Projects / vsftpd / Releases

All releases of vsftpd

  •  12 Mar 2011 23:26
Avatar

    Release Notes: This release corrects a DoS vulnerability where an attacker permitted to login to an FTP server would be able to cause the vsftpd child processes spawned for their sessions to consume excessive amounts of CPU time (CVE-2011-0762). If the attack is carried out on a sufficient number of FTP sessions (possibly from multiple source IP addresses to exceed a possible per-source limit), the FTP service would become unavailable and other services of the system would be greatly impacted. Some other bugs with no apparent security impact have been fixed at the same time.

    •  19 Aug 2010 23:38
    Avatar

      Release Notes: The version number was fixed. Version 2.3.1 incorrectly reported itself as version 2.3.0.

      •  19 Aug 2010 00:25
      Avatar

        Release Notes: A silly regression introduced in 2.3.0 was fixed - the log files are no longer overwritten from the start when vsftpd is restarted.

        •  06 Aug 2010 01:30
        Avatar

          Release Notes: A couple of regressions were fixed: port_promiscuous now works again and SSL data transfers with ASCII transforms should work reliably again. It is now possible to overwrite files partially with REST + STOR. A minimal, experimental HTTP mode was added.

          •  17 Nov 2009 20:49
          Avatar

            Release Notes: Most notably, a regression was fixed in the built-in listener. Under heavy load, new FTP sessions could sometimes get disconnected right way. This is now fixed. If you saw "OOPS: child died" just after connecting, it was likely this bug.

            •  19 Oct 2009 04:15
            Avatar

              Release Notes: This release focuses on fixing two regressions: the use of the "pasv_address" option now works again. SSL data connections should work again after a previous long transfer or long idle period.

              •  13 Aug 2009 02:34
              Avatar

                Release Notes: Compilation fixes and minor fixes were made in IPv6, PAM, and client QUIT. More process isolation was added for Linux (network isolation) and configuration options may now be passed on the command line.

                •  29 May 2009 22:15
                Avatar

                  Release Notes: SSL support was fixed so that the data connection timeout does not fire incorrectly, and the bandwidth limiter is applied consistently. An absent per-user config file no longer fails a login (as per v2.0.7 and earlier). The build was fixed for various systems such as Ubuntu 9.04. Note that v2.1.2 is the same as v2.1.1, but with a compile fix for users with libcap-devel installed.

                  •  19 Feb 2009 00:55
                  Avatar

                    Release Notes: Various build fixes were applied. Implicit SSL support was added. The ASCII download support now matches ProFTPd. A couple of interoperability problems with broken clients were fixed. SSL session reuse is now required by default to close a loophole in the FTP protocol. Some log messages were tidied up. Files are now locked properly for upload, fixing corruption with simultaneous uploads. Memory limits per-process are now applied. STOU was fixed to use the original filename where possible.

                    •  30 Jul 2008 07:58
                    Avatar

                      Release Notes: SSL interoperability with FileZilla was fixed. Some build errors introduced in 2.0.6 were corrected. A race causing PASV connection drops under extreme load was fixed. Options to more aggressively check proper SSL data transfer were added, but, unfortunately, buggy clients mean it is not on by default. The option to delete failed uploads was added.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.