In this File
Version 12.5.1 includes OpenSSL 1.0.1p. This version of OpenSSL addresses the SSL/TLS MITM vulnerability (CVE-2014-0224), along with other security fixes mentioned here: https://www.openssl.org/news/cl101.txt.
Security update on SSL/TLS MITM (Man-in-the-middle) vulnerability (CVE-2014-0224): The recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes an OpenSSL to OpenSSL exchange that uses the OpenSSL 0.9.8, 1.0.0 and 1.0.1 family of protocols to an attack. This vulnerability affects the 12.4 and 12.4.1 versions of the WS_FTP client.
The WS_FTP 12.4.1.1 patch release upgrades OpenSSL to the 1.0.1h version, which removes this vulnerability.
Check your version number to see if you need to upgrade.
Security Update on Heartbleed SSL: Heartbleed SSL, the recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack. This vulnerability affects only the 12.4 version of WS_FTP Pro.
The WS_FTP Pro 12.4.1 patch release disables the heartbeat function that exposed the vulnerability in the OpenSSL 1.0.1c version and a later release will provide an update to a version of OpenSSL (1.0.1g or later) that has addressed this issue.
If you have an affected version, you have already received a notification from the Ipswitch Security Team. Check your version number to see if you need to upgrade. Systems that may have exposed this vulnerability should regenerate any sensitive information (secret keys, passwords, etc.) with the assumption that an attacker has already used this vulnerability to obtain those items.
This document contains information on how to install and configure WS_FTP Professional.
Category |
Issue |
ID |
Enhancement |
Overhauled the flow control algorithm for SFTP uploads to improve performance with various server types. |
WSCLT-508 |
Enhancement |
Added support for the following operating systems: Windows 8.1 64-bit, Windows 10 64-bit, Windows Server 2008 R2, Windows Server 2012 and 2012 R2. |
|
Bug Fix |
Fixed a problem that stopped downloading from an SSH/SFTP host after 20,000 bytes if the server did not tell us an accurate file size. Now we will continue to download the file as long as there is data. |
WSCLT-202 |
Bug Fix |
Fixed a problem with third-party transfers between different hosts with the same IP address when the directory structures were identical. We thought the transfer was to the same host as the source because of the directories. |
WSCLT-211 |
Bug Fix |
Transfers of files with filenames surrounded by single quotes were not being processed correctly. This has been fixed. |
WSCLT-490 |
Bug Fix |
Fixed an issue where WS_FTP Pro was treating GPG files as PGP files. (*.gpg as *.pgp) ad was not able to properly decrypt *.gpg format files. Now WS_FTP Pro is able to decrypt *.gpg format files. |
WSCLT-506 |
Bug Fix |
Fixed a feature that that was never implemented correctly for bypassing the login prompt in the script utility when using the "AUTH SSH 1 USER 0" syntax. |
WSCLT-601 |
Bug Fix |
An issue was resolved where WS_FTP had been unable to import public PGP keys signed by certain DSA keys with 32-byte digests. |
WSCLT-936 |
Bug Fix |
Fixed a window management problem with a specific SSH/SFTP server where we were waiting for the server to open up the window and the server was waiting for us to send the last few bytes that fit in the window. |
WSCLT-965 |
Bug Fix |
Fixed a different problem downloading from an SSH/SFTP host, stopping at 20,000 when the host incorrectly told us the file size was zero. |
WSCLT-975 |
Bug Fix |
Added support for SSH Protocol Key Exchange algorithm: diffie-hellman-group14-sha1. |
WSCLT-977 |
Bug Fix |
There was an issue with PGP decryption encountering fatal ZLIB data errors when using certain compression levels. This has been fixed. |
WSCLT-984 |
Bug Fix |
Fixed an issue where downloading from MOVEit DMZ using https did not stream compress. |
WSCLT-989 |
Bug Fix |
Fixed an issue with PGP keys failing to encrypt when they contain SHA-224 or SH-384 hashes. |
WSCLT-992 |
Bug Fix |
Previously, after an ASCII transfer paused or lost connectivity with the server, it attempted to resume transfer, which resulted in a failure with a 503 ASCII Resume is Unsafe, please delete the file first. ASCII transfers will no longer resume after pause or lost connectivity. |
WSCLT-1000 |
Bug Fix |
Performing PGP decryption can potentially result in a 'PGP invalid modification detection code' or 'Invalid PGP packet or subpacket' error for certain types of PGP-encrypted files. This has been fixed. |
WSCLT-1002 |
Bug Fix |
Modified Certificate logic to better handle subject organizations. |
WSCLT-1016 |
Bug Fix |
When you create a site, Use TLSv1 only is checked by default. This is true for new sites only. Existing sites will not be modified with upgrades. |
WSCLT-1042 |
Bug Fix |
Transfer mode site option “Auto Detect’ was defaulting to BINARY ignoring ASCII Filename extensions configured for ASCII transfers. Now it will auto detect. |
WSCLT-1329 |
WS_FTP supports the following Operating Systems:
Minimum requirements based on Windows 7:
See the WS_FTP Release Notes to learn about the latest product features, editions, system requirements, fixed in this release, known issues, and other WS_FTP Pro information.
Double-click the downloaded file to start the installation. Follow the instructions on your screen.
There are four ways to activate a WS_FTP installation:
Note: For Windows 8, press Win+C on your keyboard to open the Charm bar, select Search, and then type Manage the WS_FTP 12 License to locate and select it.
Follow the on-screen instructions to enter your product serial number, MyIpswitch account name, and password. When activation is complete, a confirmation page indicates the license has been activated. If activation does not complete successfully, you may be behind a proxy or firewall that is blocking the activation request. In this case, click the Offline button, then follow the on-screen instructions.
WS_FTP install allows for a "silent" (unattended) product install for local computers only.
Silent install requires two operations. The first operation "records" the options that you choose during a normal install, storing them in a local "response" file. The second automatically runs an install on a different computer, based on the options recorded in the file created in the first operation.
This means that if other computers require identical install options to the ones you recorded in a response file, you can use that file to automate installation on those computers. A simple command will automatically perform the installation using the entries recorded in response file. Other than the execution of the command, the install will require no input from the user.
Note: If the respective computers do not have the same install option requirements, and you nonetheless run the silent install using the same file, an error may result and the install will fail.
To perform a silent install:
[path+executable].exe -r -f1[path]\setup.iss SERIAL="[serial number + UAP]"
where [path+executable] is the name of the WS_FTP install executable you are creating the response file for, plus its location
...the second [path] is the location where you wish to create the response file
...setup.iss is the response file itself (you can name the file a different name if you wish). There should be no space between the option "f1" and the path for the setup.iss file
Note:The "SERIAL=" argument is optional depending on whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity, as described the next section.
...[serial number + UAP] is your assigned serial number + the UAP, which is a security code that you append to the serial number to activate the license. You can find the product name plus the assigned serial number in the My Licenses tab on MyIpswitch.com. A license`s UAP is exposed to users under "Additional License Information." The UAP is displayed only when you are authorized to activate the license on more than one system.
For example, using all arguments, the command would look like:
[c:\downloads\wsftp_install.exe].exe -r -f1c:\silentinstall\setup.iss SERIAL="1X4CF7M10W33XS1OVCCW2ST"
[path+executable].exe -s -f1[path]\setup.iss SERIAL="[serial number + UAP]"
where the bracketed values are the same ones mentioned in the previous step. (Again, there should be no space between the option "f1" and the path for the setup.iss file.)
...again, the "SERIAL=" argument is optional depending on whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity, as described in the next section.
For example, using all arguments, the command would look like:
[c:\downloads\wsftp_install.exe].exe -s -f1c:\silentinstall\setup.iss SERIAL="1X4CF7M10W33XS1OVCCW2ST"
After this step, the silent install will proceed with no further input needed.
You can run each of these operations with no specifics after the command. This will perform the operation with default values. The default for the record operation will store the file as "setup.iss" in the system's Windows folder. The execute silent install operation will look for a file of that name in the same folder. If there is no .iss file present, the install will fail.
You may need to use the SERIAL argument to this command to specify your serial number and to activate your software. Activation of the silent install depends on two factors: whether your install executable has an embedded serial number, and whether the install machine has Internet connectivity. There are four scenarios:
Result: You can run the recorded install up to your maximum permissible license activations.
Result: The WS_FTP is installed, but does not have a license file.
Result: WS_FTP is installed, but does not have a license file.
The install creates a log file in the same directory as the response file: setup.log. The Setup.log file contains three sections. The first section,[InstallShield Silent], identifies the version of InstallShield Silent used in the silent setup. The second section, [Application], identifies the installed application's name and version, and the company name. The third section, [ResponseResult], contains the result code indicating whether or not the silent setup succeeded.
The ResponseResult should show one of two values. If your install failed due to a missing value, you will see a value of "-3" in the log file. This means there was a mismatch between 1) the install requirements of the computer originally used to generate the response file, and 2) the install requirements of the target computer.
For instance, if setup.iss contains setup instructions for an Express install on a particular drive on a fresh machine, but the target machine does not contain the same install folder name, then the silent install will fail because the install steps will be different than the original install.
A ResponseResult of "0" indicates a successful install.
For further information useful in troubleshooting an install, you can also refer to the WS_FTP_Install.LOG,
which the install writes to the following folders:
64-bit systems: C:\Windows\SysWow64\
32-bit systems: C:\Windows\System32\
Some installs will require a reboot, especially installs on computers that have never had a WS_FTP installation. If you do not want the target computer to reboot, enter the command "SUPPRESSREBOOT" at the end of the command line. For instance:
[path+executable].exe -s -f1[path]\setup.iss SUPPRESSREBOOT
You may need to edit the setup.iss file.
If the setup.iss contains a line with the ending SdFinishReboot-0
, you will need to replace it with SdFinish-0.
For instance, you should replace the line--
Dlg##={3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinishReboot-0
...with the line:
Dlg##={3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinish-0
...where "##" represents the install dialog screen number that the line describes.
Similarly, the lines--
[{3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinishReboot-0]
Result=6
BootOption=3
...should be changed to:
[{3F464442-A51F-414B-ACA4-78BCF276B346}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0
If a reboot was required by the installation, you will still need to perform a reboot for the application to work as expected.
WS_FTP install allows for a "silent" (unattended) product uninstall for local computers only.
There are two ways to perform a silent uninstall:
Note: This option does not delete any user configuration data.
Recording a silent uninstall requires two operations. For the first operation you "record" a normal uninstall, storing the uninstall actions in a local "response" file. For the second operation, you run that response file on a different computer to uninstall WS_FTP silently on that computer. This lets you automate uninstalls on multiple computers. A simple command will automatically perform the uninstall using the options recorded in the response file. Other than the execution of the command, the uninstall will require no input from the user.
To perform a silent uninstall:
[path+executable].exe -uninst -r -f1c:\uninstall.iss
where [path+executable] is the name of the WS_FTP uninstall executable you are creating the response file for, plus its location. There should be no space between the option "f1" and the path for the uninstall.iss file.
[path+executable].exe -uninst -s -f1C:\uninstall.iss
where the bracketed values are the same ones mentioned in the previous step. (Again, there should be no space between "f1" and the path for the uninstall.iss file.)
After this step, the silent install will proceed with no further input needed.
Note: This option deletes all user configuration data.
To uninstall the application silently, execute the following command at the command prompt:
32-bit path: "C:\Program Files (x86)\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" silent
64-bit path: "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" silent
Users who use WS_FTP via terminal services, such as Microsoft Terminal Services or Citrix, must have permission to run WS_FTP. See our Knowledge Base article on the minimum permissions required to run WS_FTP Pro.
Category |
Issue |
New Feature |
Windows 8 Support: This release includes both 32-bit and 64-bit Windows 8 support. |
Bug Fix |
WS_FTP no longer returns "Invalid PGP Signature" when decrypting files larger than 1MB that were encrypted and signed using GNUPG.
|
Bug Fix |
WS_FTP Pro now recognizes SHA256 or SHA512 as valid hash ciphers for key signatures. |
Bug Fix |
WS_FTP Pro now allows for client certificate lengths of 2048 bits. Previously only 1024-bit SSL client certificates were supported. If you created a certificate in a release prior to WS_FTP Pro 12.4, the upgrade to 12.4 release will still have the old certificate length of 1024 bit. |
Bug Fix |
The OpenSSL DLLs have been updated to the 1.0.1 branch of OpenSSL. OpenSSL is an open-source implementation of the SSL and TLS protocols. |
Bug Fix |
WS_FTP previously supported AES block ciphers only. Several public-facing SFTP sites to which customers need to connect have discontinued using block ciphers in response to identified vulnerabilities. In addition to supporting the AES[128/192/256]-CBC cipher, WS_FTP Pro now supports the AES[128/192/256]-CTR cipher. |
Bug Fix |
Right-click menu option "Send to scheduler" is functional now. |
Category |
Issue |
New Feature |
WS_FTP 12.3 Professional: You now must manage evaluation licenses for WS_FTP Professional using myIpswitch.com. |
New Feature |
User Interface Updates: The user interface now includes all high-quality icons. The upload and download icons were also replaced with more consistent icons. Inconsistent use of some icons in utilities has been cleaned up. |
Menu and Button Change |
Removed Import Sites from the Tools menu. |
Menu and Button Change |
Added a Close button to the Manage Backup Jobs dialog. |
Menu and Button Change |
Added Delete, Rename, and Edit commands to the right-click menu in the remote view to be more consistent with the local view. |
Menu and Button Change |
Changed the Change Folder button to a Browse function, which includes access to other drives in the local view. |
Bug Fix |
Improved client certificate password encryption. |
Bug Fix |
Improved Connection Type options on the Quick Connect toolbar. |
Bug Fix |
Fixed a defect in which items occasionally would not sort by modified date/time. |
Bug Fix |
Fixed a defect that prevented WS_FTP Professional from connecting to certain SFTP servers with large window sizes. |
Bug Fix |
Fixed a defect in which WS_FTP Professional mishandled SSH window resizing in some cases. |
Bug Fix |
Fixed a defect that could cause WS_FTP to hang when users disconnect from a server using keyboard commands. |
Bug Fix |
Fixed a defect in which workspaces failed to appear when creating and launching new workspaces. |
Bug Fix |
Fixed a defect in Program Options: Converting File Extensions in which arrow processing caused a crash. |
Bug Fix |
Fixed a defect that resulted in WS_FTP displaying two copies of the toolbar. |
Category |
Issue |
New Feature |
New Icons: The icons in the application have been modernized with cleaner, higher-color versions. Try running your toolbars in Large Icon mode to really see the difference! |
New Feature |
Cleaner Navigation: Several duplicate entries have been removed from the menu and toolbars and several commonly used options have been promoted. See the detailed list of menu and button changes in the section below. |
New Feature |
Windows 7 Support: This release has been qualified against Microsoft’s “Windows 7 Cookbook” and includes both 32-bit and 64-bit Windows 7 support. |
New Feature |
Better Vista Support: This release resolves all remaining issues with UAC in Microsoft Vista. |
New Feature |
Configurable SMTP ports/timeouts: In Program Options: Email Notifications, you can now set the SMTP port to something other than the default port, and you can set the time that the SMTP connection remains open. |
New Feature |
SSL session reuse: In Site Options: SSL, you select to Reuse SSL Session. When making a second connection to the same server, this will use the existing SSL session (rather than creating a new SSL session). This provides an immediate connection without requiring a second login. |
Menu and Button Change |
Renamed the File main menu to the Connections menu. |
Menu and Button Change |
Removed the entire Edit menu. (The Copy/Paste functions found on this menu are also available as right-click options in file panels.) |
Menu and Button Change |
The Connection Wizard button and menu item have been folded into the main Connect button. |
Menu and Button Change |
The QuickConnect (Toolbar) button and menu item have been replaced with full-blown toolbar support for the QuickConnect toolbar, accessible and configurable in the same manner that other toolbars were previously. |
Menu and Button Change |
The New Backup Job and Manage Backup Jobs buttons have been consolidated into a single Backup Files button – this matches today’s menu tree item. |
Menu and Button Change |
Similarly, the two synchronization buttons have been consolidated into a single Sync Files button that matches today’s menu tree item. |
Menu and Button Change |
Removed MenuBar as a visible type of toolbar. |
Menu and Button Change |
Added a new Connections | Sites menu tree. |
Menu and Button Change |
Removed Properties from the File menu (also available as right-click options in file panels). |
Menu and Button Change |
Removed Refresh, file list options (e.g., Large Icons) and Arrange Icons by from the View menu (these items were duplicates of the same items found in the context of the file panes). |
Menu and Button Change |
Removed Site Manager and Add to Site Manager items from the Tools menu (these items are duplicates of Connect items or in-context right-click items). |
Menu and Button Change |
On the Tools > Operations After Transfer menu, renamed Exit Application menu item to Exit WS_FTP. |
Menu and Button Change |
Added or removed ellipses (“…”) from several entries to clarify ellipses, which mean that you will be prompted for more information. (For example, we removed this from About but added to Options). |
Bug Fix |
HTTP/S security vulnerability fixed: Thank-you to Jeremy Brown for working with our security team on this vulnerability. (Note to other researchers: a message to security@ipswitch.com will always be received.) This release fixes a "format string" defect that affects HTTP/S hosts - FTP/FTPS/SFTP hosts are not affected. To invoke this vulnerability, a victim must be enticed to connect to a rogue HTTP/S site using WS_FTP Professional v12 or WS_FTP Home v12. This defect is fixed in the 12.2 versions of the products, and also available separately in a patch for the v12 version. |
Bug Fix |
Fixed a defect that prevented WS_FTP from launching when installed on Windows Vista, with the User Account Control (UAC) enabled. The UAC issues have been addressed, so it is no longer necessary to disable the UAC. |
Bug Fix |
Fixed a defect that caused Email notification to work only on servers that accept the "HELO" command. Email notification now also works with mail servers that receive EHLO commands. |
Bug Fix |
Backup wizard (Backup Locations screen) ... If you use the ZIP files before backing up option, to include the current date/time in the name of the destination zip file, include the string "%date" in the file name you enter. WS_FTP will replace that string with the current date/time in format: yyyymmdd-hhmmss |
Bug Fix |
Fixed a defect with the Reuse SSL Session option (Site Options > SSL). When making a second connection to the same server, use the existing SSL session (rather than creating a new SSL session). This provides an immediate connection without requiring a second login. |
Bug Fix |
Fixed a defect that caused the SSL.log file to fill with errors and grow to a large size. |
Bug Fix |
In many of the prompts in v12, such as New Folder and Change Folder, the cursor was not placed in the text box. This release fixes the problem. |
Bug Fix |
Fixed a defect that caused command line transfers to return an incorrect error code when the file was not found. |
Bug Fix |
The Thumbnail view for the file lists were not centered (in V12), which caused the view to be clipped. This release fixes the problem. |
Bug Fix |
When using a UNC path, the file list view did not refresh when a file was transferred to the UNC. This release fixes the problem. |
Bug Fix |
When doing a silent install, the "- f" in the silent install command should be "-f" with no space between the characters. The documentation includes this correction. |
We released a patch version (12.0.1) in May 2009 to fix some customer reported issues with the 12 release. The patch is a full version of the software, and should be installed over the 12 installation. This patch addresses the following issues: |
|
Category |
Issue |
Bug Fix |
For customers with very large (Microsoft) networks, more than 1,000 nodes that show up via NetBIOS, WS_FTP Professional 12 hangs while launching, transferring files, or exiting the application. Although the network discovery thread runs in background, the bookkeeping for the GUI local pane grew exponentially with the size of the network. This patch includes a fix to limit the number of computers in the Network scan to 500, by default. The value can also be set in the wsftp_options.ini: under General, add a new key "MaxNetworkScan=<number of computers to scan for>" If the number is 0, scanning is disabled. Otherwise, the scan proceeds to the specified number and then shuts itself off. |
Bug Fix |
Some customers were unable to launch WS_FTP Professional 12 after upgrading from WS_FTP Professional 2007.1. This patch fixes the defect that caused initialization of some GUI utilities to fail in certain customer environments. |
Bug Fix |
Fixes a defect that caused SSH/SFTP downloads from some servers to result in an incomplete file. |
Bug Fix |
Fixes a defect that caused HTTP transfers to MOVEit DMZ to fail when MOVEit DMZ is installed in a virtual directory. |
Category |
Issue |
Security |
Built-in local file encryption using OpenPGP: OpenPGP encryption secures files and folders locally. (WS_FTP Professional) |
Security |
FIPS 140-2 validated cryptography: Federal Information Processing Standards (FIPS) validated cryptography up to 256-bit AES encryption over SSL/SSH protocols and OpenPGP file encryption. (WS_FTP Professional) |
Security |
Non-repudiation and compression with MOVEit DMZ server: Built-in automatic end-to-end file non-repudiation and compression between WS_FTP Professional and MOVEit DMZ Server. (WS_FTP Professional) |
Security |
SSH key management and enhanced SSH capabilities: SSH user keys can be imported and exported to and from Windows, Unix, and Linux systems. (WS_FTP Professional) |
Security |
Enhanced SSL certificate management: Import full Certificate Authority from PKCS#12 formatted certificates into the Trusted Authority database. |
Productivity and Performance |
Improved performance: Quicker display and faster navigation through large directory trees, and when opening/closing the application. |
Productivity and Performance |
Post transfer file automation: New file workflow capabilities let users schedule a post transfer action, such as deleting, renaming, or moving the source file after it has been transferred. (WS_FTP Professional) |
Productivity and Performance |
Support for Microsoft IIS and Apache web servers: Connect to and transfer files over HTTP/S connections with Microsoft IIS and Apache web servers with full file/folder listings and navigation. |
Productivity and Performance |
Windows 2008 support: WS_FTP Professional now runs on Microsoft Windows 2008, as well as Windows Server 2003, Windows Vista, and Windows XP. |
Productivity and Performance |
Licensing: Activation status and serial number are now displayed in the user interface (Help > About). |
Known Issue |
E-Mail Notifications (Options > E-Mail Notifications) When transferring files using the command line utility directly, or using the command line with the Scheduler Utility, the Download failure notification does not work if the file to be downloaded is not found. The workaround is to use the Script Utility to process the download, as the Script Utility will send the Download failure notification when the file is not found. |
Known Issue |
Command line compress option cannot be used with post transfer actions When using the command line, the -compress option overrides post transfer actions. Post transfer actions will not be run if the compress option is also specified. |
This product includes software developed by the OpenSSL Project.
PGP is a registered trademark of PGP Corporation.
This product contains software based on standards defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440.
Ipswitch, Inc.
Copyright 2015