After two and a half years of development, a significant release of the ftp server ProFTPD 1.3.8 has been published, with strengths in extensibility and functionality, and weaknesses in the periodic identification of dangerous vulnerabilities. A correction release of ProFTPD 1.3.7f is available at the same time and will be the last in the ProFTPD 1.3.7 series.
Main innovations of ProFTPD 1.3.8:
- Support for the CSID (Client/Server ID) FTP command has been implemented, which can be used to send information to identify the client software on the server and receive a response with information to identify the server. For example, a client might type "CSID Name=BSD FTP; Version=7.3" and get "200 Name=ProFTPD; Version=1.3.8; OS=Ubuntu Linux; OSVer=22.04; CaseSensitive=1; DirSep=/;".
- Added support for the "home-directory" extension to the SFTP protocol implementation to expand the ~/ and ~user/ paths. You can use the "SFTPExtensions homeDirectory" directive to enable it.
- Added support for AES-GCM ciphers to mod_sftp "[email protected]" and "[email protected]", as well as rotation of host keys ("SFTPOptions NoHostkeyRotation") using OpenSSH extensions "[email protected]" And "[email protected]". Support for enabling AES GCM ciphers has been added to the SFTPCiphers directive.
- Added "--enable-pcre2" option to build with PCRE2 library instead of PCRE. The ability to select a regular expression engine between PCRE2, POSIX and PCRE has been added to the RegexOptions directive.
- Added the SFTPHostKeys directive to specify host key algorithms offered to clients for the mod_sftp module.
- Added FactsDefault directive to explicitly define the list of "facts" returned in MLSD/MLSD FTP responses.
- Added the LDAPConnectTimeout directive to define the connection timeout to the LDAP server.
- A ListStyle directive has been added to enable listing the contents of directories in the Windows style.
- The RedisLogFormatExtra directive has been implemented to add custom keys and values to the JSON log, included by the RedisLogOnCommand and RedisLogOnEvent directives.
- The MaxLoginAttemptsFromUser parameter has been added to the BanOnEvent directive to block given combinations of users and IP addresses.
- Added support for TLS when connecting to the Redis DBMS to the RedisSentinel directive. Added support to the RedisServer directive for the modified AUTH command syntax used since Redis 6.x.
- Support for ETM (Encrypt-Then-MAC) hashes has been added to the SFTPDigests directive.
- Added ReusePort flag to SocketOptions directive to enable SO_REUSEPORT socket mode.
- The AllowSymlinkUpload flag has been added to the TransferOptions directive to return the ability to upload to symbolic links.
- Support for the "curve448-sha512" key exchange algorithm has been added to the SFTPKeyExchanges directive.
- The ability to substitute additional files in the allow/deny tables has been added to the mod_wrap2 module.
- The default value of the FSCachePolicy parameter has been changed to "off".
- The mod_sftp module has been adapted for use with the OpenSSL 3.x library.
- Added support for building with the libidn2 library to use Internationalized Domain Names (IDNs).
- The ftpasswd utility for generating password hashes has SHA256 instead of MD5 enabled by default.
Source: opennet.ru