Release notes

What’s new in the latest release of Rebex Buru SFTP Server for Windows?

Release notes

2.8.0 (2023-01-16)

  • Comments can now be added to user public keys to help get organized.
  • Buru SFTP Command Line shortcut now opens shell in the installation directory (previously in Windows SYSTEM directory).
  • CLI - user update --remove-keys now accepts dsa; ecdsa now matches any ECDSA key.
  • CLI - user public keys can now be managed using user key add and user key delete commands.
  • CLI - user public keys can now be specified directly using user add --keys <key>, user update --add-keys <key> and user update --set-keys <key>.
  • CLI - virtual paths in path and path delete commands can now be specified without / prefix.
  • CLI - when virtual path (-v <path>) in path and path delete commands is not specified, it defaults to root / path.
  • Web Admin - user public keys can now be added directly, without the need for public key file upload.
  • Breaking changes:
    • CLI - removing last public key using user update will no longer disable public key authentication. When public key authentication is set to required, user will not be able to log in.
    • Changed SSH shell and SFTP encoding from win-1252 to UTF-8.

2.7.3 (2022-12-09)

  • Web Admin - fixed performance issue on user edit page.

2.7.2 (2022-09-26)

  • When bindings section is missing in the configuration file, the SSH server will listen on both IPv4 and IPv6 “any” addresses.
  • Server will now not use IPv4 “any” address for empty (not missing) bindings section in the configuration file.
  • SSE2 fallback for ChaCha20 for processors without AVX2.
  • Fixed sometimes missing or wrong error message for invalid command line input.
  • Web Admin - fixed error when address is missing in SSH binding.
  • Web Admin - server configuration page now displays proper values for server private keys and SSH bindings when default values are used.
  • Web Admin - fixed description for log pages without logs.

2.7.1 (2022-08-19)

  • Increased SSH terminal buffer sizes for better performance with tools such as rsync.

2.7.0 (2022-08-08)

  • Added support for server-sig-algs SSH extension (RFC 8332).
  • Optimized ChaCha20Poly1305 and AEAD ciphers internals.
  • Web Admin - user lockout management moved from user edit form to independent dialog accessible directly from Users page.
  • Web Admin - users can now check for updates on home page.
  • Web Admin - fixed caption for default SSH shell in user edit form.
  • Web Admin - users using unsupported browsers (such as Internet Explorer) will now see a user-friendly error message.

2.6.2 (2022-05-09)

  • Web Admin - improved validation for empty rows in user’s path mappings.
  • Added IPv6 Any ([::]:22) to the list of SSH server’s default listening addresses.

2.6.1 (2022-05-02)

2.6.0 (2022-04-04)

2.5.3 (2022-02-11)

  • Web Admin - Windows account and password fields in user detail no longer prefills values from web browser.

2.5.2 (2022-01-28)

  • Fixed a bug in custom logging configuration that caused a failure at startup when using a file sink.
  • Web Admin - added notification flash bar.

2.5.1 (2022-01-20)

  • Fixed occasional freeze in legacy / terminal console mode.
  • Web Admin - user sessions are no longer valid after complete reinstall.
  • Web Admin - fixed application hanging after failed start.
  • Web Admin - added suppressHttpEndpointWarning option to disable HTTP endpoint warning when running e.g. behind a reverse proxy.

2.5.0 (2021-12-23)

  • Added Terminal support.
  • Added new CLI command: user inspect <username> [--query <jmespath>].
  • Log level can be now overridden from command line burusftp run --log-level <loglevel>.
  • --no-color option will toggle off color output and ANSI/VT codes for most commands.
  • --verbose option is now a shortcut for --log-level debug.
  • Breaking changes:
    • Changed public key fingerprint (used in e.g. user update --remove-keys) to SHA-256 base-64.
    • --log-level verbose log level now logs unencrypted packet data - use with caution!

2.4.6 (2021-11-30)

2.4.5 (2021-11-16)

  • Fixed an issue when some IPv4 and IPv6 bindings could not be used together.

2.4.4 (2021-10-27)

  • Support for SSH session inactivity timeout (max idle duration) - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#ssh).

2.4.3 (2021-10-21)

2.4.2 (2021-09-31)

  • Support for SFTP v5. This improves compatibility with WinSCP client, which expects SFTP v5 to enable File Hashing extension that makes it possible to calculate checksums of remote files.
  • Fixed not requesting read permission in addition to delete for source path of rename operation.
  • Fixed compatibility issues in SCP protocol.
  • Fixed SSH aliases sometimes returning invalid exit code and error message.

2.4.1 (2021-07-26)

  • Fixed an error when SFTP module could not be initialized with write-only root directory.
  • Fixed physical path incorrectly marked as non-existing in path mapping section (Web Admin).
  • Fixed access rights inheritance for nested virtual paths.
  • Write-only directories are now properly visible from parent directory.

2.4.0 (2021-06-08)

  • Web Admin client-side performance optimizations.
  • Added Web Admin theming (Pro edition only).
  • Web Admin will display a warning when service user is not able to access user folder.

2.3.0 (2021-05-06)

  • SSH renegotiation is now configurable using maximum data transferred or time period threshold or can be disabled altogether.
  • Users can now connect using SFTP even when they have no path mappings defined (empty read-only directory is shown).
  • user add no longer requires the process user to be able to query service definition user.

2.2.0 (2021-03-16)

  • Major performance improvement for Chacha20/Poly1305 encryption.
  • Added burusftp svc restart and burusftpwa svc restart commands.
  • Web Admin improvements:
    • Added [Restart] button to service management page.
    • Showing detailed error message when service fails to start.
    • Faster feedback on service management page.
    • SSH host key widget on server configuration page improved.

2.1.1 (2021-03-11)

  • Fixed library loading issue for custom logging.

2.1.0 (2021-02-05)

  • Users can be added with password hash only (e.g. when importing from existing user database) - see burusftp user add.
  • Fixed log highlighting issues.
  • Updated color scheme and layout (Web Admin).
  • Home page dashboard (Web Admin).
  • Breaking changes:
    • No longer looking for free license in application’s root path.
    • SSH session ID now added to most log entries, where relevant.
    • User password hashes are rehashed on successful login to specified algorithm - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#users).

2.0.1 (2021-01-28)

  • Fixed installer UI scaling issues.

2.0.0 (2021-01-25)

  • New major features
    • Windows installer is now available for download.
    • Added Windows authentication and impersonation support (Pro edition only).
    • Support for custom logging configuration file - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#logging).
    • Config folder is now searched for in the following paths:
      • [INSTALLATION_PATH]\config
      • %PROGRAMDATA%\Rebex\BuruSftp (this path is used by installer by default)
  • Breaking changes:
    • Re-installation is needed when upgrading to version 2.x - see the upgrade guide.
    • SSH server will now shutdown when the trial license expires.
    • Command line changes:
      • We plan to release more Buru applications in addition to the SFTP server, and hence buru.exe is renamed to burusftp.exe, buruwa.exe to burusftpwa.exe.
      • Password and public key authentication are now required by default when set.
      • Password and public key can no longer be setup as enabled or required without password or public key, respectively.
      • init, install and run commands now perform more extensive environment checks which might include patching the user database to new version.
      • burusftp user list -v now lists locked users with L prefix.
      • Some options were renamed, e.g. --keyAuth to --key-auth. In most cases a temporary fallback is available allowing you to use previous option names with a warning.
    • Services and their display names were renamed.

1.9.1 (2020-10-12)

  • Support recursive directory creation (mkdir -p).
  • No longer logging packet data in verbose mode.

1.9.0 (2020-08-10)

  • Added account lockout support.
  • Show confirmation dialog when deleting user (Web Admin).
  • Breaking changes:
    • Account lockout is now enabled by default.

1.8.4 (2020-08-08)

  • Fixed access issue (Web Admin).

1.8.3 (2020-07-29)

  • Log retention is now configurable - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#logging).

1.8.2 (2020-07-27)

  • burusftp init also checks configuration files.

1.8.1 (2020-07-21)

  • Fixed freeze on certain IP filter ranges and logging set to debug.

1.8.0 (2020-07-16)

  • Added burusftp init command for quick non-interactive installation - see burusftp init.
  • Fixed handling of unknown SSH packets received before authentication.
  • Fixed auto-redirection to home page after login (Web Admin).
  • Fixed installation abort when service user not found.
  • Workaround for very old OpenSSH 4.x/5.x clients that refuse to accept data packets while SSH renegotiation is in progress.
  • Web administration can now start even without valid configuration file.
  • Breaking changes:
    • Changed access log default level to Information (was Warning).
    • Unsupported SSH algorithms will prevent server from starting (before just displayed an error).
    • (users.usernameCaseSensitive) option is no longer supported. Usernames case-insensitive.

1.7.4 (2020-05-26)

  • Minor UI tweaks in web administration (Web Admin).
  • Fixed license check for beta versions.

1.7.3 (2020-05-22)

  • Fixed Chacha20-Poly1305 decryption issue.

1.7.2 (2020-05-18)

  • Fixed license upgrade page (Web Admin).

1.7.1 (2020-05-05)

  • Support for aes256-gcm@openssh.com and aes128-gcm@openssh.com encryption (enabled by default) - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#ssh).
  • Support for hmac-sha2-512-etm@openssh.com and hmac-sha2-256-etm@openssh.com MACs (enabled by default) - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#ssh).

1.7.0 (2020-05-04)

  • Support for two-factor authentication (password + public key) - see burusftp user add, burusftp user update
  • Support for chacha20-poly1305@openssh.com encryption (enabled by default) - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#ssh).
  • Support for curve25519-sha256 key exchange (enabled by default) - see [configurationhttps://www.rebex.net/doc/buru-sftp-server/configuration/config/#ssh).
  • Added support for ‘check-file’ SFTP extension, making it possible to calculate hashes of remote files.
  • Fixed hanging burusftpwa.exe service after service shutdown.
  • Fixed reporting of writable permissions for read-only files.

1.6.0 (2020-04-28)

  • New design of web administration UI.
  • Changed some configuration defaults:
    • config/config.yaml is now required for the server to start.
    • Default server keys location is now config/keys (was /keys). /keys directory is still used in search when no paths are specified.
  • Configuration file is now generated upon install.
  • Keys are now generated upon install. You can still generate the keys manually - see burusftp keygen.
  • Configuration samples (e.g. config/config-sample.yaml) are renamed to examples (config/config-example.yaml).
  • Added default configuration files (e.g. config/config-default.yaml).
  • Added checking for duplicate port bindings.
  • Cannot start server without fully persisted SSH keys.
  • Browser should no longer autofill passwords on user administration page.
  • Removed invalid warning when hostname was supplied as hostname for web admin binding.
  • Obsoleted configuration keys are no longer supported.

1.5.0 (2020-03-23)

  • Fixed SFTP/SCP binding deserialization issue.
  • FileZilla import supported (experimental).
  • Upgraded to .NET Core 3.1.
  • Removed support for obsoleted enableCrashReporting flag.

1.4.3 (2019-08-06)

  • Improved error message when service fails to start.
  • Fixed error message when license expired.

1.4.2 (2019-06-10)

  • Fixed error message when loading invalid user SSH public key.
  • Fixed loading of authorized_keys format of user public keys.
  • Fixed log level dropdown (Web Admin).
  • Fixed Web Admin log display.
  • Key manipulation messages are more readable.

1.4.1 (2019-05-20)

  • Fixed virtual path validation.

1.4.0 (2019-05-10)

  • Added 32-bit Windows version.

1.3.2 (2019-04-24)

1.3.1 (2019-04-17)

  • Fixed console log level.

1.3.0 (2019-04-03)

  • Access log now also includes IP addresses.
  • Fixed ‘File not found’ issue for virtual paths mounted into existing filesystem.
  • Fixed verbose log level when writing to logfile.
  • Empty audit file no longer created on startup in logging folder.

1.2.0 (2019-03-20)

  • Added virtual path format check (Web Admin, path command).
  • Installer now grants ‘Logon as Service’ privilege for service user.
  • Fixed typos in webconfig configuration documentation.
  • Fixed SSH alias execution when user has no path mappings.
  • Fixed install process privilege elevation when run from mingw shell.
  • Fixed service user lookup for users without domain qualified name.

1.1.3 (2019-02-22)

  • Fixed parsing of obsoleted values in config.yaml.

1.1.2 (2019-02-21)

1.1.1 (2019-02-19)

  • Added an option to disable username case sensitivity.
  • Minor Web Admin user interface enhancements performed.

1.1.0 (2019-02-07)

  • Fixed memory leak (updated internal libraries).
  • Password salt size, algorithm and username regex patterns moved to ‘users’ section in config.yaml. Old configuration files are still compatible but a warning will be shown.
  • Fixed loading of PKCS#8 public keys.
  • Web Admin - Fixed redirection to login page when user session expired.
  • Web Admin - Fixed username regex pattern not being properly applied.
  • Web Admin - External changes now properly trigger reload of config.yaml configuration file.
  • Removed crash reporter (errors are saved to logfiles).

1.0.4 (2018-12-11)

  • Added minLevel and aspNetMinLevel to Web Admin configuration.

1.0.3 (2018-11-21)

  • Support for authorized_keys users’ public keys.
  • Updated internal libraries.

1.0.2 (2018-11-08)

  • Added user list command.
  • Fixed logging of unhandled exceptions.
  • Fixed notification of user public key error (web admin).
  • path list no longer encloses username in double quotes.

1.0.1 (2018-10-22)

  • Added support for custom shell host names.
  • Added logging section to webadmin server configuration.

1.0.0 (2018-10-04)

  • BREAKING: Changed user database format.
  • Non-admin accounts can no longer log in to web administration (there was no content available anyway).
  • Removed SSH Tunneling configuration section from web administration (as it was still incomplete).
  • Fixed algorithm selection widget that didn’t work properly in Chrome / Edge.

0.2.2 (2018-10-03)

  • BREAKING: Logging configuration section revamped:
    • Added an option to specify different server and access log locations.
    • Can specify minimal level for server log.
  • BREAKING: WebAdmin role setting simplified:
    • Users can now access web administration by adding --webadmin to user add or user update.
    • Revoking WebAdmin role is done by adding --noadmin to user update.
  • Displays warnings when SFTP server service does not have access to user folder or folder does not exist.
  • Minor UI tweaks performed.

0.2.1 (2018-09-18)

  • BREAKING: SSH algorithms use __INTERMEDIATE level (previous: __MODERN) for increased compatibility.
  • Fixed an issue where SSH algos were not draggable in web administration.
  • Fixed SSH key information in web administration.
  • Fixed ‘burusftpwa svc’ auto-elevation.

0.2.0 (2018-09-18)

  • BREAKING: User database no longer contains default user - user must be created manually using burusftp install or burusftp user add.
  • BREAKING: Using NETWORK SERVICE user as default when installed as Windows Service.
  • Install/uninstall scripts now use auto-elevation (burusftp install).
  • Fixed error when startup type was explicitly set for svc install.
  • Errors and warnings are shown with an alert in console.
  • Minor UI fixes performed.

0.1.12 (2018-07-13)

  • Added support for service startup Windows Eventlog logging.

0.1.11 (2018-07-11)

  • Fixed missing manpage for ‘burusftp user update’.
  • Fixed manpage crash when console buffer height was too small.
  • Added manpage support for msys console.
  • Additional SSH public key formats added.