OLD | NEW |
(Empty) | |
| 1 Issue tracker at http://code.google.com/p/pyftpdlib/issues/list |
| 2 |
| 3 |
| 4 History |
| 5 ======= |
| 6 |
| 7 Version: 0.5.0 - Date: 2008-09-20 |
| 8 --------------------------------- |
| 9 |
| 10 Major enhancements: |
| 11 |
| 12 * Issue #72: pyftpdlib now provides configurable idle timeouts to disconnect |
| 13 client after a long time of inactivity. |
| 14 |
| 15 * Issue #73: impose a delay before replying for invalid credentials to minimize |
| 16 the risk of brute force password guessing. |
| 17 |
| 18 * Issue #74: it is now possible to define permission exceptions for certain |
| 19 directories (e.g. creating a user which does not have write permission except |
| 20 for one sub-directory in FTP root). |
| 21 |
| 22 * Improved bandwidth throttling capabilities of demo/throttled_ftpd.py script |
| 23 by having used the new CallLater class which drastically reduces the number |
| 24 of calls to time.time(). |
| 25 |
| 26 Bugfixes: |
| 27 |
| 28 * Issue #62: some unit tests were failing on dual core machines. |
| 29 |
| 30 * Issue #71: socket handles are leaked when a data transfer is in progress and |
| 31 user QUITs. |
| 32 |
| 33 * Issue #75: orphaned file was left behind in case STOU failed for insufficient |
| 34 user permissions. |
| 35 |
| 36 * Issue #77: incorrect OOB data management on FreeBSD. |
| 37 |
| 38 |
| 39 Version: 0.4.0 - Date: 2008-05-16 |
| 40 --------------------------------- |
| 41 |
| 42 Major enhancements: |
| 43 |
| 44 * Issue #65: assume the id of real users when using system dependent |
| 45 authorizers. |
| 46 * Issue #67: added IPv6 support. |
| 47 |
| 48 Bugfixes: |
| 49 |
| 50 * Issue #64: issue when authenticating as anonymous user using user-defined |
| 51 authorizers. |
| 52 * Issue #66: WinNTAuthorizer does not determine the real user home directory. |
| 53 * Issue #69: DummyAuthorizer incorrectly uses class attribute instead of |
| 54 instance attribute for user_table dictionary. |
| 55 * Issue #70: wrong NOOP response code. |
| 56 |
| 57 API changes since 0.3.0: |
| 58 |
| 59 * DummyAuthorizer class changes: |
| 60 * impersonate_user() and terminate_impersonation() methods have been |
| 61 added. |
| 62 |
| 63 |
| 64 Version: 0.3.0 - Date: 2008-01-17 |
| 65 --------------------------------- |
| 66 |
| 67 Major enhancements: |
| 68 |
| 69 * Issue #48: real permissions, owner, and group for files on UNIX platforms are |
| 70 now provided when processing LIST. |
| 71 * Issue #51: added the new demo/throttled_ftpd.py script. |
| 72 * Issue #59: iterators are now used for calculating requests requiring long |
| 73 time to complete (LIST and MLSD commands). |
| 74 * Issue #61: extended the set of assignable user permissions. |
| 75 |
| 76 RFC-related enhancements: |
| 77 |
| 78 * Issue #42: implemented FEAT command defined in RFC-2389. |
| 79 * Issue #52: implemented MLST and MLSD commands defined in RFC-3659. |
| 80 * Issue #58: implemented OPTS command define in RFC-2389. |
| 81 |
| 82 Bugfixes: |
| 83 |
| 84 * Issue #41: error occurred on quit if user was not yet authenticated. |
| 85 * Issue #43: hidden the server identifier when returning STAT response. |
| 86 * Issue #44: a wrong response code was given on PORT if the data connection |
| 87 attempt failed. |
| 88 * Issue #45: a wrong response code was given on HELP if argument was incorrect. |
| 89 * Issue #46: a wrong response code was given on PASV if remote peer had a |
| 90 foreign internet address. |
| 91 * Issue #47: can't use FTPServer.max_cons option with Python 2.3. |
| 92 * Issue #48: problem when LISTing "broken" symbolic links. |
| 93 * Issue #49: data channel did not respect the outgoing data buffer. |
| 94 * Issue #53: received strings having trailing white spaces was erroneously |
| 95 stripped. |
| 96 * Issue #54: LIST/NLST/STAT outputs are now sorted by file name. |
| 97 * Issue #55: path traversal vulnerability in case of symlinks. |
| 98 * Issue #56: can't rename broken symbolic links. |
| 99 * Issue #57: wrong LIST/NLST behavior when processing symbolic links. |
| 100 * Issue #60: error occurred in case of bad formatted PORT command requests. |
| 101 |
| 102 API changes since 0.2.0: |
| 103 |
| 104 * New IteratorProducer and BufferedIteratorProducer classes have been added. |
| 105 * DummyAuthorizer class changes: |
| 106 * The permissions management has been changed and the set of available |
| 107 permissions have been extended (see Issue #61). add_user() method |
| 108 now accepts "eladfm" permissions beyond the old "r" and "w". |
| 109 * r_perm() and w_perm() methods have been removed. |
| 110 * New has_perm() and get_perms() methods have been added. |
| 111 * AbstractedFS class changes: |
| 112 * normalize() method has been renamed in ftpnorm(). |
| 113 * translate() method has been renamed in ftp2fs(). |
| 114 * New methods: fs2ftp(), stat(), lstat(), islink(), realpath(), lexists(), |
| 115 validpath(). |
| 116 * get_list_dir(), get_stat_dir() and format_list() methods now return an |
| 117 iterator object instead of a string. |
| 118 * format_list() method has a new "ignore_err" keyword argument. |
| 119 * global debug() function has been removed. |
| 120 |
| 121 |
| 122 Version: 0.2.0 - Date: 2007-09-17 |
| 123 ---------------------------------- |
| 124 |
| 125 Major enhancements: |
| 126 |
| 127 * Issue #5: provided a way to configure / limit the number of maximum |
| 128 acceptable connections. |
| 129 * Issue #5: provided a way to configure / limit the maximum number of clients |
| 130 which may be connected from the same IP address. |
| 131 * Issue #36: added support for FXP site-to-site transfer to allow transfers |
| 132 between FTP servers. |
| 133 * Issue #39: added NAT/Firewall support with PASV (passive) mode connections |
| 134 for FTP servers behind NAT. |
| 135 * Issue #40: provided new FTPHandler.passive_ports attribute to control what |
| 136 ports to use for passive data-transfers. |
| 137 |
| 138 RFC-related enhancements: |
| 139 |
| 140 * Issue #6: accept and process TYPE AN and TYPE L8 commands. |
| 141 * Issue #7: a new USER command can now be entered at any point to begin the |
| 142 login sequence again. |
| 143 * Issue #8: be compliant with STOU output format defined in RFC 1123. |
| 144 * Issue #10: HELP command arguments are now accepted. |
| 145 * Issue #12: 554 error response is now returned on RETR/STOR if REST fails. |
| 146 * Issue #15: STAT used with an argument return directory LISTing over the |
| 147 command channel. |
| 148 |
| 149 Security enhancements: |
| 150 |
| 151 * Issue #3: stop buffering when extremely long lines are received. |
| 152 * Issue #11: reject data connection when a privileged port is specified on |
| 153 PORT command. |
| 154 * Issue #25: limit the number of attempts to find a unique filename for |
| 155 STOU command. |
| 156 |
| 157 Usability enhancements: |
| 158 |
| 159 * Provided an overridable attribute to easily set number of maximum login |
| 160 attempts before disconnecting. |
| 161 * Docstrings are now provided for almost every method and function. |
| 162 * Issue #30: command help strings quality improved by adding command |
| 163 syntaxes. |
| 164 * Issue #31: a compact list of recognized commands is now provided on HELP. |
| 165 * Issue #32: we now provide a detailed error message on connection and file |
| 166 system errors. |
| 167 * Issue #38: anonymous user write access can now be optionally granted. |
| 168 |
| 169 Test suite enhancements: |
| 170 |
| 171 * File creation/removal moved into setUp and tearDown methods to avoid leaving |
| 172 behind orphaned temporary files in the event of a test suite failure. |
| 173 * Issue #7: added tests for a new USER provided while already |
| 174 authenticated. |
| 175 * Issue #7: added tests for REIN while a transfer is in progress. |
| 176 * Issue #28: added tests for ABOR command. |
| 177 |
| 178 Bugfixes: |
| 179 |
| 180 * Issue #4: socket's "reuse_address" feature was used after the socket's |
| 181 binding. |
| 182 * Issue #9: corrected path traversal vulnerability affecting file-system path |
| 183 translations. |
| 184 * Issue #14: a wrong response code was returned on CDUP. |
| 185 * Issue #17: reject SIZE if pathname is a directory. |
| 186 * Issue #18: a wrong ABOR response code type was returned. |
| 187 * Issue #19: watch for STOU preceded by REST which makes no sense. |
| 188 * Issue #20: "attempted login" counter wasn't incremented on wrong username. |
| 189 * Issue #21: STAT wasn't permitted if user wasn't authenticated yet. |
| 190 * Issue #22: corrected memory leaks occurring on KeyboardInterrupt/SIGTERM. |
| 191 * Issue #23: PASS wasn't rejected when user was already authenticated. |
| 192 * Issue #24: can't use os.strerror() on pythonCE. |
| 193 * Issue #24: problem occurred on Windows when using '\\' as user's home |
| 194 directory. |
| 195 * Issue #26: used select() by default instead of poll() because of an asyncore |
| 196 module's defect. |
| 197 * Issue #33: some FTPHandler class attributes wasn't resetted on REIN. |
| 198 * Issue #35: watch for APPE preceded by REST which makes no sense. |
| 199 |
| 200 |
| 201 Version: 0.1.1 - Date: 2007-03-27 |
| 202 ---------------------------------- |
| 203 |
| 204 * Port selection on PASV command has been randomized to prevent a remote user |
| 205 to know how many data connections are in progress on the server. |
| 206 * Fixed bug in demo/unix_ftpd.py script (reported by Roger Erens). |
| 207 * Little modification to add_anonymous method of dummy_authorizer class. |
| 208 * ftp_server.serve_forever automatically re-use address if current system is |
| 209 unix. |
| 210 * License changed into a MIT style one. |
| 211 |
| 212 |
| 213 Version: 0.1.0 - Date: 2007-02-26 |
| 214 ---------------------------------- |
| 215 |
| 216 * First proof of concept beta release. |
OLD | NEW |