CHANGES SINCE VERSION 1.00 ========================== Version 6.0 (6.0.0.0) Released 7 December 2004 ---------------------------------------------- * Added support for local Admin password. * Added support for disabling account on expiration. * Added support for NT-SAM / Active Directory domains. * Fixed bug causing compressed downloads to fail occasionally. * Added support of %user% directive in the physical part of virtual directory mappings. Version 5.2 (5.2.0.1) Released 27 September 2004 ------------------------------------------------ * Fixed bug in STOU command causing Daemon crashes. Version 5.2 (5.2.0.0) Released 7 September 2004 ----------------------------------------------- * Fixed bug causing empty lines in long dir listings. * Fixed bug causing Admin to hang at startup if many client-to-server messages are saved. * Changed ODBC code to work around MS SQL Server bug. * Changed password checking code to be case insensitive to storage in INI file and registry. * Added detailed ODBC logging at the domain level. * Major rewrite of ODBC code to be compatible with more dB engines. * Changed all ODBC lookups to use upper case account names. * Added SQL templates used by Serv-U to Admin program. * Changed ODBC account storage to only store changed fields. * Added Admin option to enable low-security SSL ciphers. Version 5.1 (5.1.0.0) Released 8 July 2004 ------------------------------------------ * Added support for CCC ( = Clear Command Channel) command. * Added support for MODE Z ( = ZLib compression) command. * Fixed bug in log file name and rotation mechanism. * Added support for XCRC calculation of files while in transfer. * Changed quota setup in Admin program to use MB instead of kB. Version 5.0 (5.0.0.11) Released 21 May 2004 ------------------------------------------- * Added logging of resume point for transfers. * Fixed bug of S/Key failing for unencrypted passwords. * Fixed bug in auto-reconnect for ODBC domains. * Changed registration key auto-enter-from-clipboard to be less sensitive to format. * Fixed bug in SSCN handling, causing server-to-server (FXP) dir listings to fail. * Added domain ID and name to log file name options. Version 5.0 (5.0.0.9) Released 15 April 2004 -------------------------------------------- * Fixed bug in performance counters, value for 'Total KB transferred' was wrong. * Fixed bug in path parser causing crashes for certain paths. * Added ODBC connection retry in case connection fails immidiately after server start. * Changed registration key mechanism, key is valid when the last major version was released within update period. * Ported code to Borland C++ Builder v6. * Fixed a number of Admin bugs causing crashes. * Fixed bug in Daemon dir listing code causing crashes. * Fixed bug causing crashes on Daemon exit. * Changed MDTM so it can now change the date/time of directories as well as files. * Added support for SSCN command. * Added better crash loging to Administrator program, logs to file ServUCrashReport.elf. Version 5.0 (5.0.0.4) Released 23 February 2004 ----------------------------------------------- * Changed Windows' port checking code to better detect ports in paths. * Fixed bug where enabling/disabling directory cache does not get saved. * Fixed bug of tray-icon not starting automatically upon reboot. * Fixed SQL statement bug for lookups in dir access and IP access rules tables. * Added domain settings option to auto-create homedir if it doesn't exist. * Added automatic connection retry in case ODBC connectivity is lost. * Fixed bug in access DLL mechanism, causing events to not get dispatched under certain circumstances. * Fixed bug causing SSL transfers to fail when a speed limit is used. * Fixed bug in MDTM command that potentially caused the daemon to crash. Version 5.0 (5.0.0.0) Released 20 January 2004 ---------------------------------------------- * Added support for user account setting that requires a secure connection to log in. * Added 'Apply' and 'Restore' buttons to various panes. * Added support for NLST command to list dirs on a per-domain basis. * Fixed bug in deleting user accounts starting with same partial name. * Added 'up' button to Administrator program. * Added XCRC support. * Added support for independent server-level uplink/downlink bandwidth limits. * Changed Admin code to trap certain exceptions in XP. * Fixed bug not showing custom domain message for "no anymous access". * Added code to auto-create user's homedir if it does not exist yet. * Added support for more SSL ciphers. * Added code to enforce that domain/group admins cannot assign rights they don't have. * Changed symbolic message parameters to show "unlimited" when needed. * Added support for putting individual domains online/offline. * Fixed bug causing crashes when using "%ServerAvg" message directive. * Fixed XP problem with long server startup times. * Fixed bug in dir listing of root dirs with path as argument. * Changed check for the need of a secure connection from PASS to USER command. * Fixed bug with Windows 2003 in setting up listening sockets. * Changed MDTM command to work with UTC instead of local time. * Changed PORT command to block use of ports below 1024. * Fixed bug causing use of ports (ie. printing-via-FTP) to fail. * Changed NLST command to return 550 error reply in case no entries are found. * Made tray icon persistent in case of Explorer crashes/restarts. * Added ODBC database support. * Fixed bug causing disk quota to fail under certain conditions. * Added license volume checking. * Added per-domain user/group account settings cache time-to-live. * Changed password encryption from a server-wide setting to a per-domain setting. * Changed listening socket handling, now running in seperate thread. * Fixed bug in dir listing cache, when caching more than 63 entries. * Fixed buffer overflow bug in MDTM command. * Added support for CLNT command. * Added support for Corporate Edition. Version 4.1 (4.1.0.3) Released 3 January 2003 --------------------------------------------- * Fixed bug causing status bar info to get sent when status bar is hidden. * Changed handling in case Anonymous account doesn't exist. * Fixed bug in renaming files for Win95. * Fixed bug where SSL certificates were erronously tagged as v4, now they are v3. Version 4.1 (4.1.0.0) Released 4 November 2002 ---------------------------------------------- * Changed certificate creation to verify country code input. * Internationalized forms and code, to enable localization. * Various layout changes to accomodate localization of the Administrator program. * Changed code to remove unescaped telnet characters. * Added code to block paths using "alternate data streams". * Fixed bug allowing read-only admins to kick users. * Created 90 second session time-out before login. * Fixed bug with MDTM not sending a reply in case no date is available. * Log message "Starting FTP Server..." now logged by all domains to indicate server start. * Changed RNTO command so it works when a different destination volume is specified. * Fixed bug where WinSock activity didn't get logged for data sockets with limited port range. * Fixed bug allowing clients to start transfers while server stop was pending after transfers finish. * Fixed bug with dir listing mask for some mapped UNC paths not showing read-write bits. * Fixed bug in SITE CHMOD command when file name starts with digits. * Added domain port and domain ID fields to access verification DLL structure. * Added domain port and domain ID fields to event verification DLL structure. * Changed Administrator program to load SSL libraries on demand. * Changed telnet escape sequence handling to fix problems with 8-bit languages. * Changed layout of Admin for local server login. * Added option to enable/disable SSL for remote admin connection. * Fixed bug in session time-out mechanism. * Changed "Apply" button/menu layout to make confusion less likely. * Added universal dynamic-DNS support. * Removed TZO support. * Changed socket handling to make daemon less sensitive to DOS attacks. * Implicit SFTP now allows insecure data channel if negotiated through PROT command. * Changed install and master wizard so Serv-U is not a (system) service by default. * Added support for P@SW command to allow certain SMC Barricade routers work with passive mode. * Added tray icon shortcut to start menu. * Fixed bug allowing entry of ports over 65535 for a domain. * Changed code so account home directory cannot be deleted by client. * Changed code to pass SRVU_Password to add-on DLLs in case account has no password. * Added menu toggle for startup splash screen. * Added support for clipboard entry of alternate registration key format from SERV-UID.TXT file. * Added support for files over 2GB, now works for files up to around 9,000,000TB. * Changed code so Admin program no longer requests status bar info when bar is not visible. Version 4.0 (4.0.0.4) Released 4 February 2002 ---------------------------------------------- * Added support for FEAT, OPTS, PBSZ, PROT and AUTH commands. * Fixed bug in Admin program about clearing all sysop messages not working. * Added TLS/SSL support, both for implicit and explicit SFTP. * Fixed bug in tray icon not showing server stop in case performance counters are used. * Adherence to RFC2228, RFC2246, RFC2389 and the IETF draft "Securing FTP with TLS". Version 3.1 (3.1.0.3) Released 1 January 2002 --------------------------------------------- * Fixed bug causing crashes with access verification DLLs. * Fixed bug in Admin program about clearing all sysop messages not working. Version 3.1 (3.1.0.1) Released 26 December 2001 ----------------------------------------------- * Fixed bug causing Daemon crashes on Win98 due to insufficient stack space. * Fixed bug of tray icon not auto-starting in some instances. * Fixed installer bug causing start-menu to be missing on Win9x. Version 3.1 (3.1.0.0) Released 20 December 2001 ----------------------------------------------- * Removed left-click menu from tray-icon due to conflict with double-click. * Fixed bug in reporting cause of failed transfers ("killed by server" used erronously). * Fixed bug causing Admin program crashes upon exit. * Added support for TZO.com dynamic DNS. * Fixed various problems related with Terminal Services and Fast User Switching (XP). * Changed installer to install start menu items for all users. * Fixed bug not showing user info when very long file paths were involved. * Added option to enable/disable conversion of URL characters (like '%20'). * Fixed bug preventing user info details from auto-updating. * Changed QUIT reply code from 220 to 221 to be in compliance with RFC959. * Fixed bug preventing program from getting minimized. * Fixed bug in using a passive mode port range. * Fixed bug to list contents for NLST with a specific directory argument. * Changed admin program to be hidden when minimized while viewing local server. * Fixed bug preventing renaming of directories in some cases. * Added event notification for raw FTP commands and FTP replies. * Changed no. of login attempts after a successful login to only 1. Version 3.0 (3.0.0.17) Released 30 May 2001 ------------------------------------------- * Fixed bug in file times displayed in dir listings, sometimes off one hour. * Fixed bug when using "\" as an access rule. * Added menu item to find lost registration ID via Internet. * Fixed bug with "Help | Getting Started" menu selection. * Fixed bug with "Del" key not working when editing in some panels. * Changed tray-icon to (also) enable/disable its auto-start when starting/stopping. * Fixed bug in total user acount count shown in license just after install. * Fixed bug in uninstaller when admin program is running. * Added installer code to replace IMAGEHLP.DLL when old DLL has no version info. * Added caching of domain settings to speed up server start and reloading of settings. * Fixed installer bug causing errors with IMAGEHLP.DLL when a reboot was needed. * Added registration button to license panel. * Fixed bug erronously enabling current quota button for remote admin. * Fixed bug when running server on systems without C:\ drive. Version 3.0 (3.0.0.16) Released 15 May 2001 ------------------------------------------- * Changed RNTO command so renaming to same file/dir name always succeeds. * Added crash logging to server and admin program. Logs in ServUCrashReport.txt file on crashes. * A successful login now resets anti-hammering for that user. * Changed "delete" access to no longer auto-include "write" and "append" access. * Added support for automatic account expiration date. * Added support for limiting PASV port range for use over firewalls. * Changed product name from "FTP Serv-U" To "Serv-U". * Changed SIZE command to work with either read, write, append, modify or list access. * Changed memory managers for daemon and admin to use SmartHeap instead of RTL. * Added support for messages to/from the sysop between client and server. * Changed defaults for keep-alive and inlining-OOB, now off by default. * Added support for killing file transfers. * Added auto-blocking for 1 minute of users where session time-out is exceeded. * Added support for system tray icon. * Added support for maximum session duration. * Completely removed OWL class library from daemon code. * Changed "current transfer speed" in user activity info to be more accurate. * Changed daemon compiler from BC++ 5.02 to BCB 5.0. * Added menu item to view local IPs (for people with dynamic IP). * Various installer changes/enhancements. * Added logging of blocked IPs as part of the "security" related log messages. * Changed dir listing code to improve efficiency. * Changed reported current speed for users to be a 6 second average. * Added support to lock files while downloading. * Extended blocking FTP_bounce attacks to also block FXP. * Added support for disabling PASV. * Added support to disable date/time changes through MDTM. * Added support to block future date/time changes through MDTM. * Added SITE CHMOD command to set/reset read-only and hidden attributes. * Changed dir listings to properly reflect read-only and hidden attributes. * Added option to filter domain and session log text. * Added support for mapped directories (virtual paths). * Added full support for UNC paths. * Added various ways to kick a user off the server. * Added remote viewing of current list of blocked IPs on server. * Added support for F6 to toggle focus between left and right panels. * Added NT performance monitor support. * Added support for running as Win95/98 or native NT system service. * Added support for registry based domains in addition to .ini file domains. * Added extensive caching for user setup data. * Added caching for message files (signon, login etc). * Added caching for server response messages. * Added support for various user defined server response messages. * Added support for configurable log file name when using automatic rotation. * Added domain-specific user activity. * Changed WinSock logging to be more efficient. * Added split speed limits for uploads/downloads to user setup. * Added support for dynamic IP and multiple domains sharing same listening socket. * Added support for remote server shutdown and placing server offline. * Added support for domain-specific logging. * Added support for domain-specific server ports. * Changed passwords to use MD5 hash instead of UNIX 'crypt'. * Changed speed calculations to use more precise (1ms) timer. * Added control over low-level socket options. * Created brand-new administrator program for server setup. Version 2.5k Released 16 April 2001 ----------------------------------- * Fixed bug in setting server user limit to 0. * Changed RNTO command so renaming to same file/dir name always succeeds. Version 2.5j Released 19 March 2001 ----------------------------------- * Fixed bug in link handling of certain Windows' shortcuts. * Added (much) more WinSock logging. * Fixed bug causing server to run out of memory during DOS attack. * Fixed problem with using UNC paths from the Emerald access DLL. * Fixed bug sometimes causing 'hidden' files to get listed while they should not. Version 2.5i Released 4 December 2000 ------------------------------------- * Changed default for LIST to show all files (ie. '-a' option of 'ls'). * Fixed bug allowing unauthorized access using paths like "\..%20.". Version 2.5h Released 3 November 2000 ------------------------------------- * Limited no. of login attempts for account changes after a successful login. * Fixed bug in NLST causing it to only show files regardless of command line. Version 2.5g Released 30 October 2000 ------------------------------------- * Fixed bug which sometimes caused stuck connections to stay after their time-out. * Fixed bug in log message in case client is kicked off by sysop or server. * Fixed bug in transfer count in case of tranfers ending in error. * Now flushing dir listing cache when using "ReloadSettings=TRUE" in .ini file. * Changed server-to-stack transfer buffer back from 8192 to 4096 bytes. * Changed REST command to allow PORT and PASV without canceling the restart. * Fixed bug causing premature time-out when anti-time-out is enabled. * Fixed bug handling Telnet command sequences. * Changed NLST command to only show files (no more dirs). * Added 'e' option to the 'ls' dir listing emulation, for files-only. * Changed MDTM to not allow future date/times. Version 2.5f Released 1 August 2000 ----------------------------------- * Changed event hook handling to allow file/path changes. * Changed server-to-stack transfer buffer from 4096 to 8192 bytes. * Fixed bug causing crashes when rapidly receiving large amounts of bogus commands. Version 2.5e Released 24 March 2000 ----------------------------------- * Fixed handling of Windows' shortcuts that point to mapped drives. * Changed quota handling to allow a maximum of around 4000000000 Gb. * Fixed bug in use of multiple backslashes in paths. Version 2.5d Released 14 February 2000 -------------------------------------- * Fixed bug introduced in v2.5c causing inability to rename directories. Version 2.5c Released 8 February 2000 ------------------------------------- * Fixed bug causing ill-formed Windows' links (shortcuts) to crash the server. * Fixed bug using ports in certain commands which caused server to hang. * Fixed problem in dealing with characters values over hex F0 in paths. * Fixed handling of UNC paths, was fixed in v2.5a, broken again in v2.5b. Version 2.5b Released 4 December 1999 ------------------------------------- * Added control of PacketTimeOut via .INI file. * Removed check for UNC paths, they are allowed now but (still) not supported. * Added support for HEX password strings with S/KEY. * Fixed bug in S/KEY causing it to store the wrong password after changing seed. * Fixed bug denying access when using wildcards in rules for a drive root. * Fixed bug in file transfer percentage of user info when file gets renamed. * Fixed bug causing alternate passive IP to be ignored. * Changed handling of passive mode transfers that never connect. * Fixed bug in SITE PSWD command causing server to crash with bogus input. * Changed default dir listing mask to 'rwxrwxrwx' to make AOL FTP clients happy. * Fixed bug causing crashes upon exit in NT. * Changed handling of uploads for UL/DL ratios to be less sensitive to abuse. Version 2.5a Released 5 May 1999 -------------------------------- * Fixed bug in count of transferred bytes. * Fixed the "check for update" menu bitmap to equal that of FTP Voyager. * Fixed problem of showing Serv-U window from tray-icon in Win2000 or with IE5. * Fixed bug introduced in v2.5 causing crashes with long paths in FTP commands. * Fixed bug in handling links in root directories, sometimes caused server to hang. * Fixed bug which caused Windows shortcuts in root dir to fail as links. * Fixed bug which caused no tranferprogress to be sent during uploads. * Fixed label for SRVU_QuotaMax event during logging of DLL events. * Bitmap-enhanced menus are now disabled in NT3.51. * Added logging of speed and bytes tranferred for aborted transfers. * Added control over low-level socket options. Version 2.5 Released 14 April 1999 ---------------------------------- * Changed SITE INDEX command to be non-recursive, to solve crashes on Win98. * Added on-line help. * Fixed bug with user names containing '@'. * Added automatic update checking to the 'help' menu. * Added support for Win9x/NT .lnk 'links', they are now resolved like Serv-U links. * Changed user info mechanism to be vastly more efficient in CPU use. * Added support for home-IP specific sign-on and sign-off messages. * Added 'SRVU_SignOnMes' and 'SRVU_SignOffMes' access verification DLL events. * Added file/path info to the user information dialogbox. * Added percentage complete info for downloads to the user informatino dialogbox. * Added menu item to toggle between conventional/enhanced style menus, to make screen readers work (they can't read bitmap menus). * Added server IP address(es) to "About" dialogbox * Added 'append' access right for users, to facilitate resuming of uploads. * Added 'SRVU_AppendFile' access verification DLL event for append access. * Added button to "Kill user" dialogbox to auto-calculate subnet mask. * Added keyboard shortcuts to menus. * Added anti-hammer measures. * Added menu item and button to suspend logging to screen. * Changed menu style in 32-bit to have images associated with them. * Changed 'resume' for uploads, now only requires write access if upload is resumed within 12 hours. * If server is closed while maximized this is now properly restored on startup. * Maximum concurrent no. of logins from same IP is now configurable. * Password changes by the client are now logged. * S/KEY passwords can now also be changed remotely through SITE PSWD. * Logging of local IPs is now switched off by default, and part of the logging setup. * Added log file rotation, on daily, weekly, monthly, or yearly basis. * Added logging of access DLL event info for debugging. * Added support for listening to home IP addresses only. * Fixed bug causing premature time-outs during file transfers. * Added EVNT_ProgUp and EVNT_ProgDown for event nofication DLL progress notification during file uploads and downloads. * Added .ini file 'OpenFilesUploadMode' option to force server to open files exclusively or shared during uploads (32-bit only). * Added .ini file 'DirListMask' option to select a dir listing access mask. * Default dir listing access mask is now "rwx------". * Added dynamic adaptation of packet time-out for uploads to a minimum of 1.5 minute for fast consistent uploads. Helps free up files faster for resuming. * The user is now warned if a new user/group is entered which already exists. * Added .ini file 'ReloadSettings' entry to force the server to reload its settings. * Added dynamic caching of disk quota, making this much more efficient. * Added protection for starting Serv-U with a vastly wrong date, also fixed crashes in case the date gets out-of-whack. * Fixed bugs in try-out mechanism, added use of TCP to reach permission server. * Fixed bug which denied access to ports, even if proper access rules were present. * Fixed bug causing Serv-U to slowly leak sockets. * Fixed bug in key entry mechanism when reading new style key (with "[BEGINKEY]" ...) from KEY.TXT file. * Added SITE SET TRANSFERPROGRESS command, to inform client of the progress of data transfers for server-to-server use. Version 2.4a Released 23 September 1998 --------------------------------------- * User/group setup now prompts if homedir does not exist and offers to create it. * Added "/s" option to start only a single instance of Serv-U. * Changed access rule interpretation mechanism. * Fixed bug in SITE INDEX command. * Changed path resolver to convert double backslashes to single ones. * In case the password type is changed the user is now prompted for a new password. * Fixed bug in link handling causing long dir listing delays in some cases. * Single dir/file names (with/without wildcards) are now allowed as access rules. * Added user interface to option for not logging connections from certain IPs. * Added tray icons to represent offline state, with a little help from John Hiemenz. * Changed on/offline mechanism to simulate going offline rather than destroying its listening socket due to problems reliably reacquiring a new listening socket. * Added two access verification DLL events, SRVU_Connect and SRVU_Close, to make it easier for DLLs to keep track of state for a user. * Added more appropriate local error message in case server can not open a data connection to the client in active mode. * Changed share modes for files to upload/download to make opening files which are in use more likely to succeed. * Added "%LoggedInAll" message directive for total no. of logged in users since server start. * Added "%ServerAvg" message directive for average bandwidth use since server start. * Added "%ServerKBps" message directive for current server bandwidth use. * Fixed bug in access rule mechanism to allow access to a dir if it contains files with access (while dir itself has no specified access). * Added more socket status info to WinSock activity logging. * Fixed bug in socket stack handling causing WSAENOTSOCK error messages. * Added user selectable log screen font to logging setup. * Fixed bug in handling single letter absolute dirs (eg. "/c") for relative paths. * Added support for S/KEY one-time passwords. * For external access verification DLLs the session ID is passed on now. * Added 'Flush cache' button to directory cache setup to flush the cache. * Fixed bug in directory changes to short-name (ie. DOS8.3 style) directories. * Added selection list of available IP homes to multi-homed IP setup. * Added button to disk quota setup to pre-set the current value. * Links pointing to a directory are no longer shown in the dir they point to. * Fixed bug in handling of wildcards in access rules. * Fixed bug in renaming an existing file. * Fixed tray-icon tooltip to read proper KBps. * Added support for descriptive names and passive mode address translation to IP home setup and multi-homed IP handling. Version 2.4 Released 20 July 1998 --------------------------------- * Fixed host IP passed with SRVU_LogClientIP and SRVU_IPAccess events. * The original user name (in original case and length) is now passed as a second parameter in the 'Aux' field for the SRVU_Password event. * Rename (RNTO) now renames over an existing file if needed. * STAT now shows ongoing transers with their progress. * HELP now shows the server type and version code in its last line. * Added browse buttons to various file selection items. * Added SITE ZONE command to report server timezone to client. * Added on/off-line menu item to tray icon menus. * Changed "About" dialogbox. * Added Web links from 'help' menu items. * Fixed rare bug that caused users to hang past their time-out. * Added small delay between last message from server and actual disconnect so clients have a chance to display final message. * Fixed bug in path handling for single character paths. * Changed command reply to use 425 code in case the data connection fails. * Alternative settings file (like SERV-U.INI) is now accepted on the command line. * Fixed bug in event notification DLL mechanism, in case the server is suspended. * Event notification for EVNT_EndDown, EVNT_EndUp, EVNT_AbortDown, EVNT_AbortUp now have transfer mode in 'AuxTwo'. * Added menu item 'file - on-line' to put server on/off-line. * Added CWD command to the event hooking mechanism. * To delete or rename a directory the user now needs access to that dir, and not its parent (as used to be the case). * User time-out is now part of the individual user account setup. * Changed status bar style. * Changed CWD so it always returns the path with the actual capatilization. * Changed signon/signoff text handling so leading spaces are preserved. * Max. no. of users is now part of the individual user account setup. * The default user account "ALL" is now named "** Default **". * When first started a default user account is created with 45 min. time-out. * Added option to block anti-timeout schemes as employed by most FTP clients. * Added toolbar and menu items to show/hide toolbar. * Added hint text to menus. * Added a number of new message directives. * Made registration key entry more mutation-proof. * Added interface for dir listing cache setup in 'setup - server - dir cache'. * If user's homedir does not exist this is now logged. * Changed all file handling code in 32-bit version to use native Windows functions. * Increased listen backlog queue size to avoid "connection refused" messages. * Fixed bug in FTP reply which reports how much disk quota is left over. * Existance of an anonymous user account is now checked before determining if there are too many anonymous users so the proper reply is sent to client. * Access rules now support wildcards. * Dir listings are now cached in 32-bit version. * Dir listing now supports most UNIX 'ls' options. * Dir listing now only shows files/dirs/links the user has access to. * Fixed a rare bug which would show only the first of a list of "links". * Changed socket stack handling to solve rare bug in 16-bit causing failed transfers. * The command connection now uses "keep-alive" at the TCP level. This solves time-out problems by certain proxy servers during lengthy data transfers. * Changed FTP command replies to be more like UNIX. * Drive letters can be without colon (':'), ie. "/c/" is equal to "/c:/", "\c\", "c:" or "\c:\". * Added option to server setup to block "FTP_bounce" attacks (CERT advisory CA-97.27), to limit PORT IP addresses to the client IP only. * Added SITE PSWD command to allow FTP clients to change their password. * Added support for the OPEN command. Has no functionality, for testing only. * A double-click on a user name in the user setup will now open the miscellaneous menu for that user. * Fixed bug which caused Serv-U to show a window when started after it was stopped while a tray-icon in Win95/NT4. * Extended support for leading '-' in passwords to suppress multi-line responses to all user names (used to be only for Anonymous). * Added extension to MDTM for changing file date/time by the client. * Any path reference of "..." or more dots is now converted to the drive root. * Files/dirs with multiple consecutive dots embedded in the name are now preserved correctly. Trailing dots are stripped. * Added 'copy' and 'paste' buttons to the 'about - register - enter key' menu. Registration menu now stays visible also after registration. * Changed code to constrain users with relative paths to their homedir and the subdirs of their homedir. * Fixed bug in "store unique" (STOU) command when used with (partial) path names as an argument. * Changed time-out for command connection after it is initially set up. Now 3 minutes for receiving a packet (was 5) and 5 minutes for sending. * Changed FTP reply messages for successful upload and download to be identical to UNIX messages. * Fixed bug in recognizing the root directory of CD-ROMs under Win3.1. Version 2.3b released 11 October 1997 ------------------------------------- * Changed the end-of-try-out-time message box to show the message came from Serv-U. * Changed access verification DLL handling so event structure changes are only considered if the DLL handled the event (Fixes a problem with Emerald). * Fixed bug in file transfer count displayed in the status bar. * Fixed bug in handling of suspended events (in case of an event hook DLL) while there is an ongoing data transfer. Version 2.3a released 7 October 1997 ------------------------------------ * Fixed bug in NLST and LIST commands (for dir listing) which prevented the use of wildcards in dir listings. Version 2.3 released 6 October 1997 ----------------------------------- * REST (=resume command) now supported for file uploads. * Added support for the SITE INDEX command (only in the 32-bit version) as used by Fetch. * Fixed bug in total file transfers count as shown in the status bar. * Changed path parser to recognize all possible ports and isolate them. * Added 'Register' menu to the help section. This allows users to generate a registration form on the fly and fill it out using NotePad. * Added new mechanism to enter a registration key into Serv-U, also added support for a new key format. * Added new message directives to keep track of server stats: Total up-time, total uploads and downloads (bytes/files), total users. * Changed internal string handling to improve performance. * The STOU (=STOre Unique) command now handles long file names in Win95 and NT. * Changed compilers from Borland C++ 4.52 to BC++ 5.02 for the 32-bit version. This necessitated several code changes. * Changed code so the maximum path length for the 16-bit version is 80 characters. This is conform the Win16 maximum path length. Longer paths caused crashes in Win16 functions. * Tray icon will now disappear by itself after exiting Serv-U. * Added "Notes" field to the user and group setup for notes about each user. * Logging to screen and file can now be separately specified. * The user info window can now be froozen for easier viewing. * The user info window can now be resized in height. * Passwords can now optionally be stored unencrypted. The default is that they get encrypted. * The 'kill user' dialogbox now allows editing of the IP address. * Renaming/moving a dir now requires 'remove' access to the path being removed, and 'make' access to the destination path. * The maximum transfer speed can now be set for each user via the 'setup - users - miscellaneous' menu. * Partially uploaded files can be automatically deleted via a 'setup - server' menu option. * In case a client closes the command connection while there are ongoing transfers this is now properly logged and passed to the event notification mechanism. * Files are now kept open during transfers. This means files being uploaded show zero length during the upload. * The reply message after a dir listing or file transfer now shows the client his/her ratio and quota status (if the client is using ratios and/or quota). * Added SITE command to the event hooking mechanism. Any SITE command can now be intercepted by an event notification DLL. * Fixed bug in system tray menu (Win95) when Serv-U gets started automatically after system startup. * The CWD ('change working directory') command no longer actually changes the Serv-U task's current directory which caused locking of the dir in NT. * Added .ini file option to avoid logging of certain clients from IP numbers. * Closing Serv-U from the system menu (or the 'x' in Win95/NT4) now minimizes the window in case there is a tray icon. Exit the server from the tray menu. * The string "%20" in paths is converted to " " (=space) to please MSIE. * There no longer is any 'hard' limit to the maximum number of IP homes. * Serv-U now shows all the IP addresses it listens on at startup. * Upon startup a file IPSERVU.TXT is created in the Serv-U program dir with all the IP addresses it listens on. This file is updated every 5 minutes. Through a .ini file option the interval and file name can be changed. * When restoring window from the tray-icon (Win95/NT4) the log will now scroll to the end. * When running as a Win95 system service there is no longer a regular icon if the user logs out and back into the system again. * External access verification DLLs now receive the SRVU_IPAccess event, also when no IP access rules were present. * In case Serv-U is started for the first time, but with a KEY.TXT file present it will no longer ask for the try-out option but read in the key. * Users with no password (ie. 'Password' entry in the .ini file explicitely set to nothing) are logged in immidiately after the USER command. * Users can be given an empty password (ie. no password required when logging in) by entering "<>" in the password field of the user setup. * To create or delete directories the user now needs the appropriate access to the parent of the dirs that are being created/deleted. * Users with setting "allow login when max. no. of users is reached" now also have no time-out after logging in. * Server now switches to 'crippled' try-out when try-out time is up. * When the version is out-of-date the server now allows 'crippled' use. * FTP response messages to clients now preserve case for file/path names. * The "Too many users ..." message no longer shows the maximum number to clients. * Try-out time has been changed from 30 to 45 days. * Transfer speed reports use 1024 bytes per Kb rather than (previously) 1000. * Added support for limiting the maximum bandwidth used by the server. * The event EVNT_Login of the event notification mechanism now has the anonymous password in AuxOne (for anonymous users only). * Fixed bug which would show a tray icon in NT4 even when the server was started 'hidden'. * Minor changes to socket stack handing with the hopes that it will work with (even) more WinSock stacks. * The SIZE command now works with either 'list' or 'read' access to the file. This used to require 'list' access. * Fixed bug in SIZE command causing it to deny access if directory didn't have 'inherit' access. * Data transfers now use a socket bound to the same IP as their command connection. This should fix a rare problem with multi-homed sites and firewalls. Version 2.2 released 22 February 1997 ------------------------------------- * In case 'current' disk quota is set larger than 'maximum' uploads are no longer allowed. * Changed the data connection message for uploads/downloads to be more UNIX compatible (some browsers use this to get the file size from). * Serv-U now uses the native case for file/dir names, or optionally lower case. * The ALLO (=allocate) command now handles 4Gb instead of 2Gb of free space. * The security manager no longer checks for the presense of the SERV-U.INI file which hopefully solves a very rare problem where the server cannot read the .ini file after several days (in NT3.51 SP5). * Added DLL interface for event notification and command hooks. * In case no IP address can be found for the server it'll display "?????". * Renaming directories works also now. * Added support for IP names (with wildcards) in IP access rules. * Added option to limit a user from logging in more than once from the same IP address. * Fixed bug which prevented multi-homed IP numbers from showing in case no users were defined. * Changed IP access rule mechanism. It is now more flexible. Added .ini file conversion for new rule format. * Added option to specify IP access rules for each user individually. * Added tray icon support for Win95 and NT4. * Changed code so 32-bit version can handle more IP homes (now it'll do around 1800 IP numbers, while the 16-bit version handles about 180 IP numbers). * Fixed bug in reporting of no. of try-out days left for the 32-bit version. * LIST now completely ignores any '-' type options. NLST only parses '-l' and converts that to a LIST command. This should make the latest CuteFTP work. * Fixed bug introduced in v2.1: Killed users that were put on the IP bounce list now work properly. * Fixed bug introduced in v2.1: Putting the server in a directory path with spaces works now. * Fixed bug in links introduced in v2.1 which caused crashes. * Added support for running Serv-U as a system service in Win95. Version 2.1, released 8 November 1996 ------------------------------------- * Fixed bug in 24h user count (sites with only a few hits a day would get bogus numbers). * Added startup options /i (=iconic), /h (=hidden), and /u (=unconditional exit). * When Serv-U was stopped while iconic it'll start as an icon the next time. * The evaluation order of IP deny and allow rules can now be choosen. * Fixed bug which would not allow dir listings if 'inherit' was not enabled and a dir listing with argument was done (ie. 'dir *.*'). * Changed link handling so if there is a subdir with the same name as a link preferance will be given to the subdir. * Changed '%dfree' message file directive so it handles >2Gb of free space. * All links should now be absolute paths, even for users with 'rel. paths' enabled. Serv-U takes care of the conversion for dir listings etc. * Added support for the FTP command STAT, showing UL/DL ratios and quota. * Changed %bup, %bdown, %btot, and %dfree to report in Kb instead of bytes. * Added support for secundary 'dir change message file' and 'link file'. * Added a very beautiful status bar. * Added a bunch of message file directives for ratios and disk quota. * Fixed bug in 'restart' handling causing extraneous "450 Try later - Data connection in use" command error replies. * Added disk quota limitation support. * Added support for 'free files' for U/D ratios. * Added feature to allow users to log in even when user limit is reached. * User ID in log now always has 6 digits (with leading zeros if needed). To make programmatic sorting easier. * Changed code of security manager, simplifying it (and hopefully making it more robust). * Added 'upload/download ratios'. * Added support for 'relative paths' for all users. * Added support for hiding 'hidden' files for every user. * Fixed bug which caused IP home changes to be ignored until a restart. * Changed the max. no. of characters that can be entered into the multi-homed setup box for the IP number from 14 to 15. * Fixed bug causing GPF's for very long signon/signoff text lines. Version 2.0c, released 10 August 1996 ------------------------------------ * Fixed problem with user setup changes that would not show up immidiately. * Added "%maxusers" and "%maxanonymous" directives. * Changed the implementation of the REST command ('resume') to be compatible with CuteFTP 1.5. * Added multi-homed IP support. * Fixed bug in MDTM command. * Changed dir listing format: Times before 10am now have a leading zero. This to be more UNIX compatible and fix problems with WS_FTP. * Fixed problem in NT preventing directory deletion. * More bullet proofing of the socket stack routines. * Fixed bug causing GPF's while making server setup changes that resulted in a server restart. * Added WinSock function logging. * Added support for external client verification DLLs. * Bulletproofed the input buffer. It now handles any length strings. * The '&' character in the registration key (if present) is now displayed correctly. Version 2.0b, released 4 May 1996 ------------------------------------ * Bullet-proofed the 'relative paths anonymous' option. Now impossible to get out of the homedir (and subdirs below), even if user has access rights for other paths. * Changed '~' handling. Now works when embedded inside a path. * Fixed bug in 'Resume' command (FTP command 'REST'). * Changed code for painting text & images in 'About' box, hopefully solving problems on Win3.1 and WFW3.11. Version 2.0a, released 18 April 1996 ------------------------------------ * Remote program execution (Through SITE EXEC) now launches the program from the current directory of the user. * The Serv-U directory is now searched first for SERV-U.INI, then it looks for an evironment variable named SERV-U, and finally the PATH and Window's directories are searched for the .ini file (Order changed over previous).\ * Added option to make server exit pending upon the logged in users. * Fixed problem with window size/position when user info box got closed while minimized. * Fixed problem with links containing trailing '\'. * Fixed bug in '%dfree' text directive in 16-bit Serv-U. * Added the FTP command REST (=RESTart). * Changing the file name for directory change messages no longer causes the server to log out all users. * Added the FTP command MDTM (=Modification Date & TiMe). * Hidden directories are now hidden from anonmous users (as are hidden files) in the 32-bit version. * Fixed bug in DNS lookups that caused GPF's. * Transfer speed in 'User Info' box is now averaged. * Links embedded in a path will now be resolved correctly. This will make things work better with Netscape which keeps links as part of the path. * 'Maximize' system menu item is now disabled in the user info box. * Background colors of bitmaps (in 'About' etc.) now display correctly on non-gray windows. * Fixed error reply for 'SITE EXEC' in case no executable was specified. * Fixed bug that caused 'File - Exit' to skip the confirm dialogbox. * Fixed bug in '~' handling. It can now be used in links. * In case CTL3DV2.DLL is missing the 16-bit version will no longer trow an exception. * Added file size to transfer logs. Version 2.0, released 13 March 1996 ----------------------------------- * This version will continue to work after March 15th (All previous versions stop at that date). * Converted code to BC 4.52 and OWL 2.5. * Now 16- and 32-bit versions. * Added separate access right for 'list' access. * Added a luxurious 'user info' box. * Added IP Name logging. * Added a 'enable account' checkbox to quickly enable/disable a user. * Access rules can now be specific to a single directory, or inhereted by subdirs (the previous method). * Fixed various dialogbox errors (text, formatting). * Changed the FTP 'HELP' command reply to be more UNIX compatible. * Added a ton of new '%' directives for signon/signoff messages, directory change messages, and login messages. * Changed icons. * Non-anonymous users can now also delete 'read only' files. * 'hidden' files are no longer indicated as such in dir listings (confused the Mac client 'Fetch'). * The permission server now uses UDP messages instead of TCP. * Added support for user specific login messages. * Changed font and size of signon/off message dialog box. * Added support for 'links' (like UNIX). * Fixed logscreen: It will now do automatic horizontal scrolling when the cursor is moved. * User is now booted off the server if the password is guessed wrong 3 times. * Time a user was connected gets logged. * Inserting new paths in the access rule list is now done at current position instead of to the end of the list. * 'CWD ' (='cd') or 'CWD ~' will now put the user back in the home directory. * 'NLST *' (='ls') or 'LIST *' (='dir') will now convert to '*.*', ie. will use UNIX style globbing. * Now even softer on your socket stack... * Made the 'undocumented features' part of the setup. * Changed directory listing format to be more UNIX compatible. * Cleaned up local heap management, so the logwindow might actually work better. * Added transfer speed to file transfer log messages. * Fixed bug that caused filenames like '/c:' to be seen as relative. * Changed all dialogboxes to use MS or Win95 3D-controls. No more BWCC.DLL. * Data connection now uses the RFC959 default local port, ie. local port 20 if the command connection uses 21. Should make some firewalls more happy. * Added the FTP command SIZE. Should make Netscape happy (so it can tell filesize on transfer). * Fixed client message in case 'anonymous' is disabled. Version 1.1i ------------ * Change of address in all the documents. * The try-out version will continu to work after October 15th. 1995 (v1.1h won't). * Fixed bug in renaming long file names. * Fixed bug that caused rare GPF's with some firewall proxy clients. Version 1.1h ------------ * Added switch to explicitely disable long file/directory names in Windows 95. * Fixed a bug causing garbage to appear in some cases if a directory listing of an empty directory was made Version 1.1g ------------ * Fixed bug in making directories for Win3.1 and WFW3.11. * Fixed bug in deleting long file names under Win95. Version 1.1f ------------ * Windows 95 long file names are supported. Serv-U auto-detects the presence of Win95. * The current number of users is displayed in the window title. * The 'password' checks for anonymous users can be disabled. * MS-DOS or Windows programs can be started remotely, using the SITE command EXEC. The EXEC mechanism is also part of the regular access rules. * When the server is stopped while there are users logged in, a dialogbox will pop up to confirm the action. * Options to the LIST and NLST commands are handled (ie. 'ls -la' like some clients send to the server will produce output). * The FTP commands APPE (=append) and STOU (=store unique) are now supported. * Data type 'L8' (=local type 8 bits per byte) is now supported. * Server is not restarted any more if maximum number of users or time-out values are changed. * The bug causing Serv-U to beep when it could not log to screen has been fixed (actually a MS-Windows bug). * Anonymous users no longer see hidden files. * Drives are checked for accessability before usage, so no longer the 'retry - ignore' dialogboxes. * Info on the WinSock socket stack is shown on startup. * Fixed bug causing false dir listings for 'dir .'. * Made Serv-U more tolerant for firewalls using proxy servers that mix PASV and PORT commands. * Fixed bug that caused XCWD, XRMD, and XMKD to malfunction. Version 1.1e ------------ * Anonymous users no longer see 'hidden' files. * Fixed a rather nasty bug in the security system. * Paths are now reported back with a leading '/'. This is to ensure more compatibility with the UNIX format and to make a number of Macintosh FTP clients even happier. * The start-up message of Serv-U now reports the socket stack it is running on. * Fixed bug that assigned random passwords to users that should have no password (a situation found in users belonging to a group where the group password should also be the user's password). * When a user/group has a password it is now shown as '***********' in 'setup - users/groups'. Deleting this deletes the password entry for that user/group, ie. it no longer has a password. * Spaces are now allowed in user names and passwords. * Stopping the server is logged (if logging to file is switched on). * Paths are now consistently reported back using '/' instead of '\', to be more in line with the UNIX way of working. Mac FTP clients need this to function properly. * A leading '/' or '\' in front of a full pathname is ignored, ie. '/c:/util' is equivalent to 'c:\util'. This allows for UNIX style changes of directory, and enables WWW browsers to change drives. * The response to an incorrect anonymous password is changed to be more informative. * Very long pathnames are now supported correctly. * Displaying a file when the client changes directory is supported. * When 'setup - logging - FTP commands' is switched on it no longer shows passwords, 'XXXXX' instead. Version 1.1, released 19 March 1995 ----------------------------------- * Fixed some spelling errors in messages. Fixed logging to screen for time-out messages. Added log message in case limit of no. of users is reached. Added log message when server is (re)started. * Added lots of logging. * The SYST command now replies with the code for a UNIX system. This is because some clients use it to determine the format of directory listings. * Time-out values for idle/hung connections are now part of server setup. * Drastically increased packet time-out for data transfer, now set at 5 minutes (was 30 seconds). Should be sufficient to allow transfer even on bad connections. * Log messages for failed data transfers now have a specification showing why. * Fixed bug that caused path for anonymous users with root as home directory to be reported without a '\' at beginning. The same bug caused absolute paths in CWD to be processed incorrectly. * Changed the HELP response to make WS_FTP work properly with Serv-U. * Added support for transfer to/from ports (PRN: AUX: LPTx: and COMx:). * Made a work-around for FTP Inc.'s WinSock stack. This stack does not handle SO_LINGER properly on closing a socket, causing 'data channel in use' errors. * Fixed bug that caused random truncation of PUT files in combination with some clients. * Fixed bug that allowed users to get 'dir' listings for paths with explicitly no access set to them. * Fixed bug causing 'dir' with absolute path name to go wrong. Changed response messages to file transfers, only the filename is shown now, not the path name. * Added a retry period for the server to come online. This should solve problems with socket stacks that do not allow to re-use a port immediately after closing it. * Changed the timing of the '150-' response message for PASV transfers. It is now sent after the data connection is established instead of at the time of a transfer command. * The listening socket will now automatically be restarted when killed by the socket stack. Some stacks kill listening sockets without reason (Trumpet for one). * Fixed a bug that made RMD (=remove directory) fail if the directory was on a drive other than the active drive. * Username 'FTP' is now synonymous to 'ANONYMOUS'. * Fixed bug in very long directory listings (>64K data). * Clients that connect but never log in are now kicked off the system after 5 minutes. * User can now select the try-out method: Fully functional with contacts to my permission server, or, crippled but no permission server contacts. * Installed selectable path mechanism for anonymous: Either absolute paths (like a regular user) allowing for drive changes, or paths relative to the home directory (needed for WWW browsers). * Changed registration key to work with user/company name instead of IP number. Every time Serv-U is started it tries to read the key from a file KEY.TXT. Registered version displays the key in the "About" box and in reply to the FTP HELP command. * Changed the RETR and STOR replies (used for GET and PUT). They are now conform the average UNIX system. This makes WS_FTP more happy, so it shows a progress bar while downloading. Version 1.00 ------------ * Initial release 7 February 1995