead network connection correctly and
remaining active, and a fix for S3Crush references with spaces
_62:don't make unneeded history job folders if its turned off
_63:HTML5 upload chunk validation for browsers that don't work correctly
(Safari fails to send all chunk data at times).
_64:fixed bug with setting modified time on new files with SMB3 and
overwriting files with SMB3
_65:fix for unneeded cookies be assigned on session logout
_66:fix for manual user.XML password modifications
_67:fix for multi-domain chunk issues on uploads
_68:fix for hadoop subfolder listings and uploads
_69:fix for uploads to s3 taking long time to close
_70:fix for MDTM and s3 files being slow
_71:fix for DMZ connection not detecting failed connections to internal
server (backend storage unavailable)
_72:fix for zip task not preserving item's modified date
_73:fix for passwords with : in them, and DMZ SFTP disconnects notify
internal server properly now
_75:fix for java service install on windows
_77:fix for proxy protocol v1 for F5 and Amazon ELB
CrushFTP 8.2.0 - 08/28/2017
New:
_0:released
_5:added support for Amazon KMS keys for S3, haddop support for failover
URLs, s3 multithreaded downloading
_10:updated PGP libraries to current
_12:previously generated reports can be viewed through the DMZ
_13:added replication for saved HTML reports
_14:allow controlling all kex for SFTP now
_15:added CrushDuo authentication plugin
_18:added support for DMZ only working with current internal ServerBeat
master
_20:fix for CrushClient scheduled scripting mode leaving tabs behind, and
encryption to Copy/Move tasks
_22:added explicit log message when a user's password is changed by server
admin or user
_24:adds auditability in better detail of exactly what setting changes in
logs
_25:allows ssh public key files to be placed on remote servers
_27:allows sending DMZ log messages to central internal server
_28:active job transfers now show on the server admin dashboard too
_30:added user log info to jobs triggered by a user action
_30:session logs are now stored in separate folders to avoid file system
issues
_30:added scaled retry delay for CrushTask retries
_30:added support to retry a failed job
_32:Added support for handling connections as a SMB proxy
_33:added log messages for PGP on the fly actions and more verbose URL
logging in all job tasks
_34:added test PGP button, and easier windows service install with memory
and run as user config.
_35:added admin IP restrictions for who can do administration on the
server
_37:added min DH prime size for SFTP, and recaptcha on a per user basis in
the User Manager
_41:added flag for controlling DMZ messaging mode using notify/wait or
sleep.
_43:faster UI loading in User Manager and Preferences
Fixes:
_1:fix for smtp with server's not supporting sasl
_2:fix for s3 and AWS4 regions with files with spaces
_3:fixes for canceling WebInterface uploads
_4:fix for SMB:// home folder URLs in LDAP
_6:fix for x-amz-security-token on S3 v4 auth
_7:fix for FTPS ports and proxy protocol v1
_8:fix for CrushClient UI bug leaving behind tabs
_9:fix for WFTPD FTP server errors
_11:fix for password only auth without keyboard interactive for SFTP
_16:fix for Web uploads when dealing with a slow disk
_17:fix for DMZ race condition on uploads
_19:faster DMZ file uploads of small files
_20:fix for Wait task waiting on prior threads to finish
_21:fix for random salt generation with automated user creation
_23:fix for CrushFTPDrive on OSX, and HomeDirectory folder creation
replication
_26:fix for resetting server stats on dashboard
_27:fix for bad DMZ logins triggering excessive retries
_29:fix for logging bug blocking startup in some cases
_31:fix for foldermonitor triggered crushtasks
_35:fix for job scheduling bug for last day of the week
_36:fix for zip download
_37:fix for SFTP min/max DH key size, and Azure fix for subfolders
_38:fix for PGP logging in CrushFTP log and job logs
_39:fix for HTTP proxy mode with old proxy servers
_40:fix for sharing some items not functioning
_42:fix for duplicated dir items in merged VFS listings
_44:fixed flag always enabling v8worker flag on DMZ mode
_45:fix for serialization bug, http header issue, redirect bug, and xss
issues.
CrushFTP 8.1.0 - 04/11/2017
New:
_0:released
_3:faster s3 VFS item access
_10:logging improvements for debugging failed chunked uploading
_11:added connection pooling support to CrushTask jobs Move/Copy
_15:added debug logging for job timing
_18:added singleuser maintenance mode and password rules per user basis
_20:preliminary support for scheduled reports
_22:added support for user manager rollback of prior user saves
_28:added restore user function to User Manager
_31:changed how SSH forwarding rules apply
_37:CSV format of report can be emailed
_38:SSH DH Prime size can be downgraded if needed and added Azure protocol
support
_39:added ability to allow root level invisible item passing one level deep,
but not further
_40:added ability to disallow view and yet override it on a per folder or
file basis
_43:when IP is banned, terminate all connected session from that IP
_49:security improvements in XML handling
Fixes:
8.0.4_0:fix for corrupted uploads in HTML5 mode in some scenarios
8.0.3_0:fix for SFTP session memory leak
8.0.3_1:fix for SFTP session count issue for bad sessions
8.0.4
_1:fix for not validating file size at the end of HTML5 upload
_2:fix for HTML5 closeFile out of sync looping
_4:fix for Previews being attempted on files in progress
_5:fix for overwrite failures when using temp upload filenames and a HTML5
failed transfer
_6:fix for v8_beta flag causing issues from CrushFTP v7 upgrades
_7:fix for s3 caching bug
_8:fix for HTML5 uploads on unstable networks
_9:fix for replicating 0 byte files
_12:fix for FTP client in Jobs config failing after one file transfer.
_13:html5 upload fix for troubled network connections.
_14:fix for quota lookup from DMZ
_15:fixes for HTML5 and poor network conditions
_16:fix for HTML5 debug issue
_17:fix for reported size on HTML5 resumed uploads and SSO header
authentication
_19:fix for file size on HTML5 uploads
_21:fix for deleting expired template accounts
_23:fix for job scheduler saves making schedule run for next day
_24:fix for stopped server restarting on save
_25:fix for UsersList task and exclusion of groups.
_26:fix for zip64 and DMZ linked VFS permissions loss
_27:fix for ssh port forwarding bug
_28:fix for nested jobs when targeted with an event
_29:fix for DMZ permission paths
_30:fix for phantom DMZ permission entries
_31:fix for DMZ permissions, and fix for signed jars like CrushSync not
starting
_32:fix for SFTP user timeout not always being honored
_33:fixed upload error on HTML5 uploader
_34:fixed idle http session handling
_35:fix for duplicate zip paths in multiple merged VFS
_36:fix for FileParser CrushTask and quoted CSV files
_41:fix for replication and subitems when doing a make directory
_42:fix for view permission being removed on a directory and the directory
disappearing form the list
_44:fix for auto stopping DMZ ports when internal server is down
_45:rolled back LDAP change causing login failures
_46:fix for LDAP when referencing LDAP keys that don't exist
_47:fix for multithreaded dir listings and sftp dates when proxying data
_48:fix for s3 sharing of empty folders and msg for alerts, and pass
expiration with sftp
CrushFTP 8.0.4 - 12/03/2016
Fixes:
_0:fix for HTML5 uploads
CrushFTP 8.0.3 - 11/30/2016
New:
_3:Updated SFTP libraries to latest version
_5:added support for hack username patterns
_6:added ability to email on change of email, or password change
Fixes:
8.0.2: fix for upload bug
_1:fix for working behind a reverse proxy and upload fixes
_2:fix for proxy errors
_4:fix for viewing some logs with bad data
_5:fix for folder monitor finds
_6:fix for download on the fly pgp decryption
_7:fixes for new HTML5 uploader, UI, tiny files, resume, error recovery
_8:fix for missing form items in uploads for events
_9:fix for SFTP sessions not being cleared out on close
_10:fix for username reset password token lookup
_11:fix for renaming in a dir without view access
_12:fix for new users in the user manager with custom emailing forms
_13:fix for job monitor role being able to see older prior run versions of
the job.
_14:fix for leaving session references in SFTP
_15:fix for admin action trying to delete non existing item
_16:fix for SFTP sessions leaking and causing out of memory errors
CrushFTP 8.0.2 - 10/25/2016
New:
- HTML5 based upload system with 4x faster upload speeds, resume support,
and auto retry.
- Federating servers...multiple servers linked into one Linked Servers,
managed and monitored from the master server.
- Limited Server allows for a server to run with restricted filesystem
access for "user data" and "server config" areas.
- Server memory can be set from the dashboard now
- User data can now be replicated to another server via a journaled
replication system
- Recycle bin now resets the date for easier time based cleanup
- UI improvements to CrushSync systray/menu item for quick access
- updated SFTP libraries for more modern ciphers and architecture
- updated threading model for higher performance connection handling
- GoogleDrive for VFS data storage is supported now
- copy task items between jobs
- Job monitoring by user or group support
- support for job organization in job groups
- Dropped old plugins: PostBack,LaunchProcess,AutoUnzip. CrushTask replaces
all of them.
- updated reports UI, more enhancements coming
- CrushClient local agent is a new tool which now has an advanced
CrushClientUI
- improved slideshow playback for large folders with thousands of images
- support for password based encryption in PGP files instead of key based
- allow editing SSH port setting changes without disconnecting current users
- supports the proxy protocol v1 header for servers behind load balancers
that want to know the user's true IP
- allows for changing speed limits on the fly for existing connections
- files can now be locked, unlocked for more of a content management system
- allows an end user the ability to download a prior revision of a file that
has been replaced
- reports can be run at hourly intervals
- IPv6 support for IP banning and limiting connections for ports or users
- Ability to delegate a Linked Job out to a CrushClient running as an agent
in managed mode.
- jQuery library updates
- Telnet debug utility available on all admin areas
- Previewing a video file can play a lower resolution pre-generated file
instead of the full version.