Release Notes for Ipswitch WS_FTP Professional 12.4 and LE 12.4

In this File

12.4 Release Notes

Security Update: 12.4.1.1 Patch

Security update on SSL/TLS MITM (Man-in-the-middle) vulnerability (CVE-2014-0224): The recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes an OpenSSL to OpenSSL exchange that uses the OpenSSL 0.9.8, 1.0.0 and 1.0.1 family of protocols to an attack. This vulnerability affects the 12.4 and 12.4.1 versions of the WS_FTP client.

The WS_FTP 12.4.1.1 patch release upgrades OpenSSL to the 1.0.1h version, which removes this vulnerability.

Check your version number to see if you need to upgrade.

Security Update: 12.4.1 Patch

Security Update on Heartbleed SSL: Heartbleed SSL, the recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack. This vulnerability affects only the 12.4 version of WS_FTP Pro.

The WS_FTP Pro 12.4.1 patch release disables the heartbeat function that exposed the vulnerability in the OpenSSL 1.0.1c version and a later release will provide an update to a version of OpenSSL (1.0.1g or later) that has addressed this issue.

If you have an affected version, you have already received a notification from the Ipswitch Security Team. Check your version number to see if you need to upgrade. Systems that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items.

About this document

This document contains information on how to install and configure WS_FTP Professional, and WS_FTP LE. Depending on which WS_FTP client product you have purchased, portions of this document may not apply.

New Features in WS_FTP 12.4

Windows 8 Support: This release includes both 32-bit and 64-bit Windows 8 support.

Fixed in 12.4

Pretty Good Privacy (PGP) is an encryption technology used for signing, encrypting, and decrypting various forms of data communications. It facilitates privacy and authentication for texts, emails, and files. Various PGP-related bug fixes in this release include:
- Resolved intermittent decryption crashes:
  - The PGP decryption function no longer crashes the WSFTPGUI executable.
  - On certain files encrypted with GNUPG, WS_FTP Pro no longer hangs on the decryption process.
  - Various random files were hanging the application on decryption, even though the files were in fact successfully decrypted. This hanging no longer occurs.
  - WS_FTP no longer returns "Invalid PGP Signature" when decrypting files larger than 1MB that were encrypted and signed using GNUPG.
- WS_FTP Pro can now properly encrypt PGP files using a key sent from a specific customer (Megacryption).
WS_FTP Pro now recognizes SHA256 or SHA512 as valid hash ciphers for key signatures.
WS_FTP Pro now allows for client certificate lengths of 2048 bits. Previously only 1024-bit SSL client certificates were supported. If you created a certificate in a release prior to WS_FTP Pro 12.4, the upgrade to 12.4 release will still have the old certificate length of 1024 bit.
The OpenSSL DLLs have been updated to the 1.0.1 branch of OpenSSL. OpenSSL is an open-source implementation of the SSL and TLS protocols.
WS_FTP previously supported AES block ciphers only. Several public-facing SFTP sites to which customers need to connect have discontinued using block ciphers in response to identified vulnerabilities. In addition to supporting the AES[128/192/256]-CBC cipher, WS_FTP Pro now supports the AES[128/192/256]-CTR cipher.
Right-click menu option "Send to scheduler" is functional now.

System requirements

Supported operating systems

WS_FTP supports the following Operating Systems:

Microsoft Windows 8 (32-bit and 64-bit English and German editions)
Microsoft Windows 7 (32-bit and 64-bit English and German editions)
Microsoft Windows Vista (32-bit English and German editions); Service Pack 2 (SP2) recommended
Microsoft Windows XP Professional (32-bit English and German editions); Service Pack 3 (SP3) recommended
Microsoft Windows 2008 Server Standard (32-bit English edition); Service Pack (SP2) recommended

Hardware requirements

Minimum requirements based on Windows XP Professional, SP3:

233 megahertz (MHz) processor
64 megabytes (MB) of memory
2 gigabytes (GB) hard drive and 50 MB free disk space during installation

Installing WS_FTP

Double-click the downloaded file to start the installation. Follow the instructions on your screen.

Activating (All applications)

There are four ways to activate a WS_FTP installation:

If you installed WS_FTP using an installation application downloaded from a link in a purchase confirmation email, then the program will be fully functional immediately after installation. No further action is required.
If you downloaded the installation application from another source, when you run the installation it will ask you for your license serial number and attempt to activate automatically near the end. Enter your serial number and click Activate to start the license activation process.
If for some reason you cannot activate your license via Internet connection, you can activate offline. To force offline activation, on the Activation screen, clear the check mark for Use active Internet connection. Then go to www.myipswitch.com, click Offline Activation, and follow the instructions displayed.
If you do not activate the WS_FTP license during installation or if you upgrade from a previous WS_FTP version, you can manually activate the WS_FTP license. Before you start the manual activation process, be sure to have your WS_FTP serial number, MyIpswitch account name, and password.
1. Click Start > All Programs > Ipswitch WS_FTP > Manage the WS_FTP 12 License.
  Note: For Windows 8, press Win+C on your keyboard to open the Charm bar, select Search, and then type Manage the WS_FTP 12 License to locate and select it.
2. Follow the on-screen instructions to enter your product serial number, MyIpswitch account name, and password. When activation is complete, a confirmation page indicates the license has been activated. If activation does not complete successfully, you may be behind a proxy or firewall that is blocking the activation request. In this case, click the Offline button, then follow the on-screen instructions.

Silent Install (All Applications)

WS_FTP install allows for a "silent" (unattended) product install for local computers only.

Silent install requires two operations. The first operation "records" the options that you choose during a normal install, storing them in a local "response" file. The second automatically runs an install on a different computer, based on the options recorded in the file created in the first operation.

This means that if other computers require identical install options to the ones you recorded in a response file, you can use that file to automate installation on those computers. A simple command will automatically perform the installation using the entries recorded in response file. Other than the execution of the command, the install will require no input from the user.

Note: If the respective computers do not have the same install option requirements, and you nonetheless run the silent install using the same file, an error may result and the install will fail.

To perform a silent install:

Initiate the recording to start the response file. Execute the following at a command line or Run dialog:
[path+executable].exe -r -f1[path]\setup.iss SERIAL="[serial number + UAP]"

where [path+executable] is the name of the WS_FTP install executable you are creating the response file for, plus its location

...the second [path] is the location where you wish to create the response file

...setup.iss is the response file itself (you can name the file a different name if you wish). There should be no space between the option "f1" and the path for the setup.iss file

Note:The "SERIAL=" argument is optional depending on whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity, as described the next section.

...[serial number + UAP] is your assigned serial number + the UAP, which is a security code that you append to the serial number to activate the license. You can find the product name plus the assigned serial number in the My Licenses tab on MyIpswitch.com. A license`s UAP is exposed to users under "Additional License Information." The UAP is displayed only when you are authorized to activate the license on more than one system.

For example, using all arguments, the command would look like:

[c:\downloads\wsftp_install.exe].exe -r -f1c:\silentinstall\setup.iss SERIAL="1X4CF7M10W33XS1OVCCW2ST"
Proceed with the install using the options you wish to record. When you click Finish, the install recording will be complete.
Execute the silent install on the desired computer by running the following:

[path+executable].exe -s -f1[path]\setup.iss SERIAL="[serial number + UAP]"

where the bracketed values are the same ones mentioned in the previous step. (Again, there should be no space between the option "f1" and the path for the setup.iss file.)

...again, the "SERIAL=" argument is optional depending on whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity, as described in the next section.

For example, using all arguments, the command would look like:

[c:\downloads\wsftp_install.exe].exe -s -f1c:\silentinstall\setup.iss SERIAL="1X4CF7M10W33XS1OVCCW2ST"

After this step, the silent install will proceed with no further input needed.

You can run each of these operations with no specifics after the command. This will perform the operation with default values. The default for the record operation will store the file as "setup.iss" in the system's Windows folder. The execute silent install operation will look for a file of that name in the same folder. If there is no .iss file present, the install will fail.

More on Serial Numbers

You may need to use the SERIAL argument to this command to specify your serial number and to activate your software. Activation of the silent install depends on two factors: whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity. There are four scenarios:

You have a downloaded WS_FTP install executable, which has an embedded serial number and the install machine has Internet connectivity. In this case:

Run the command without the SERIAL argument. Activation will occur silently.
Run the recorded file without the SERIAL argument. Activation will occur silently.
Result: You can run the recorded install up to your maximum permissible license activations.

You have a downloaded WS_FTP install executable, which has an embedded serial number and the install machine does not have Internet connectivity. In this case:

Rename the install executable so that the file name does not include the serial number and UAP.
Run the record command without the SERIAL argument. While recording, when the Activation dialog opens, click Cancel to close the dialog and return to the install wizard. Complete the installation.
Run the recorded file without the SERIAL argument.
Result: The WS_FTP is installed, but does not have a license file.
Contact customer service to arrange a license with multiple activations or use offline activation to activate each installation. For offline activation, go to www.myipswitch.com, click Offline Activation, and follow the instructions displayed.

You have a downloaded WS_FTP install executable, and a separate NSA license file, and the install machine does not have Internet connectivity. In this case:

Rename the install executable so that the file name does not include the serial number and UAP.
Run the record command without the SERIAL argument. There will not be an activation, as you are using the NSA license. Complete the installation.
Run the recorded file without the SERIAL argument.
Result: WS_FTP is installed, but does not have a license file.
Place the license file, named "license.txt" into the the appropriate folder, depending on which version of WS_FTP you are installing:
- Windows XP: \Documents and Settings\All Users\Ipswitch\WS_FTP\
- Windows Vista/7/8/Server 2008: \ProgramData\Ipswitch\WS_FTP\

Setup.log

The install creates a log file in the same directory as the response file: setup.log. The Setup.log file contains three sections. The first section,[InstallShield Silent], identifies the version of InstallShield Silent used in the silent setup. The second section, [Application], identifies the installed application's name and version, and the company name. The third section, [ResponseResult], contains the result code indicating whether or not the silent setup succeeded.

The ResponseResult should show one of two values. If your install failed due to a missing value, you will see a value of "-3" in the log file. This means there was a mismatch between 1) the install requirements of the computer originally used to generate the response file, and 2) the install requirements of the target computer.

For instance, if setup.iss contains setup instructions for an Express install on a particular drive on a fresh machine, but the target machine does not contain the same install folder name, then the silent install will fail because the install steps will be different than the original install.

A ResponseResult of "0" indicates a successful install.

For further information useful in troubleshooting an install, you can also refer to the WS_FTP_Install.LOG, which the install writes to the following folders:

64-bit systems: C:\Windows\SysWow64\
32-bit systems: C:\Windows\System32\

The SUPPRESSREBOOT option

Some installs will require a reboot, especially installs on computers that have never had a WS_FTP installation. If you do not want the target computer to reboot, enter the command "SUPPRESSREBOOT" at the end of the command line. For instance:

[path+executable].exe -s -f1[path]\setup.iss SUPPRESSREBOOT

You may need to edit the setup.iss file.

If the setup.iss contains a line with the ending SdFinishReboot-0, you will need to replace it with SdFinish-0. For instance, you should replace the line--

Dlg##={3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinishReboot-0

...with the line:

Dlg##={3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinish-0

...where "##" represents the install dialog screen number that the line describes.

Similarly, the lines--

[{3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinishReboot-0]
Result=6
BootOption=3

...should be changed to:

[{3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

If a reboot was required by the installation, you will still need to perform a reboot for the application to work as expected.

Silent Uninstall (All Applications)

WS_FTP install allows for a "silent" (unattended) product uninstall for local computers only.

There are two ways to perform a silent uninstall:

Record an uninstall file for replay on other machines (does not delete user configuration data)
Execute Setup.exe silently (deletes all user configuration data)

Record an Uninstall File for Replay on Other Machines

Note: This option does not delete any user configuration data.

Recording a silent uninstall requires two operations. For the first operation you "record" a normal uninstall, storing the uninstall actions in a local "response" file. For the second operation, you run that response file on a different computer to uninstall WS_FTP silently on that computer. This lets you automate uninstalls on multiple computers. A simple command will automatically perform the uninstall using the options recorded in the response file. Other than the execution of the command, the uninstall will require no input from the user.

To perform a silent uninstall:

Initiate the recording to start the response file by executing the following at a command line or Run dialog:
[path+executable].exe -uninst -r -f1c:\uninstall.iss

where [path+executable] is the name of the WS_FTP uninstall executable you are creating the response file for, plus its location. There should be no space between the option "f1" and the path for the uninstall.iss file.
Proceed with the uninstall to record it. When you click Finish, the uninstall recording will be complete.
Execute the silent uninstall on the desired computer by running the following:
[path+executable].exe -uninst -s -f1C:\uninstall.iss

where the bracketed values are the same ones mentioned in the previous step. (Again, there should be no space between "f1" and the path for the uninstall.iss file.)

After this step, the silent install will proceed with no further input needed.

Execute Setup.exe Silently

Note: This option deletes all user configuration data.

To uninstall the application silently, execute the following command at the command prompt:

32-bit path: "C:\Program Files (x86)\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" silent

64-bit path: "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" silent

Terminal services support

Users who use WS_FTP via terminal services, such as Microsoft Terminal Services or Citrix, must have permission to run WS_FTP. See our Knowledge Base article on the minimum permissions required to run WS_FTP Pro.

New Features in WS_FTP 12.3

WS_FTP 12.3 LE: WS_FTP 12.3 marks the return of WS_FTP LE, the free version of the popular WS_FTP. When you download and install WS_FTP LE, you receive a one-year, renewable license. You will receive a reminder 30 days before you must renew your license to continue using WS_FTP LE.
WS_FTP 12.3 Professional: You now must manage evaluation licenses for WS_FTP Professional using myIpswitch.com.
User Interface Updates: The user interface now includes all high-quality icons. The upload and download icons were also replaced with more consistent icons. Inconsistent use of some icons in utilities has been cleaned up.

Menu and Button Changes in WS_FTP 12.3

Removed Import Sites from the Tools menu.
Added a Close button to the Manage Backup Jobs dialog.
Added Delete, Rename, and Edit commands to the right-click menu in the remote view to be more consistent with the local view.
Changed the Change Folder button to a Browse function, which includes access to other drives in the local view.

Fixed in 12.3

Improved client certificate password encryption.
Improved Connection Type options on the Quick Connect toolbar.
Fixed a defect in which items occasionally would not sort by modified date/time.
Fixed a defect that prevented WS_FTP Professional from connecting to certain SFTP servers with large window sizes.
Fixed a defect in which WS_FTP Professional mishandled SSH window resizing in some cases.
Fixed a defect that could cause WS_FTP to hang when users disconnect from a server using keyboard commands.
Fixed a defect in which workspaces failed to appear when creating and launching new workspaces.
Fixed a defect in Program Options: Converting File Extensions in which arrow processing caused a crash.
Fixed a defect that resulted in WS_FTP displaying two copies of the toolbar.

New Features in WS_FTP 12.2

New Icons: The icons in the application have been modernized with cleaner, higher-color versions. Try running your toolbars in Large Icon mode to really see the difference!
Cleaner Navigation: Several duplicate entries have been removed from the menu and toolbars and several commonly used options have been promoted. See the detailed list of menu and button changes in the section below.
Windows 7 Support: This release has been qualified against Microsoft’s “Windows 7 Cookbook” and includes both 32-bit and 64-bit Windows 7 support.
Better Vista Support: This release resolves all remaining issues with UAC in Microsoft Vista.
Configurable SMTP ports/timeouts: In Program Options: Email Notifications, you can now set the SMTP port to something other than the default port, and you can set the time that the SMTP connection remains open.
SSL session reuse: In Site Options: SSL, you select to Reuse SSL Session. When making a second connection to the same server, this will use the existing SSL session (rather than creating a new SSL session). This provides an immediate connection without requiring a second login.
Several dozen defect fixes.

Menu and Button Changes in WS_FTP 12.2

Renamed the File main menu to the Connections menu.
Removed the entire Edit menu. (The Copy/Paste functions found on this menu are also available as right-click options in file panels.)
The Connection Wizard button and menu item have been folded into the main Connect button.
The QuickConnect (Toolbar) button and menu item have been replaced with full-blown toolbar support for the QuickConnect toolbar, accessible and configurable in the same manner that other toolbars were previously.
The New Backup Job and Manage Backup Jobs buttons have been consolidated into a single Backup Files button – this matches today’s menu tree item.
Similarly, the two synchronization buttons have been consolidated into a single Sync Files button that matches today’s menu tree item.
Removed MenuBar as a visible type of toolbar.
Added a new Connections | Sites menu tree.
Removed Properties from the File menu (also available as right-click options in file panels).
Removed Refresh, file list options (e.g., Large Icons) and Arrange Icons by from the View menu (these items were duplicates of the same items found in the context of the file panes).
Removed Site Manager and Add to Site Manager items from the Tools menu (these items are duplicates of Connect items or in-context right-click items).
On the Tools > Operations After Transfer menu, renamed Exit Application menu item to Exit WS_FTP
Added or removed ellipses (“…”) from several entries to clarify ellipses, which mean that you will be prompted for more information. (For example, we removed this from About but added to Options).

Fixed in 12.2

HTTP/S security vulnerability fixed: Thank-you to Jeremy Brown for working with our security team on this vulnerability. (Note to other researchers: a message to security@ipswitch.com will always be received.)
This release fixes a "format string" defect that affects HTTP/S hosts - FTP/FTPS/SFTP hosts are not affected. To invoke this vulnerability, a victim must be enticed to connect to a rogue HTTP/S site using WS_FTP Professional v12 or WS_FTP Home v12. This defect is fixed in the 12.2 versions of the products, and also available separately in a patch for the v12 version.
Fixed a defect that prevented WS_FTP from launching when installed on Windows Vista, with the User Account Control (UAC) enabled. The UAC issues have been addressed, so it is no longer necessary to disable the UAC.
Fixed a defect that caused Email notification to work only on servers that accept the "HELO" command. Email notification now also works with mail servers that receive EHLO commands.
Backup wizard (Backup Locations screen) ... If you use the ZIP files before backing up option, to include the current date/time in the name of the destination zip file, include the string "%date" in the file name you enter. WS_FTP will replace that string with the current date/time in format: yyyymmdd-hhmmss
Fixed a defect with the Reuse SSL Session option (Site Options > SSL). When making a second connection to the same server, use the existing SSL session (rather than creating a new SSL session). This provides an immediate connection without requiring a second login.
Fixed a defect that caused the SSL.log file to fill with errors and grow to a large size.
In many of the prompts in v12, such as New Folder and Change Folder, the cursor was not placed in the text box. This release fixes the problem.
Fixed a defect that caused command line transfers to return an incorrect error code when the file was not found.
The Thumbnail view for the file lists were not centered (in V12), which caused the view to be clipped. This release fixes the problem.
When using a UNC path, the file list view did not refresh when a file was transferred to the UNC. This release fixes the problem.
When doing a silent install, the "- f" in the silent install command should be "-f" with no space between the characters. The documentation includes this correction.

Version 12.0.1 Patch Release

We released a patch version (12.0.1) in May 2009 to fix some customer reported issues with the 12 release. The patch is a full version of the software, and should be installed over the 12 installation.

This patch addresses the following issues:

For customers with very large (Microsoft) networks, more than 1,000 nodes that show up via NetBIOS, WS_FTP Professional 12 hangs while launching, transferring files, or exiting the application.
Although the network discovery thread runs in background, the bookkeeping for the GUI local pane grew exponentially with the size of the network.

This patch includes a fix to limit the number of computers in the Network scan to 500, by default. The value can also be set in the wsftp_options.ini: under General, add a new key "MaxNetworkScan=<number of computers to scan for>" If the number is 0, scanning is disabled. Otherwise, the scan proceeds to the specified number and then shuts itself off.
Some customers were unable to launch WS_FTP Professional 12 after upgrading from WS_FTP Professional 2007.1. This patch fixes the defect that caused initialization of some GUI utilities to fail in certain customer environments.
Fixes a defect that caused SSH/SFTP downloads from some servers to result in an incomplete file.
Fixes a defect that caused HTTP transfers to MOVEit DMZ to fail when MOVEit DMZ is installed in a virtual directory.

New features in WS_FTP 12

Security

Built-in local file encryption using OpenPGP: OpenPGP encryption secures files and folders locally. (WS_FTP Professional)
FIPS 140-2 validated cryptography: Federal Information Processing Standards (FIPS) validated cryptography up to 256-bit AES encryption over SSL/SSH protocols and OpenPGP file encryption. (WS_FTP Professional)
Non-repudiation and compression with MOVEit DMZ server: Built-in automatic end-to-end file non-repudiation and compression between WS_FTP Professional and MOVEit DMZ Server. (WS_FTP Professional)
SSH key management and enhanced SSH capabilities: SSH user keys can be imported and exported to and from Windows, Unix, and Linux systems. (WS_FTP Professional)
Enhanced SSL certificate management: Import full Certificate Authority from PKCS#12 formatted certificates into the Trusted Authority database.

Productivity and Performance

Improved performance: Quicker display and faster navigation through large directory trees, and when opening/closing the application.
Post transfer file automation: New file workflow capabilities let users schedule a post transfer action, such as deleting, renaming, or moving the source file after it has been transferred. (WS_FTP Professional)
Support for Microsoft IIS and Apache web servers: Connect to and transfer files over HTTP/S connections with Microsoft IIS and Apache web servers with full file/folder listings and navigation.
Windows 2008 support: WS_FTP Professional now runs on Microsoft Windows 2008, as well as Windows Server 2003, Windows Vista, and Windows XP.
Licensing: Activation status and serial number are now displayed in the user interface (Help > About).

Known issues in WS_FTP 12

This section documents known issues, and any available means to work around the issue.

E-Mail Notifications (Options > E-Mail Notifications)
When transferring files using the command line utility directly, or using the command line with the Scheduler Utility, the Download failure notification does not work if the file to be downloaded is not found. The workaround is to use the Script Utility to process the download, as the Script Utility will send the Download failure notification when the file is not found.
Command line compress option cannot be used with post transfer actions
When using the command line, the -compress option overrides post transfer actions. Post transfer actions will not be run if the compress option is also specified.

For more information

Getting Started Guide - Covers information about the release and a screen shot labeling all the key areas of the application interface. Download the Getting Started Guide
Tools Guide- Covers information on the included Utilities that are installed with WS_FTP Professional. Download the Tools Guide
Security Guide - Covers information on security and encryption and using SSL, SFTP and PGP. Download the Security Guide

Notes

This product includes software developed by the OpenSSL Project.

PGP is a registered trademark of PGP Corporation.

This product contains software based on standards defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440.