Version 10.0.0

YOU ARE VULNERABLE IF YOU DON'T UPGRADE! Minimum safe version is 10.5.1.



https://www.crushftp.com/crush9wiki/Wiki.jsp?page=CrushFTPUpgrade

What's New?


CrushFTP 8.3.3 has been released!


Overall 8.3.3 has security patches and updates internal libraries for PGP and SFTP. v8 is end of life as of October, 2020.

CrushFTP 8.2.1 - 12/13/2017

New:
_0:released
_2:improved testURL command to handle more VFS property items
_5:changes mime_type in S3 when renaming file extension
_14:speed improvements for job monitor handling, added POSIX config for VFS items
_15:added search_file_contents_also for literal grepping
_16:added ServerBeat change alert type to provide notifications if VIP fails over
_17:added multi_journal_timeout to control how fast VFS replication times out
_21:creating shares when you have a quota set propagates the quota config to the shares
_23:improved S3 speed for getting item info
_24:improved S3 speed with caching of stat calls to lookup item info
_26:major improvements in S3 caching when going through DMZ
_29:added support for custom VFS clients
_31:added support for change password through DMZ mode
_32:reduced dir listing object size for large directories in WebInterface
_40:added ability to load mime types for email attachments in email task
_42:PGP in stream can decide if file is encrypted or not before handling
_43:higher priority for DMZ queue threads
_48:added additional JOB_SCHEDULER logging category
_52:added setting for max_http_header_length to allow adjusting from default 2000
_53:added max upload count for http sessions
_54:added password_reset_message_browser_bad for ambiguity
_56:speed improvements for FindCache and Find task when handling lots of files and excluding items
_73:SAML can now handle the name id format to use custom domains to be ignored, or custom attributes to use as the username
_74:allow VFS clients to block uploads, and WebInterface login page shows cookie acknowledgement banner.
_76:added s3 header for CrushFTP on uploaded-by


Fixes:
_1:fix for linked VFS's not in sync
_3:fix for s3 recursive directory creation
_4:fix for URL parsing
_6:fix for downloading empty files over FTPS
_7:fix for multi domain uploading through load balancer
_8:fix for lost serverside encryption header on S3
_9:added CrushSSO plugin for enterprise users
_10:fix for folder downloads forgetting filename
_11:fix for space in filenames on newer S3 regions
_12:fix for testing OTP configuration, s3-accelerate on AWSv4, and new job scheduling
_13:fix for DMZ SSH public key lookup with @AutoDomain
_18:fix for searching file contents if search_file_contents_also is true
_19:fix for SSH key lookup from DMZ, and bug with shares created on a remote VFS item
_20:fix for report showing full urls
_21:fix for not match pattern on windows with backslashes for folder monitor
_22:fix for GDrive protocol's missing steps to activate
_25:fix for sftp port not starting in _24
_27:fix for s3 lookups on deleted folders
_28:fix for mainframe HTTP clients and not authenticating
_30:fix for infinite loop scenario deleting s3 item
_31:fix for special case VFS listing bug
_32:fix for hadoop verbose logging
_33:fix for more hadoop verbose logging
_34:fix for TempAccounts and incorrect displayed buttons through DMZ
_35:fix for corrupted web uploads being too big
_36:fix for WebInterface uploads timing out.
_37:fix for expired password change through DMZ
_38:fix for AS2 through DMZ
_39:fix for password change requirements not coming across correctly
_41:updated SFTP client library to fix initial key negotiation with some servers
_42:DMZ ping/pong tests no longer get slowed by network traffic
_44:fix for Move task that attempted a rename
_45:fix for uploading tiny files getting stuck with HTML5 mode
_46:fix for transferring files less than 38 bytes long getting garbage
_47:fix for not all DMZ logging data being sent to internal when enabled
_48:fix for SFTP outbound host key signature mis-calculated lengths
_49:fix for multiple SFTP ports causing configuration overlap and failure at server startup
_50 fix for uploaded_md5 tag on s3 items
_51:fix for small PGP file encryption with hinted size, and copy/move task not operating properly
_54:fix for FTP listing of a Windows server pretending to be Unix like
_55:fix for SQL users and blank event configurations
_56:added flag to disable PGP checking since some remote connections may not allow it (pgp on the fly):pgp_check_downloads
_57:fix for OTP timing of token
_58:fix for ssh key auth introduced by prior build _57
_59:fix for URL variables not being updated when creating directories at login
_60:fix for aggressive HTML5 retry logic, added low memory alert, and partial hour timezone offset.
_61:fix for Tunnel not detecting dead network connection correctly and remaining active, and a fix for S3Crush references with spaces
_62:don't make unneeded history job folders if its turned off
_63:HTML5 upload chunk validation for browsers that don't work correctly (Safari fails to send all chunk data at times).
_64:fixed bug with setting modified time on new files with SMB3 and overwriting files with SMB3
_65:fix for unneeded cookies be assigned on session logout
_66:fix for manual user.XML password modifications
_67:fix for multi-domain chunk issues on uploads
_68:fix for hadoop subfolder listings and uploads
_69:fix for uploads to s3 taking long time to close
_70:fix for MDTM and s3 files being slow
_71:fix for DMZ connection not detecting failed connections to internal server (backend storage unavailable)
_72:fix for zip task not preserving item's modified date
_73:fix for passwords with : in them, and DMZ SFTP disconnects notify internal server properly now
_75:fix for java service install on windows
_77:fix for proxy protocol v1 for F5 and Amazon ELB


CrushFTP 8.2.0 - 08/28/2017

New:
_0:released
_5:added support for Amazon KMS keys for S3, haddop support for failover URLs, s3 multithreaded downloading
_10:updated PGP libraries to current
_12:previously generated reports can be viewed through the DMZ
_13:added replication for saved HTML reports
_14:allow controlling all kex for SFTP now
_15:added CrushDuo authentication plugin
_18:added support for DMZ only working with current internal ServerBeat master
_20:fix for CrushClient scheduled scripting mode leaving tabs behind, and encryption to Copy/Move tasks
_22:added explicit log message when a user's password is changed by server admin or user
_24:adds auditability in better detail of exactly what setting changes in logs
_25:allows ssh public key files to be placed on remote servers
_27:allows sending DMZ log messages to central internal server
_28:active job transfers now show on the server admin dashboard too
_30:added user log info to jobs triggered by a user action
_30:session logs are now stored in separate folders to avoid file system issues
_30:added scaled retry delay for CrushTask retries
_30:added support to retry a failed job
_32:Added support for handling connections as a SMB proxy
_33:added log messages for PGP on the fly actions and more verbose URL logging in all job tasks
_34:added test PGP button, and easier windows service install with memory and run as user config.
_35:added admin IP restrictions for who can do administration on the server
_37:added min DH prime size for SFTP, and recaptcha on a per user basis in the User Manager
_41:added flag for controlling DMZ messaging mode using notify/wait or sleep.
_43:faster UI loading in User Manager and Preferences


Fixes:
_1:fix for smtp with server's not supporting sasl
_2:fix for s3 and AWS4 regions with files with spaces
_3:fixes for canceling WebInterface uploads
_4:fix for SMB:// home folder URLs in LDAP
_6:fix for x-amz-security-token on S3 v4 auth
_7:fix for FTPS ports and proxy protocol v1
_8:fix for CrushClient UI bug leaving behind tabs
_9:fix for WFTPD FTP server errors
_11:fix for password only auth without keyboard interactive for SFTP
_16:fix for Web uploads when dealing with a slow disk
_17:fix for DMZ race condition on uploads
_19:faster DMZ file uploads of small files
_20:fix for Wait task waiting on prior threads to finish
_21:fix for random salt generation with automated user creation
_23:fix for CrushFTPDrive on OSX, and HomeDirectory folder creation replication
_26:fix for resetting server stats on dashboard
_27:fix for bad DMZ logins triggering excessive retries
_29:fix for logging bug blocking startup in some cases
_31:fix for foldermonitor triggered crushtasks
_35:fix for job scheduling bug for last day of the week
_36:fix for zip download
_37:fix for SFTP min/max DH key size, and Azure fix for subfolders
_38:fix for PGP logging in CrushFTP log and job logs
_39:fix for HTTP proxy mode with old proxy servers
_40:fix for sharing some items not functioning
_42:fix for duplicated dir items in merged VFS listings
_44:fixed flag always enabling v8worker flag on DMZ mode
_45:fix for serialization bug, http header issue, redirect bug, and xss issues.


CrushFTP 8.1.0 - 04/11/2017


New: _0:released
_3:faster s3 VFS item access
_10:logging improvements for debugging failed chunked uploading
_11:added connection pooling support to CrushTask jobs Move/Copy
_15:added debug logging for job timing
_18:added singleuser maintenance mode and password rules per user basis
_20:preliminary support for scheduled reports
_22:added support for user manager rollback of prior user saves
_28:added restore user function to User Manager
_31:changed how SSH forwarding rules apply
_37:CSV format of report can be emailed
_38:SSH DH Prime size can be downgraded if needed and added Azure protocol support
_39:added ability to allow root level invisible item passing one level deep, but not further
_40:added ability to disallow view and yet override it on a per folder or file basis
_43:when IP is banned, terminate all connected session from that IP
_49:security improvements in XML handling


Fixes: 8.0.4_0:fix for corrupted uploads in HTML5 mode in some scenarios
8.0.3_0:fix for SFTP session memory leak
8.0.3_1:fix for SFTP session count issue for bad sessions
8.0.4
_1:fix for not validating file size at the end of HTML5 upload
_2:fix for HTML5 closeFile out of sync looping
_4:fix for Previews being attempted on files in progress
_5:fix for overwrite failures when using temp upload filenames and a HTML5 failed transfer
_6:fix for v8_beta flag causing issues from CrushFTP v7 upgrades
_7:fix for s3 caching bug
_8:fix for HTML5 uploads on unstable networks
_9:fix for replicating 0 byte files
_12:fix for FTP client in Jobs config failing after one file transfer.
_13:html5 upload fix for troubled network connections.
_14:fix for quota lookup from DMZ
_15:fixes for HTML5 and poor network conditions
_16:fix for HTML5 debug issue
_17:fix for reported size on HTML5 resumed uploads and SSO header authentication
_19:fix for file size on HTML5 uploads
_21:fix for deleting expired template accounts
_23:fix for job scheduler saves making schedule run for next day
_24:fix for stopped server restarting on save
_25:fix for UsersList task and exclusion of groups.
_26:fix for zip64 and DMZ linked VFS permissions loss
_27:fix for ssh port forwarding bug
_28:fix for nested jobs when targeted with an event
_29:fix for DMZ permission paths
_30:fix for phantom DMZ permission entries
_31:fix for DMZ permissions, and fix for signed jars like CrushSync not starting
_32:fix for SFTP user timeout not always being honored
_33:fixed upload error on HTML5 uploader
_34:fixed idle http session handling
_35:fix for duplicate zip paths in multiple merged VFS
_36:fix for FileParser CrushTask and quoted CSV files
_41:fix for replication and subitems when doing a make directory
_42:fix for view permission being removed on a directory and the directory disappearing form the list
_44:fix for auto stopping DMZ ports when internal server is down
_45:rolled back LDAP change causing login failures
_46:fix for LDAP when referencing LDAP keys that don't exist
_47:fix for multithreaded dir listings and sftp dates when proxying data
_48:fix for s3 sharing of empty folders and msg for alerts, and pass expiration with sftp


CrushFTP 8.0.4 - 12/03/2016


Fixes: _0:fix for HTML5 uploads


CrushFTP 8.0.3 - 11/30/2016
New:
_3:Updated SFTP libraries to latest version
_5:added support for hack username patterns
_6:added ability to email on change of email, or password change


Fixes: 8.0.2: fix for upload bug
_1:fix for working behind a reverse proxy and upload fixes
_2:fix for proxy errors
_4:fix for viewing some logs with bad data
_5:fix for folder monitor finds
_6:fix for download on the fly pgp decryption
_7:fixes for new HTML5 uploader, UI, tiny files, resume, error recovery
_8:fix for missing form items in uploads for events
_9:fix for SFTP sessions not being cleared out on close
_10:fix for username reset password token lookup
_11:fix for renaming in a dir without view access
_12:fix for new users in the user manager with custom emailing forms
_13:fix for job monitor role being able to see older prior run versions of the job.
_14:fix for leaving session references in SFTP
_15:fix for admin action trying to delete non existing item
_16:fix for SFTP sessions leaking and causing out of memory errors


CrushFTP 8.0.2 - 10/25/2016
New:

- HTML5 based upload system with 4x faster upload speeds, resume support, and auto retry.
- Federating servers...multiple servers linked into one Linked Servers, managed and monitored from the master server.
- Limited Server allows for a server to run with restricted filesystem access for "user data" and "server config" areas.
- Server memory can be set from the dashboard now
- User data can now be replicated to another server via a journaled replication system
- Recycle bin now resets the date for easier time based cleanup
- UI improvements to CrushSync systray/menu item for quick access
- updated SFTP libraries for more modern ciphers and architecture
- updated threading model for higher performance connection handling
- GoogleDrive for VFS data storage is supported now
- copy task items between jobs
- Job monitoring by user or group support
- support for job organization in job groups
- Dropped old plugins: PostBack,LaunchProcess,AutoUnzip. CrushTask replaces all of them.
- updated reports UI, more enhancements coming
- CrushClient local agent is a new tool which now has an advanced CrushClientUI
- improved slideshow playback for large folders with thousands of images
- support for password based encryption in PGP files instead of key based
- allow editing SSH port setting changes without disconnecting current users
- supports the proxy protocol v1 header for servers behind load balancers that want to know the user's true IP
- allows for changing speed limits on the fly for existing connections
- files can now be locked, unlocked for more of a content management system
- allows an end user the ability to download a prior revision of a file that has been replaced
- reports can be run at hourly intervals
- IPv6 support for IP banning and limiting connections for ports or users
- Ability to delegate a Linked Job out to a CrushClient running as an agent in managed mode.
- jQuery library updates
- Telnet debug utility available on all admin areas
- Previewing a video file can play a lower resolution pre-generated file instead of the full version.