Ngemva kweminyaka emibili nengxenye yokuthuthukiswa, ukukhululwa okubalulekile kweseva ye-ftp i-ProFTPD 1.3.8 kushicilelwe, amandla akho okunwebeka nokusebenza, kodwa ubuthakathaka ukuhlonza ngezikhathi ezithile ubungozi obuyingozi. Ngesikhathi esifanayo, ukukhishwa kokulungisa kwe-ProFTPD 1.3.7f kuyatholakala, okuzoba okokugcina ochungechungeni lwe-ProFTPD 1.3.7.
Okuqanjwa okusha kwe-ProFTPD 1.3.8:
- Usekelo lomyalo we-CSID (I-ID Yeklayenti/Iseva) seluqalisiwe, olungasetshenziswa ukuthumela ulwazi ukuhlonza isofthiwe yeklayenti kuseva nokuthola impendulo enolwazi lokuhlonza iseva. Ngokwesibonelo, iklayenti lingase lithumele “CSID Name=BSD FTP; Inguqulo=7.3" futhi yamukele ngempendulo ethi "200 Name=ProFTPD; Inguqulo=1.3.8; OS=Ubuntu Linux; OSVer=22.04; I-CaseSensitive=1; DirSep=/;".
- Ukuqaliswa kwephrothokholi ye-SFTP kungeze usekelo lwesandiso “sohlu lwasekhaya” ukuze kunwetshwe ~/ and ~user/ paths. Ukuze uyinike amandla, ungasebenzisa isiqondiso "SFTExtensions homeDirectory".
- Kwengezwe ukusekelwa kwamaciphers e-AES-GCM ku-mod_sftp "[i-imeyili ivikelwe]"Futhi"[i-imeyili ivikelwe]", kanye nokuzungezisa ukhiye wokusingatha ("Izinketho ze-SFTPO NoHostkeyRotation") kusetshenziswa izandiso ze-OpenSSH "[i-imeyili ivikelwe]"Futhi"[i-imeyili ivikelwe]" Usekelo olungeziwe lokunika amandla ama-cipher e-AES GCM kumyalelo we-SFTPCiphers.
- Kwengezwe inketho ethi "-enable-pcre2" yokwakha ngelabhulali ye-PCRE2 esikhundleni se-PCRE. Ikhono lokukhetha injini yokukhuluma evamile phakathi kwe-PCRE2, i-POSIX ne-PCRE yengezwe kumyalelo we-RegexOptions.
- Umyalelo we-SFTPHostKeys wengeziwe ukukhombisa ama-algorithms wokhiye wosokhaya anikezwa amaklayenti kumojula ye-mod_sftp.
- I-Add FactsDefault Direction ukuze ichaze ngokusobala uhlu "lwamaqiniso" azobuyiselwa ngezimpendulo ze-MLSD/MLSD FTP.
- Kwengezwe umyalelo we-LDAPConnectTimeout ukuze kutholwe ukuphela kwesikhathi sokuxhuma kuseva ye-LDAP.
- Kwengezwe umhlahlandlela we-ListStyle ukuze unike amandla ukufakwa kuhlu kwesitayela se-Windows kokuqukethwe kohla lwemibhalo.
- Umyalelo we-RedisLogFormatExtra usetshenziswe ukuze wengeze okhiye bakho namanani elogu le-JSON elifakwe yi-RedisLogOnCommand kanye ne-RedisLogOnEvent.
- Ipharamitha ye-MaxLoginAttemptsFromUser yengezwe kumyalelo we-BanOnEvent ukuze kuvinjwe izinhlanganisela ezithile zabasebenzisi namakheli e-IP.
- Ukusekelwa kwe-TLS kwengezwe kumyalelo we-RedisSentinel lapho kuxhunywa ku-Redis DBMS. Umyalelo we-RedisServer manje usekela i-syntax yomyalo eguquliwe ye-AUTH esetshenziswe kusukela ku-Redis 6.x.
- Ukwesekwa okwengeziwe kwe-ETM (Encrypt-Then-MAC) kuma-hashes kuya kumyalelo we-SFTPDigests.
- Ifulegi le-ReusePort lengezwe kumyalelo we-SocketOptions ukuze kunikwe amandla imodi yesokhethi ye-SO_REUSEPORT.
- Ifulegi le-AllowSymlinkUpload lengeziwe kusiqondiso se-TransferOptions ukuze kubuyiselwe amandla okulayisha kuzixhumanisi ezingokomfanekiso.
- Kwengezwe usekelo lwe-algorithm yokushintsha ukhiye "curve448-sha512" kumyalelo we-SFTPKeyExchanges.
- Ikhono lokushintsha amafayela engeziwe kumathebula okuvumela/ukuphika lengezwe kumojula ye-mod_wrap2.
- Inani elizenzakalelayo lepharamitha ye-FSCachePolicy iguqulelwe kokuthi "cishiwe".
- Imojuli ye-mod_sftp iguqulelwe ukuze isetshenziswe nelabhulali ye-OpenSSL 3.x.
- Kwengezwe usekelo lokwakha ngomtapo wezincwadi we-libidn2 ukuze kusetshenziswe Amagama Esizinda Samazwe Ngamazwe (IDN).
- Kumsebenzi we-ftpasswd, i-algorithm ezenzakalelayo yokukhiqiza ama-hashi ephasiwedi yi-SHA256 esikhundleni se-MD5.
Source: opennet.ru