Version history

This page lists the version history of FileZilla Server releases. Have a look at the changelog for a detailed list of all changes committed to the source code repository.

0.9.60.2 (2017-02-08)

Bugfixes and minor changes:

  • Signed binaries, no functional changes over 0.60.0

0.9.60 (2017-02-06)

Bugfixes and minor changes:

  • TLS certificates generated by FileZilla Server now use a random serial number
  • Global speed limits now fluctuate less, unused quota during each timeslice is now carried over instead of discarded
  • Shared directories for groups with the auto-create flag are now created before the user's home directory is accessed
  • Updated OpenSSL to 1.0.2k
  • Building FileZilla Server now requires libfilezilla 0.9.0 or greater

0.9.59 (2016-09-22)

Bugfixes and minor changes:

  • Updated OpenSSL to 1.0.2i due to several security vulnerabilities in OpenSSL
  • Fixed getting list of connected users when connecting with the admin interface
  • Fixed crash if the administration connection is closed while an administrative command is being processed

0.9.58 (2016-08-11)

New features:

  • TCP send buffer auto-tuning
  • Performance improvements to reduce CPU usage under high load
  • Disabled IDEA and SEED ciphers for FTP over TLS

Bugfixes and minor changes:

  • Fixed potential crash if closing connections with pending socket messages
  • A missing home directory is no longer treaded like an empty directory

0.9.57 (2016-05-03)

New features:

  • Rearranged "Connect to Server" dialog and added some helpful labels

Bugfixes and minor changes:

  • Updated OpenSSL to 1.0.2h
  • FileZilla Server no longer fails to read or write its settings if installed in a directory containing characters not expressible in the system's default multibyte character set.

0.9.56.1 (2016-03-16)

Fixed vulnerabilities:

  • Updated installer to NSIS 3.0b3 to prevent DLL hijacking

0.9.56 (2016-03-01)

Bugfixes and minor changes:

  • Improve compatibility with broken clients that always try anonymous logins even if the user has explicitly specified a username.
  • Updated OpenSSL to 1.0.2g

0.9.55 (2016-01-28)

New features:

  • The maximum amount of reconnect attempt for the administration interface can be configured in its settings file

Bugfixes and minor changes:

  • The administration interface no longer starts if it cannot load the TLS libraries
  • Small fixes to the Copy user functionality
  • Updated OpenSSL to 1.0.2f

0.9.54 (2015-11-30)

New features:

  • Newly set account passwords are now stored in form of salted SHA512 hashes
  • The undocumented 8+3 filename feature has been removed

Bugfixes and minor changes:

  • Waiting for transfers to finish when taking the server offline now correctly closes the sockets
  • Clarified a few error messages related to FTP over TLS
  • Updated OpenSSL to 1.0.2d

0.9.53 (2015-06-12)

Bugfixes and minor changes:

  • Updated OpenSSL to 1.0.2b due to several security vulnerabilities in OpenSSL

0.9.52.1 (2015-06-01)

New features:

  • Add support for TLS ciphers using DHE and ECDHE to allow perfect forward secrecy
  • In the settings file, "Minimum TLS version" can be used to further increase the minimum required TLS version a client needs to speak in order to connect

Bugfixes and minor changes:

  • Allow 0.0.0.0/0 CIDR notation in IP filters.

0.9.51 (2015-05-06)

Fixed vulnerabilities:

  • The code that checks that the peer's data connection IP address matches the control connection IP had been nonfunctional. Vulnerability discovered and reported by Amit Klein.
  • Added option to force TLS session resumption on the data connection to prevent data connection stealing
  • FileZilla Server now randomizes the port used for passive mode transfers to mitigate data connection stealing when using plain FTP

New features:

  • Added diagnostic message to the administration interface if FTP over TLS is disabled and if the configured certificate is expired or otherwise invalid
  • Added diagnostic message to the administration interface if no passive mode IP has been configured and the server appears to be behind a NAT router
  • The settings dialog layout had a spring cleaning. The security settings, passive mode settings and TLS settings pages have received the most cleanup.

0.9.50 (2015-03-19)

Bugfixes and minor changes:

  • Updated to OpenSSL 1.0.2a due to several security vulnerabilities in OpenSSL
  • Fixed default network buffer size to match its description
  • Fixed silent uninstallation

0.9.49 (2015-01-09)

Bugfixes and minor changes:

  • Updated OpenSSL library to due to several security vulnerabilties in OpenSSL
  • Fixed crash if updating permissions under load
  • Changing admin interface IP bindings did not recreate the listening socket on ::1
  • Fix display of welcome message and FEAT reply in log

0.9.48 (2014-10-30)

New features:

  • Allow use of the OPTS command prior to login
  • EPSV and EPRT support are now advertised in the reponse to the FEAT command
  • Minidumps are now automatically written in the installation directory in the unfortunate case of a server crash

Bugfixes and minor changes:

  • Updated OpenSSL libraries and fixed memory leaks when unloading OpenSSL

0.9.47 (2014-09-19)

New features:

  • Self-signed certificates created with FileZilla Server are now signed using SHA-256
  • Interface settings (as opposed to server settings) are now stored in %APPDATA%/FileZilla Server
  • Increased maximum IP filter size for users and groups by 50%
  • The administration protocol now allows up to 16 million users and groups

Bugfixes and minor changes:

  • Fix sporadic crashes when using FTP over TLS
  • Fix timestamps in LIST output being off up to 7 minutes in extreme cases
  • Speed up querying file attributes
  • Autoban did not work over IPv6
  • Fixed selection in user list sort dropdown behind the corresponding toolbar button

0.9.46 (2014-08-03)

New features:

  • FTP over TLS: Disallow insecure and weak cipher suites. Algorithms no longer supported include 3DES, RC4, MD5
  • Small performance improvements

Bugfixes and minor changes:

  • Fix stalling or improperly terminated connections when using FTP over TLS
  • Fix crash with enabled speed limits

0.9.45 (2014-06-07)

Fixed vulnerabilities:

  • Security fix: Update to OpenSSL 1.0.1h to address CVE-2014-0224

New features:

  • Clarified wording and offer additional help when setting up aliases

Bugfixes and minor changes:

  • Through the RMD command it was possible to delete aliases

0.9.44 (2014-04-08)

Fixed vulnerabilities:

  • Update to OpenSSL 1.0.1g to address CVE-2014-0160

New features:

  • Improve alias description and guide user towards alias creation if multiple unrelated directories are being shared. Support for the old non-virtual alias configuration has been removed.
  • Display additional information if a certificate or key file cannot be loaded

0.9.43 (2014-01-02)

Fixed vulnerabilities:

  • Security fix: Disallow renaming and deleting of aliases through FTP commands

New features:

  • Removed outdated and untested Kerberos GSSAPI support
  • Removed support for the nonstandard OPTS UTF8 OFF command which is not part of the FTP specifications
  • Added TLS 1.2 support
  • Minimum RSA key size for generated certificates is now 1280 bit
  • Build system: Modernized and cleaned up workspace files for Visual Studio 2013
  • Build system: Removed all non-Unicode configurations

Bugfixes and minor changes:

  • Fix handling of leading/trailing whitespace in filenames
  • Fix display of file name at the end of a transfer
  • The 8+3 account setting is now stored in the correct XML element
  • Increase number of tries searching for a free port after the PASV/EPSV command
  • Fix text clipping on the miscellaneous page in the settings dialig
  • Fixed memory leaks when changing settings
  • The numbers to the PORT command are now always treated as decimal numbers as per the FTP specifications even if they have leading zeroes

0.9.42 (2013-12-16)

New features:

  • Last version ever to support Windows XP
  • More verbose replies to the transfer commands

Bugfixes and minor changes:

  • Fix an endless loop if a client closes a connection using the QUIT command while a speed limit was in effect on a low-latency connection
  • Fixed a rare memory leak
  • Correct handling of 0.0.0.0/0 in IP address filters
  • Use UTF8 in the distinguished names of created certificates

0.9.41 (2012-02-26)

Bugfixes and minor changes:

  • Fix parsing of IP address filters ending with :0 or equivalent substringss.
  • Allow speed limits larger than 64 MiB/s.
  • Show more verbose error messages if transfer connection cannot be established.

0.9.40 (2011-10-23)

Bugfixes and minor changes:

  • The service no longer crashes if onnecting with the administration interface when there are clients connected over IPv6
  • Close the connection if there is additional data in the input buffers when processing the AUTH command.
  • Display correct connection state item in administration interface when getting initial list of connected clients

0.9.39 (2011-06-07)

Bugfixes and minor changes:

  • Do not attempt to display a message box if creating an administration interface binding fails. This freezes the service on some machines.
  • On FTP over TLS connections, the socket address family was not initialized from the underlaying socket
  • Fix a bug in IPv4 address filters and increase their performance

0.9.38 (2011-06-05)

New features:

  • IPv6 support
  • Range, wildcard, regular expression and dot-decimal notation subnet IP address filters have been removed. These filter rules need to be recreated using CIDR notation.

Bugfixes and minor changes:

  • Upon /reload-config, notify all running instances, not just the first found.
  • Report correct physical path of aliases in administration interface
  • Fix reply code on permanent bans, not of 5yz type
  • Increased default size of socket buffers
  • Fix a crash when entering invalid IP filters
  • Fixed a crash when a connection closes
  • Updated to most recent OpenSSL version

0.9.37 (2010-10-17)

Bugfixes and minor changes:

  • Advertise support for PBSZ and PROT in FEAT reply
  • Allow PROT after PORT/PASV/EPRT/EPSV but before transfer command
  • Use correct replies for RNTO, EPRT and MKD command
  • Reply with correct error code in response to transfer commands if PROT P is required but not set
  • Fix display of non-ASCII characters in log
  • Ignore read-only attribute on DELE

0.9.36 (2010-07-19)

Bugfixes and minor changes:

  • Fix welcome message

0.9.35 (2010-07-04)

New features:

  • Administration interface is now Unicode enabled.

Bugfixes and minor changes:

  • Fix saving of speed-limit rules

0.9.34 (2009-12-31)

New features:

  • Show address of server in title bar of administration interface (patch submitted by eyebex)

Bugfixes and minor changes:

  • Disable some weak TLS/SSL ciphers such as DES-CBC-SHA which shouldn't be used anymore
  • Work around some obscure error reported by OpenSSL, fixes spurious transfer failures
  • Use case-insensitive comparison instead of always converting to lowercase in permissions handling. Fixes problems with sharing case-sensitive network resources.
  • Settings with empty data were not loaded from settings file correctly and reverted back to default values (patch submitted by eyebex)
  • Improve performance of (re-)loading settings

0.9.33 (2009-09-06)

New features:

  • Add /servicename and /servicedisplayname options to change the (display) name of the server service.

Bugfixes and minor changes:

  • Fix potential double-delete in admin connection code, could be used for remote denial of service if using remote administration (not enabled by default).
  • Increase minimum value for maximum allowed login attempts before autoban to 10.

0.9.32 (2009-06-21)

New features:

  • Use thousands separator in output of large numbers.

Bugfixes and minor changes:

  • Disallow weak SSLv2.
  • Slightly reword FTP over TLS/SSL settings page
  • Adjust width of user and group lists on permissions dialogs.

0.9.31 (2009-03-03)

Bugfixes and minor changes:

  • Fix buffer overflow in SSL code leading to a potential security vulnerability

0.9.30 (2009-01-30)

Bugfixes and minor changes:

  • Fix a rare case in which SSL shutdown notifications were created but not actually sent.

0.9.29 (2008-11-10)

Bugfixes and minor changes:

  • Executable path did not get quoted properly in service creation leading to a local privilege escalation vulnerability.

0.9.28 (2008-11-03)

Bugfixes and minor changes:

  • Directly reject PROT C if PROT P is required instead of complaining after a transfer command
  • Fix race in transfer connection initialization leading to timeouts
  • No-transfer timeouts could not be disabled in 0.9.27
  • Server startup options in installer had no effect

0.9.27 (2008-07-30)

Bugfixes and minor changes:

  • An orderly SSL/TLS shutdown was not performed in all cases
  • Disallow no-transfer timeouts smaller than 600 seconds

0.9.26 (2008-07-13)

Bugfixes and minor changes:

  • Downloading empty files over TLS connections no longer closes the connection prematurely
  • Updated to latest OpenSSL version