FileZilla® / News: Recent posts

FileZilla is a fast FTP and SFTP client for Windows with a lot of features. FileZilla Server is a reliable FTP server.

The long wait is over, I'm proud to announce the release of FileZilla 3.0.0. You can download the new version here:

http://filezilla-project.org/download.php?type=client

The primary new feature of 3.0.0 is the ability to run under multiple platforms. FileZilla 3 does not only run under Windows, but also under Linux, *BSD, Mac OS X and many more. In addition, the internals of FileZilla have been streamlined and modernized.... read more

The FileZilla 3 repository has been moved to Subversion and is now being available under http://filezilla.svn.sourceforge.net/svnroot/filezilla/FileZilla3

You can browse the repository under http://filezilla.svn.sourceforge.net/viewvc/filezilla/

FileZilla 2.2.32 fixes format string vulnerabilities which might be exploitable.
An update to 2.2.32 is hightly recommended.

On October 5, 2006, the first beta version of FileZilla 3 has been released.

FileZilla 3 is a complete rewrite of the client and is able to run on every major platform, including Windows, Linux, Mac OS X and *BSD.

Other new features of FileZilla 3 include:

• Directory listing filter
• Network Configuration Wizard including online test

However, a lot of features are still missing and scheduled for future beta versions. Especially the user interface will still undergo a lot of changes.... read more

FileZilla and FileZilla Server have been updated to fix a security vulnerability discovered in the OpenSSL library. Details about the vulnerabilities can be found here: http://www.openssl.org/news/secadv_20060928.txt
FileZilla uses OpenSSL to handle SSL secured connections.

Updating to FileZilla 2.2.28 and FileZilla Server 0.9.19 is highly recommended.

FileZilla 2.2.23 fixes a critical security vulnerability. Due to a buffer overflow remote code execution might have been possible if connecting to malicious servers.
An update to FileZilla 2.2.23 is highly recommended.

You can download the updated version from http://sourceforge.net/project/showfiles.php?group_id=21558&package_id=15149

FileZilla Server 0.9.17 fixes a critical security vulnerability. Due to a buffer overflow in the admin interface, remote code execution with the rights of the user running the admin interface might have been possible. Only the interface was affected, the service was unaffected.
An update to FileZilla Server 0.9.17 is highly recommended.

FileZilla Server now uses UTF-8 encoding for filenames as specified in RFC 2640 (http://www.faqs.org/rfcs/rfc2640.html). This allows for proper handling of filenames containing non-English characters, as FTP originally was only designed for 7-bit US-ASCII.
In order to support UTF-8, FileZilla Server now requires at least Windows 2000 or higher, Windows 98 is no longer supported.

You might have problems with some non-UTF8 capable clients that do now support RFC 2640. In this case I recommend to use FileZilla as client, it supports UTF-8.

Recently a security vulnerability has been discovered in zlib which could allow remote code execution under some circumstances.
Remote code execution was not possible with FileZilla Server since zlib was compiled with enabled buffer overflow protection, instead FileZilla Server did just terminate.

Version 0.9.9 fixes this problem, an update is highly recommended.

FileZilla is a fast FTP and SFTP client for Windows with a lot of features. FileZilla Server is a reliable FTP server. FileZilla Server 0.9.6 fixes two problems which could be used as denial of service attacks against FileZilla Server. The first problem involves reserved MSDOS device names like CON, NUL, COM1, LPT1 and such. Under some Windows versions, FileZilla Server could freeze if the user issued a command to access a file containing a reserved name. The problem seems to only occur on Windows 2000 or older.... read more

Recently a critical security vulnerability has been discovered in PuTTY which may allow remote code execution. FileZilla uses parts of PuTTY for SFTP connections.
Please upgrade FileZilla to version 2.2.11 and PuTTY to version 0.57 immediately.

Details about the vulnerability are available on the PuTTY homepage.
(http://www.chiark.greenend.org.uk/~sgtatham/putty/)

A lot has changed since the last release of this FTP server. The most important change is the improved list of connected users which now displays more details like the current active transfer details (file, progress, speed)

New features:

• List of connected users displays more details: IP, current file, progress and speed. Based on patch by "Tropics"
• Admininterface reconnects automatically after connection loss
• Folders to which the user has no access, won't be displayed in directory listings
• All IP filters can now also filter hostnames using regular expressions, based on patch from Sebastian Schuberth
• implemented MLSD and MLST commands
• implemented ALLO command
• If user password in settings file is not 32 characters long (and thus not a MD5 hash) convert it to a MD5 hash.... read more

Recently a security vulnerability in zlib was found which could be use for denial of service attacks on all programs using zlib. See http://www.openpkg.org/security/OpenPKG-SA-2004.038-zlib.html for details.

Since FileZilla Server uses zlib for MODE Z transfers, it was affected by this problem as well. Version 0.9.3 of FileZilla Server has been released to fix this vulnerability.

Recently, a security vulnerability in PuTTY was found (read http://www.chiark.greenend.org.uk/~sgtatham/putty/ for details) which allows attackers to execute malicious code on anyone using PuTTY.
Since the SFTP support in FileZilla is based on PuTTY, FileZilla was vulnerable as well if connecting to SFTP servers. Version 2.2.8 of FileZilla fixes the security holes.

Here's the complete release notes:... read more

With version 2.2.5, an era ends. This will be the last version based on the old source tree. Over the last three years, FileZilla has been constantly improved. However, in the past few months development has slowed significantly, mainly due to the fact that it's become quite difficult to add new features to FileZilla. The complexity of FileZilla has grown far far beyond anything then anyone could imagine when the project first started, this also reflects in the source code. That's why I've decided to leave the current source tree behind and start FZ3 from scratch. The new version will contain most if not all features of FileZilla 2.2.5 once done and will be cross-platform.... read more

In order to create the upcoming cross-platform version of FileZilla 3 (http://sf.net/projects/filezilla), I'm searching for a developer which knows how to use automake, autoconf and the like to create the neccessary input files for these tools.

FileZilla 3 uses the wxWidgets library.
Structure of the project:
FZ3 is divided into two parts, the engine and the interface, located in the src/engine and src/interface subfolders.
The engine should be compiled as static library and the interface links to it. Common for both is a shared include folder located in src/include.... read more

FileZilla 2.2.4c has been released. This version is a maintance release that changes the following since 2.2.4b:

• position of local and remote views can be switched
• resolved remaining SSL issues (2.2.4c)
• Connect:Enterprise directory listing compatibility
• crash with invalid dates in directory listings

In addition to that, I've created a new discussion forum for FileZilla. You can access it under http://filezilla.sourceforge.net/forum/

New features:

• Improved SSL certificate verification. You can know put a list of known root certificates into the file cacert.pem
• Sticky bit can be set with the file attributes dialog
• Message log font can now be changed

Fixed bugs:

• Upgraded to Visual C++ 7.1 and now linked statically against the runtime libraries, this may fix some rare crashes.
• Fixed regression with the Connect:Enterprise server directory listing format.
• Improved comtabibility with some windows servers which do not support paths prefixed with slashes
• Added support for paths in the form DIR.SUBDIR1.SUBDIR2.
• Local/remote file lists were not always sorted correctly
• some SSL fixes
• drawing problems if running under wine
• improved caching if creating directories
• some reported crashes have been fixed

Happy new year everyone!

2003 was a very exciting year for FileZilla. Several magazines have put FileZilla on their cover CD, FileZilla became Project of the Month in November and Patrick McGovern, the director of SourceForge, has presented FileZilla on TechTV in the Screensavers show.
I would like to thank everyone for your great suggestions, bug reports, help offers or any other typr of feedback.... read more

New features:

• added filetype column to remote file list
• file lists can now be sorted over the view menu, even if not using details style
• added "Add to queue" as selection for default file doubleclick action
• added Korean language files

Fixed bugs:

• fixed VShell server compatibility
• fixed queue releated crash
• no longer automatically try to resume transfer of ascii files after transfer failure, it did cause troubled due to different line endings.
• compatibility fixes for directory listing parser
• allow SFTP transfers if LIST fails

FileZilla Server 0.8.8 has been released. The new version greatly enhances the settings for passive mode transfers. For external IPs you can now enter hostnames in addition to standard IP addresses. It is also possible to use external IP scripts in case you do not have a fixed host name. FileZilla is a fast FTP client for Windows with a lot of features. FileZilla Server is a reliable FTP server.

Here's the full list of changes:... read more

The two most important changes in this release are
a new comments field in the site manager and a fix for the slow upload speed some users have reported.

Here's a complete list of changes:

New features:

• added comments field to Site Manager, moved default local/remote directories to advanced page.
• added Russian translation
• added support for servers with send multiple code 1yz replies on RETR/STOR/APPE commands
• remember and restore focus of last active window if main window loses and regains focus
• slightly improved compatibility of directory listing parser ... read more

FileZilla Server 0.8.6a has been released. It contains a workaround for a bug in the Windows api function CreateDirectory. Due to the bug it is possible to create directories which names end with one or more dots. Those directories were unaccessible and couldn't be deleted with most programs. FileZilla Server now denies creation of such directories.
Please look into the readme for instructions how to manually remove such directories.... read more

New features:

• added combobox with recent folders to local views
• empty directories are now created during up/downloads
• added support for IBM AS/400 style directory listings
• Directory listing parser now understands Spanish month names
• position of treeviews can be customized

Fixed bugs:

• Queue related crashes have been fixed

New features:

• Large code review of the transfer queue, greatly improved speed if adding large numbers of files to the queue
• New Message Log window, text can now be selected
• PASV mode settings and server timezone can be set for each site in the Site Manager

Fixed bugs:

• queue import did not work
• ascii/binary settings were not restored if loading queue
• fixed problems with adding directories to queue and deleting directories on the server
• Speed limit rules no longer stop working after showing settings dialog
• Fixed transfer of last few bytes on SSL uploads, should no longer be missing