Bftpd Changelog

New in version 4.4

October 22nd, 2014
  • This release of Bftpd fixes a potential buffer overflow bug that occurs when the server is compiled with S_ISLINK defined. This bug may cause a buffer overflow when symbolic links are included in a directory listing. The new version 4.4 of Bftpd should process symbolic links properly or, in cases were S_ISLINK is not defined, hide symbolic links. This latter behaviour is provided for added security and to avoid causing Bftpd to hang on some operating systems while processing directory listings where symbolic links exist.

New in version 3.6 (July 29th, 2011)

  • This release includes a fix for dealing with named pipes.
  • Previously performing a directory listing on a directory that included a named pipe would cause Bftpd's connect to stall.
  • This release provides a work-around so that directory listings complete cleanly.

New in version 3.1 (September 24th, 2010)

  • A configuration default which could allow anonymous users to have more access to the server than intended was fixed.
  • By default, Bftpd now blocks anonymous logins, so any access must be turned on by the admin.

New in version 3.0 (September 6th, 2010)

  • This update does not introduce any code changes.
  • The release includes some corrections to the documentation.
  • It also adds a Slovak translation of the documentation.

New in version 2.9 (June 3rd, 2010)

  • A bug was found in the way bftpd handles anonymous logins. When an anonymous user connects, the ROOTDIR option in the configuration file was was being ignored. The new release, 2.9, corrects this problem. Thanks to Paul Laufer for reporting this issue.
  • This release also fixes an issue where the bftpd log file would get erased on Ubuntu during a reboot of the system.

New in version 2.8 (April 20th, 2010)

  • The 2.8 release brings a lot of improvements and bug fixes to Bftpd.
  • There were some cases where the user config options might not be read properly, depending on how Bftpd was compiled. This has been fixed so options should always be read.
  • Anonymous logins have been fixed. This broke a few releases back and it's been corrected. We have also disabled anonymous logins by default. You can allow anonymous logins in the configuration file.
  • If several Bftpd sessions all die at once, the system will now clean up the zombie processes.
  • The "list" command now recognizes the "-a" paramater, allowing clients to see hidden files. This function only works if the administrator has turned on the configuration file option SHOW_HIDDEN_FILES.
  • The search function has been updated, allowing users to see symbolic links, even if those links are broken. For this feature to work, the configuration file option SHOW_NONREADABLE_FILES must be turned on.
  • Many thanks to Raster who contributed most of the improvements for this release. Also thanks to Oliver Metz for reporting bugs.
  • In short, we've fixed a few things, tried to make the system more secure out of the box and added some optional functionality. Please see the contact page if you would like to report a problem.

New in version 2.7 (March 29th, 2010)

  • This release, 2.7, fixes an issue where an FTP client would attempt to delete a directory on the server. The server would previously send back the same error regardless if the directory was full or if the client did now have permission to delete it. This would confuse some clients. Thanks to Raster for providing this patch.
  • This release also clears up some complier warnings from gcc 4.4.1.

New in version 2.4 (September 3rd, 2009)

  • A minor security bug which could be used to cause a denial of service attack has been fixed.

New in version 2.2.1 (September 22nd, 2008)

  • This release provides one bugfix that would cause problems or a crash in environments where bftpd was started without stdin, stdout, or stderr streams.