VShell 4.6.3 is now available for download.
This is a maintenance release to address issues found in version 4.6.2.
VShell for Windows Remote Execution via Triggers Vulnerability, versions before 4.6.3:
When a trigger action was configured to run a script, a user could use a maliciously crafted value that would be passed to the trigger and cause an arbitrary command to be launched on the VShell host machine.
VShell for Windows Virtual Roots SFTP Directory Traversal Vulnerability, versions 3.5.0 – 4.6.2:
With some SFTP clients, an authenticated user could send a maliciously crafted path to VShell on Windows that would allow access to the file system outside the virtual root folder(s), causing folder access to be restricted only by NTFS permissions.
For installations of VShell on Windows, we strongly recommend upgrading to the 4.6.3 release.
For more details, please visit VanDyke Software Security Advisories.
New in VShell 4.6
HTTPS Single Sign On (SSO) (Windows only)
Provide your Windows users with a convenient way to log on to VShell Enterprise Edition with HTTPS without entering a username or password. SSO reduces helpdesk workload by decreasing the risk of accidental VShell account lockouts and resulting password reset requests.
Enhanced automatic file renaming capabilities
Customize names of files or folders when moving or copying files in response to file operations. Standardize or specialize names by inserting dates, timestamps, usernames, session IDs, protocol, pre-defined text, and more.
Automatically send email with file transfer summary (Windows only)
Use logout triggers to send email notifications with the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.
Automatically run commands that use file transfer summary variables
Use logout triggers to run commands or scripts using the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.
VShell now supports the rsa-sha2-256 and rsa-sha2-512 algorithms (RFC 8332) for host keys and public-key authentication.
SSH2 extension negotiation
For clients that support extension negotiation as specified in RFC 8308, upon request VShell will now send the list of available public-key algorithms.
Specified character restriction
Configure VShell to prevent clients from using specific characters in file and directory names.
Support has been added for Ubuntu 20.04 LTS and Red Hat Enterprise Linux 8.
Fully-functional evaluation copies of VShell 4.6.3 can be downloaded and evaluated for 60 days. VShell evaluators have full access to VanDyke Software’s expert technical support to assist with installation, configuration, and testing during the 60-day VShell evaluation period.
- Download VShell 4.6.3
- Visit the VShell 4.6 page for a list of new features
- See the VShell 4.6 History File for a complete list of changes
We want to hear your feedback
Send your questions, requests, or bug reports to firstname.lastname@example.org.