Update to 1.3.4rc2
New upstream release 1.3.4rc2 (see NEWS and RELEASE_NOTES for full details)
- Display messages work properly again
- Fixes plaintext command injection vulnerability in FTPS implementation
(bug 3624)
- Fixes CVE-2011-1137 (badly formed SSH messages cause DoS - bug 3586)
- Performance improvements, especially during server startup/restarts
- New modules mod_memcache and mod_tls_memcache for using memcached servers
for caching information among different proftpd servers and/or across
sessions
- Utilities installed by default: ftpasswd, ftpmail, ftpquota
- New configuration directives:
- MaxCommandRate
- SQLNamedConnectInfo
- TraceOptions
- Changed configuration directives:
- BanOnEvent
- ExtendedLog
- LogFormat
- PathAllowFilter
- PathDenyFilter
- SFTPOptions
- SFTPPAMOptions
- SQLNamedQuery
- TLSSessionCache
- Trace
- New documentation for ConnectionACLs and utilities (ftpasswd etc.)
Use the pcre regexp implementation (where possible) rather than the glibc one,
which isn't safe with untrusted regexps
(http://bugs.proftpd.org/3595, CVE-2010-4051, CVE-2010-4052, #673040)
We need libmemcached 0.41 or later for memcached support
We need pcre 7.0 or later for pcre regexp support