SurgeFTP 2.3e8 March 2016
- Fixed mutex issue with m_password mutex being released
under load when not locked",
- Fixed ssl/groups issue and increasd line length limit
in surgeftp.ini settings
- Fixed ssl/groups issue introduced in 2.3e4
- Made user level class check occur before password sent
so ssl required would be more safe",
- Improved shutdown handling
SurgeFTP 2.3e2 23-Feb-2016
- Added setting to disable sslv3
SurgeFTP 2.3e1 3-Feb-2016
- On linux change to thread safe uid/gid calls to avoid
SurgeFTP 2.3d9 5-Nov-2015
- Allow deletion of a file that is just a space...
SurgeFTP 2.3d8 2-Nov-2015
- Block all content that might be used for cross
scripting, although the interface is private so probably
SurgeFTP 2.3d7 30-Jun-2015
- Added setting to whitelist login failures,
SurgeFTP 2.3d6 22-Oct-2014
- New builds with new OpenSSL library 1.0.1j
SurgeFTP 2.3d5 10-Apr-2014
- New builds with new OpenSSL library 1.0.1g
SurgeFTP 2.3d4 3-21-2014
- Added some protection from cross scripting (not of
great relevance as it's not a public facing web
SurgeFTP 2.3d3 16-Sep-2013,
Added google advert tracking code,
SurgeFTP 2.3d2 29-Jun-2013,
Fixed problem with temporary license
SurgeFTP 2.3d1 29-May-2013,
New release build,
SurgeFTP 2.3c16 28-May-2013,
Fix for low level long line handling,
SurgeFTP 2.3c14 24-May-2013,
Fixed register button so it works
SurgeFTP 2.3c13 30-Jan-2013,
Fixed crypt() crash caused by glibc
changes in behaviour,
SurgeFTP 2.3c12 12-Dec-2012,
Fixed t_time crash I think due to
size of structure and mutex fprintf code...,
SurgeFTP 2.3c11 1-Dec-2012,
Build flags change and mutex change,
SurgeFTP 2.3c9 1-Dec-2012,
Just a rebuild...,
SurgeFTP 2.3c8 2-Oct-2012,
Removed 'restart' feature as it may
have created mutex deadlocks,
SurgeFTP 2.3c7 1-Oct-2012,
minor build change for debugging-2,
SurgeFTP 2.3c6 1-Oct-2012,
minor build change for debugging,
SurgeFTP 2.3c5 1-Oct-2012,
fix problem with reports,
SurgeFTP 2.3c4 1-Oct-2012,
fix passwd issue on 64bit systems,
SurgeFTP 2.3c2 1-Oct-2012,
Fixed crash if shadow password entry
missing for account,
SurgeFTP 2.3c1 1-Mar-2012,
Fixed potential mutex deadlock,
SurgeFTP 2.3b9 1-Feb-2012,
Fixed 200 char limit in mirroring I
SurgeFTP 2.3b8 26-Sep-2011,
Changed abort() handling to
lib_abort() with line number etc...,
SurgeFTP 2.3b7 26-July-2011,
Made passive listen block if resource
SurgeFTP 2.3b6 23-June-2011,
Fixed faulty global passive setting
that was always applying...,
SurgeFTP 2.3b5 15-June-2011,
Fixed crash in linux32 bit openssl
SurgeFTP 2.3b4 1-Feb-2011,
Fixed loop in crash log during
SurgeFTP 2.3b3 26-Aug-2010,
Maintenance release for security
issue, and fixed problem with hanging connections,
SurgeFTP 2.3b2 1-Jun-2009,
Fixed mirror so if you tick the box
it 'does' delete missing files locally.,
SurgeFTP 2.3b1 1-Jun-2009
New release with fix for filezilla issue
SurgeFTP 2.3a12 1-Jun-2009
Changed mutex code so it can't crash when it's doing a
SurgeFTP 2.3a10 1-Jun-2009
Increased resource setting limit in web admin to 500
instead of 100
SurgeFTP 2.3a9 13-May-2009
Fixed MLST to show symlinks, fixed SSL flag saved for
SurgeFTP 2.3a8 4-May-2009
Fixed LIST command so doesn't strip command qualifiers
from file name
SurgeFTP 2.3a7 2009
improved hammering response for non anonymous addresses
SurgeFTP 2.3a5 2008
renumbered for minor fixes/bugs and better crash handling
SurgeFTP 2.3a3 1/July/2006
Fixed faulty pasv response crash
SurgeFTP 2.3a2 1/July/2006
Fixed status display issue
Fixed restart for 'store' operations.
Fixed minor security fault.
Fixed mutex problem in mykey.c processing, made linux
build use large file switches.
Minor bug fixes
Fixed mlsd response
Added user impersonate to list and nlst functions
Minor bug fixes
New activation system (See
Minor bug fixes
Updated OpenSSL for new security fixes
Fixed SSL require client certificate bug
Install path fixed
DNS bug fixed
Install issue where it ignores the desired path (not
fixed yet, still looking)
Made nwauth default authent module
Fixed lockups in authent process if not defined
Updated OpenSSL due to important bug fixes
Fixed restarting reuse address
Fixed saving of report settings
Fixed NLST command for non wildcard parameter
Fixed 100% CPU use for file uploads/downloads
file list 150 response during TLS/SSL session is now at
right time interval
Fix for "421 Timeout..." on manager channel
Changed STAT command to include SSL mode and cipher
group name for command channel.
Changed for better response times to accepting many
Changed log messages, removed some supurflous, replaced
with better ones.
Changed restart command, it now handles 64bit integers
for restarting large files.
Added individual file size option for emailed reports.
Added cipher selection for NIST approved ciphers 3DES
Fixed spawing of external authentication processes to
occur in the main thread (non-windows problem).
Fixed bug where SurgeFTP crashes on "signal terminate"
Fixed error messages for anonymous login without home
Fixed problem with emailed reports crashing SurgeFTP.
Fixed inaccuracy with dayly MB download limit.
Fixed hcount errors in log file
Fixed passwords with spaces (valid only for Windows NT
Fixed value of domain authent command line options not
Fixed erroneous reporting that seek failed.
Added new user program, run when user first logs in, to
set up their home folder.
Changed emailed reports to list "transfered" rather
than "filesize" for kbyte count
Changed emailed reports of type "week/*" to only be
sent that one day, rather than every day
Changed Expired evaluation period to no longer provide
Fixed corruption of email report settings.
Fixed internal "external authentication" cache to cache
for 10min rather than 10hours
Fixed external authentication ftphome setting to see
decimal point as end of number
Fixed problem with external authentication module
handling code (from 2.2g5).
Added ftp SSCN command (Set Secured Client Negotiation)
as per http://www.raidenftpd.com/kb/kb000000037.htm
Fixed bug in emailed reports indicating incorrectly
empty lists "(no matching files located)"
Added setting to Global Authentication section: Strip
Added some more help pages.
Updated STAT command 211-response to use actual domain
name instead of "hostname string"
Updated/added help pages, added some info on
configuring for NAT/firewall
Added milli secconds to logging on non-windows systems
Cleared up some logging lines - fewer error messages
Removed some old ini settings that did nothing
Fixed SETEGID mutex locking problem on solaris
Fixed file handle problem on OSX crashing after some
Made list_aliases default to 'true' on installation and
for new domains
fixed closing of data channel for retr of non-existant
fixed mirroring issue of not getting subdirectories
Added in a "Self Diagnostic" Thread which can allow
surgeftp to crash after a time when it would otherwise
Updated uninstall to remove rc startup links (linux)
fixed download kb/sec limit, was not working for limits
fixed quota cache memory file not being written to disk
".surgeftp_quota" this means it will not recalculate
quota on every login
changed quota to allow 64bit int size limits.
sslftp is now automatically installed, cleans up
added mirror setting - "Use SSL"
added setting - "force lowercase of home path" user
removed some hcount error messages that were incorrect
fixed file/dir incorrect listing with "list .."
fixed user home path generation
fixed upgrade copying the surgeftp executable into
correct directory (windows)
direct install of sslftp, no additional script file.
fixed response to CDUP command (2.2b)
added image in userclass page indicating home path
fixed install issues - missing templates
fixed ssl (random number error) on osx/solaris -
surgeftp adds entropy
fixed minor osx details for install/upgrade
fix temp license key not expiring
fix for when thread crashes - surgeftp restarts with
fix for "Too many file handles open" crashes,
assosiated with Daily Log rotation setting
fix compression method on main_photo.png file so that
it displays in more browsers correctly.
update osx build to install standard script to start
surgeftp on boot
fix bug in e-reporting where surgeftp can crash
fix bug in e-reporting where surgeftp can crash on
improved signal handling
corrected report email headers To: From: Date:
fixed recurring report filter string to come from
correct form field
added support for report email filter field to be comma
seperated wildcard list
removed error log message "ftp thread started."
added support for SIGHUP signal to reload config file.
added setting for choosing the length of time that
xfer*.dat files are kept for
fixed directory wildcard list returning -1 for size for
case sensitive wildcard match
fixed restart action to correctly restart mirror and
improved file io/tcp use for faster transfer speeds in
normal and ssl modes.
dailyquota added, limits bytes per day per userlogon
added command line option parameter for external auth
fixed login caching not caching of externael auth
fixed nolist access sometimes not working
fixed launching of external auth process by removing
quotes from added path variable
improved install script for Solaris version
fixed default values from ini file coming through fixed
initial denail of service from global limit setting.
added global limit setting for total concurrent users.
improved logging of open files in the status window
corrected Solaris install scripts to install startup
& shutdown scripts correctly
fix mutex bug with emailed reports
fix crash on install on Solaris system
data transfer speed improvements
osx version now works (handles signal 10) & correct
fixed spawning monitor process on linux with
non-default install path (again)
emailed ftp reports feature introduced.
usergroup associated directorys
environment variables now included for watcher program
slightly faster time to shutdown surgeftp
implicit port is now enabled by default to port 990
can now obtain binary version from command line flag
command channel now requires less system resources
fixed saving new classes writing mapping directories
correctly to ini file.
fixed spawning monitor process on linux with
non-default install path.
fixed surgeftp use of linux/unix system database, now
users home directory defined by system
fixed wild card listing returning correct file size
fixed xfer.dat and watcher report getting correct
variable values (bytes,user,userip)
sslftp moves sslftp.txt file settings into registry for
fixed windows XP Authentication problem, surgeftp
logins must now also be given "logon as a batch job" for
windows NT System Authentication.
openssl binary (and .cnf) copied to surgeftp install
updated mirror remote file path handling, uses
specified path (with or without specified prefix slash)
corrected domain list for report & graph, when not
using standard authentication setttings.
New User class is not created before you click on
updated uninstall to ask for confirmation, and confirm
fixed size command to return 550 when invalid filename
fixed windows listing style to allow "cd /dir", "cd
fixed windows listing to show correct file date
fixed windows listing showing time and filesize in
filename (bad date format)
updated mirror to not add slash prefix to remote host
path (some servers not recognise full path)
cached external auth user responses are flushed when
server is "restarted"
quota is now enforced during file transfer.
quota file written, and quota calculated from correct
fixed cache lookups setting all external auth variables
fixed external authenticatoin parameters dissapearing
(with multiple parameters)
fixed ini file LF char stopping ftp server from
loading. (Surgeftp stops when started)
fixed surgeftp user lockup on stor file (2.1s only).
added optional authentication process per domain
settings, list on status page
added support for files larger than 2GB, now handles
files up to 2**63-1 bytes.
added "accountstatus" flag to external auth response
included openssl in distribution to make certificate
with "surgeftp_ca" script file.
fixed caching of external auth user logins, cache is
now used, upto 400 logins, upto 10 minutes
fixed "NLST \*" listing.
fixed too many user classes in a domain crashing
SurgeFTP (29+ classes) (was actually limit on ini file
fixed STAT on single file to return data, previously no
sslftp fixed rare crash on mputs command.
sslftp fixed showing "status" command return data.
fixed DELE command not working with "Act as user"
setting on unix type systems
changed list message "226 Transfer complete." for empty
directory to "226 Transfer complete. (no files in
added directory mapping for authentication's ftphome
setting - class setting
fixed STAT on file to return 213 response (was 211).
fixed STAT on file to use "213-" line before file
fixed MLST on file to return 550 response for a failure
fixed SIZE on file to return 550 response for a failure
fixed "NLST -l /dir" returning real path and
sslftp progress indicator indicates percent transfer
and total bytes to transfer
fixed SIZE command to return 553 response if file does
fixed too many user classes in a domain crashing
SurgeFTP (29+ classes)
sslftp does not retry if retrying is hopeless (i.e. put
non existant local file name)
sslftp now correctly autoconfirms ascwww.kouwell.comii
rewrote users home directory code, fix multiple bugs
with user in wrong home directory
Added openssl executable and correct make_ca shell
command to make certificate
fixed MDTM command to return 553 instead of 213 for on
output from CWD and PWD now reflect the global setting
"Output in Windows or Unix style"
Added Domain Authentication Suffix setting - optional
fixed alias mapping for anonymous login to specific
path (rather than ~ path).
Surge now uses OpenSSL in all builds (2.1m and later)
Surge has now support for user home dir to be user
subdir e.g. ~/public_html
Surge fix of broken foo hashing algorythm (the slash
sslftp has new commands "compare", "autoretry",
added extra permission checking for accepting
fixed Deleting a user with domain suffix authentication
fixed anonymous login without home dir set crashing
fixed some alias not showing up in list output
Fix SSL dropping connection (very rare bug) - strange
client errors on particular files
Windows and unix filepaths are displayed with correct
sslftp updated - progress indicator uses commas in byte
sslftp updated - logs in with username and password
passed on commandline "sslftp user:pass@domain"
fixed minor memory leak of user home path (~20bytes per
login), occured with certain settings
fixed user quota being written to wrong directory,
fixed subsequent incorrect quota value
fixed user home setting, occured with certain settings
fixed Mirror Last Fetch from showing year 1970 when
mirror was queued.
fix for root directory being user home directory,
reporting cannot create user home directory error
Changing Authent process restarts SurgeFTP rather than
shutting it down.
Status page shows OpenSSL or RSA, for encryption
Status page shows base Operating system basic type,
added/fixed "no suffix for default domain" to not work,
if setting not previously set.
SSLFTP no longer prompts you to save login data, can
use "save" command instead.
SSLFTP fix for timeout not allowing another connection.
SSLFTP fix for login details with site name. e.g. open
fix for MLSD MLST commands "File or Directory does not
Windows installer incorrectly reports installing 2.1d
Redesign of Web GUI controls, much easier to navigate
between configuring domains and classes.
Planned OSX and FreeBSD builds of SurgeFTP - full SSL
New User Class is now set with basic alias and user
Added Searchable help.
Added windows uninstall option for control panel
User Lookup on Users page confirms if lookup succeeds.
User page confirms if password change succeeds.
Mirror thread is now viewable on status page.
Mirror sets file date and time as per original file.
Open files now viewable on status page.
Reports now handle spaces in filepaths. old xfer.log
files will still be incorrect
Reports can scan for wildcard patterns in filenames.
removed ability for users to specify device names com,
lpt, aux, etc...
Report Page can now select which domain to make report
fixed channel closing on timeout, rather than never
closing (rare bug).
fixed changing users password & adding new users.
fixed surgeftp to make nwauth use surgeftp directory
rather than dmail
fixed bug in Linux (and Solaris?) version locking up
and crashing on rare occurance.
fixed several typo's in web pages
fixed "dir b*" bug showing file not exist rather than
list b* files
fixed restarting of monitor
fixed - Correct home path is set instead of default
Added settings for ftp port & web admin in
Added secure web admin connection, https protocol.
fix for bug where surgeftp crashes while launching
Added open files list to status page.
Added Anonymous hammering detection, configure on
global settings page.
Updated Global settings page, more save buttons
If authent process dies, Surgeftp waits for auth
process to start up, and then tries authenticating again
Surgeftp now has setting to disable client certificate
sslftp fix for mput locking up
sslftp can set prefered protocol by commandline -tlsv1
sslftp can set prefered protocol by "protocol n" from
sslftp indicates secure protocol in use on connection.
watcher program download is spawned after file is
class name is shown in class list and class properties
(it was not displaying it after saving)
Adding a user to database through the gui now
automatically sets domain prefix or domain suffix.
fix for ssl not accepting on data channel
mgets works properly with * wildcard.
fix for surgeftp lockup (100%cpu use & not
reasponding) at least one instance of problem, seems to
be last one
fix bug that could crash surgeftp on viewing status
fixed bug that made some SSL connection not close
sslftp allows logon details as part of site name e.g.
fix multiple spawnings of surgeftp / auth proccess
fix direcory list of real file paths
fix thread handle leak (not sure if bug is in any
fix directory case sensitivity on NT
fix for users ending up in wrong directory (bad auth
can change logging level without restarting
can change log home without restarting
fixed bug, partial command loss (introduced in 2.0m13)
added surgeftp.log dayly roll setting.
redone status page, shows list of active connections.
can change thread reuse without restarting
added status page monitoring of threads in use
removed memory leak parameter arg in thread accounting
wasn't being freed.
xfer.log files are now flushing with the
surgeftp decreased response time to accepting ftp
connections, noticible for sites with lots of Domains.
removed real directory info from "file not exist
message" and similar
fixed some bad linux install problems, wrong paths
some minor tweaks to performance
some minor bug fixes
Added support for hashing directories of users name.
changed the Global "Bind to a single IP" setting, to be
a comma seperated list, can bind to many IP addresses
Added "watcher" program settings for your own activity
Authent Domain flag changing by web gui is now set at
runtime, it does not require a restart of the server.
made reading, and not showing lists, into seperate
settings (permissions on aliases), they were both keyed
on the "read" permission.
Support for "user quota" and "IP to connect from"
responses from external authentication module.
"ftpquota" and "ftpfromip" variable flags.
You can now have the domain based logs put in an
alternative location - global setting.
Added setting to disable wildcard multi-directory
listings on commands like "ls n*".
fixed bug that made lots of surgeftp.exe processes on
fixed bug "cd ~" not working under certain
fixed bug reporting incorrect IP address in response
string from a PASV command.
fixed bug, caching of "authentication processes startup
failure" as "bad login"
fixed bug trailing slashes on aliased directories make
SurgeFTP go boom, e.g. c:\
fixed bug loosing or corrupting settings for
medium-length path or alias strings.
sslftp (client) can now abort transfers with ctrl-C
sslftp added command line setting "sslftp -version"
which reports what version it is.
sslftp no longer uses the system call to get_pass on
all platforms, so that you can script passwords.
Fixed some security issues with admin page
Added global_adminip setting to restrict admin users to
certain ip addresses.
Many fixes/features added to sslftp
Added to sslftp/client, hash command, and CTRL-C abort
Fixed crash with mirroring anything on Solaris.
Fixed sslftp/client problem with directory listings
Fixed fault with more than 2 virtual domains
Fixed default behavior, if 'noretrieve' is blank it
will now allow files to be fetched.
Change client name from 'sftp' to 'sslftp' to avoid
conflicts on unix platforms.
Fixed mode for directories created by mirror(s) on unix
Fixed mget,mput behavior when 'a' is pressed. (it used
to skip a file)
Fixed path separators on Windows so network shares work
Fixed noretrieve with wild cards etc.
Fixed faults reported with Windows 95/98 file behavior
First release including support for SSL/TLS encryption,
not yet in all builds, see ssl.htm for more information.
Fixed fault in mirroring code.
Fixed problem with quota limits applying when not
Fixed bug which could cause crashes
Fixed bugs in extern authent module processing.
Added 'ftpquota' to valid authent responses and a quota
setting to calasses, this implements a virtual quota
based on space used in the user's home directory.
Example of response from authentication module.
+ok username config 0 ftpquota=100
Now accepts username 'ftp' as synonym for 'anonymous'
Authent modules can now return ftpgid, ftpuid, ftphome,
note that ftphome is only used if the class 'home' is
Added new features to class template
Made longest alias apply rather than 'last' alias.
Fixed bug with virtual domain support.
SuregFTP 1.1b 29-Dec-2000
Made the user 'ftp' a synonym for 'anonymous' and
corrected the response text for anonymous logins.
Added $username as a valid variable to use in aliases,
it is replaced by the users username. e.g.
Added virtual domain support for users logging in with
email@example.com as their address, SurgeFTP will search
its list of domains and if it finds 'domain.name' it
will pretend the user connected to that virtual domain.
Added support for -lR listing options to NLST and LIST
Fixed rare intermittent crash when processing MLST ftp
Added directory browsing and deletion access settings.
First release build