Release notes
What’s new in the latest release of Rebex Buru SFTP Server for Windows?
Release notes
2.15.4 (2024-10-01)
- Added
burusftp certgen
command to generate self-signed X.509 (TLS) certificates. This is an alias forburusftpwa certgen
. - Web Admin - FTP certificate group can now be renamed.
- Web Admin - fixed FTP binding custom certificate group not being saved properly.
2.15.3 (2024-10-01)
- Web Admin - fixed error when loading FTP settings page.
2.15.2 (2024-09-19)
- Web Admin - fixed browser cache issue after application upgrade.
2.15.1 (2024-09-17)
- Fixed an issue where username leading/trailing whitespace was not trimmed when creating a user.
- Web Admin - fixed error when loading user detail page for user with special characters in username.
- Web Admin - fixed error message when adding user with existing username.
2.15.0 (2024-09-13)
- Initial FTP protocol support:
- Added support for FTP protocol (plain FTP, implicit and explicit FTPS).
- Disabled by default. Can be enabled globally in configuration or per user.
- Each FTPS endpoint can be configured with different certificate(s).
- Added user field ’note’ for user comments.
- Installer - Buru SFTP Command Prompt now runs with administrator privileges by default.
- Removed server configuration parameters
passwordPolicy
andusernamePattern
. These parameters have been deprecated since v1.1.0. - Web Admin - configuration pages are now accessible when configuration file is invalid but readable.
- Fixed
burusftp user key delete -F <fingerprint>
behavior withSHA-256:
prefix. - Updated Serilog logging libraries.
2.14.5 (2024-08-01)
- Fixed errors when parsing some configuration IP addresses with leading or trailing whitespace.
- Web Admin - added SSH port placeholder on SSH endpoints page.
- Web Admin - fixed Maximum renegotiation threshold caption on Additional SSH settings page.
- Web Admin - fixed minor UI issue when typing a file path containing a space character.
2.14.4 (2024-06-07)
- Web Admin - fixed error when multiple IP address ranges were used in IP filtering textboxes.
2.14.3 (2024-06-25)
- Added logging of user lockout events.
- Fixed
burusftp user update <username> --password ""
behavior - now removes password instead of setting an empty password. - Fixed
burusftp user add <username> --password ""
behavior - now does nothing instead of setting an empty password.
2.14.2 (2024-06-21)
- Web Admin - fixed loading comment from user public keys.
- Web Admin - server key list now also shows certificate details for keys with certificates.
2.14.1 (2024-06-10)
- Added support for loading private keys in new OpenSSH key format encrypted using AES/GCM or ChaCha20/Poly1305.
- Fixed handling of client’s SSH_MSG_EXT_INFO message.
- Added logging of SSH ciphers supported by the client on mismatch (log level: debug).
- Environment variables can be used in server key paths (see keys).
- Web Admin - fixed missing log level dropdown on logging configuration page.
- Web Admin - server configuration page now shows full path to configuration file and revert buttons.
2.14.0 (2024-05-21)
- Web Admin - major changes:
- Form visuals have been updated.
- Multiple users can now be selected for certain actions (lock, unlock, delete).
- UI customization changes:
- Full Material UI schema is no longer supported.
- Secondary palette is no longer supported.
- Error shown when multiple server SSH keys of same type are added.
- Public server keys can now be easily exported from the web interface.
- SSH algorithm selection is now simplified. Manual sorting is still supported by editing the configuration file.
- User public keys are now displayed with SSH key type prefix.
2.13.0 (2024-04-25)
- Removed KeyCertSign and CrlSign usages from
burusftpwa certgen
-generated certificates. - SSH banner is now configurable.
2.12.1 (2024-04-23)
- Fixed CreateProcess failed error during installation.
2.12.0 (2024-04-15)
- Added silent installation mode.
2.11.4 (2024-03-18)
- Fixed
user update
command:- Fixed error message when Windows account is not found.
- Fixed error when updating fields other than Windows account and related, when Windows account is already set, using Free license.
2.11.3 (2024-01-18)
- Fixed configuration backup when upgrading using installer.
- Updated signing certificate.
2.11.2 (2024-01-04)
- Added support for strict key exchange extension (thwarts the so-called ‘Terrapin attack’ - CVE-2023-48795).
- This is not a critical fix, since neither version of Buru SFTP Server relies on RFC 8308 extension negotiation mechanism, so Terrapin attack can only be used by an attacker to disrupt authentication, causing the SSH session to fail.
- Fixed ’not authenticated’ instead of ’not connected’ error message.
- Allowed dates outside 1970-2999 range in SFTP v4 (or higher).
2.11.1 (2023-11-22)
- Web Admin - fixed error when saving SSH algorithms on Windows 7/8.
2.11.0 (2023-11-21)
- Support for
ecdh-sha2-1.3.132.0.10
andecdsa-sha2-1.3.132.0.10
algorithms on Windows 10+ and Windows Server 2016+ (enabled by default) - see configuration.
2.10.2 (2023-08-11)
- Web Admin - added config.yaml text editor.
- Web Admin - configuration split to separate pages.
2.10.1 (2023-07-31)
- Fixed file access issue that prevented users from accessing files being currently written to (for example, log files).
2.10.0 (2023-07-26)
- Support for X.509 server key certificates.
- Support for encrypted private keys.
2.9.6 (2023-07-10)
- Installer now supports Virtual accounts and Managed Service Accounts (MSAs).
- See Service accounts overview on microsoft.com.
- Command-line tools now respect
NO_COLOR
environment variable. - Fixed
svc uninstall
not stopping service before uninstalling. - Startup logs now close after service is started.
- Startup logs can now be disabled using
--no-startup-log
command-line switch.
2.9.5 (2023-06-21)
- Web Admin - configuration pages now allow to “Save and restart service”.
- Web Admin - added startup logs browser.
2.9.4 (2023-06-05)
- Changed ‘An existing connection was forcibly closed by the remote host.’ message severity (from Error to Warning)
2.9.3 (2023-06-01)
- Updated internal libraries, including Serilog.
2.9.2 (2023-05-29)
- Fixed exit code for
--help
path list
now supports CSV output format using--format csv
.
2.9.1 (2023-05-18)
- AES-CBC encryption algorithms are now categorized as ‘intermediate’ (formerly ‘modern’).
- Fixed broken login after invalid password attempt with MFA enabled.
- Optimized moving files on the same volume when using SFTP or SCP.
2.9.0 (2023-05-02)
- Application startup is now always logged
- Post-installation configuration wizard is now included in the installer package.
2.8.3 (2023-03-07)
- Web Admin - responsive design improvements.
- Improved client public key authentication process.
- Fixed escaping of special characters in SSH/SCP commands.
2.8.2 (2023-02-16)
- Web Admin - fixed SSH service status sometimes stuck at “Checking…”
2.8.1 (2023-02-16)
- Web Admin - fixed highlighting in navigation menu.
- Web Admin - warning is shown when connection to server is lost.
- Web Admin - SSH service status is now indicated in real time.
- Web Admin - SSH algorithm configuration moved to separate page.
- Web Admin - now using slightly less contrasting default colour theme.
2.8.0 (2023-01-16)
- Comments can now be added to user public keys to help get organized.
- Buru SFTP Command Line shortcut now opens shell in the installation directory (previously in Windows SYSTEM directory).
- CLI -
user update --remove-keys
now acceptsdsa
;ecdsa
now matches any ECDSA key. - CLI - user public keys can now be managed using
user key add
anduser key delete
commands. - CLI - user public keys can now be specified directly using
user add --keys <key>
,user update --add-keys <key>
anduser update --set-keys <key>
. - CLI - virtual paths in
path
andpath delete
commands can now be specified without/
prefix. - CLI - when virtual path (
-v <path>
) inpath
andpath delete
commands is not specified, it defaults to root/
path. - Web Admin - user public keys can now be added directly, without the need for public key file upload.
- Breaking changes:
- CLI - removing last public key using
user update
will no longer disable public key authentication. When public key authentication is set torequired
, user will not be able to log in. - Changed SSH shell and SFTP encoding from win-1252 to UTF-8.
- CLI - removing last public key using
2.7.3 (2022-12-09)
- Web Admin - fixed performance issue on user edit page.
2.7.2 (2022-09-26)
- When bindings section is missing in the configuration file, the SSH server will listen on both IPv4 and IPv6 “any” addresses.
- Server will now not use IPv4 “any” address for empty (not missing) bindings section in the configuration file.
- SSE2 fallback for ChaCha20 for processors without AVX2.
- Fixed sometimes missing or wrong error message for invalid command line input.
- Web Admin - fixed error when address is missing in SSH binding.
- Web Admin - server configuration page now displays proper values for server private keys and SSH bindings when default values are used.
- Web Admin - fixed description for log pages without logs.
2.7.1 (2022-08-19)
- Increased SSH terminal buffer sizes for better performance with tools such as rsync.
2.7.0 (2022-08-08)
- Added support for
server-sig-algs
SSH extension (RFC 8332). - Optimized ChaCha20Poly1305 and AEAD ciphers internals.
- Web Admin - user lockout management moved from user edit form to independent dialog accessible directly from Users page.
- Web Admin - users can now check for updates on home page.
- Web Admin - fixed caption for default SSH shell in user edit form.
- Web Admin - users using unsupported browsers (such as Internet Explorer) will now see a user-friendly error message.
2.6.2 (2022-05-09)
- Web Admin - improved validation for empty rows in user’s path mappings.
- Added IPv6 Any (
[::]:22
) to the list of SSH server’s default listening addresses.
2.6.1 (2022-05-02)
- Fixed backslash escaping in SSH exec command.
- Fixed backslash escaping in SSH shell aliases.
- Added support for interval lockout in CLI
user update <username> [--lock [<date-time> | <interval>] | --unlock]
. - Web Admin - fixed log file display.
- Web Admin - fixed SSH Shell configuration in user add and edit forms.
2.6.0 (2022-04-04)
- Added impersonation support for terminal.
- Added manual user account lockout.
- Added new CLI command options:
user update <username> [--lock [<date-time>] | --unlock]
. - Web Admin - user lockout management.
- Added new CLI command options:
- Added retries to DNS resolving of a binding to a hostname.
2.5.3 (2022-02-11)
- Web Admin - Windows account and password fields in user detail no longer prefills values from web browser.
2.5.2 (2022-01-28)
- Fixed a bug in custom logging configuration that caused a failure at startup when using a file sink.
- Web Admin - added notification flash bar.
2.5.1 (2022-01-20)
- Fixed occasional freeze in legacy / terminal console mode.
- Web Admin - user sessions are no longer valid after complete reinstall.
- Web Admin - fixed application hanging after failed start.
- Web Admin - added
suppressHttpEndpointWarning
option to disable HTTP endpoint warning when running e.g. behind a reverse proxy.
2.5.0 (2021-12-23)
- Added Terminal support.
- Added new CLI command:
user inspect <username> [--query <jmespath>]
. - Log level can be now overridden from command line
burusftp run --log-level <loglevel>
. --no-color
option will toggle off color output and ANSI/VT codes for most commands.--verbose
option is now a shortcut for--log-level debug
.- Breaking changes:
- Changed public key fingerprint (used in e.g.
user update --remove-keys
) to SHA-256 base-64. --log-level verbose
log level now logs unencrypted packet data - use with caution!
- Changed public key fingerprint (used in e.g.
2.4.6 (2021-11-30)
- Added
burusftp keygen --curve
command option.
2.4.5 (2021-11-16)
- Fixed an issue when some IPv4 and IPv6 bindings could not be used together.
2.4.4 (2021-10-27)
- Support for SSH session inactivity timeout (max idle duration) - see configuration.
2.4.3 (2021-10-21)
- Added
burusftpwa certgen
command. - Improved
burusftp keygen
manpage.
2.4.2 (2021-10-01)
- Support for SFTP v5. This improves compatibility with WinSCP client, which expects SFTP v5 to enable File Hashing extension that makes it possible to calculate checksums of remote files.
- Fixed not requesting read permission in addition to delete for source path of rename operation.
- Fixed compatibility issues in SCP protocol.
- Fixed SSH aliases sometimes returning invalid exit code and error message.
2.4.1 (2021-07-26)
- Fixed an error when SFTP module could not be initialized with write-only root directory.
- Fixed physical path incorrectly marked as non-existing in path mapping section (Web Admin).
- Fixed access rights inheritance for nested virtual paths.
- Write-only directories are now properly visible from parent directory.
2.4.0 (2021-06-08)
- Web Admin client-side performance optimizations.
- Added Web Admin theming (Pro edition only).
- Web Admin will display a warning when service user is not able to access user folder.
2.3.0 (2021-05-06)
- SSH renegotiation is now configurable using maximum data transferred or time period threshold or can be disabled altogether.
- Users can now connect using SFTP even when they have no path mappings defined (empty read-only directory is shown).
user add
no longer requires the process user to be able to query service definition user.
2.2.0 (2021-03-16)
- Major performance improvement for Chacha20/Poly1305 encryption.
- Added
burusftp svc restart
andburusftpwa svc restart
commands. - Web Admin improvements:
- Added [Restart] button to service management page.
- Showing detailed error message when service fails to start.
- Faster feedback on service management page.
- SSH host key widget on server configuration page improved.
2.1.1 (2021-03-11)
- Fixed library loading issue for custom logging.
2.1.0 (2021-02-05)
- Users can be added with password hash only (e.g. when importing from existing user database) - see burusftp user add.
- Fixed log highlighting issues.
- Updated color scheme and layout (Web Admin).
- Home page dashboard (Web Admin).
- Breaking changes:
- No longer looking for free license in application’s root path.
- SSH session ID now added to most log entries, where relevant.
- User password hashes are rehashed on successful login to specified algorithm - see configuration.
2.0.1 (2021-01-28)
- Fixed installer UI scaling issues.
2.0.0 (2021-01-25)
- New major features
- Windows installer is now available for download.
- Added Windows authentication and impersonation support (Pro edition only).
- Support for custom logging configuration file - see configuration.
- Config folder is now searched for in the following paths:
[INSTALLATION_PATH]\config
%PROGRAMDATA%\Rebex\BuruSftp
(this path is used by installer by default)
- Breaking changes:
- Re-installation is needed when upgrading to version 2.x - see the upgrade guide.
- SSH server will now shutdown when the trial license expires.
- Command line changes:
- We plan to release more Buru applications in addition to the SFTP server, and hence
buru.exe
is renamed toburusftp.exe
,buruwa.exe
toburusftpwa.exe
. - Password and public key authentication are now
required
by default when set. - Password and public key can no longer be setup as
enabled
orrequired
without password or public key, respectively. init
,install
andrun
commands now perform more extensive environment checks which might include patching the user database to new version.burusftp user list -v
now lists locked users withL
prefix.- Some options were renamed, e.g.
--keyAuth
to--key-auth
. In most cases a temporary fallback is available allowing you to use previous option names with a warning.
- We plan to release more Buru applications in addition to the SFTP server, and hence
- Services and their display names were renamed.
1.9.1 (2020-10-12)
- Support recursive directory creation (
mkdir -p
). - No longer logging packet data in verbose mode.
1.9.0 (2020-08-10)
- Added account lockout support.
- Show confirmation dialog when deleting user (Web Admin).
- Breaking changes:
- Account lockout is now enabled by default.
1.8.4 (2020-08-08)
- Fixed access issue (Web Admin).
1.8.3 (2020-07-29)
- Log retention is now configurable - see configuration.
1.8.2 (2020-07-27)
burusftp init
also checks configuration files.
1.8.1 (2020-07-21)
- Fixed freeze on certain IP filter ranges and logging set to debug.
1.8.0 (2020-07-16)
- Added
burusftp init
command for quick non-interactive installation - see burusftp init. - Fixed handling of unknown SSH packets received before authentication.
- Fixed auto-redirection to home page after login (Web Admin).
- Fixed installation abort when service user not found.
- Workaround for very old OpenSSH 4.x/5.x clients that refuse to accept data packets while SSH renegotiation is in progress.
- Web administration can now start even without valid configuration file.
- Breaking changes:
- Changed access log default level to Information (was Warning).
- Unsupported SSH algorithms will prevent server from starting (before just displayed an error).
- (
users.usernameCaseSensitive
) option is no longer supported. Usernames case-insensitive.
1.7.4 (2020-05-26)
- Minor UI tweaks in web administration (Web Admin).
- Fixed license check for beta versions.
1.7.3 (2020-05-22)
- Fixed Chacha20-Poly1305 decryption issue.
1.7.2 (2020-05-18)
- Fixed license upgrade page (Web Admin).
1.7.1 (2020-05-05)
- Support for
aes256-gcm@openssh.com
andaes128-gcm@openssh.com
encryption (enabled by default) - see configuration. - Support for
hmac-sha2-512-etm@openssh.com
andhmac-sha2-256-etm@openssh.com
MACs (enabled by default) - see configuration.
1.7.0 (2020-05-04)
- Support for two-factor authentication (password + public key) - see burusftp user add, burusftp user update
- Support for
chacha20-poly1305@openssh.com
encryption (enabled by default) - see configuration. - Support for
curve25519-sha256
key exchange (enabled by default) - see configuration. - Added support for ‘check-file’ SFTP extension, making it possible to calculate hashes of remote files.
- Fixed hanging burusftpwa.exe service after service shutdown.
- Fixed reporting of writable permissions for read-only files.
1.6.0 (2020-04-28)
- New design of web administration UI.
- Changed some configuration defaults:
config/config.yaml
is now required for the server to start.- Default server keys location is now
config/keys
(was/keys
)./keys
directory is still used in search when no paths are specified.
- Configuration file is now generated upon install.
- Keys are now generated upon install. You can still generate the keys manually - see burusftp keygen.
- Configuration samples (e.g.
config/config-sample.yaml
) are renamed to examples (config/config-example.yaml
). - Added default configuration files (e.g.
config/config-default.yaml
). - Added checking for duplicate port bindings.
- Cannot start server without fully persisted SSH keys.
- Browser should no longer autofill passwords on user administration page.
- Removed invalid warning when hostname was supplied as hostname for web admin binding.
- Obsoleted configuration keys are no longer supported.
1.5.0 (2020-03-23)
- Fixed SFTP/SCP binding deserialization issue.
- FileZilla import supported (experimental).
- Upgraded to .NET Core 3.1.
- Removed support for obsoleted
enableCrashReporting
flag.
1.4.3 (2019-08-06)
- Improved error message when service fails to start.
- Fixed error message when license expired.
1.4.2 (2019-06-10)
- Fixed error message when loading invalid user SSH public key.
- Fixed loading of authorized_keys format of user public keys.
- Fixed log level dropdown (Web Admin).
- Fixed Web Admin log display.
- Key manipulation messages are more readable.
1.4.1 (2019-05-20)
- Fixed virtual path validation.
1.4.0 (2019-05-10)
- Added 32-bit Windows version.
1.3.2 (2019-04-24)
- Removed auto-generated DSA key.
- Support for custom software version (ssh.softwareVersion).
1.3.1 (2019-04-17)
- Fixed console log level.
1.3.0 (2019-04-03)
- Access log now also includes IP addresses.
- Fixed ‘File not found’ issue for virtual paths mounted into existing filesystem.
- Fixed verbose log level when writing to logfile.
- Empty audit file no longer created on startup in logging folder.
1.2.0 (2019-03-20)
- Added virtual path format check (Web Admin,
path
command). - Installer now grants ‘Logon as Service’ privilege for service user.
- Fixed typos in webconfig configuration documentation.
- Fixed SSH alias execution when user has no path mappings.
- Fixed
install
process privilege elevation when run from mingw shell. - Fixed service user lookup for users without domain qualified name.
1.1.3 (2019-02-22)
- Fixed parsing of obsoleted values in config.yaml.
1.1.2 (2019-02-21)
- Backup-less upgrade is now supported.
1.1.1 (2019-02-19)
- Added an option to disable username case sensitivity.
- Minor Web Admin user interface enhancements performed.
1.1.0 (2019-02-07)
- Fixed memory leak (updated internal libraries).
- Password salt size, algorithm and username regex patterns moved to ‘users’ section in config.yaml. Old configuration files are still compatible but a warning will be shown.
- Fixed loading of PKCS#8 public keys.
- Web Admin - Fixed redirection to login page when user session expired.
- Web Admin - Fixed username regex pattern not being properly applied.
- Web Admin - External changes now properly trigger reload of config.yaml configuration file.
- Removed crash reporter (errors are saved to logfiles).
1.0.4 (2018-12-11)
- Added
minLevel
andaspNetMinLevel
to Web Admin configuration.
1.0.3 (2018-11-21)
- Support for authorized_keys users’ public keys.
- Updated internal libraries.
1.0.2 (2018-11-08)
- Added
user list
command. - Fixed logging of unhandled exceptions.
- Fixed notification of user public key error (web admin).
path list
no longer encloses username in double quotes.
1.0.1 (2018-10-22)
- Added support for custom shell host names.
- Added logging section to webadmin server configuration.
1.0.0 (2018-10-04)
- BREAKING: Changed user database format.
- Non-admin accounts can no longer log in to web administration (there was no content available anyway).
- Removed SSH Tunneling configuration section from web administration (as it was still incomplete).
- Fixed algorithm selection widget that didn’t work properly in Chrome / Edge.
0.2.2 (2018-10-03)
- BREAKING: Logging configuration section revamped:
- Added an option to specify different server and access log locations.
- Can specify minimal level for server log.
- BREAKING: WebAdmin role setting simplified:
- Users can now access web administration by adding
--webadmin
touser add
oruser update
. - Revoking WebAdmin role is done by adding
--noadmin
touser update
.
- Users can now access web administration by adding
- Displays warnings when SFTP server service does not have access to user folder or folder does not exist.
- Minor UI tweaks performed.
0.2.1 (2018-09-18)
- BREAKING: SSH algorithms use __INTERMEDIATE level (previous: __MODERN) for increased compatibility.
- Fixed an issue where SSH algos were not draggable in web administration.
- Fixed SSH key information in web administration.
- Fixed ‘burusftpwa svc’ auto-elevation.
0.2.0 (2018-09-18)
- BREAKING: User database no longer contains default user - user must be created manually using
burusftp install
orburusftp user add
. - BREAKING: Using NETWORK SERVICE user as default when installed as Windows Service.
- Install/uninstall scripts now use auto-elevation (
burusftp install
). - Fixed error when startup type was explicitly set for
svc install
. - Errors and warnings are shown with an alert in console.
- Minor UI fixes performed.
0.1.12 (2018-07-13)
- Added support for service startup Windows Eventlog logging.
0.1.11 (2018-07-11)
- Fixed missing manpage for ‘burusftp user update’.
- Fixed manpage crash when console buffer height was too small.
- Added manpage support for msys console.
- Additional SSH public key formats added.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.