Fixed vulnerabilities:

• Official binaries are now linked against GnuTLS 3.8.10

Bugfixes and minor changes:

• Fixed a crash if using speed limits

Bugfixes and minor changes:

• Fixed initial loading of file extensions for the Auto transfer type

Bugfixes and minor changes:

• Faster natural sort
• *nix: Fixed focus issue in Site Manager
• Updated to libfilezilla 0.50.0

Bugfixes and minor changes:

• UI: Fixed crash opening settings dialog if there are usernames starting with a character that sorts less than the less than sign

Bugfixes and minor changes:

• FTP: fixed crash if receiving an unusual sequence of commands.
• Fixed spurious error while backing up configuration.
• MSW: fixed silent crash of the installer at the end of the installation process.
• UI: fixed bug that might lead to duplicate IPs being retrieved by "retrieve public IP" button in the FTP tester.
• UI: added proper spacing between unit labels and the controls they are attached to.

Bugfixes and minor changes:

• Faster natural sort
• *nix: Fixed focus issue in Site Manager
• Updated to libfilezilla 0.50.0

Bugfixes and minor changes:

• MSW: Fixed bug that caused the installer to override the name of the log file in certain circumstances.

New features:

• It is now possible to configure which protocols users are allowed to login with

Bugfixes and minor changes:

• Fixed validation of domain names during certificate creation if a component in the hostname consists purely of numbers
• Administration UI: Fixed issues with renaming users
• Windows installer: Improved logging

Bugfixes and minor changes:

• Fixed a regression causing the setting 'do not require authentication' to get lost when restarting the server. Note: To see the effect of this fix, administrators must manually reapply the 'do not require authentication' setting for affected users. After this adjustment, the setting will persist as expected.
• MSW: Added NETWORK_SERVICE as a allowed user for the config dir ownership.

New features:

• macOS: Fixed a build issue affecting App Notarization on arm64

Bugfixes and minor changes:

• Updated translations

New features:

• Added option to always refresh remote directory listings when starting a recursive operation

Bugfixes and minor changes:

• Changing logfile settings no longer requires a restart of FileZilla
• Fixed a display issue with special characters in usernames
• MSW: Fixed local file list not updating after renaming or deleting items
• SFTP: Update interval of transfer progress during uploads should now be more consistent on very slow connections
• Updated to libfilezilla 0.49.0

New features:

• Added option to always refresh remote directory listings when starting a recursive operation

Bugfixes and minor changes:

• Changing logfile settings no longer requires a restart of FileZilla
• Fixed a display issue with special characters in usernames
• MSW: Fixed local file list not updating after renaming or deleting items
• SFTP: Update interval of transfer progress during uploads should now be more consistent on very slow connections
• Updated to libfilezilla 0.49.0

Bugfixes and minor changes:

• Fixed a regression causing the automatic renewal of the Let's Encrypt® certificates to not work properly.
• UI: fixed regression causing the Administration Interface port of the last successful connection to not be properly restored.
• UI: fixed a bug where the TLS key appeared to be lost in the interface if certificate generation failed, even though the key was still retained on the server.

Bugfixes and minor changes:

• Fixed an issue with the update mechanism

Bugfixes and minor changes:

• Fixed a regression introduced in 1.9.0, the "public IP or hostname" field on the passive mode page was not restored when opening the settings dialog

Fixed vulnerabilities:

• MSW: Warn if installing the server outside of Program Files due to custom directories having too lax permissions

Bugfixes and minor changes:

• Fixed a race condition resulting in stalled connections
• *nix: Fixed a potential crash if SIGINT is sent to the server while it is shutting down
• Fixes to the update check mechanism
• Fixed a regression in the converter for old 0.9.x configurations dealing with placeholders in native paths

New features:

• Private keys used for TLS can now be stored on a PKCS#11-compatible token device; the UI has been updated accordingly.
• UI: added button to retrieve the current FileZilla Server's public IP address, useful to configure the PASV mode.
• UI: added an FTP connection test, that can be reached directly from the Server menu item or executed at the end of the FTP Network Configuration Wizard.
• Made default values more secure, among which: require TLS on new FTP listeners, require a password for new users and warn if the administration password doesn't meet more stringent security requirements.
• Fixed bug causing the most recent log file, rather than the oldest, to be deleted upon rotation, when using dates as suffixes.
• MSW: fixed regression causing socket listener conflicts due to recent libfilezilla changes.
• Added WebUI: an HTTP server providing a REST API and a web app for seamless web access to stored files. WebUI is not included in the default build and must be enabled with the --enable-webui parameter during compilation. This feature is experimental; feedback and bug reports are welcome.

Bugfixes and minor changes:

• UI: the certificate fingerprint verification dialog is now sized to display the full fingerprint at once.
• UI: fixed bug causing the focus to be lost during user editing.
• UI: fixed bug causing the tray icon to display unexpectedly in certain cases.
• UI: improved error handling in case of server disconnection.
• UI: improved handling of Settings window size on ultra wide screens.
• FTP: the MKD command now returns an error if the directory already exists.
• FTP: Improved login timeout handling to exclude internal server processing time.
• Fixed heap corruption in the Administrator Interface.
• Fixed regression in the path handling routines.

Bugfixes and minor changes:

• MSW: Fixed an issue with confirmation dialogs for file deletion not being modal
• Updated to libfilezilla 0.48.1

Bugfixes and minor changes:

• Fixed an issue migrating old queue files if several older versions have been skipped
• Updated to libfilezilla 0.48.0

Fixed vulnerabilities:

• FileZilla Server now requires that the configuration directory is owned either by the operating system user account the server runs under, or a more privileged user (SYSTEM, Amdministrators, TrustedInstaller on Windows, root elsewhere)
• MSW: Mount points are now case-insensitive so that restrictions on sub mounts cannot be bypassed by a change of character case

Bugfixes and minor changes:

• Fixed a potential deadlock during transfers
• FTP: Fixed potential crash if the session gets closed

Fixed vulnerabilities:

• SFTP: Fixed PuTTY ECDSA NIST P-521 private key recovery vulnerability (CVE-2024-31497). If you use NIST P-521 keys to connect to SSH/SFTP servers, you should regenerate them and revoke the previous ones.
• Official binaries are now built against GnuTLS 3.8.4

Bugfixes and minor changes:

• Updated to libfilezilla 0.47.0

Fixed vulnerabilities:

• Official binaries are now built againt GnuTLS 3.8.3

Bugfixes and minor changes:

• Updated to libfilezilla 0.46.0
• MSW: Fixed tab navigation over message log

New features:

• Limits to the number of active sessions defined for the groups now apply to the group as a whole, not just to the individual users belonging to those groups.
• Fixed bug that led to timeouts not being set at startup, but only when changing the configuration.

Bugfixes and minor changes:

• FTP Server: NLST would report a file names with a leading ./ path in certain cases, which confused some clients. Fixed.
• UI: Fixed bug that caused the Administration Interface to misinterpret native paths in the mount lists in case the server were running on a machine with different path semantics than the Administration Interface's one.
• UI: fixed regression that led to some message dialogs not being displayed.
• Fixed regression that caused disabled mount points with empty native paths to be discarded.
• Fixed conversion to utf8 of virtual paths, which was wrongly misinterpreting some native encodings.
• In case of login failure, the login timeout resumes counting down for the remaining time.