Release notes

Release notes

2.9.2 (2023-05-29)

• Fixed exit code for --help
• path list now supports CSV output format using --format csv.

2.9.1 (2023-05-18)

• AES-CBC encryption algorithms are now categorized as ‘intermediate’ (formerly ‘modern’).
• Fixed broken login after invalid password attempt with MFA enabled.
• Optimized moving files on the same volume when using SFTP or SCP.

2.9.0 (2023-05-02)

• Application startup is now always logged
• Post-installation configuration wizard is now included in the installer package.

2.8.3 (2023-03-07)

• Web Admin - responsive design improvements.
• Improved client public key authentication process.
• Fixed escaping of special characters in SSH/SCP commands.

2.8.2 (2023-02-16)

• Web Admin - fixed SSH service status sometimes stuck at “Checking…”

2.8.1 (2023-02-16)

• Web Admin - fixed highlighting in navigation menu.
• Web Admin - warning is shown when connection to server is lost.
• Web Admin - SSH service status is now indicated in real time.
• Web Admin - SSH algorithm configuration moved to separate page.
• Web Admin - now using slightly less contrasting default colour theme.

2.8.0 (2023-01-16)

• Comments can now be added to user public keys to help get organized.
• Buru SFTP Command Line shortcut now opens shell in the installation directory (previously in Windows SYSTEM directory).
• CLI - user update --remove-keys now accepts dsa; ecdsa now matches any ECDSA key.
• CLI - user public keys can now be managed using user key add and user key delete commands.
• CLI - user public keys can now be specified directly using user add --keys <key>, user update --add-keys <key> and user update --set-keys <key>.
• CLI - virtual paths in path and path delete commands can now be specified without / prefix.
• CLI - when virtual path (-v <path>) in path and path delete commands is not specified, it defaults to root / path.
• Web Admin - user public keys can now be added directly, without the need for public key file upload.
• Breaking changes:
  • CLI - removing last public key using user update will no longer disable public key authentication. When public key authentication is set to required, user will not be able to log in.
  • Changed SSH shell and SFTP encoding from win-1252 to UTF-8.

2.7.3 (2022-12-09)

• Web Admin - fixed performance issue on user edit page.

2.7.2 (2022-09-26)

• When bindings section is missing in the configuration file, the SSH server will listen on both IPv4 and IPv6 “any” addresses.
• Server will now not use IPv4 “any” address for empty (not missing) bindings section in the configuration file.
• SSE2 fallback for ChaCha20 for processors without AVX2.
• Fixed sometimes missing or wrong error message for invalid command line input.
• Web Admin - fixed error when address is missing in SSH binding.
• Web Admin - server configuration page now displays proper values for server private keys and SSH bindings when default values are used.
• Web Admin - fixed description for log pages without logs.

2.7.1 (2022-08-19)

• Increased SSH terminal buffer sizes for better performance with tools such as rsync.

2.7.0 (2022-08-08)

• Added support for server-sig-algs SSH extension (RFC 8332).
• Optimized ChaCha20Poly1305 and AEAD ciphers internals.
• Web Admin - user lockout management moved from user edit form to independent dialog accessible directly from Users page.
• Web Admin - users can now check for updates on home page.
• Web Admin - fixed caption for default SSH shell in user edit form.
• Web Admin - users using unsupported browsers (such as Internet Explorer) will now see a user-friendly error message.

2.6.2 (2022-05-09)

• Web Admin - improved validation for empty rows in user’s path mappings.
• Added IPv6 Any ([::]:22) to the list of SSH server’s default listening addresses.

2.6.1 (2022-05-02)

• Fixed backslash escaping in SSH exec command.
• Fixed backslash escaping in SSH shell aliases.
• Added support for interval lockout in CLI user update <username> [--lock [<date-time> | <interval>] | --unlock].
• Web Admin - fixed log file display.
• Web Admin - fixed SSH Shell configuration in user add and edit forms.

2.6.0 (2022-04-04)

• Added impersonation support for terminal.
• Added manual user account lockout.
  • Added new CLI command options: user update <username> [--lock [<date-time>] | --unlock].
  • Web Admin - user lockout management.
• Added retries to DNS resolving of a binding to a hostname.

2.5.3 (2022-02-11)

• Web Admin - Windows account and password fields in user detail no longer prefills values from web browser.

2.5.2 (2022-01-28)

• Fixed a bug in custom logging configuration that caused a failure at startup when using a file sink.
• Web Admin - added notification flash bar.

2.5.1 (2022-01-20)

• Fixed occasional freeze in legacy / terminal console mode.
• Web Admin - user sessions are no longer valid after complete reinstall.
• Web Admin - fixed application hanging after failed start.
• Web Admin - added suppressHttpEndpointWarning option to disable HTTP endpoint warning when running e.g. behind a reverse proxy.

2.5.0 (2021-12-23)

• Added Terminal support.
• Added new CLI command: user inspect <username> [--query <jmespath>].
• Log level can be now overridden from command line burusftp run --log-level <loglevel>.
• --no-color option will toggle off color output and ANSI/VT codes for most commands.
• --verbose option is now a shortcut for --log-level debug.
• Breaking changes:
  • Changed public key fingerprint (used in e.g. user update --remove-keys) to SHA-256 base-64.
  • --log-level verbose log level now logs unencrypted packet data - use with caution!

2.4.6 (2021-11-30)

• Added burusftp keygen --curve command option.

2.4.5 (2021-11-16)

• Fixed an issue when some IPv4 and IPv6 bindings could not be used together.

2.4.4 (2021-10-27)

• Support for SSH session inactivity timeout (max idle duration) - see configuration.

2.4.3 (2021-10-21)

• Added burusftpwa certgen command.
• Improved burusftp keygen manpage.

2.4.2 (2021-09-31)

• Support for SFTP v5. This improves compatibility with WinSCP client, which expects SFTP v5 to enable File Hashing extension that makes it possible to calculate checksums of remote files.
• Fixed not requesting read permission in addition to delete for source path of rename operation.
• Fixed compatibility issues in SCP protocol.
• Fixed SSH aliases sometimes returning invalid exit code and error message.

2.4.1 (2021-07-26)

• Fixed an error when SFTP module could not be initialized with write-only root directory.
• Fixed physical path incorrectly marked as non-existing in path mapping section (Web Admin).
• Fixed access rights inheritance for nested virtual paths.
• Write-only directories are now properly visible from parent directory.

2.4.0 (2021-06-08)

• Web Admin client-side performance optimizations.
• Added Web Admin theming (Pro edition only).
• Web Admin will display a warning when service user is not able to access user folder.

2.3.0 (2021-05-06)

• SSH renegotiation is now configurable using maximum data transferred or time period threshold or can be disabled altogether.
• Users can now connect using SFTP even when they have no path mappings defined (empty read-only directory is shown).
• user add no longer requires the process user to be able to query service definition user.

2.2.0 (2021-03-16)

• Major performance improvement for Chacha20/Poly1305 encryption.
• Added burusftp svc restart and burusftpwa svc restart commands.
• Web Admin improvements:
  • Added [Restart] button to service management page.
  • Showing detailed error message when service fails to start.
  • Faster feedback on service management page.
  • SSH host key widget on server configuration page improved.

2.1.1 (2021-03-11)

• Fixed library loading issue for custom logging.

2.1.0 (2021-02-05)

• Users can be added with password hash only (e.g. when importing from existing user database) - see burusftp user add.
• Fixed log highlighting issues.
• Updated color scheme and layout (Web Admin).
• Home page dashboard (Web Admin).
• Breaking changes:
  • No longer looking for free license in application’s root path.
  • SSH session ID now added to most log entries, where relevant.
  • User password hashes are rehashed on successful login to specified algorithm - see configuration.

2.0.1 (2021-01-28)

• Fixed installer UI scaling issues.

2.0.0 (2021-01-25)

• New major features
  • Windows installer is now available for download.
  • Added Windows authentication and impersonation support (Pro edition only).
  • Support for custom logging configuration file - see configuration.
  • Config folder is now searched for in the following paths:
    • [INSTALLATION_PATH]\config
    • %PROGRAMDATA%\Rebex\BuruSftp (this path is used by installer by default)
• Breaking changes:
  • Re-installation is needed when upgrading to version 2.x - see the upgrade guide.
  • SSH server will now shutdown when the trial license expires.
  • Command line changes:
    • We plan to release more Buru applications in addition to the SFTP server, and hence buru.exe is renamed to burusftp.exe, buruwa.exe to burusftpwa.exe.
    • Password and public key authentication are now required by default when set.
    • Password and public key can no longer be setup as enabled or required without password or public key, respectively.
    • init, install and run commands now perform more extensive environment checks which might include patching the user database to new version.
    • burusftp user list -v now lists locked users with L prefix.
    • Some options were renamed, e.g. --keyAuth to --key-auth. In most cases a temporary fallback is available allowing you to use previous option names with a warning.
  • Services and their display names were renamed.

1.9.1 (2020-10-12)

• Support recursive directory creation (mkdir -p).
• No longer logging packet data in verbose mode.

1.9.0 (2020-08-10)

• Added account lockout support.
• Show confirmation dialog when deleting user (Web Admin).
• Breaking changes:
  • Account lockout is now enabled by default.

1.8.4 (2020-08-08)

• Fixed access issue (Web Admin).

1.8.3 (2020-07-29)

• Log retention is now configurable - see configuration.

1.8.2 (2020-07-27)

• burusftp init also checks configuration files.

1.8.1 (2020-07-21)

• Fixed freeze on certain IP filter ranges and logging set to debug.

1.8.0 (2020-07-16)

• Added burusftp init command for quick non-interactive installation - see burusftp init.
• Fixed handling of unknown SSH packets received before authentication.
• Fixed auto-redirection to home page after login (Web Admin).
• Fixed installation abort when service user not found.
• Workaround for very old OpenSSH 4.x/5.x clients that refuse to accept data packets while SSH renegotiation is in progress.
• Web administration can now start even without valid configuration file.
• Breaking changes:
  • Changed access log default level to Information (was Warning).
  • Unsupported SSH algorithms will prevent server from starting (before just displayed an error).
  • (users.usernameCaseSensitive) option is no longer supported. Usernames case-insensitive.

1.7.4 (2020-05-26)

• Minor UI tweaks in web administration (Web Admin).
• Fixed license check for beta versions.

1.7.3 (2020-05-22)

• Fixed Chacha20-Poly1305 decryption issue.

1.7.2 (2020-05-18)

• Fixed license upgrade page (Web Admin).

1.7.1 (2020-05-05)

• Support for aes256-gcm@openssh.com and aes128-gcm@openssh.com encryption (enabled by default) - see configuration.
• Support for hmac-sha2-512-etm@openssh.com and hmac-sha2-256-etm@openssh.com MACs (enabled by default) - see configuration.

1.7.0 (2020-05-04)

• Support for two-factor authentication (password + public key) - see burusftp user add, burusftp user update
• Support for chacha20-poly1305@openssh.com encryption (enabled by default) - see configuration.
• Support for curve25519-sha256 key exchange (enabled by default) - see configuration.
• Added support for ‘check-file’ SFTP extension, making it possible to calculate hashes of remote files.
• Fixed hanging burusftpwa.exe service after service shutdown.
• Fixed reporting of writable permissions for read-only files.

1.6.0 (2020-04-28)

• New design of web administration UI.
• Changed some configuration defaults:
  • config/config.yaml is now required for the server to start.
  • Default server keys location is now config/keys (was /keys). /keys directory is still used in search when no paths are specified.
• Configuration file is now generated upon install.
• Keys are now generated upon install. You can still generate the keys manually - see burusftp keygen.
• Configuration samples (e.g. config/config-sample.yaml) are renamed to examples (config/config-example.yaml).
• Added default configuration files (e.g. config/config-default.yaml).
• Added checking for duplicate port bindings.
• Cannot start server without fully persisted SSH keys.
• Browser should no longer autofill passwords on user administration page.
• Removed invalid warning when hostname was supplied as hostname for web admin binding.
• Obsoleted configuration keys are no longer supported.

1.5.0 (2020-03-23)

• Fixed SFTP/SCP binding deserialization issue.
• FileZilla import supported (experimental).
• Upgraded to .NET Core 3.1.
• Removed support for obsoleted enableCrashReporting flag.

1.4.3 (2019-08-06)

• Improved error message when service fails to start.
• Fixed error message when license expired.

1.4.2 (2019-06-10)

• Fixed error message when loading invalid user SSH public key.
• Fixed loading of authorized_keys format of user public keys.
• Fixed log level dropdown (Web Admin).
• Fixed Web Admin log display.
• Key manipulation messages are more readable.

1.4.1 (2019-05-20)

• Fixed virtual path validation.

1.4.0 (2019-05-10)

• Added 32-bit Windows version.

1.3.2 (2019-04-24)

• Removed auto-generated DSA key.
• Support for custom software version (ssh.softwareVersion).

1.3.1 (2019-04-17)

• Fixed console log level.

1.3.0 (2019-04-03)

• Access log now also includes IP addresses.
• Fixed ‘File not found’ issue for virtual paths mounted into existing filesystem.
• Fixed verbose log level when writing to logfile.
• Empty audit file no longer created on startup in logging folder.

1.2.0 (2019-03-20)

• Added virtual path format check (Web Admin, path command).
• Installer now grants ‘Logon as Service’ privilege for service user.
• Fixed typos in webconfig configuration documentation.
• Fixed SSH alias execution when user has no path mappings.
• Fixed install process privilege elevation when run from mingw shell.
• Fixed service user lookup for users without domain qualified name.

1.1.3 (2019-02-22)

• Fixed parsing of obsoleted values in config.yaml.

1.1.2 (2019-02-21)

• Backup-less upgrade is now supported.

1.1.1 (2019-02-19)

• Added an option to disable username case sensitivity.
• Minor Web Admin user interface enhancements performed.

1.1.0 (2019-02-07)

• Fixed memory leak (updated internal libraries).
• Password salt size, algorithm and username regex patterns moved to ‘users’ section in config.yaml. Old configuration files are still compatible but a warning will be shown.
• Fixed loading of PKCS#8 public keys.
• Web Admin - Fixed redirection to login page when user session expired.
• Web Admin - Fixed username regex pattern not being properly applied.
• Web Admin - External changes now properly trigger reload of config.yaml configuration file.
• Removed crash reporter (errors are saved to logfiles).

1.0.4 (2018-12-11)

• Added minLevel and aspNetMinLevel to Web Admin configuration.

1.0.3 (2018-11-21)

• Support for authorized_keys users’ public keys.
• Updated internal libraries.

1.0.2 (2018-11-08)

• Added user list command.
• Fixed logging of unhandled exceptions.
• Fixed notification of user public key error (web admin).
• path list no longer encloses username in double quotes.

1.0.1 (2018-10-22)

• Added support for custom shell host names.
• Added logging section to webadmin server configuration.

1.0.0 (2018-10-04)

• BREAKING: Changed user database format.
• Non-admin accounts can no longer log in to web administration (there was no content available anyway).
• Removed SSH Tunneling configuration section from web administration (as it was still incomplete).
• Fixed algorithm selection widget that didn’t work properly in Chrome / Edge.

0.2.2 (2018-10-03)

• BREAKING: Logging configuration section revamped:
  • Added an option to specify different server and access log locations.
  • Can specify minimal level for server log.
• BREAKING: WebAdmin role setting simplified:
  • Users can now access web administration by adding --webadmin to user add or user update.
  • Revoking WebAdmin role is done by adding --noadmin to user update.
• Displays warnings when SFTP server service does not have access to user folder or folder does not exist.
• Minor UI tweaks performed.

0.2.1 (2018-09-18)

• BREAKING: SSH algorithms use __INTERMEDIATE level (previous: __MODERN) for increased compatibility.
• Fixed an issue where SSH algos were not draggable in web administration.
• Fixed SSH key information in web administration.
• Fixed ‘burusftpwa svc’ auto-elevation.

0.2.0 (2018-09-18)

• BREAKING: User database no longer contains default user - user must be created manually using burusftp install or burusftp user add.
• BREAKING: Using NETWORK SERVICE user as default when installed as Windows Service.
• Install/uninstall scripts now use auto-elevation (burusftp install).
• Fixed error when startup type was explicitly set for svc install.
• Errors and warnings are shown with an alert in console.
• Minor UI fixes performed.

0.1.12 (2018-07-13)

• Added support for service startup Windows Eventlog logging.

0.1.11 (2018-07-11)

• Fixed missing manpage for ‘burusftp user update’.
• Fixed manpage crash when console buffer height was too small.
• Added manpage support for msys console.
• Additional SSH public key formats added.