Release Notes: This release corrects a DoS vulnerability where an attacker permitted to login to an FTP server would be able to cause the vsftpd child processes spawned for their sessions to consume excessive amounts of CPU time (CVE-2011-0762). If the attack is carried out on a sufficient number of FTP sessions (possibly from multiple source IP addresses to exceed a possible per-source limit), the FTP service would become unavailable and other services of the system would be greatly impacted. Some other bugs with no apparent security impact have been fixed at the same time.
Release Notes: The version number was fixed. Version 2.3.1 incorrectly reported itself as version 2.3.0.
Release Notes: A silly regression introduced in 2.3.0 was fixed - the log files are no longer overwritten from the start when vsftpd is restarted.
Release Notes: A couple of regressions were fixed: port_promiscuous now works again and SSL data transfers with ASCII transforms should work reliably again. It is now possible to overwrite files partially with REST + STOR. A minimal, experimental HTTP mode was added.
Release Notes: Most notably, a regression was fixed in the built-in listener. Under heavy load, new FTP sessions could sometimes get disconnected right way. This is now fixed. If you saw "OOPS: child died" just after connecting, it was likely this bug.
Release Notes: This release focuses on fixing two regressions: the use of the "pasv_address" option now works again. SSL data connections should work again after a previous long transfer or long idle period.
Release Notes: Compilation fixes and minor fixes were made in IPv6, PAM, and client QUIT. More process isolation was added for Linux (network isolation) and configuration options may now be passed on the command line.
Release Notes: SSL support was fixed so that the data connection timeout does not fire incorrectly, and the bandwidth limiter is applied consistently. An absent per-user config file no longer fails a login (as per v2.0.7 and earlier). The build was fixed for various systems such as Ubuntu 9.04. Note that v2.1.2 is the same as v2.1.1, but with a compile fix for users with libcap-devel installed.
Release Notes: Various build fixes were applied. Implicit SSL support was added. The ASCII download support now matches ProFTPd. A couple of interoperability problems with broken clients were fixed. SSL session reuse is now required by default to close a loophole in the FTP protocol. Some log messages were tidied up. Files are now locked properly for upload, fixing corruption with simultaneous uploads. Memory limits per-process are now applied. STOU was fixed to use the original filename where possible.
Release Notes: SSL interoperability with FileZilla was fixed. Some build errors introduced in 2.0.6 were corrected. A race causing PASV connection drops under extreme load was fixed. Options to more aggressively check proper SSL data transfer were added, but, unfortunately, buggy clients mean it is not on by default. The option to delete failed uploads was added.