Serv-U Version 9.2.0.1

Serv-U 9.2.0.1 was released December 17, 2009. A complete list of changes and upgrades follows:

• Added a thumbnail image preview scroller to the Image Preview dialog in the Web Client.
• Added Web Client support for Windows mobile phones.
• Added Web Client support for Android OS mobile phones.
• Added PhotoShop, Adobe Illustrator, and Adobe InDesign extension icons for the Web Client.
• Added Spanish Web Client support.
• Added the time period User and Group statistics were collected on the User and Groups statistics page.
• Added database user categories for better administration organization and better system performance for large numbers of database users.
• Improved database user listing for large number of users by 30% or more.
• Improved user group lookup when a very large number of groups is used.

• Corrected a bug in Microsoft Internet Explorer 8 where IE would make requests of JavaScript instead of files(appears to be a buffer problem in IE). The symptom would present itself in the Management Console as a "Permission Denied" page. This is a work-around for Microsoft Internet Explorer's (version 8) bug.
• Corrected a tray bug when using Microsoft Internet Explorer as the default browser. Changing from using Windows' Default Browser to the tray's embedded browser would cause the Management Console to show the "Loading" dialog until being restarted.
• Corrected a security issue where it was possible to see directories above a user's root directory.
• Corrected an SFTP (via SSH2) bug where certain clients requesting both read and write access to a non-existent file, would not be able to upload or create that file unless the file already existed.
• Corrected several Simplified Chinese translation errors.
• Corrected a Simplified and Traditional Chinese translation error where the "SSH public key" was translated as "SSH private key".
• Corrected a database problem when using Microsoft Access Serv-U to alter tables. Unlike other databases Microsoft Access prevented Serv-U from adding columns to a table while the table was already open.
• Corrected a bug in the New User Collection dialog where the enter key did not save the added collection.
• Corrected a bug in the Group dialog where focus was not being placed on the Group Name input.
• Corrected a bug in the User Group Membership dialog where double click did not remove the selected group from the "Member of Groups" list.
• Corrected a bug in the user list where sorting was lost when changing collections.
• Corrected a permissions bug, introduced in Serv-U 8.1.0.1, where when denying create directory permission to a parent directory, but allowing it for a sub-directory, Serv-U would not allow directory creation in the sub-directory.
• Corrected a bug where Serv-U could crash when using 3 or more local administrators, requires special undocumented parameters to cause, and only occurs locally.
• Corrected a bug where renaming a user Category would cause Serv-U to crash if a user in that Category was logged in.
• Corrected a bug in the Web Client where resizing the window, in Internet Explorer, when in thumbnail mode would cause an error.

Serv-U and FTP Voyager JV 9.1.0.0 Released

• Corrected "Cookie Buffer Overflow Vulnerability" (Secunia SA37228).
• Added Web Client support for BlackBerry mobile phones.
• Added the ability to filter user and group lists in the Management Console.
• Added additional security checks to ensure Serv-U application integrity.
• Added support for CIDR notation for IP ranges in addition to Serv-U's wildcard method.
• Added the ability to permanently block an IP address using the anti-hammer rule for the domain or server.
• Added the ability to export the users in all collections and database from the user's tab.
• Added a drop down list of available IP addresses in the Listener dialog and in the Domain Creation Wizard.
• Changed configuration, account configuration, startup log, and data files location to "C:\ProgramData" (ALLUSERSPROFILE environment variable) in Windows Vista+.
• Changes for better Windows 7 UAC support.

Serv-U Version 9.0.0.5

Serv-U 9.0.0.5 was released October 13, 2009. A complete list of changes and upgrades follows:

• Added support for the 64-bit Internet Explorer 8 browser on Windows Vista 64-bit.
• Added the ability to disable the Web Browser's login page check for older web browsers. When disabled, the login page no longer suggests upgrading Internet Explorer.
• Added the ability to set the "SSH Authentication Method" at the domain and server levels in addition to the user and group levels.
• Changed SSH public key authentication to recognize the lack of a public key and require password only.
• Improved SSH public key authentication support for Windows Authentication, where a specified public key can be used in addition to password authentication. Password authentication for SSH is always required.
• Remember the last selected user when entering the Domain Activity and Server Activity pages.
• Added context menus to the user and group lists in the Management Console.
• Updated Japanese, Traditional Chinese, and Simplified Chinese Administrator Help text.
• Updated Traditional Chinese and Simplified Chinese Management Console strings.

• Corrected some text in the License.rtf file.
• Corrected a bug, introduced in version 9.0.0.1, where Windows Authentication would fail with SSH2.
• Corrected a bug where the incorrect custom logo would be displayed in domain settings when using the inherited default value from the server.
• Corrected a bug when using Windows Authentication and a custom logo, Serv-U would not be able to show the custom logo in the Web Client if the user didn't have read permissions in Windows for the custom logo.
• Corrected a bug where blowfish and/or cast128-cbc were allowed for SSH2 while running in FIPS 140-2 mode. When used, OpenSSL would fail terminating Serv-U.
• Corrected an SSH2 bug where Serv-U would send the client an invalid list of supported ciphers and MAC algorithms while running in FIPS 140-2 mode.

Serv-U Version 9.0.0.3

Serv-U 9.0.0.3 was released October 5, 2009. A complete list of changes and upgrades follows:

• Added the ability to log into the Management Console and Web Client when using the 64 bit Firefox browser.
• Changed the group selection dialogs in the Management Console to move focus to the last selected group list in order to avoid confusion over which list has current focus.
• Corrected a few Russian Management Console strings.

• Corrected a bug where hidden files were being listed for MLST / MLSD FTP operations, when hidden files were configured to be hidden (i.e., not returned in the listing).
• Corrected a bug in the web client where the history navigation would lose its current location in the history list.
• Corrected a problem where Serv-U could not create private key pair files with passwords when FIPS 140-2 mode was enabled.
• Corrected a memory / handle leak when using Windows Authentication, Serv-U was not releasing memory when attempting to retrieve a Windows User's home directory.
• Corrected a bug where FTP Voyager JV would not launch from a Macintosh computer running Snow Leopard with the Safari web browser.

Serv-U Version 9.0.0.1

Serv-U 9.0.0.1 was released September 29, 2009. A complete list of changes and upgrades follows:

• Added FULL UNICODE support. Serv-U is now capable of supporting file paths, user names, and passwords in any language supported by Windows.
• Added the ability to install any supported language on any localized version of Windows. For example, installing Japanese, Chinese, or Russian Serv-U is now supported on Windows in English.
• Added FIPS 140-2 support for OpenSSL. SSL and SSH (FTPS, HTTPS, and SFTP) encryption is FIPS 140-2 certified through OpenSSL (Certificate #1051). (Serv-U Gold only)
• Added support for user and group SSH public key authentication.
• Added 4 SSH authentication methods; "password only", "public key only", "public key and password", and "public key or password".
• Added the ability to create SSH public key files (SSH RFC 4716 format) for SSH public key authentication.
• Added Integration DLL support, allowing DLLs to be written to interface directly to Serv-U for user access, events, and common operations. (Serv-U Gold only)
• Added the ability to define custom "SITE" FTP commands via Integration DLL support. (Serv-U Gold only)
• Added the ability to define custom FTP commands via Integration DLL support. (Serv-U Gold only)
• Added the ability to act as a Windows user for individual directory access rules. A Windows user name, password, and domain may be optionally specified for individual directory access rules. This allows Serv-U to access network resources even while running as a system service using the Windows local system account. (Serv-U Gold only)
• Added the ability to send email messages to users with account login ID and password. (Serv-U Gold only)
• Added "User Added" event so that custom Events events may be triggered when a user is created. (Serv-U Gold only)
• Added "IP Address Auto Added" event, triggered when an IP address has been automatically added to the IP access rules. (Serv-U Gold only)
• Added the ability for users to recover or reset their passwords in the HTTP login page. If using one-way password encryption, the password is changed to a randomly generated password based on administrator defined password requirements. (Serv-U Gold and Silver only)
• Added new login statistics for the Server, Domain, Group, and User, all individually viewable. These new statistics include: number of logins, number of logouts, current logins, most concurrent logins, last login time, last logout time, average login time, longest login duration, and shortest login duration.
• Added options to save Users and Groups statistics to CSV file.
• Added support for SFTP (via SSH2) welcome messages. If a welcome message or welcome message file is specified, Serv-U sends the message with the SSH2_MSG_USERAUTH_BANNER message.
• Added the ability to limit when a user or group can log in based on the day-of-the-week and/or the time-of-day.
• When an IP address is in an approved IP address list that approved IP address is no longer blocked when automatically blocking IP addresses unless the IP address is approved because of *.*.*.* or * in the IP access list.
• Added new system variables intended for use by events only; $Password, $LocalHomeDirectory, $LogFilePath (log deletion event only)
• Added new system variables: $UserEmailAddress, $FullName, $SpaceFullName, $FullNameSpace, $ComputerName
• Added the ability to send email events to multiple recipients. Email recipient lists may be specified by separating email addresses by a comma or space.
• Added the ability to enable or disable events.
• Added the ability to use $UserEmailAddress for the destination email address in email events.
• Added the ability to send email events to groups members.
• Added the ability to BCC (blind carbon copy) email addresses for email events.
• Changed email messages to retry for a period of time when unable to connect to the specified SMTP server and when the server appears to be using grey listing.
• Added the ability to use SSL when connecting to an SMTP server for email messages.
• Added two new user events identifying whether or not password recovery was successful.
• Added a new domain event identifying when a log file is purged.
• Added the ability to add comments to individual IP Access rules.
• Added the ability to wait for up to 30 seconds for an executable event to complete before continuing execution in Serv-U. This is useful if an executable needs to move or copy a file before Serv-U deletes it (such as purging a log file).
• Added the ability to download the current log file from within the Management Console.
• Changed log file format to UTF-8.
• Added the ability to purge log files based on the total size or total number of log files in a directory. This feature deletes the oldest log files when either limit is exceeded.
• Added the ability to use the PASV IP Address / Domain Name only for FTPS (FTP over SSL) connections to help with certain routers.
• Added the ability to use the PASV IP Address / Domain Name for LAN connections (via private IP addresses) as well as WAN / Internet connections.
• Added the ability to import and export users from the Users' tabs in CSV (comma separated value) format.
• Added a new Connection limit to Users, Groups, Domains, and the Server which can require users to have a reverse DNS name to connect or login to the server.
• Added the Advanced Limit to disable renaming files and directories to paths that already exist; applies to users, groups, domains, and the entire server. FTP, FTPS, HTTP, HTTPS, and SFTP (via SSH2) versions 3 & 4 are the affected protocols. SFTP versions 5 and above uses a different mechanism as defined by the protocol, unless the client uses the SSH_FXP_RENAME_NATIVE flag.
• Added the ability to disable specific database tables. Disabling unused tables can reduce the number of ODBC calls.
• Changed the default User and Group table names from "User" to "SUUsers" and "Group" to "SUGroups" in order to avoid "reserved" Microsoft SQL keywords. Microsoft reference page: http://msdn.microsoft.com/en-us/library/ms189822(SQL.90).aspx
• Added new FTP system variables: $CurrentUncompressedTransferBytes and $CurrentCompressedTransferBytes
• Reduced the database column sizes for non string columns by default. This is due to some restrictions by some databases on the total row length.
• Added "Windows 7" to the $OS system variable.
• Changed Serv-U's automatic listener recovery (periodically attempts to listen again when unable to listen) so that this feature is disabled when more than 50 domains are defined. This is done to save CPU cycles on slower computers.
• Automatically create log file directory structure if the parent directory of a specified log file doesn't already exist.
• Changed the "OPTS UTF8 ON/OFF" command to be available prior to login.

• Added a domain navigation tree for one-click access to any configuration page, including any server configuration page.
• Changed the group membership dialog in the Management Console to hide the "Add" and "Remove" arrows when nothing is selected in the corresponding list.
• A randomly generated password is automatically created when creating new users. The password is fully highlighted so if not desired simply typing a new password over the existing requires no extra work for an administrator.
• Changed the Domain wizard to prompt either for one-way or two-way password storage.
• Added the ability to set the advanced properties for database user and group limits.
• Changed all lists, inside the Management Console, to use "natural sorting" to properly sort items according to the current locale.
• Changed the default button from "Yes" to "No" in destructive confirmation dialogs. Pressing enter automatically answers "No" instead of "Yes".
• Changed domain administrator operations to include those shown on the "Settings" tab for the domain "Limits and Settings".
• Removed the "Windows Authentication" tab for domain administrators.
• Added the domain events tab for domain administrators.
• Changed the events list to exclude listings of balloon tip and execute events.
• Added "Domain" and "System" admin icons to the users list to identify them from normal users.
• Added the ability select a private key size (in bits) for SSL certificate creation (1024, 2048, and 4096).
• Added a Windows Vista & Windows 7 style "bread crumb" navigation bar to the file and directory browse dialogs for easier navigation.

• Added a powerful file search feature to the Web Client that allows users to recursively search for specified files using exact file name matches or wildcard matches.
• Added a Windows Vista & Windows 7 style "bread crumb" navigation bar for easier directory navigation.
• Added a history navigation menu for faster navigation to previously viewed directories.
• Added the ability to auto play video files in the Web Client by setting a URL parameter (playmedia=1).
• Changed file and folder list, to use "natural sorting" to properly sort files and folders according to the current locale.
• Changed the default theme for Windows 7 to use "Windows Vista".
• Added an alert dialog on the login page to inform users to upgrade to IE8 to improve performance.

• Added a tray option to use the system browser instead of the embedded Internet Explorer. Using the system browser can be faster, depending on the browser, and can reduce the amount of RAM used by the tray application.
• Improved accuracy of "XX KB", "XX MB", and "XX GB" displays to round up to the next highest value instead of checking for any amount over the unit (as older versions of Windows did). (Tray Application and FTP Voyager JV)
• Added support for saving the tray's Management Console Window coordinates over multiple monitors

• Added the "Synchronize Folders" feature which allows for easy folder comparison for mirroring either a local or remote folder.
• Added the ability to search for files and folders within FTP Voyager JV.
• Added the ability to create an automatic login file for FTP Voyager JV.
• Added the number of items, number of selected items, and current directory to the status bar of FTP Voyager JV.
• Changed FTP Voyager JV's default value of "Remove files from Transfer Pane after completion" to "false".
• Changed FTP Voyager JV's file sorting to use "natural sorting" to properly sort file names according to the current locale.
• Changed the FTP Voyager JV File Properties dialog to show the "Date Created" and the "Date Last-Accessed" fields when launched from a selected remote file.
• Changed the formatting of FTP Voyager JV's file sizes and transfer stats to include one or two digits past a decimal character.
• Changed the FTP Voyager JV startup page to recognize when FTP Voyager JV logs out. The page queries the server every 10 seconds, if logged out, the page automatically redirects to the logged out page.

• Corrected a bug where the "SITE SET TRANSFERPROGRESS ON" FTP command could cause Serv-U to crash.
• Corrected a bug where the "SITE SET TRANSFERPROGRESS ON" FTP command was using the wrong system variable ($NoFormatTransferBytes). $CurrentUncompressedTransferBytes is now used.
• Corrected a bug where database column mapping would not work.
• Corrected an attribute availability bug when specifying the start time "after" the end time, Serv-U would not properly handle this condition.
• Corrected a security bug where Serv-U was showing all drives and virtual paths to drives for "\" when a user may not have had permission to list all drives or virtual paths to drives.
• Corrected a directory listing / change directory bug where Serv-U was not allowing access to a parent directory, in some cases, if permissions for the parent directory were not explicitly set.
• Corrected a bug in the MFF FTP command where Serv-U was not ignoring the space between the "fact" and the "path name", causing MFF to fail with an incorrect path response.
• Corrected a bug where the UNIX directory mask would not work correctly if "r" (read) and "w" characters were not being used in the same locations as the default. This was changed to remain consistant with Serv-U version <= 6.4.

• Corrected a bug where the user was unable to close a combo box when clicking on the combo box drop down arrow.
• Corrected a bug in the Domain Wizard dialog where the pages where not all the same height.
• Corrected a bug where the User & Groups Statistics would hang when changing the Collection.
• Corrected a bug where the domain log would not properly clear out the log contents after resetting the filtering.
• Corrected a bug where the RhinoSoft.com logo located in the footer had an incorrect background.
• Corrected a bug where "Transfer Ratios" were not being saved correctly causing the wrong information to appear in the dialog.
• Corrected a bug where the UNIX directory mask could not be saved.

• Corrected a Web Client upload bug, where uploading a small file, locally or on a very fast connection, the Web Client could think the file did not upload, even when it did. This problem occurred mostly in Firefox browsers.
• Corrected a Web Client upload bug, where uploading a file that would overwrite a file with the same name, and had encoded characters, would fail to prompt the user for accepting the overwrite.
• Corrected a bug where when logging in using an Opera browser on Japanese Windows would fail to read cookies needed to set the language and cause the page to reload continuously.
• Corrected a bug where the wrong string was used for the alt tag in the Web Client header image.

• Corrected a bug in some dialog boxes that caused the font to shrink and adjusted the sizing on some images. This bug was only noticeable on Japanese Windows.

• Corrected a bug in FTP Voyager JV that displayed the Change Password option to users who are not allowed to change their password.
• Corrected a bug in FTP Voyager JV's tree control that allowed the user to try to rename the root folder of the particular file system.
• Corrected a bug in FTP Voyager JV where the Main Toolbar's right-click menus did not represent all the buttons of the toolbar.
• Corrected a bug in FTP Voyager JV where the preview pane was not handling error states for failed preview images.
• Corrected a bug in FTP Voyager JV where the preview pane could enter an invalid state by rapidly switching the selected file of a directory listing.
• Corrected a bug in FTP Voyager JV where the preview pane was not refreshing its image after a file was transferred.
• Corrected a bug in FTP Voyager JV where the about box's Build Date would sometimes show the timestamp of a previous build.
• Corrected a bug in FTP Voyager JV where the File Properties fields for formatting dates were not taking into account the Preferences option "Automatically adjust timestamps for Daylight Saving Time".
• Corrected a bug in FTP Voyager JV where the Remote Pane's tree was not correctly inserting the child tree nodes for remote drives.
• Corrected a bug in FTP Voyager JV where the right-click menu of the dockable frame's tab was not refreshing its check mark status for the right-click menu options.
• Corrected a bug in FTP Voyager JV where the Tree and Preview titles were not using the translated strings.
• Corrected a bug in FTP Voyager JV where the application location and size between sessions was failing to load for dual-monitor setups.
• Corrected a bug in FTP Voyager JV where the active frame would move from the local frame to the remote frame after a "New Folder" operation was completed.
• Corrected a bug in FTP Voyager JV, introduced in version 8.2.0.1, where uploading files with non-ASCII characters would fail in many cases.
• Corrected a bug in FTP Voyager JV that failed to change the password for users that had non-ASCII characters in their "User Name" and/or "Password" fields.
• Corrected a bug in FTP Voyager JV that failed to overwrite and move a remote file between two remote directories that had the same file name.
• Corrected a bug in FTP Voyager JV where the overwrite dialog would show the resume button even if copying or moving files across the same file system.