VShell 4.6.3 is now available for download.

This is a maintenance release to address issues found in version 4.6.2.

Important Notice

VShell for Windows Remote Execution via Triggers Vulnerability, versions before 4.6.3:

When a trigger action was configured to run a script, a user could use a maliciously crafted value that would be passed to the trigger and cause an arbitrary command to be launched on the VShell host machine.

VShell for Windows Virtual Roots SFTP Directory Traversal Vulnerability, versions 3.5.0 – 4.6.2:

With some SFTP clients, an authenticated user could send a maliciously crafted path to VShell on Windows that would allow access to the file system outside the virtual root folder(s), causing folder access to be restricted only by NTFS permissions.

For installations of VShell on Windows, we strongly recommend upgrading to the 4.6.3 release.

For more details, please visit VanDyke Software Security Advisories.

New in VShell 4.6

HTTPS Single Sign On (SSO) (Windows only)

Provide your Windows users with a convenient way to log on to VShell Enterprise Edition with HTTPS without entering a username or password. SSO reduces helpdesk workload by decreasing the risk of accidental VShell account lockouts and resulting password reset requests.

Enhanced automatic file renaming capabilities

Customize names of files or folders when moving or copying files in response to file operations. Standardize or specialize names by inserting dates, timestamps, usernames, session IDs, protocol, pre-defined text, and more.

Automatically send email with file transfer summary (Windows only)

Use logout triggers to send email notifications with the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.

Automatically run commands that use file transfer summary variables

Use logout triggers to run commands or scripts using the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.

Algorithm support

VShell now supports the rsa-sha2-256 and rsa-sha2-512 algorithms (RFC 8332) for host keys and public-key authentication.

SSH2 extension negotiation

For clients that support extension negotiation as specified in RFC 8308, upon request VShell will now send the list of available public-key algorithms.

Specified character restriction

Configure VShell to prevent clients from using specific characters in file and directory names.

Platform support

Support has been added for Ubuntu 20.04 LTS and Red Hat Enterprise Linux 8.

Fully-functional evaluation copies of VShell 4.6.3 can be downloaded and evaluated for 60 days. VShell evaluators have full access to VanDyke Software’s expert technical support to assist with installation, configuration, and testing during the 60-day VShell evaluation period.

• Download VShell 4.6.3
• Visit the VShell 4.6 page for a list of new features
• See the VShell 4.6 History File for a complete list of changes

We want to hear your feedback
Send your questions, requests, or bug reports to support@vandyke.com.

VShell 4.5.2 (Official) is now available for download.

This is a maintenance release to address issues found in VShell 4.5.1.

Important Notice

Prior to version 4.5.2, VShell Enterprise Edition with HTTPS could be vulnerable to a directory traversal attack using HTTP requests, allowing potentially unauthorized access to the file system.

For VShell installations using HTTP/HTTPS, we strongly recommend upgrading to the 4.5.2 release.

For more details, please visit VanDyke Software Security Advisories.

Here’s what’s new in VShell 4.5 (Official):

HTTPS support (Linux/Mac, previously Windows only)

Provide an easy-to-use, browser-based file transfer solution for staff, customers, and external partners. End users can connect to VShell Enterprise Edition with HTTPS to upload and download files, and more. No need to train end users on client software and no plugins to install. Customize the user web interface with your company colors and logo.

WebDAV support (All platforms)

VShell Enterprise Edition with HTTPS allows users to connect with a WebDAV client to upload and download files securely. Users can take advantage of WebDAV functionality to edit and collaborate on content.

Folder monitor (Windows)

Detect when new files are created, moved, or copied to a particular folder and initiate actions such as automatic transfer to another SFTP server.

CUCM configuration wizard (Windows)

Use this wizard for easier configuration of VShell to receive file uploads (backups) from Cisco Unified Communications Manager (CUCM).

Limit maximum concurrent connections for users and groups (Linux/Mac, previously Windows only)

Control how many sessions are allowed for users and groups for SSH2, SFTP, and FTPS connections. Specify the maximum number of concurrent connections for all users/groups, or set individual limits for particular users/groups.

Workgroup Edition provides more concurrent connections

The VShell Workgroup Edition now provides 25 concurrent connections (previously 10).

Fully-functional evaluation copies of VShell 4.5.2 (Official) can be downloaded and evaluated for 60 days. During evaluation, VShell evaluators have full access to VanDyke Software’s expert technical support to assist with installation, configuration, and testing.

• Visit the VShell 4.5.2 (Official) page to learn more about the new capabilities in this release.
• Download and evaluate the VShell 4.5.2 (Official) release today.
• For a complete list of changes, please see the VShell 4.5.2 (Official) History File

We want to hear your feedback
Please send your questions, requests, or bug reports to support@vandyke.com.