FileZilla Pro Enterprise Server Version History

1.6.7 (2023-02-20)

Bugfixes and minor changes:

  • Fixed logging level in the Administration Interface settings dialog initially always showing Debug
  • Fixed a crash due to missing synchronization when adding authentication workers
  • Updated to GnuTLS 3.8.0
  • SFTP: Single authentication attemps with the NONE method no longer count against the autoban limit if they are followed by a different method

1.6.6 (2023-02-01)

Bugfixes and minor changes:

  • Fixed crash if throttled authentications were cancelled
  • Writing registration requests to an already existing file did not clear previous contents of the file
  • Offline registration workflow now checks that either key, or ordernumber and email have been provided.

1.6.5 (2023-01-22)

Bugfixes and minor changes:

  • SFTP: fixed remaining issues with error code reporting in case of filesystem errors, which caused an abrupt session termination.
  • Fixed a regression with the RNFR command

1.6.4 (2023-01-18)

Bugfixes and minor changes:

  • Fixed a deadlock if sessions destroyed during ongoing authentication
  • Fixed issues with the ABOR command
  • Fixed a crash in the converter for old 0.9.x configurations

1.6.3 (2022-12-13)

Bugfixes and minor changes:

  • SFTP: Remove trailing null from host key algorithm list that was confusing some clients

1.6.2 (2022-12-08)

Bugfixes and minor changes:

  • Fixed an issue with registration

1.6.1 (2022-12-07)

Bugfixes and minor changes:

  • MSW: Fixed an installation issue due to a service handle not being closed

1.6.0 (2022-12-06)

New features:

  • UI: it’s now possible to upload TLS certificates to the server directly from the UI, using a specific selector in the Security page of the protocols configuration.
  • UI: the maximum amount of characters in all text controls has been limited to a sensible number, so to avoid potential crashes or stalls in corner cases.

Bugfixes and minor changes:

  • Fixed potential issues with locking of mutexes in the administration protocol
  • MSW: the installer now works properly also if the uninstaller from a previous installation has been deleted.
  • Fixed an issue in the networking code when dealing with TLS close_notify alerts.

1.6.0-rc1 (2022-11-28)

New features:

  • MSW: the installer now offers to keep the existing service configuration of a previously installed FileZilla Server whose release must be above or equal to 1.6.0.
  • UI: the main window position and size is now remembered across different runs.
  • UI: the server configuration can now be exported to a file and imported into another server. It is possible to select the specific parts of the configuration that are to be exported or imported.
  • UI: double-clicking on a item in the session list will pop up a dialog with security information about the session. The functionality can be also accessed via the context menu.
  • UI: file dialogs now remember the last used folder

Bugfixes and minor changes:

  • UI: users’ group names are now sorted, with the active ones up in the list
  • UI: Clearly show when a session transfer is stalled
  • UI: it is now possible to cut/copy/paste numbers in the specific controls.
  • UI: Fixed various incoherencies in the state of the interface
  • UI: it is no longer possible to have the administration listeners conflict with the file transfer protocols servers listeners. In case of pre-existing conflicts in the configuration file, the administration listeners take precedence, so that it is still possible to change the FileZilla Server’s configuration.
  • UI: in some corner cases concurrently opening dialogs could cause instabilities. These dialogs are now queued up and opened sequentially.
  • UI: fixed crash that could happen when selecting a public key for a user
  • *nix: fixed dependencies in the Debian installer
  • *nix: fixed installation directory of the icons
  • SFTP: private/public key pair authentication can now be used together with password authentication and/or OTP-based 2FA.
  • SFTP: fixed issue that caused large files transfer to be interrupted, due to packets being mishandled during rekeying.
  • SFTP: the server now support multiple host keys, which can either be self-generated through the UI or installed as plain files on the server itself.
  • SFTP: RSA keys up to 8KiB can now be used.
  • SFTP: it’s now more precise on the reason a file was not successfully opened, avoiding abrupt session termination because of a misused SSH_FX_FAILURE return code.
  • SFTP: file truncation now works. Appending still doesn’t, nor does opening a file in read+write mode.
  • SFTP: fixed support for large files

1.5.3 (2022-08-11)

Bugfixes and minor changes:

  • SFTP: Reduced per-session memory reservation
  • Fixed a crash on network errors while renewing Let’s Encrypt certificates
  • MSW: Communication with the impersonator child process no longer stalls or fails under heavy load
  • User-specific impersonation is now working again

1.5.2 (2022-08-19)

Bugfixes and minor changes:

  • SFTP: Fix display of large sizes in longname
  • SFTP: Display faux-permissions for clients that cannot handle attributes without SSH_FILEXFER_ATTR_PERMISSIONS

1.5.1 (2022-07-29)

Bugfixes and minor changes:

  • Fixed a crash if a session is closed and the data connection receives a connection error at the same time
  • MSW: The notification area icon now displays again in all display scale factors
  • Admin UI: Fixed switching from “Use system credentials to log in” to “Require a password to log in” not applying

1.5.0 (2022-07-20)

Bugfixes and minor changes:

  • Admin UI: Connection dialog did not remember the last used port if there are multiple saved entries for the same hostname with different ports

1.5.0-rc1 (2022-07-12)

New features:

  • Server: Implemented throttling of login attempts in case of too many failed attempts.
  • Server: The version number in the welcome message can now be manually suppressed by setting the “has_version” attribute of the message field in the configuration file to “false”.
  • MSW: If the service is running under the SYSTEM account, configuration files are now placed under %PROGRAMDATA%\filezilla-server. This is to workaround the issue that when doing a Windows Update the settings could be wiped out. Settings still residing under %LOCALAPPDATA%\filezilla-server are automatically migrated.
  • Communication with the impersonator child process is now asynchronous
  • Admin UI: The password fields in the configuration dialog now shows a hint to inform the user about how to keep the existing password

Bugfixes and minor changes:

  • Admin UI: Fixed a crash in listener editor
  • Admin UI (macOS): Implemented workarounds for some wxWidgets glitches and malfunctions.
  • Admin UI: The system_user’s name cannot be edited anymore (rightly so)
  • Configuration data that cannot be serialized now prevents an incomplete output file from being written to disk
  • Sudden deaths of the impersonator process no longer cause unintended behavior
  • Fixed server crashes due to unexpected socket events in some corner cases
  • MSW: Due to a toolchain issue, programs making use of thread-local variables would crash on exit. Implemented a workaround, until it gets addressed by future MinGW toolchains
  • The number of possible worker threads has been reduced to a maximum of 256
  • FTP Server: The NLST command now reports paths compliant with RFC 1123
  • When using the command line parameter –config-version-check ignore, the expected version is now written to the settings files if a mismatch is detected
  • *nix: Logo icons are no longer embedded in the executables, they are instead installed to the proper system paths
  • *nix: Added a filezilla-server-gui.desktop file, so that the Admin UI can easily be opened by desktop environments
  • Maximum number of log file rotations has been reduced to a more sensible amount and the rotation algorithm has been changed to be more efficient

1.4.1 (2022-05-06)

Bugfixes and minor changes:

  • Admin UI: Fixed a crash on the listener page
  • Admin UI: Improved workflow for changing user passwords
  • MSW: Fixed an issue with the converter for configurations from FileZilla Server 0.9.x

1.4.0 (2022-04-29)

Bugfixes and minor changes:

  • Debian: by default the service is now configured to exclude headers from log lines, since journald outputs its own headers already.
  • Mac: fixed regression that made the installed service not startable
  • Admin UI: changed wording in the logging settings
  • Admin UI: made default connection values correct, in case the settings file is missing.
  • MSW: fixed various bug in the ExecDos plugin, that could cause the admin password not to be set properly.
  • MSW: non-ASCII admin passwords can now be properly used.
  • MSW: fixed a bug in libfilezilla that caused an unexpected failure when creating directories with restricted access. It had effects on the ACME account creation.

1.4.0-rc1 (2022-04-20)

Critical bugfix

  • MSW: the installer doesn’t rely on the PATH environment variable to find the tools it needs, but refers to them absolutely, to avoid hijacking.

New features:

  • The size of the TCP buffer sizes on the sockets used for data transfers can now be specified
  • Configuration files are now tagged with a “flavour” and a version number. The Server will refuse to load configuration files with a different flavour than its own or with a version higher than its own. The server’s option –config-version-check can be used to control this functionality: if specified, the server checks the versioning, performs the required action and then exit, unless its action is ‘ignore’. If the action is ‘error’, it just checks whether the versions are ok. If the action is ‘backup’, then a backup of the files is made if the versions are not ok. The parameter –config-version-check-result-file is used to specify a file in which the result of the version check has to be put. If the file contains ‘ok’, then everything went file. If the file contains ‘error’, then there was an error. If the file contains ‘backup’, then a backup was made. The installer makes use of this functionality.
  • Admin UI: the selected log entries can now be copied to the clipboard, in CSV, HTML and plaintext formats through the context menu
  • Admin UI: the settings dialog layout has been changed to accomodate for future other protocol settings, factoring out the settings that are common to all protocols.
  • Admin UI: adjusted borders and spacing to look better on HiDPI displays.
  • Admin UI: preserve the fingerprints of the previously connected servers. The connection dialog gives hints when inputing the host and port.
  • Log files can optionally be rotated daily instead of by size
  • Added option to specify a default user to impersonate if a user logs in with an account that does not use impersonation

Bugfixes and minor changes:

  • MSW: The installer not detects and rejects 32bit Windows
  • MSW, Admin UI: No more double error message when a validation error occurs
  • Admin UI: Solved a crash and fixed other bugs related to minimzing the main window to the notification area
  • Server: –write-config option now also updates the users and groups configuration files
  • Server: the log contains more detailed info about which configuration files have been saved
  • Admin UI: the controller used for editing numbers now correctly accepts negative integers
  • The network config wizard’s text has been updated to be more explanatory and intuitive
  • Self signed certificates don’t require a 2nd level domain anymore
  • Admin UI: the system user is now always at the top
  • Admin UI: more meaningful message if the password is empty
  • Admin UI: message dialogs now always have a reference to the top window
  • FTP: QUIT needs to respond with 221, not 200
  • Bug fixes to the internal HTTP library
  • MSW: the installer now correctly displays the progress bar in all cases
  • Fixed a confusing error message in some situations if trying to list non-existing directories
  • Admin UI: fixed regression that caused the progress bar not to show on downloads from the server.

1.3.0 (2022-02-14)

New features:

  • Configuration wizard to setup passive mode
  • Linux: Warn if sysctl knob kernel.yama.ptrace_scope is 0
  • Linux: Refuse to run if sysctl knob fs.protected_hardlinks is 0

Bugfixes and minor changes:

  • Admin UI: Rejecting a certificate fingerprint prompt no longer triggers automatic reconnects

1.3.0-rc1 (2022-02-03)

Critical bugfix

  • The internal tool filezilla-server-crypt now accepts the password from stdin, not anymore as a parameter, to avoid password leaking.
  • Mountpoints are now impossible to rename or delete.

New features:

  • The configuration files can now be reloaded without shutting down the service first. To make it work, send the SIGHUP signal to the service process on nix, send the paramchange control message to the service on Windows (i.e. ‘sc control filezilla-server paramchange’).
  • The UI now automatically attempts to reconnect to the server if the connection is lost
  • MSW: users are now case-insensitive
  • Mac: created an installer
  • Display the administration TLS certificate fingerprints at installation time, so that they can be taken note of.
    Negotiate custom ALPN with FileZilla Client, this allows saving a few round-trips during connection establishment

Bugfixes and minor changes:

  • Warn if no administration password has been given during installation.
  • In TVFS, fixed implicit root “/” not being accessible, trac #12617.
  • In TVFS, an implicit mountpoint whose parent is non-recursive is now able to be listed and cwd’d into.
    Solved off-by-one bug in path normalization.
  • Reported filesystem errors are permanent, hence use 5yz error codes rather than 4yz error codes in command replies.
  • Permissions are now correctly updated in the UI when the current selected user changes.
  • Fixed regressions in the UI related to the TLS certificates generation.
  • MSW: the installer now correctly support the /D parameter, used to define a different default installation directory from the command line.
  • Debian: the installer now asks for an administration password.
  • Errors during ACME certificates generation are now properly displayed in the UI.

1.2.0 (2021-12-23)

Bugfixes and minor changes:

  • Small usability changes to setting up Let’s Encrypt certificates

1.2.0-rc1 (2021-12-18)

New features:

  • Created Debian and macOS packages
  • Introduced more finegrained access controls for the mountpoints

Bugfixes and minor changes:

  • MSW: Disallow files and directories ending on space or dot
  • If a user gets disabled, corresponding sessions are now kicked
  • Let’s Encrypt certificates are now only renewed if in use.
  • The UI now lets you edit users info even if they’re disabled.
  • Fixed support for UNC pathames on Windows
  • Fixed a few regressions
  • Autoban now shares state across login sessions, which makes it work as intended.
  • The UI now clearly shows in the log whenever it has connected with the FileZilla FTP server.

1.1.0 (2021-10-29)

Critical bugfix

  • MSW: Fixed directory traversal vulnerability

Bugfixes and minor changes:

  • MSW: Fixed installer getting stuck if not installing all components
  • MSW: Instlaller enables minidump for executables
  • Fixed CIDR parsing
  • Fixed potential crash if a transfer gets aborted

1.1.0-beta1 (2021-10-19)

New features:

  • User impersonation, FileZilla Server can now optionally let users log in using the credentials of system accounts and use their filesystem permissions
  • Added description field to users and groups
  • Added enable checkbox to users
  • Status bar in administration UI now shows connection status

Bugfixes and minor changes:

  • Logging fixes
  • Fixes to auto-ban logic
  • Fixed crash if changing users during ongoing directory listings

1.0.1 (2021-09-20)

New features:

  • Log messages in the administration interface are now colored using the same scheme as FileZilla client’s and automatically scroll down unless the user decides otherwise.

Bugfixes and minor changes:

  • The Windows installer no longer disrupts logging settings from previous installations
  • Fixed a bug that would cause failed transfers in certain conditions
  • Fixed display of vowels with umlauts and other non-ASCII characters in the groups selection for users in the administration interface
  • Fixed assorted crashes
  • Fixed possible race conditions

1.0.0 (2021-09-14)

New features:

  • Support for Let’s Encrypt and other certificate providers using ACME
  • Improved display of log messages in the administration interface

Bugfixes and minor changes:

  • Changed session ticket/PSK generation when using TLS 1.3, new tickets are now only sent on the control connection
  • Changes to settings such as passive mode ports now affect connected sessions
  • Deleting a user now affects connected sessions logged in as that user
  • Fixed assorted crashes

1.0.0-rc5 (2021-07-28)

Bugfixes and minor changes:

  • Fixed passive mode port settings
  • Minimum allowed TLS version is now 1.2, added configuration option to restrict it further to 1.3
  • Fixed progress display during uploads to the server

1.0.0-rc4 (2021-07-19)

New features:

  • Admin UI: Added checkbox to connect dialog to automatically connect at start
  • Admin UI: Added menu item to start interface minimized
  • Fixed data from a failed download being prepended to a subsequent download

Bugfixes and minor changes:

  • Admin UI: Display additional certificate information such as SANs and subject DN.
  • Admin UI: Simplified selection of log levels
  • Onboarding: After first installing the server, it listens on port 21 by default

1.0.0-rc3 (2021-07-12)

Bugfixes and minor changes:

  • Changed permissions of created settings and log files and directories, they now also grant Windows’ built-in Administrators group full access. Does not change existing files from previous versions.

1.0.0-rc2 (2021-07-05)

Bugfixes and minor changes:

  • Fixed a crash in the converter for old configurations

1.0.0-rc1 (2021-07-01)

New features:

  • Initial distribution of the new FileZilla Server

Index: