AbsoluteFTP:name:white company:home 序號:11 授權碼:32233B78C832BFFF8B620D 日期: ACDSEEv3.0(1208):License Number:08102441 Name:隨便 Company:不用 E-Mail:隨便 ACDSee v2.41:Name:hambocore Code: Serv-U:r8fZajeU3JY,ED!SON '96.
Serv-U 15.1.3.3 was released December 29, 2015. A complete list of changes and upgrades follows: Bug Fixes: Fixed a case sensitivity issue occurs when configuring Directory Access rules.
Fixed an issue with LDAP public key authentication. Fixed a memory leak issue that occurred during LDAP authentication. Fixed an issue with the Expired Password Change functionality. Fixed an issue with Multi-line FTP responses for the FEAT command. Fixed an issue with possible SQL injection in the invitation link used by secure file sharing. Fixed an issue with possible persistent cross-site scripting in file sharing.
Fixed an issue with the possible injection of additional email headers using a crafter subject in an upload or download request. Features: Added an option to send test emails when configuring an SMTP server. Added support for TLS 1. Samsung Channel List Pc Editor D Serie Download there. 1 and 1.2. Added support for 15 new cipher suites.
Redesigned Mobile Web Client interface. Added an option to be able to set up Web Client Pro as the default web client. Added a new event type which provides the option to get a notification when a file is moved automatically by the server. Bug Fixes: Fixed an issue where it was not possible to upload files on Firefox version 36 through HTTPS. Fixed an issue where a script error occurred and it was not possible to administer a domain if the domain name contained an apostrophe. Fixed an issue with quota limits not being respected in the File Sharing module.
Fixed an issue with message prioritization in Serv-U which could impair Management Console performance. Fixed an issue where the 'Allow users to use Web Client' limit was not respected on mobile devices. Fixed an issue where the event action message text could not be longer than 256 characters.
Fixed an issue with partially uploaded files not being deleted over SFTP protocol. Fixed an issue which occurred when uploading multiple files to Serv-U in Internet Explorer. Fixed an issue where only the first LDAP server in the list was used to authenticate users when multiple LDAP servers were configured. Fixed an issue where leading or trailing spaces in user collection names caused possible data loss when users were moved to this collection.
Fixed an issue where email addresses which contained an apostrophe were not handled correctly by Serv-U. Fixed database issues that occurred after upgrading Serv-U to version 15.1.1. Fixed a timeout issue that occurred when listing directories which contained a large number of subdirectories and files. Features: Added automated file management: Serv-U can be set up to automatically delete or archive files within specified folders after a configurable number of days. Added support for associating multiple public SSH/SFTP keys with a user account for the purposes of public authentication.
Added the ability to create 'anonymous' file shares, search in file shares, set file sharing options on the administrative level, share files larger than 2 GB, and share files that are already on the server. Graphically enhanced New Domain Wizard, containing an extra step to assist in the configuration of a file sharing domain. Redesigned FTP Voyager JV and Management Console landing page and navigation controls. The Management Console landing page displays useful statistics immediately after login, and navigation among menu items is quicker and easier. The Management Console also informs administrators of the status of their software maintenance.
Introduced custom branding for the guest user UI. It is now possible to define custom logos to be displayed in File Sharing and the Web Client. In product notifications about new versions. The availability of a new version is displayed for administrators in the Management Console. Added a link to the 'File uploaded to share' and 'File downloaded from share' email notifications that takes users to the FileShare details page.
Enhanced Web Client Pro launching indication. Web Client Pro indicates the process of launching directly in the Java applet.
Improved LDAP authentication process to be compatible with more LDAP servers and configurations. It is now also possible to specify the connection account information for LDAP servers. Enhancements in setting up the user interface. The Web Client can now be disabled. Updated the file share details page to allow users to save a new password for a file share. The page now also includes pagination controls for the file download history. Updated the Serv-U Tray About box to use a single 'Close' button instead of the dual 'OK/Cancel' buttons.
Changed the location for pid and memory files on Linux. The pid is now stored in /var/run, and the memory-mapped file is stored in /var/tmp instead of /tmp. Added additional logging to help diagnose user authentication issues, including targeted LDAP error information, and issues with accessing a user account's home directory.
Added an option for configuring whether password autocompletion is allowed on the Serv-U login screen. Added a 'What's New' resource that displays new features contained in major releases of Serv-U.
Improved the paging mechanism of the 'View All' pages within the File Sharing client. Guest users can now access the main Web Client login screen by removing the share token from the URL. Improved the logic of the 'Guest Email Address(es)' field located within the File Sharing wizards. It is possible to paste a string into the field, and all valid email addresses are extracted from it. Updated the Web Client's dynamic right-click menus to a newer look and feel. Added the ability to remove Serv-U version information from HTTP response headers.
Bug Fixes: Corrected a potential security issue where Serv-U would respond to regular HTTP requests on an HTTPS listener if it could not load the certificate or private keys configured for use with SSL. Corrected an issue where the Management Console was loading slowly after an upgrade.
Corrected a number of potential security issues. Corrected an issue where the custom logo was not displayed correctly in the Web Client and the File Sharing user interfaces.
Corrected an issue where a global user could access the File Sharing interface even if it is disabled on the domain level. Corrected an issue where it was possible to directly navigate to a Serv-U directory without logging in. However, users were not allowed to perform any actions on the page since they were not logged in.
Serv-U now redirects users to the login page when they try to access a directory without authentication. Corrected an issue where the Default Web Client interface was not working if the other client interfaces were disabled.
Corrected an issue where a 404 error occurred on Linux systems when a group admin user logged in to the Web Client and used the Jump to menu to return to the Management Console. Corrected an issue where creating a limit to allow users to change password at the Group level caused display issues with the group's password limits.
Corrected an issue where guest users could not upload or download files from virtual domains. Corrected an issue in the File Sharing client where the pages were only partially displayed when the View All Requested button was clicked. Corrected an issue where transparency did not work with custom logos on Linux. Corrected an issue where an error occurred during file upload when the upload directory was read-only.
Corrected a Linux issue where default processes were left behind when an 'Execute Command' event was triggered. Corrected a Linux issue where system variable parameters were passed incorrectly to external applications. Corrected a Linux issue introduced in version 12.0.0.2, where Serv-U did not release the socket for connections coming from a banned IP address. This caused Serv-U to stop functioning properly when it reached the maximum number of open file descriptors allowed by the operating system. Corrected an issue where connections from internal IP addresses could receive a PASV IP address in use by the Serv-U gateway when a permanent PASV port range was assigned to Serv-U.
Corrected an issue where the case sensitivity of the LDAP login ID caused file share queries to fail. Corrected an issue where the Web Client was loading slowly over HTTPS. Corrected an issue where for users authenticating through Windows Authentication the Organizational Units (OUs) were not retrieved, unless the full UPN was used during login.
Corrected a Gateway bug where PASV mode data connections through a gateway were broken when the 'Block FTP_Bounce attacks' option was turned on. Corrected a javascript error in the Spanish version of Serv-U. Corrected an issue where the partially uploaded, corrupted files were not deleted automatically when the internet connection was interrupted during a file upload to the file share. Corrected an LDAP issue where the OU membership was not parsed for an LDAP user, unless that user also belonged to at least one security group. Corrected an issue where browsing to select the file share repository folder did not insert the full path if the folder was selected without navigating into it. Corrected an issue where for users authenticating through Windows Authentication, it might not have been possible to use the file sharing feature without the server administrator granting domain users access to the file sharing repository on the system.
Corrected a Linux issue where Serv-U did not load the LibGD properly on distributions using version 3 of the LibGD package. Serv-U now attempts to load the latest package using a symbolic link which is present on most distributions.
Corrected a Linux installer issue where Serv-U and Serv-U Gateway services were not removed during an uninstallation. Corrected a Linux installer issue where the console mode install of Serv-U Gateway did not respect the user's choices regarding installing as a service and running the Gateway after installation. Corrected a potential security issue where cookies delivered over HTTPS before the user logs in were not marked with the 'secure' attribute. These cookies did not contain confidential data, but could cause warnings in security scanning software. Corrected a potential security issue where Serv-U did not set the 'no-store' property in the Cache-Control of HTTP response headers for files that should not be cached.
Corrected a potential security issue where Serv-U could reveal valid login IDs using the HTTP password recovery feature that reported a distinct error message when an invalid login ID was supplied. Corrected a potential security issue where certain cookies could be susceptible to XSS/HTML injections. These cookies did not contain confidential data but could cause warnings in security scanning software.
Corrected a potential security issue where certain HTTP request parameters could be susceptible to XSS/HTML injections. These vulnerabilities were found using security scanning software. Corrected an issue where the SMTP notification text was running over the boundary of the File Sharing Settings area in the File Sharing tab of the Limits and Settings page when Internet Explorer was used. Corrected an FTP Voyager JV issue where the launch page showed Google Chrome instructions on an Opera15+ browser. Corrected a number of Web Client user interface issues. Corrected a Mobile Web Client issue where the Logout button caused the browser to enter into a recursive redirect state.
Corrected a Mobile Web Client issue where the copyright information was not displayed correctly. Corrected a Web Client Pro issue where dialogs were pushed behind the browser window on Mac OSX operating systems. Corrected a Web Client Pro issue introduced with JRE1.7_45, where a JRE security prompt was displayed regarding javascript-to-java calls. Corrected a File Sharing issue where the SMTP confirmation prompt appeared behind the successful creation prompt of an incoming file share. Serv-U 15.0.1.20 was released February 19, 2014.
A complete list of changes and upgrades follows: Features: •Added a dialog that informs Web Client Pro users about the options they have if they use JVMs older than version 7u51. •Improved support for Internet Explorer. Bug Fixes: •Corrected a bug when wildcards were not working correctly on Linux while doing a directory listing in FTP. •Corrected a bug where SDK did not integrate calls from other threads into the application.
•Corrected a bug where file sharing did not work correctly on 32-bit Linux systems. •Corrected a bug where the HTTP limits were not displayed while configuring limits at the group and user levels. •Corrected a bug where SFTP key renegotiation failed when zlib compression was used. •Corrected a bug where the setting that allows users to change their password did not work correctly. •Corrected a bug where the auto-disabling database users were continuously expired during displaying ODBC users in Management console.
•Corrected a security issue that allowed for a Denial of Service attack, which could make Serv-U unresponsive. •Corrected a Web Client Pro and FTP voyager JV issue where these Java applications would fail to launch correctly when the Oracle Java Runtime was updated to Java 7 Update 51. •Corrected an issue where HTTPS connections may fail to close after all data has been transferred. Affected installs of Serv-U would demonstrate degraded Management Console performance or errors. This most commonly occurred on Linux deployments with a single core processor.
•Corrected an SFTP (via SSH2) bug, introduced in Serv-U 10.2.0.0, where each connected session caused Serv-U to consume an excessive amount of memory until the session was disconnected. •Corrected a Web Client bug where users configured with FTP Voyager JV as their default web client did not see the FTP Voyager JV landing page when accessing Serv-U from a new browser window when the browser still had an active session cached. Features: Improved File Sharing feature that utilizes email initiated transfer of files. Improved Web Client user interface.
Rebranded the company information from RhinoSoft to SolarWinds for Serv-U, Serv-U Gateway, FTP Voyager JV, and Web Client Pro. Changed licensing information from RhinoSoft editions (Bronze, Silver, Gold, and Platinum editions) to SolarWinds editions (FTP server and MFT server editions). Updated the FTP Voyager JV JIDE user interface library to version 3.5.5. The full version number is now displayed in the version column of the 'Programs and Features' / 'Add/Remove Programs'screen on Windows. Updated version number displayed during install to include more of the minor version.
Bug Fixes: Corrected a security issue that allowed for possible SSL denial of service attacks. Corrected a security issue when using 'Require Fully Qualified Membership' LDAP login settings. Corrected an issue with scrollbars missing in Mozilla Firefox browsers in the Management Console. Corrected an issue with 'User Login Failure' events when using SFTP Client Key Authentication. Corrected an issue with the Serv-U Linux uninstall option not working.
Corrected a Web Client Pro issue after updating to Java 7 Update 21, making WCP unusable. Corrected an FTP Voyager JV bug where the JIDE user interface library would fail to load on Macintosh operating systems. Corrected an FTP Voyager JV bug where a large file could fail to upload when a slow speed limit is set within Serv-U.
End-users can now manually set the duration of when the client-side timeout should occur. Corrected an FTP Voyager JV bug where a local directory listing could take a long time to process due to UNC paths being specified as targets to Windows shortcuts (.lnk) files. Corrected a Linux bug where the uninstall desktop shortcut used by certain desktop environments failed to work properly.
Corrected a Web Client Pro bug where the web page would fail to communicate with the applet when the Java Runtime was updated to Java 7 Update 21 or Java 6 Update 45. Corrected an LDAP bug where users could not login using SFTP (via SSH2). Corrected a Web Client bug where the 'Recover Password' button was displayed along with the notice about javascript being disabled in the browser. Corrected a Web Client bug where the link provided to login when attempting to access a restricted page prior to logging in was broken. Updates FTP Voyager JV and Web Client Pro with new signatures to prevent an erroneous warning from Java about an expired certificate. Corrected an LDAP bug where Serv-U did not properly handle LDAP responses containing partial results. Corrected an LDAP bug where Serv-U did not properly handle user authentication if the LDAP server returned referrals.
Corrected an LDAP bug where Serv-U could reject a user if requiring fully-qualified group membership is enabled, the user belongs to multiple containers, and not all those containers are defined as LDAP groups in Serv-U. Corrected an SFTP bug where Serv-U did not properly handle the SSH_FXF_CREATE_NEW flag when passed in an SSH_FXP_OPEN command. This could cause uploads to fail or clients to fail to prompt the user for overwrite confirmation. Corrected a DoS vulnerability where clients could saturate Serv-U with SSL renegotiation requests that made Serv-U unresponsive. Features: Added support for LDAP authentication. (Serv-U Platinum only) Added support for LDAP group and organizational unit membership. (Serv-U Platinum only) Added server options to enable or disable specific SSL ciphers for HTTPS and FTPS.
Added Windows Event Log write events, allowing events to be written to the local Windows Event Log. (Serv-U Windows only) Added Microsoft Message Queue write events, allowing events to be written to one or more local or remote MSMQ queues. (Serv-U Platinum only, Serv-U Windows only) Added support for Windows 8 and Windows Server 2012. While running as a trial, Serv-U runs as Serv-U Platinum instead of Serv-U Gold. Changed the SYST FTP/S command to return 'UNIX Type: L8' when using UNIX style LISTings (default), 'Windows_NT' when using IIS style LISTings, or 'DOS' when using DOS style listings. The listing style can be specified in the 'LIST' FTP command.
All connections to Serv-U Gateway occur on port 1180 to help simplify firewall configuration between Serv-U and Serv-U Gateway. Previous versions connected on random ports above 1024. Requires Serv-U Gateway 12.2.0.0 or higher. Improved Serv-U Gateway dead listener detection to recognize when Serv-U Gateway appears to have gone offline by network connection loss. Requires Serv-U Gateway 12.1.0.10 or greater. Features: Added Serbian to the Linux installer.
Improved the error information provided by Web Client Pro. Proteus 7 1 Licence Key Executive Search. Bug Fixes: Corrected a Serv-U Linux SSL problem where connections could appear to hang when connecting only from localhost (127.0.0.1 or::1). Corrected a bug where blocking IP addresses at the server level based on a number of failed login attempts the blocked IP addresses were placed in the domain's IP access rules instead of the server's IP access rules.
Corrected a bug where Serv-U was not closing Serv-U Gateway listeners when disabling or deleting the Serv-U Gateway configuration from Serv-U. Corrected a Management Console bug where the right borders were hidden for the 'Groups Membership' list. Corrected a Management Console bug where the 'Purchase' link for FTP Voyager JV would go to the 'Customer Service' login page instead of the shopping cart when a Serv-U trial had expired. Corrected a bug where the language selection list on the login page had an excessive amount of white-space.
Corrected a bug where elements of the 'Custom HTML' files were being ignored due to missing measurement values for CSS attributes. Corrected a Web Client bug where it was possible to have the semi-transparent cover layer to become stuck and would block any further access to the user interface when uploading and downloading using Web Client Pro. Corrected a Web Client Pro bug where a parent's 'Completion' field was incorrect after its single child item was transferred. Features: Added Serv-U Gateway; providing a secure gateway that allows FTP, FTPS, SSH, and web (HTTP/HTTPS) clients to safely access a Serv-U file server deployed behind a firewall. Added Serv-U Platinum edition to include FTP Voyager JV and Serv-U Gateway in addition to all Serv-U Gold features. Added Web-based client branding removal for Serv-U Platinum.
Added logging at the user and group levels allowing individual user-based and group-based log files. Added iPad support for the Management Console allowing Serv-U to be managed remotely from an iPad. Added three new log path variables for 'Login ID' (%L), user 'Full Name' (%U), and 'Group Name' (%G). Added additional FTP hash commands used to validate the content of transferred files: XMD5, XSHA1, XSHA256, and XSHA512. Added hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96 SSH2 MACs. Added 'SessionID' system variable used to identify the session ID column shown in the Management Console active session lists and in domain logs.
Added system variables for date and time: $Day, day of the month; $Month, two-digit numeric month; $TextMonth, text version of the month; $Year, four-digit year; $2DigitYear, two-digit year; $Hour, hour (24-hour clock); $Minute, minute; $Second, second Added Integration DLL / shared library support for Linux. Updated OpenSSL libraries from 0.9.8u to 0.9.8w. Updated Italian strings throughout.
Updated the Web Client Image Preview dialog to go directly to the selected image in the Thumbnail scroll window without using the scrolling effect. Updated the Web Client to no longer refresh after a rename when in Thumbnail view. Bug Fixes: Corrected a Linux bug where administrators locked in their home directories could not create users whose paths started with '/'.
Corrected a bug in the Web Client where user names containing a backslash could cause a javascript error. Corrected a bug in the Web Client where files with similar names were not being sorted correctly. Corrected a bug in the Web Client where media files would stop playing in the Media Preview dialog when attempting to rename or delete the file. Features: Added Application Indicator support for Unity desktops on all Canonical Linux distributions (e.g., Ubuntu 11.04+). Added more robust version loading of shared libraries in Linux (e.g., ODBC, Application Indicators, and Graphic Device Libraries).
Updated various German and Swedish strings throughout. Added a busy dialog to Web Client Pro after multiple files were selected for upload.
Added a wait cursor to Web Client Pro to identify when a long operation is about to occur. Changed HTTP response code in the first line of the header to remove the 'HTTP ' part of the descriptive response.
Improved overall background processing performance to trigger more consistently on busy servers. Added system variable '$UserDomainName' that uses either the logged in domain name or the user's parent domain name. A blank name is returned if the user is a global server user that is not logging in.
Added the ability to 'Disconnect' multiple sessions in the Domain and Server Activity pages in the Management Console. Added the ability to 'Enable/Disable' events from the events list context menu in the Management Console. Updated the Web Client to redirect to the login page when a user becomes disconnected from the server. Updated the instructions in FTP Voyager JV's launch page in relation to specific browser download procedures.
Improved upload speeds over SSL encrypted connections on fast connections by up to 25%. Improved the Web Client by making files and folders selectable and context menu sensitive when in 'Thumbnails' view. Bug Fixes: Corrected a serious memory leak where valid HTTP/s and SSH logins whose end-user-specified login ID ended with a space caused Serv-U to allocated unneeded memory. Corrected a bug, introduced in 11.2.0.0 where the outbound buffer size was being calculated incorrectly. Corrected an SFTP (versions 4 and above only) bug where treating Windows Shortcuts as symbolic links but not as the target of the link, Serv-U would not identify the shortcut as a symbolic link. This did not affect SFTP 3 and lower.
Corrected a log rotation bug where Serv-U did not consider the domain name variable in the log file name (%S) when rotating or deleting log files resulting in early log file deletion. Corrected a bug where specifying a non-existent IP address in a listener and another listener using all IP addresses, Serv-U would not log the error and the tray application would not indicate the error condition. Corrected a bug where the Linux uninstaller would not fully uninstall Serv-U if a language other than English was installed. Corrected a bug in Web Client Pro where changing the selected rows would cause the user interface to become unresponsive.
Corrected a bug in the Management Console where adding an 'Event Filter' generated a script error. Corrected a bug in the Management Console where the 'minutes' label in the Disconnect dialog was not aligned correctly.
Corrected a bug in FTP Voyager JV where synchronize folders could produce an error confirmation when the comparison routine has been automatically cancelled. Corrected a bug in FTP Voyager JV where the 'Confirm logout when exiting application' option was not being saved within the Preferences dialog.
Features: Added Application Indicator support for Unity desktops on Canonical Linux distributions (e.g., Ubuntu 11.04). Added HTTP buffer 'sanity' limits to help avoid potential POST DoS attacks. Updated OpenSSL libraries from 0.9.8r to 0.9.8t. Added the use of the '426 Data connection unexpectedly closed.' To the PASV, EPSV, PORT, and EPRT commands.
Updated Swedish strings throughout the Engine, Management Console, and Web Client. Install Russian MFC resource DLL for Russian language installations. Install each available MFC locale resource DLL in installation directory to provide proper localization support. Improved Mobile Web Client layout to better support tablet devices by moving tool bar to the top of the page and adding dynamic image preview sizing based on device. Updated Spanish and Russian strings for FTP Voyager JV and Web Client Pro.
Added the ability to play.m4a files within browsers other than Safari and those running on Apple computers. Bug Fixes: Corrected a bug, introduced in version 10.2.0.0, where the FTP data channel outbound sockets buffering was too large. On non-local connections Serv-U would believe all data was sent prior to it physically being sent to the client causing Serv-U to send the 226 response to the client long before the client received the data. Corrected a potential but unlikely security problem where UNC path roots could be incorrectly compared between two UNC directory access rules where only the UNC root (e.g., ' Server-1 share.' And ' Server-2 share.' ) was the difference between the two rules.
Drive roots (e.g., 'D.' ) were not affected. Corrected a database table creation bug where columns could all be created as VARCHAR(32) limiting the space available for longer strings. Corrected a bug where Serv-U would not start from the tray while Windows UAC was enabled and Serv-U was setup to run as a service. Corrected a bug where the Serv-U Tray's special 'Documents' folder icon information was being incorrectly written to the Windows 'Desktop.ini' file preventing Windows from showing the Serv-U Tray's Theme folder icon. Corrected a minor memory leak in the Tray application's use of embedded Internet Explorer.
Corrected a Management Console and Web Client bug where certain elements would not work correctly when using Firefox version 10.0 browser. Corrected a Management Console bug where validation for email input was not allowing legitimate email addresses. Corrected a Management Console bug where context menus did not work on text areas. Corrected a Management Console bug where selecting a cell in the 'Template' column in the 'SQL Templates' dialog would not allow editing of the 'Value' column. Corrected a bug in the Web Client where double clicking on a file or directory would trigger the 'Move' command. Corrected a bug in the Web Client where the 'Image Preview' dialog was not large enough to support the long button labels used in the Spanish translations.
Corrected the Spanish Web Client Help Table of Contents translation. Corrected a bug in FTP Voyager JV where similar file names were not being sorted correctly (e.g., 'New folder' vs. 'New folder - Copy (1)' vs.
'New folder - Copy (2)'). Corrected a bug in Web Client Pro's transfer queue where similar file names were not being sorted correctly (e.g., 'New folder' vs. 'New folder - Copy (1)' vs. 'New folder - Copy (2)'). Features: Added support for using the Mobile Web Client with the Amazon Silk mobile browser (Kindle Fire). Changed the tray applications 'Display Notifications' to apply to only Serv-U's notifications not events. Events are now shown regardless of this option.
Improved Web Client Pro's launch confirmation dialog to make it easier to understand. Bug Fixes: Corrected a bug, discovered in-house, where an old administrative session could potentially cause Serv-U to crash after a Serv-U restart.
Corrected an HTTP Windows Authentication bug where the login would not complete and appear to hang. Corrected an FTP download bug where the compressed and uncompressed totals returned in the '226 Transfer complete.' Response was incomplete.
This problem usually only occurred after transferring a file locally (localhost, 127.0.0.1, or::1). Corrected an FTP upload bug where the compressed total returned in the '226 Transfer complete.' Response incomplete, usually by 2 bytes. Corrected a rename bug, introduced in 11.1.0.5, where renaming a file within the same parent directory required write permission in the parent directory. Corrected a database mapping bug where using non-default values for tables, would cause the loss of the search attribute rending the table unavailable.
Corrected a Mobile Web Client bug where the URL address bar was not scrolling out of view when previewing images. Corrected a Management Console bug where the 'Spy Chat' session information would overflow the dialog when the location path was very long. Corrected a Management Console bug where a javascript error could occur on the 'Server Details' page when a registration Id becomes expired. Bug Fixes: Corrected a security issue where it was possible to see directories, create directories, and download files above a user's root directory (Secunia SA47021).
This security error has been in Serv-U since Serv-U version 1.0. Corrected a bug where end-users could delete their home directory. Corrected an SFTP (via SSH2) upload transfer rate bug where the domain, user, and group active transfer statistics were incorrect. Corrected a move file bug where the new parent directory's permissions were being checked when the new directory was different from the original. Corrected a bug where PASV listen sockets would remain open until after they were no longer needed. This could cause some systems to use too much memory or eventually fail to accept FTP data connections. Corrected a bug when creating a new domain, the domain would not go 'on-line'.
Firing startup events, writing to the log, and starting statistics would not occur unless the domain was manually disabled then enabled or Serv-U was restarted. Corrected a bug where Serv-U did not properly verify that upgrade protection is valid for a new version being installed on Windows Vista or newer. Corrected a Management Console bug where button icons were misplaced when using a Firefox browser on a Linux OS. Corrected a bug in the Web Client where file and directory names containing ampersands could not be moved using drag and drop.
Corrected a Management Console bug where combo box drop-down lists would persist when the containing dialog was closed while the combo box drop-down list was still active. Corrected a Mobile Web Client bug where navigating to directories with certain characters in the name would result in an error.
Features: Added tray menu options to gracefully shutdown Serv-U when all sessions are closed, when all active transfers complete, and to cancel a pending shutdown. Stopped including an HTTP body for HTTP response code 304 (not modified) improving Serv-U's HTTP caching support. Improved the user & group dialogs so that selecting different tabs maintains the height of the dialog providing more workable real estate. Added server a level log line to identify whether or not the Windows GDI+ or Linux gd libraries were loaded by Serv-U. Added server a level log line to identify whether or not the ODBC database library was loaded by Serv-U. Dynamically load the Linux graphics and ODBC libraries so that Serv-U can still run on Linux installations where these libraries are not installed.
Bug Fixes: Corrected a download bug with Firefox 8.0; Firefox would present end-users with a random file name instead of the file name of the file being downloaded. This was due to Firefox's changed interpretation of the 'Content-Disposition' HTTP header. Corrected an SFTP (via SSH2) bug where Serv-U would not queue directory listing reads and respond as directory listing information became available causing certain clients to appear hung during directory listings. Corrected an SFTP version 6 and greater bug where Serv-U would incorrectly tell the client a directory listing was complete when it wasn't causing the client to show truncated directory listings for long listings. Corrected an FTPS security bug where Serv-U would allow the command channel to operate when SSL negotiation on the command channel failed. Corrected an FTPS download bug when download speed limits and compression were in use, the file download would pause and never restart. Corrected a bug where compressed SSL transfers (HTTPS and FTPS) could record an incorrect running transfer total.
Fixed buffer overflow bug that occurred when using passwords greater than 5,120 characters for the SMTP password, SSL certificate private key password, or Windows user password for a directory access rule. Corrected a Management Console bug where some domains were not visible in the Change Domain dialog on initial load. Corrected a Management Console bug where FTP Response Codes were not sorted correctly on initial load. Corrected a bug in the Web Client and Management Console where text selection was possible when using an Opera browser.
Corrected a Management Console bug where the list box control in 'Limits & Settings' dialog would collapse before items were selected. Corrected a Management Console bug where the 'Browse' button in the 'Virtual Paths' dialog was wrapping to the next line.