Version history

This page lists the version history of FileZilla Server releases. Have a look at the changelog for a detailed list of all changes committed to the source code repository.

0.9.44 (2014-04-08)

Fixed vulnerabilities:

  • Update to OpenSSL 1.0.1g to address CVE-2014-0160

New features:

  • Improve alias description and guide user towards alias creation if multiple unrelated directories are being shared. Support for the old non-virtual alias configuration has been removed.
  • Display additional information if a certificate or key file cannot be loaded

0.9.43 (2014-01-02)

Fixed vulnerabilities:

  • Security fix: Disallow renaming and deleting of aliases through FTP commands

New features:

  • Removed outdated and untested Kerberos GSSAPI support
  • Removed support for the nonstandard OPTS UTF8 OFF command which is not part of the FTP specifications
  • Added TLS 1.2 support
  • Minimum RSA key size for generated certificates is now 1280 bit
  • Build system: Modernized and cleaned up workspace files for Visual Studio 2013
  • Build system: Removed all non-Unicode configurations

Bugfixes and minor changes:

  • Fix handling of leading/trailing whitespace in filenames
  • Fix display of file name at the end of a transfer
  • The 8+3 account setting is now stored in the correct XML element
  • Increase number of tries searching for a free port after the PASV/EPSV command
  • Fix text clipping on the miscellaneous page in the settings dialig
  • Fixed memory leaks when changing settings
  • The numbers to the PORT command are now always treated as decimal numbers as per the FTP specifications even if they have leading zeroes

0.9.42 (2013-12-16)

New features:

  • Last version ever to support Windows XP
  • More verbose replies to the transfer commands

Bugfixes and minor changes:

  • Fix an endless loop if a client closes a connection using the QUIT command while a speed limit was in effect on a low-latency connection
  • Fixed a rare memory leak
  • Correct handling of 0.0.0.0/0 in IP address filters
  • Use UTF8 in the distinguished names of created certificates

0.9.41 (2012-02-26)

Bugfixes and minor changes:

  • Fix parsing of IP address filters ending with :0 or equivalent substringss.
  • Allow speed limits larger than 64 MiB/s.
  • Show more verbose error messages if transfer connection cannot be established.

0.9.40 (2011-10-23)

Bugfixes and minor changes:

  • The service no longer crashes if onnecting with the administration interface when there are clients connected over IPv6
  • Close the connection if there is additional data in the input buffers when processing the AUTH command.
  • Display correct connection state item in administration interface when getting initial list of connected clients

0.9.39 (2011-06-07)

Bugfixes and minor changes:

  • Do not attempt to display a message box if creating an administration interface binding fails. This freezes the service on some machines.
  • On FTP over TLS connections, the socket address family was not initialized from the underlaying socket
  • Fix a bug in IPv4 address filters and increase their performance

0.9.38 (2011-06-05)

New features:

  • IPv6 support
  • Range, wildcard, regular expression and dot-decimal notation subnet IP address filters have been removed. These filter rules need to be recreated using CIDR notation.

Bugfixes and minor changes:

  • Upon /reload-config, notify all running instances, not just the first found.
  • Report correct physical path of aliases in administration interface
  • Fix reply code on permanent bans, not of 5yz type
  • Increased default size of socket buffers
  • Fix a crash when entering invalid IP filters
  • Fixed a crash when a connection closes
  • Updated to most recent OpenSSL version

0.9.37 (2010-10-17)

Bugfixes and minor changes:

  • Advertise support for PBSZ and PROT in FEAT reply
  • Allow PROT after PORT/PASV/EPRT/EPSV but before transfer command
  • Use correct replies for RNTO, EPRT and MKD command
  • Reply with correct error code in response to transfer commands if PROT P is required but not set
  • Fix display of non-ASCII characters in log
  • Ignore read-only attribute on DELE

0.9.36 (2010-07-19)

Bugfixes and minor changes:

  • Fix welcome message

0.9.35 (2010-07-04)

New features:

  • Administration interface is now Unicode enabled.

Bugfixes and minor changes:

  • Fix saving of speed-limit rules

0.9.34 (2009-12-31)

New features:

  • Show address of server in title bar of administration interface (patch submitted by eyebex)

Bugfixes and minor changes:

  • Disable some weak TLS/SSL ciphers such as DES-CBC-SHA which shouldn't be used anymore
  • Work around some obscure error reported by OpenSSL, fixes spurious transfer failures
  • Use case-insensitive comparison instead of always converting to lowercase in permissions handling. Fixes problems with sharing case-sensitive network resources.
  • Settings with empty data were not loaded from settings file correctly and reverted back to default values (patch submitted by eyebex)
  • Improve performance of (re-)loading settings

0.9.33 (2009-09-06)

New features:

  • Add /servicename and /servicedisplayname options to change the (display) name of the server service.

Bugfixes and minor changes:

  • Fix potential double-delete in admin connection code, could be used for remote denial of service if using remote administration (not enabled by default).
  • Increase minimum value for maximum allowed login attempts before autoban to 10.

0.9.32 (2009-06-21)

New features:

  • Use thousands separator in output of large numbers.

Bugfixes and minor changes:

  • Disallow weak SSLv2.
  • Slightly reword FTP over TLS/SSL settings page
  • Adjust width of user and group lists on permissions dialogs.

0.9.31 (2009-03-03)

Bugfixes and minor changes:

  • Fix buffer overflow in SSL code leading to a potential security vulnerability

0.9.30 (2009-01-30)

Bugfixes and minor changes:

  • Fix a rare case in which SSL shutdown notifications were created but not actually sent.

0.9.29 (2008-11-10)

Bugfixes and minor changes:

  • Executable path did not get quoted properly in service creation leading to a local privilege escalation vulnerability.

0.9.28 (2008-11-03)

Bugfixes and minor changes:

  • Directly reject PROT C if PROT P is required instead of complaining after a transfer command
  • Fix race in transfer connection initialization leading to timeouts
  • No-transfer timeouts could not be disabled in 0.9.27
  • Server startup options in installer had no effect

0.9.27 (2008-07-30)

Bugfixes and minor changes:

  • An orderly SSL/TLS shutdown was not performed in all cases
  • Disallow no-transfer timeouts smaller than 600 seconds

0.9.26 (2008-07-13)

Bugfixes and minor changes:

  • Downloading empty files over TLS connections no longer closes the connection prematurely
  • Updated to latest OpenSSL version