Release Notes for Ipswitch WS_FTP Professional 12.4 and LE 12.4

In this File

12.4 Release Notes

Security Update: 12.4.1.1 Patch

Security update on SSL/TLS MITM (Man-in-the-middle) vulnerability (CVE-2014-0224): The recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes an OpenSSL to OpenSSL exchange that uses the OpenSSL 0.9.8, 1.0.0 and 1.0.1 family of protocols to an attack. This vulnerability affects the 12.4 and 12.4.1 versions of the WS_FTP client.

The WS_FTP 12.4.1.1 patch release upgrades OpenSSL to the 1.0.1h version, which removes this vulnerability.

Check your version number to see if you need to upgrade.

Security Update: 12.4.1 Patch

Security Update on Heartbleed SSL: Heartbleed SSL, the recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack. This vulnerability affects only the 12.4 version of WS_FTP Pro.

The WS_FTP Pro 12.4.1 patch release disables the heartbeat function that exposed the vulnerability in the OpenSSL 1.0.1c version and a later release will provide an update to a version of OpenSSL (1.0.1g or later) that has addressed this issue.

If you have an affected version, you have already received a notification from the Ipswitch Security Team. Check your version number to see if you need to upgrade. Systems that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items.

About this document

This document contains information on how to install and configure WS_FTP Professional, and WS_FTP LE. Depending on which WS_FTP client product you have purchased, portions of this document may not apply.

New Features in WS_FTP 12.4

Fixed in 12.4

System requirements

Supported operating systems

WS_FTP supports the following Operating Systems:

Hardware requirements

Minimum requirements based on Windows XP Professional, SP3:

Installing WS_FTP

Double-click the downloaded file to start the installation. Follow the instructions on your screen.

Activating (All applications)

There are four ways to activate a WS_FTP installation:

Silent Install (All Applications)

WS_FTP install allows for a "silent" (unattended) product install for local computers only.

Silent install requires two operations. The first operation "records" the options that you choose during a normal install, storing them in a local "response" file. The second automatically runs an install on a different computer, based on the options recorded in the file created in the first operation.

This means that if other computers require identical install options to the ones you recorded in a response file, you can use that file to automate installation on those computers. A simple command will automatically perform the installation using the entries recorded in response file. Other than the execution of the command, the install will require no input from the user.

Note: If the respective computers do not have the same install option requirements, and you nonetheless run the silent install using the same file, an error may result and the install will fail.

To perform a silent install:

  1. Initiate the recording to start the response file. Execute the following at a command line or Run dialog:

    [path+executable].exe -r -f1[path]\setup.iss SERIAL="[serial number + UAP]"

    where [path+executable] is the name of the WS_FTP install executable you are creating the response file for, plus its location

    ...the second [path] is the location where you wish to create the response file

    ...setup.iss is the response file itself (you can name the file a different name if you wish). There should be no space between the option "f1" and the path for the setup.iss file

    Note:The "SERIAL=" argument is optional depending on whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity, as described the next section.

    ...[serial number + UAP] is your assigned serial number + the UAP, which is a security code that you append to the serial number to activate the license. You can find the product name plus the assigned serial number in the My Licenses tab on MyIpswitch.com. A license`s UAP is exposed to users under "Additional License Information." The UAP is displayed only when you are authorized to activate the license on more than one system.

    For example, using all arguments, the command would look like:

    [c:\downloads\wsftp_install.exe].exe -r -f1c:\silentinstall\setup.iss SERIAL="1X4CF7M10W33XS1OVCCW2ST"

  2. Proceed with the install using the options you wish to record. When you click Finish, the install recording will be complete.
  3. Execute the silent install on the desired computer by running the following:

[path+executable].exe -s -f1[path]\setup.iss SERIAL="[serial number + UAP]"

where the bracketed values are the same ones mentioned in the previous step. (Again, there should be no space between the option "f1" and the path for the setup.iss file.)

...again, the "SERIAL=" argument is optional depending on whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity, as described in the next section.

For example, using all arguments, the command would look like:

[c:\downloads\wsftp_install.exe].exe -s -f1c:\silentinstall\setup.iss SERIAL="1X4CF7M10W33XS1OVCCW2ST"

After this step, the silent install will proceed with no further input needed.

You can run each of these operations with no specifics after the command. This will perform the operation with default values. The default for the record operation will store the file as "setup.iss" in the system's Windows folder. The execute silent install operation will look for a file of that name in the same folder. If there is no .iss file present, the install will fail.

More on Serial Numbers

You may need to use the SERIAL argument to this command to specify your serial number and to activate your software. Activation of the silent install depends on two factors: whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity. There are four scenarios:

You have a downloaded WS_FTP install executable, which has an embedded serial number and the install machine has Internet connectivity. In this case:

  1. Run the command without the SERIAL argument. Activation will occur silently.
  2. Run the recorded file without the SERIAL argument. Activation will occur silently.

    Result: You can run the recorded install up to your maximum permissible license activations.

You have a downloaded WS_FTP install executable, which has an embedded serial number and the install machine does not have Internet connectivity. In this case:

  1. Rename the install executable so that the file name does not include the serial number and UAP.
  2. Run the record command without the SERIAL argument. While recording, when the Activation dialog opens, click Cancel to close the dialog and return to the install wizard. Complete the installation.
  3. Run the recorded file without the SERIAL argument.

    Result: The WS_FTP is installed, but does not have a license file.

  4. Contact customer service to arrange a license with multiple activations or use offline activation to activate each installation. For offline activation, go to www.myipswitch.com, click Offline Activation, and follow the instructions displayed.

You have a downloaded WS_FTP install executable, and a separate NSA license file, and the install machine does not have Internet connectivity. In this case:

  1. Rename the install executable so that the file name does not include the serial number and UAP.
  2. Run the record command without the SERIAL argument. There will not be an activation, as you are using the NSA license. Complete the installation.
  3. Run the recorded file without the SERIAL argument.

    Result: WS_FTP is installed, but does not have a license file.

  4. Place the license file, named "license.txt" into the the appropriate folder, depending on which version of WS_FTP you are installing:
    • Windows XP: \Documents and Settings\All Users\Ipswitch\WS_FTP\
    • Windows Vista/7/8/Server 2008: \ProgramData\Ipswitch\WS_FTP\

Setup.log

The install creates a log file in the same directory as the response file: setup.log. The Setup.log file contains three sections. The first section,[InstallShield Silent], identifies the version of InstallShield Silent used in the silent setup. The second section, [Application], identifies the installed application's name and version, and the company name. The third section, [ResponseResult], contains the result code indicating whether or not the silent setup succeeded.

The ResponseResult should show one of two values. If your install failed due to a missing value, you will see a value of "-3" in the log file. This means there was a mismatch between 1) the install requirements of the computer originally used to generate the response file, and 2) the install requirements of the target computer.

For instance, if setup.iss contains setup instructions for an Express install on a particular drive on a fresh machine, but the target machine does not contain the same install folder name, then the silent install will fail because the install steps will be different than the original install.

A ResponseResult of "0" indicates a successful install.

For further information useful in troubleshooting an install, you can also refer to the WS_FTP_Install.LOG, which the install writes to the following folders:

64-bit systems: C:\Windows\SysWow64\
32-bit systems: C:\Windows\System32\

The SUPPRESSREBOOT option

Some installs will require a reboot, especially installs on computers that have never had a WS_FTP installation. If you do not want the target computer to reboot, enter the command "SUPPRESSREBOOT" at the end of the command line. For instance:

[path+executable].exe -s -f1[path]\setup.iss SUPPRESSREBOOT

You may need to edit the setup.iss file.

If the setup.iss contains a line with the ending SdFinishReboot-0, you will need to replace it with SdFinish-0. For instance, you should replace the line--

Dlg##={3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinishReboot-0

...with the line:

Dlg##={3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinish-0

...where "##" represents the install dialog screen number that the line describes.

Similarly, the lines--

[{3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinishReboot-0]
Result=6
BootOption=3

...should be changed to:

[{3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

If a reboot was required by the installation, you will still need to perform a reboot for the application to work as expected.

Silent Uninstall (All Applications)

WS_FTP install allows for a "silent" (unattended) product uninstall for local computers only.

There are two ways to perform a silent uninstall:

Record an Uninstall File for Replay on Other Machines

Note: This option does not delete any user configuration data.

Recording a silent uninstall requires two operations. For the first operation you "record" a normal uninstall, storing the uninstall actions in a local "response" file. For the second operation, you run that response file on a different computer to uninstall WS_FTP silently on that computer. This lets you automate uninstalls on multiple computers. A simple command will automatically perform the uninstall using the options recorded in the response file. Other than the execution of the command, the uninstall will require no input from the user.

To perform a silent uninstall:

  1. Initiate the recording to start the response file by executing the following at a command line or Run dialog:

    [path+executable].exe -uninst -r -f1c:\uninstall.iss

    where [path+executable] is the name of the WS_FTP uninstall executable you are creating the response file for, plus its location. There should be no space between the option "f1" and the path for the uninstall.iss file.

  2. Proceed with the uninstall to record it. When you click Finish, the uninstall recording will be complete.
  3. Execute the silent uninstall on the desired computer by running the following:

    [path+executable].exe -uninst -s -f1C:\uninstall.iss

    where the bracketed values are the same ones mentioned in the previous step. (Again, there should be no space between "f1" and the path for the uninstall.iss file.)

    After this step, the silent install will proceed with no further input needed.

Execute Setup.exe Silently

Note: This option deletes all user configuration data.

To uninstall the application silently, execute the following command at the command prompt:

32-bit path: "C:\Program Files (x86)\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" silent

64-bit path: "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" silent

Terminal services support

Users who use WS_FTP via terminal services, such as Microsoft Terminal Services or Citrix, must have permission to run WS_FTP. See our Knowledge Base article on the minimum permissions required to run WS_FTP Pro.

New Features in WS_FTP 12.3

Menu and Button Changes in WS_FTP 12.3

Fixed in 12.3

New Features in WS_FTP 12.2

Menu and Button Changes in WS_FTP 12.2

Fixed in 12.2

Version 12.0.1 Patch Release

We released a patch version (12.0.1) in May 2009 to fix some customer reported issues with the 12 release. The patch is a full version of the software, and should be installed over the 12 installation.

This patch addresses the following issues:

New features in WS_FTP 12

Security

Productivity and Performance

Known issues in WS_FTP 12

This section documents known issues, and any available means to work around the issue.

For more information

Notes

This product includes software developed by the OpenSSL Project.

PGP is a registered trademark of PGP Corporation.

This product contains software based on standards defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440.


Ipswitch, Inc.
Copyright 2014


Ipswitch Logo