vsftpd Changelog

New in version 3.0.3

July 25th, 2015
  • Increase VSFTP_AS_LIMIT to 200MB; various reports.
  • Make the PWD response more RFC compliant
  • Remove the trailing period from EPSV response to work around BT Internet issues
  • Fix syslog_enable issues vs. seccomp filtering. At least, syslogging seems to work on my Fedora now.
  • Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports.
  • Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
  • this case gracefully.
  • List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
  • Make some compile-time SSL defaults (such as correct client shutdown handling) stricter.
  • Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays.
  • Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks.
  • Kill the FTP session if we see session re-use failure.
  • Enable ECDHE, Tim Kosse .
  • Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
  • Minor SSL logging improvements.
  • Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity.

New in version 3.0.2 (September 25th, 2012)

  • One more seccomp policy fix: mremap (denied).
  • Support STOU with no filename, uses a STOU. prefix.

New in version 2.3.4 (March 14th, 2011)

  • vsftpd-2.3.4 is released - aside from some minor changes, the most interesting bug fix is an excessive CPU consumption issue with crazy file specs. Credit to Maksymilian Arciemowicz. See the Changelog and vsftpd FAQ (frequently asked questions) for a list of common questions!
  • After numerous requests, I now have a PayPal button for donations. If you use vsftpd, like it, and think it's worthy of a donation, then click on the Paypal button on the left of the page.
  • ftp.freebsd.org switched to vsftpd.
  • vsftpd tarballs are now GPG signed by me.

New in version 2.3.2 (August 20th, 2010)

  • vsftpd-2.3.2 is released - with a single fix for the silly logfile overwrite regression in vsftpd-2.3.0. (2.3.2 is the same as 2.3.1, but 2.3.1 has an incorrect version numer). vsftpd-2.3.0 contained a couple of regression fixes (port_promiscuous and SSL data transfer + ASCII transforms). In addition, it is now possible to use REST + STOR to overwrite part of a file. There is also a tiny experimental HTTP section for people who need a paranoidly secure simple static HTTPd.

New in version 2.3.0 (August 6th, 2010)

  • vsftpd-2.3.0 is released - with a couple of regression fixes (port_promiscuous and SSL data transfer + ASCII transforms). In addition, it is now possible to use REST + STOR to overwrite part of a file. There is also a tiny experimental HTTP section for people who need a paranoidly secure simple static HTTPd. Please refer to the v2.3.0 Changelog and vsftpd FAQ (frequently asked questions) for a list of common questions!
  • After numerous requests, I now have a PayPal button for donations. If you use vsftpd, like it, and think it's worthy of a donation, then click on the Paypal button on the left of the page.
  • ftp.freebsd.org switched to vsftpd.
  • vsftpd tarballs are now GPG signed by me.