32-bit : https://www.coreftp.com/test/32/coreftpserver.exe
64-bit : https://www.coreftp.com/test/32/coreftpserver64.exe
766 -- 11/02/24
Service issues/checks on startup added
Logging not updating for failed logins, fixed
OTP issue causing other users to be prompted for OTP, fixed
OTP additional options, updates and additional fixes
765 -- 10/07/24
SFTP updates for Windows/DOS/invalid filenames
SFTP Incorrect error on rename, fixed
SFTP passwd log updates
SFTP Remote file duplicate option added (enable in user permissions) -
(can be called via "SSH cp" or Core FTP client build 1989 and greater).
764 -- 09/27/24
FXP_REALPATH directory flag issue(s) fixed
"Sending startup cmd" error issue fixed
SFTP Log updates
761 -- 09/23/24
SSH/SFTP custom cipher selection overrun issue fixed
SFTP SSH_FXP_FSTAT leak fixed
SFTP SSH_FXP_FSTAT directory check fixes
Additional negotiation logging info added
Logging fixes for SFTP commands
Installer updates
759 -- 07/09/24
Server transfer timeout fixes to prevent disconnect during transfers
Buffer send/receive updates for FTP/SSL/TLS/FTPS (may improve transfer speed)
User GUI status changed/fixed to idle after transfers, minor GUI updates
758 -- 06/11/24
Notification TLS 1.2 option added (required for Outlook/Office/MS smtp)
Notification tab issues fixed
Signed installer/exe
Minor GUI updates
755 -- 04/09/24
Per user logging fixes
Log check to prevent extra return/line feeds
Additional checks/updates for SSH/SFTP
754 -- 03/20/24
Per user logging issue (would not turn off when unchecked), fixed
Sorting by date issues in setup screen fixed
Log updates (duplicate info issues), fixed
753 -- 02/08/24
-etm hmacs removed from all default settings to prevent Terrapin attack (add manually if needed)
SFTP logging duplicate info when using both global and domain logs together, fixed
Active Directory Base DN setting issue fixed
751 -- 01/15/24
Added OTP (One Time Password) email notification options (user "Security" settings)
SFTP disconnect timeout fixes - prevents hangs on failed connection attempts
Notification "To" address added
Notification test option added
Duplicate notification option added
Configuration fixes to prevent frequent updates
Cmd line no-case issue fixed
Cmd line added -OTP reset <optional days>
Cmd line added -OTP resend
Cmd line logging results added to global log
Last login added to user list in setup / minor GUI updates
749 -- 07/21/23
Issue when RSA, DSA and EC server keys were selected causing key mismatch error, fixed
Tracking of last login and total logins added
Added basic reporting (global options - reporting)
DB flush option added (global options - misc)
Added stat db for tracking stats (config.stat.dat)
Improvements to prevent unnecessary updating of config
Check path issue in global log name, fixed
Notification password encryption fix
Hostname lookup crash on startup, fixed
MKDIR issue fixed
Disabled TLS v1.3 option (due to lack of backward support of TLS 1.3 by Microsoft, will be adding OpenSSL option for TLS v1.3).
Builds 740-743 introduced an error that caused MKDIR commands of multiple directory levels to fail, upgrading to this build corrects that issue.
743 -- 10/24/22
Update to fix SFTP "zlib compression enabled" that caused client connection issues
SFTP chacha cipher removed from default cipher list (add manually via ssh/sftp "cipher algs")
740 -- 09/14/22
Path issues with /./ fixed
Logging by user option added (domain - logging)
Logging filename per user option added (user - miscellaneous)
MDTM issue with filenames with spaces fixed
Added aes-gcm ciphers to SSH/SFTP FIPS mode
Registration proxy port problem issue fixed
SSH version negotiation issues updated/fixes
FTP SIZE command issues fixed (permission denied)
SFTP '.' returning wrong path for users not locked in home directory, fixed
Build 735 introduced an issue with SFTP FIPS mode (aes-gcm ciphers), 737 fixes these issues.
733 -- 05/27/22
Additional checks for SFTP "Denied" and "File not found" errors in log
SFTP null FXP_REALPATH request modified to return home path
SFTP local window size increased (may increase transfer speeds)
SFTP directory fix/changes for false positive results being returned (on CHDIR)
Remove license prompt added
License upgrade option added
Minor GUI updates
727 -- 01/06/22
Allow symbolic links option - (misc options)
Extra checks for dead connections in GUI
SSH/SFTP overflow vulnerability fixes (issues in builds 715-725)
HTTPS path POST vulnerability, fixed
725 -- 11/08/21
FTP/SSL/TLS uploading directory issues during high loads, fixed
Additional checks related to SSH/SFTP negotiations (issues in builds 713-719)
Log updates/fixes
Minor GUI updates
Delete user prompt added
719 -- 09/24/21
Backward compatibility issue with per-user access rule changes not being updated, fixed
Password too long check added
Fixes for recent DH updates - memory overrun/crash in builds 713-715
Hmacs SHA256-etm and SHA512-etm added/updates (fixes hmac issues with build 717)
715 -- 06/22/21
Added DHs (diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512)
Added DH/Kex/cipher/mac to log
Startup command added to global settings - misc (example: cmd.exe /c net use z: \\machine\share)
SSH2_MSG_DISCONNECT fixes
SSH2_MSG_CHANNEL_CLOSE hanging issue fixed
Changes to prevent unnecessary "winsock error" messages in log on disconnect
713 -- 03/22/21
"localhost" now resolves and listens on multiple local addresses
Domain IP/Address not defaulting to "localhost" when empty, fixed
Issue with UTF8/extended ascii passwords, fixed
Logging cmd detail option added (uncheck to limit cmd information)
Logging user for SFTP added where missing in log
FTP/SSL/TLS server logs updated to format used by SFTP
Unchecking user "force password" issue fixed
711 -- 10/06/20
SSH.net/renci client SSH_FXP_REALPATH issues fixed
Silent option (/S) issues fixed
TLS v1.3 option added (Windows 10 1903 and later)
Added "Storage retries" option in domain - "misc options" -- (retry storage file open/access before failing)
"Copy" registration information added to About screen.
Build 711 corrects issues from builds 706-710 with SFTP SSH_FXP_STAT/SSH_FXP_REALPATH changes.
705 -- 08/21/20
Upload notification of zero byte files issue, fixed
Zero byte upload showing up as download in log, fixed
Transfer notification filename/paths messages with \n in them fixed
Additional log info for failed notifications added
Additional log info for failed permission issues added
Transfer notification "force TLS" option added (for mail servers requiring TLS connections - AWS SMTP, etc)
704 -- 08/07/20
Option to modify all users without public keys to bypass key authentication
Resource fixes that may have been causing GUI issues in user settings
Minor log and GUI updates
702 -- 07/01/20
Active Directory crash for FTP/SSL/HTTPS issue, fixed
Ignore password complexity requirements option added (domain setup - misc)
"Key authentication" vulnerability fixes (pending VCE - P Rodrigues)
Servers that use the "key authentication" option and are seeing the server becoming non-responsive are highly recommended to upgrade to this build.
699 -- 05/12/20
Installer checks for previous installs / compatibility
FTP CLNT command support added
Log filename issues when no log filename specified, fixed
SSH/SFTP unknown protocol added to log
SSH/SFTP protocol version info added to log
SSH/SFTP "not found" DH, cipher, mac info added to log
FTP protocol encryption log fixes
Minor GUI updates
697 -- 03/24/20
Export of server OpenSSH public key issue fixed
Crash/Coredump fixes for service
Ipv4 option defaults to on for new domains
Overwrite warning for self-signed certs
Duplicate issue in self-signed certs fixed
Certificate path updates/fixes
Fingerprint display selection (md5,sha1,sha256 - ssh/sftp settings)
695 -- 02/07/20
Notification filename parameter (%1) SFTP issue fixed
SFTP rename not showing up in log, fixed
Curl agent/format support added to HTTPS
Registration "allow license access" option issue fixed
Registration dialog reg file not closed issue fixed
IPv4 option in domain setup (for internal hostnames that resolve to IPv6)
Service vulnerability (no quotes around filename) fixed
Core FTP client build 1955 has updates related to this build and should resolve many HTTPS issues
694 -- 11/06/19
"auth-agent-req" issue fix (fixes login problems with tectia)
Logging No GMT/local file timestamp options added
Global Log overwriting issue, fixed
SFTP password change request issue, fixed
691 -- 10/22/19
Notification select/deselect issue in user script/cmd properties fixed
Notification header/column issue fixed
Cert prompt for email notifications disabled
MFMT command support added
User passwords not sticking on server reboot, fixed
User password change added to log
Check for password change info in log
689 -- 09/19/19
TLS issues with email notifications fixed (alg bug caused failures)
TLS notification updates for hotmail, gmail, etc.
dh-group1-sha1 removed from SFTP FIPS mode
HTTPS header issues with Chrome browser fixed (caused ERR_INVALID_HTTP_RESPONSE)
Auto restart count option added to global - restart options
(additional improvements to restart server after crash)
687 -- 08/19/19
Various additional SFTP leaks fixed
FTP/SSL password change not sticking, fixed
Connections not dropping from GUI for FTP/SSL, fixed
Password change days issues fixed (use -1 for next login)
View activity button enabled in non-service mode
Connection list with service updates/fixes
682 -- 07/18/19
Auto-backup of configuration added
User script/cmd post download issue fixed
Reverse lookup option added (access rules - other)
SFTP auto-ban updates
SFTP logging updates/checks
SFTP memory leak fixes
679 -- 05/31/19
Additional checks for dead connections in list
SFTP Error log on directory not found, fixed
SFTP virt paths issues in root directory, fixed
Log filename changes/moved to %localappdata%
GUI updates (AD/about/logging)
677 -- 03/13/19
Active Directory fixes for remote servers
ECDSA host key option added
Host key selection options for RSA/DSA/ECDSA
Keypair certs 4096-bit option
676 -- 03/13/19
Updates for changing passwords from clients
Updates for CVE-2019-9648 for CVE-2019-9649 (reported by Kevin R)
CVE's above only affect FTP/SSL/TLS and not SSH/SFTP or HTTPS.
674 -- 01/31/19
Force password change options added
AES-GCM cipher added to SSH/SFTP
Additional SSH/SFTP security checks
Check for config.dat issue
673 -- 12/20/18
SSH/SFTP extensions issue fixed (caused negotiation errors)
SSH/SFTP rsa key-pair issues using sha2-256/512 fixed
SSH/SFTP ecdsa key-pair issues fixed
Logging fixes/updates
671 -- 12/01/18
SFTP issue with "." in UNC path caused virt paths to not list, fixed
Additional checks for SFTP key exchange (corruption)
SSL/TLS incorrect cert selection issues fixed
668 -- 10/03/18
ECDH/Curve25519 updates (must be selected in DH algorithms under SSH/SFTP settings)
Issues where host key selection was ignored causing "unverifiable host key", fixed
HTTPS footer crash fixed
GUI updates
Key authentication issues with builds 665-667, fixed
665 -- 09/07/18
Invalid certificate path issues (rtts issue) fixed
Blowfish cipher detection issues fixed
Updates to SSH_FXP_FSTAT command (attribute updates)
chacha20 cipher added to SSH/SFTP (must be selected via SSH/SFTP - cipher, without FIPS selected).
SFTP fixes that should result in speed improvements
SFTP Host key alg settings not sticking, fixed
SFTP custom host key alg issues, fixed
SFTP RSA signature type mismatch error fixed
659 -- 08/31/18
STFP permissions / time attribute issue fixed
domain deletion not deleting users from config, fixed
Cmd line -pubkey <domain> <user> <pubkey path/file>
658 -- 08/17/18
Cmd line -copyuser <domain> <user> <to-domain> <to-user> <to password> <optional folder> <optional expired days>
Global option to disable cmd line user account modifications.
657 -- 07/27/18
Cmd line -enableuser <domain> <user>
656 -- 07/25/18
Checks for malicious requests/flooding in FTP/SSL/HTTPS
Additional checks for invalid characters in commands for FTP/SSL/HTTPS
655 -- 07/23/18
SMTP notifications added to script/cmd settings
Cmd line -updateuser <domain> <user> <password> <folder> <expired days>
Cmd line -deleteuser <domain> <user>
Cmd line -disableuser <domain> <user>
Setup not reloading config when updated, fixed
Leak in FTP/SSL code after transfer, fixed
SFTP cert generation path on startup issue fixed (v1.2 to v2 issues).
653 -- 06/18/18
SSH/SFTP welcome message fixes
SSH/SFTP not adding to global server ban for exceeding "conns per IP", fixed
SSH/SFTP issue with "max conns per IP" fixed (v2 issue)
Remove spaces for multiple URLs issue, fixed
HTTPS auto-ban too quick for logons with user/pw, fixed
651 -- 05/21/18
SSH/SFTP server would not show connections if any listening domain/addresses failed, fixed
SSH/SFTP per user session setting issue fixed (was not overriding domain setting)
SSH/SFTP per user timeout setting issue fixed (same issue as above)
FTP Directory listing not exiting loop (when connection lost) issue fixed
FTP/SSL/TLS file timestamps fixes (should now match SFTP)
649 -- 03/15/18
Global access rules deleting user access rules, fixed (may have accounted for lost user accounts with the word "access" in them)
SSH/SFTP host key algorithm rsa-sha2-256/512 (rsa256/512) added
SSH/SFTP server host key algorithm selection options added
647 -- 02/07/18
User session timeout issues fixed
AD additional error reporting
ODBC error message issues x64 version fixed
Additional fixes for malformed SSH/SFTP requests
Log "download denied" when successful fixed
SFTP channel logging issues fixed
Global/Temp ban GUI issues with service fixed
645 -- 01/04/18
User script/cmd post upload %1 parameter was bad, fixed
Virtual path issues fixed
12/19/17
"user does not require authentication" issues with key auth only mode fixed.
12/08/17
Fixed users connected list problem showing only 1 user in v2 when service running
12/04/17
SSH/SFTP port issues fixed. Fixes problem where repeated bans over time would use up memory, eventually causing port exhaustion on some servers (requiring server restart).
Fixes were also applied to the v1.2 build (589.42)
11/06/17
Strip upload filenames of invalid characters
Fixes for filenames with spaces (RETR/STOR)
10/24/17
PWD/CWD UTF8 errors fixed
Added PASS security updates/checks
Logging updates
10/19/17
Self signed certs bits value not set correctly, fixed
10/10/17
DH group1/group14 issues fixed
9/29/17
malformed request checks
version compatibility updates
08/03/17
SSH/SFTP group-exchange-sha1 fixes
hmac sha512/384 disabled for dh-group1/14
Fixes for forced key auth+password for putty based SFTP clients.
Logging updates
DH selection added (ssh/sftp)
07/12/17
Temp/global ban view/delete in access rules - other
Autoban for non-existent 'root' account
06/21/17
SSH/SFTP logging not turning off issue fixed
More logging updates/fixes
Autoban updates
05/03/17
Logging filename (offset hours) issues fixed
IPv6 banning updates
03/20/17
SSH/SFTP UTF8 option and related fixes/updates
OpenSSL updated to 1.0.2k
02/02/17
SHA512/384 hmacs added
Max items returned in LIST
No transfer timeout option added.
02/14/17
STOR filename issues (with UTF8 option unchecked)
Crash in user security properties fixed
Server v2 build 766
Re: Server v2
Thanks for the update on the bug fixes and improvements for Core FTP Server. It's helpful to have a detailed overview of the changes.
-
- Site Admin
- Posts: 988
- Joined: Mon Mar 24, 2003 4:37 am
Re: Server v2 build 758
---------------------------
-
- Site Admin
- Posts: 988
- Joined: Mon Mar 24, 2003 4:37 am
Re: Server v2 build 759
--------------------------
-
- Site Admin
- Posts: 988
- Joined: Mon Mar 24, 2003 4:37 am
Re: Server v2 build 761
------------------------
-
- Site Admin
- Posts: 988
- Joined: Mon Mar 24, 2003 4:37 am
Re: Server v2 build 763
--------
-
- Site Admin
- Posts: 988
- Joined: Mon Mar 24, 2003 4:37 am
Re: Server v2 build 764
-----------------
-
- Site Admin
- Posts: 988
- Joined: Mon Mar 24, 2003 4:37 am
Re: Server v2 build 765
------------------
-
- Site Admin
- Posts: 988
- Joined: Mon Mar 24, 2003 4:37 am
Re: Server v2 build 766
................