forked from AgNO3/jcifs-ng
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG.txt
126 lines (114 loc) · 6.46 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
jcifs-ng 2.1.0
- Basic SMB 3.0 support (signing)
- Enable SMB2 support by default. Protocol versions to enable/disable
are now controlled by jcifs.smb.client.minVersion/maxVersion.
- Support for session reauthentication (#21)
- Android compat by removing JGSS dependency when unneeded (#20)
- Send SPNEGO wrapped NTLMSSP tokens, old behavor can be restored
by setting jcifs.smb.useRawNTLM=true
- Support for SPNEGO and NTLM integrity (mechListMIC, NTLM MIC),
checks can be disabled with jcifs.smb.client.disableSpnegoIntegrity
or enforced generally jcifs.smb.client.enforceSpnegoIntegrity
- Disable jcifs.smb.client.ignoreCopyToException by default.
jcifs-ng 2.0.7
- Clear attribute cache after rename operation (#69)
- Fix possible deadlock in tree handling (#72)
- Fix NPE when checking status of disconnected SmbTransport (#85)
- Fix hiding of internal shares (#87)
Big thanks to Shon Vella:
- Fix SmbFile.getDfsPath() retuing "null/" (#86)
- Fix parsing of response messages for certain exceptional status codes (#92)
- Add missing Pipe available() SMB2 implementation (#92)
jcifs-ng 2.0.6
- [SECURITY] Properly throws exceptions from SmbTransportPool.logon (#68)
- Only enforce signing for DFS IPC when signing is enabled
- Fix SMB2_NEGOTIATE_SIGNING_REQUIRED value resulting in wrong
signing negotation (probably still incomplete)
- Don't send selectedMech in SPNEGO follow ups
- Ignore missing signatures on final SessionSetup response (#57)
- Fix "invalid null Subject provided" when using a JAAS config file (#52)
- Allow tid = 0 for SMB1 (#63)
- Use hostname in share enumeration when using kerberos authentication (#62)
- Don't add duplicate trailing slash in Trans2FindFirst2 (#61)
jcifs-ng 2.0.5
- Fix path canonicalization when constructing share URLs, retain traling slash (#41)
- Fix SmbRandomAccessFile.readFully advancing the file pointer twice (#42)
- Add DFS excemption for IPC$ share, working around servers (NetApp) settings
wrong share flags (#35).
- Fix infinite loop when resolving SIDs (#34)
- Some javadoc fixes (Thanks to Urs Joss)
- Properly reset original path for retries, fixing NPE with nested DFS links
(#24)
- Fix possible NPE when an invalid smb: URL is supplied (#30)
- Fix waiting for SmbComTransaction responses, fixing various race conditions
(#33)
- Handle 2.02 dialect correctly in SMB2 negotitation (#26)
jcifs-ng 2.0.4
- [SECURITY] Do not leak NTLM session keys
- Fix file enumeration when entry count exceeds listCount (SMB1, #16)
- Fix legacy server enumeration (#22)
- Deprecate legacy server enumeration, throw SmbUnsupportedOperation
when unavailable.
- Allow singleton initialization with custom properties (#19)
- Don't include trailing slash in Create requests.
jcifs-ng 2.0.3
- Fix possible "Message size exceeds maximum buffer size" exceptions
by properly accounting for buffer padding (#15)
jcifs-ng 2.0.2
- Fix grave memory leak, messages not being removed from response_map (#14)
jcifs-ng 2.0.1
- Fix possible SmbRandomAccessFile read corruption when output buffer size
greater than read size.
- Fix SmbRandomAccessFile access flags, causing AccessDenied
- Add designated SmbEndOfFileException exception
- Don't throw exception when enumerations don't return any result
- Add a replacing renameTo operation (SMB2 only)
jcifs-ng 2.0.0
- Add SMB2 support (2.02 protocol level), optional for now (jcifs.smb.client.enableSMB2)
- Some work on the DFS code, improving efficiency and fixing some bugs.
- Honor CIFS request multiplexing limits
- Improved multi-address retry logic (prefer a working connection over a broken one)
- Further refactoring, some more tests
- Server-side copy support (SMB2 only)
- Fix busy looping of disconnected transports.
- Cancel notify requests using cancel command (so that it properly works with samba, too)
jcifs-ng 1.6.0 (unreleased)
- Completely overhaul the way SMB resources are used
- Idle disconnects will no longer break active resources (by default this means file descriptors), that behavior induced
a wide range of potential bugs, including broken file locks and race conditions resulting in SMB errors.
- File descriptors are no longer magically shared through SmbFile.
- Every occasion where a file descriptor is used now returns a handle object controlling it's lifetime.
- An optional mode (jcifs.smb.client.strictResourceLifecycle=true) to also prevent disconnecting trees that are still in use.
- Refactoring of SmbFile breaking it up into smaller parts with clearer responsibilities.
- Further refactoring for clean API/implementation split.
- Do not retry requests when there is no way they ever could succeed.
- Increased test coverage, fix some issues with legacy connections found through that.
- Change logging to use SLF4J facade
- Copy operations now use SmbFileInput/OutputStream and therefor can use LargeX
- Streaming enumeration operations
jcifs-ng 1.5.3
- Fix thread leak when establishing a connection fails
- Add mitigation against idle timeout issues that cause serious bugs in some usage scenarios:
- Session timeout can be configured (jcifs.smb.client.sessionTimeout, in ms) setting it to 0 disables session timeout
- Transport idle timeouts can be disabled (jcifs.smb.client.noIdleTimeout=true)
- Fix bug that exclusive transport connections could be reused.
jcifs-ng 1.5.2
- Fix SmbFile(String) constructor to allow passing credentials in URL.
- Mark already deprecated NTLM filter/servlets @Deprecated
- Fix some porting errors in NtlmHttpURLConnection, pass through a couple of
more HttpURLConnection settings.
- Mark NtlmHttpURLConnection @Deprecated for it's inherent design and security
issues. Add a warning to the documentation.
jcifs-ng 1.5.1
- Fix bundle manifest errors
- Dont wait for response timeout when the transport connection is closed.
- Fallback to secondary port on any IOException during negotiation.
- Fix NTLMSSP anonymous auth, by default use Extended Security for everything.
- Fix SPNEGO NTLM fallback, add option to disable (jcifs.smb.allowNTLMFallback)
- Yet anther signing sequence fix.
- Work-around DFS+kerberos problems, add option to heuristically convert NetBIOS names to FQDN (set jcifs.smb.client.dfs.convertToFQDN=true to enable)
- Properly fix domain referrals. Cache DC referrals.
- Some more reliability with random disconnects.
- Security hardening:
- enforce SMB signing by default for IPC connections, relates to CVE-2016-2115 (jcifs.smb.client.ipcSigningEnforced=false to disable)
- Allow enforcement of Extended Security (SPNEGO) (jcifs.smb.client.forceExtendedSecurity=true to enable)