Differences
This shows you the differences between the selected revisions of the page.
| history 2026-03-24 | history 2026-06-15 16:07 (current) | ||
| Line 3: | Line 3: | ||
| This is a full list of changes for each release of WinSCP. See also [[project_history|Project history]] and [[incompatible_changes|Incompatible changes between versions]]. | This is a full list of changes for each release of WinSCP. See also [[project_history|Project history]] and [[incompatible_changes|Incompatible changes between versions]]. | ||
| - | ===== [[6.6.1]] 6.6.1 (not released yet) ((2026-03-24)) ===== | + | ===== [[6.6.2]] 6.6.2 (not released yet) ((2026-06-15)) ===== |
| + | |||
| + | * Experimental 64-bit version of WinSCP. [[bug>618]] | ||
| + | * Optionally not showing error message when connection is lost while idle. [[bug>2360]] | ||
| + | * SSH core and SSH private key tools (PuTTYgen and Pageant) upgraded to [[&url(puttychanges)|PuTTY 0.84]]. \\ It brings the following change: | ||
| + | * Security issue: fixed a remotely triggerable double-free in RSA key exchange. [[pbug>rsakex-double-free]] | ||
| + | * Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. [[pbug>ecdsa-remotely-triggerable-assertion]] | ||
| + | * Bug fix: spurious //"Network error: Socket is not connected"// when authenticating to some HTTP proxies. [[pbug>http-proxy-auth-wsaenotconn]] | ||
| + | * TLS/SSL core upgraded to OpenSSL 3.5.7. | ||
| + | * XML parser upgraded to Expat 2.8.1. | ||
| + | * Restored faster C TLS/SSL AES implementation. | ||
| + | * Configurable warning when opening large file in an internal editor. [[bug>2437]] | ||
| + | * Informing that when preserving directory timestamps is enabled, using multiple connections for transfer is not possible. [[bug>2439]] | ||
| + | * Warning when pasting a session URL with unsafe settings. | ||
| + | * When opening session in PuTTY to a host for which WinSCP has multiple host keys cached, using the last key or the key that PuTTY has cached. [[bug>2440]] | ||
| + | * Always (re)registering drag&drop shell extension during installation, even when the extension is not replaced. | ||
| + | * Allowed Console interface tool to have ''.exe'' extension to avoid false positive detections by some antiviruses. [[bug>2434]] | ||
| + | * Using //"username"// and //"hostname"// as one word. | ||
| + | * Reading all system settings from 64-bit registry. | ||
| + | * Allow assigning ''null'' to ''Session.SessionLogPath''. [[bug>2438]] | ||
| + | * Avoiding using ''SSH_FXF_EXCL'' together with ''SSH_FXF_TRUNC'' SFTP file opening flags. [[bug>2444]] | ||
| + | * Optimized file system monitoring when looking for dummy directory during drag&drop downloads. [[bug>2445]] | ||
| + | * Change: Not allowing WebDAV redirects to other hosts by default. [[bug>2447]] | ||
| + | * Change: Not allowing WebDAV redirects to an unencrypted URL by default. [[bug>2448]] | ||
| + | * Bug fix: Failure when trying to connect via HTTP proxy to FTP host with excessively long login details. [[bug>2435]] | ||
| + | * Bug fix: Buffer overflow in Console interface tool. [[bug>2436]] | ||
| + | * Bug fix: Failure setting ''Session.DebugLogPath'' when running in impersonated context. [[bug>2441]] | ||
| + | * Bug fix: Message boxes from secondary windows (like the internal editor) caused application to move to the background when when the main window was minimized. [[bug>2443]] | ||
| + | * Bug fix: Heap over-read via crafted encrypted filename. [[bug>2449]] | ||
| + | * Bug fix: Slashes in filenames can cause path traversal when invalid filename characters replacement is disabled. [[bug>2450]] | ||
| + | |||
| + | ===== [[6.6.1]] 6.6.1 beta ((2026-04-01)) ===== | ||
| * Support for OpenSSH ssh-agent. [[bug>1682]] | * Support for OpenSSH ssh-agent. [[bug>1682]] | ||
| * Optionally connecting all workspace/folder sessions immediately. [[bug>1026]] | * Optionally connecting all workspace/folder sessions immediately. [[bug>1026]] | ||
| - | * ''Ctrl+C'' works in list views on 'Server and protocol information'. | + | * Preserving panel scroll position after rename. [[bug>2425]] |
| + | ··* ''Ctrl+C'' works in list views on 'Server and protocol information' dialog. | ||
| * Preventing moving or copying a file or folder over ancestor folder with the same name. [[bug>2427]] | * Preventing moving or copying a file or folder over ancestor folder with the same name. [[bug>2427]] | ||
| * WebDAV/HTTP core upgraded to neon 0.37.1. | * WebDAV/HTTP core upgraded to neon 0.37.1. | ||
| + | * XML parser upgraded to Expat 2.7.5. | ||
| * Bug fix: Some menus were not working on displays to the left or above the primary display. [[bug>2423]] | * Bug fix: Some menus were not working on displays to the left or above the primary display. [[bug>2423]] | ||
| * Bug fix: Mouse wheel downwards scrolling did not work on toolbar drop down lists. | * Bug fix: Mouse wheel downwards scrolling did not work on toolbar drop down lists. | ||
| Line 21: | Line 54: | ||
| * Bug fix: Checking if edited/opened file was modified externally didn't work for inactive sessions. [[bug>2426]] | * Bug fix: Checking if edited/opened file was modified externally didn't work for inactive sessions. [[bug>2426]] | ||
| * Bug fix: Wrapped settings values from Raw Site Settings dialog were not preserved. | * Bug fix: Wrapped settings values from Raw Site Settings dialog were not preserved. | ||
| - | * Bug fix: Some files modified by local custom command in SCP session fails to upload back. [[bug>2428]] | + | * Bug fix: Some files modified by local custom command in SCP session fail to upload back. [[bug>2428]] |
| * Bug fix: Whole //Key exchange// page was incorrectly hidden when //"Handles SSH key re-exchange badly"// bug was enabled. | * Bug fix: Whole //Key exchange// page was incorrectly hidden when //"Handles SSH key re-exchange badly"// bug was enabled. | ||
| * Bug fix: Some message boxes leak GDI handle. [[bug>2430]] | * Bug fix: Some message boxes leak GDI handle. [[bug>2430]] | ||
| + | * Bug fix: Login dialog leaks GDI handles. [[bug>2431]] | ||
| ===== [[6.6]] 6.6 beta ((2026-02-02)) ===== | ===== [[6.6]] 6.6 beta ((2026-02-02)) ===== | ||
| Line 44: | Line 78: | ||
| * TLS/SSL core upgraded to OpenSSL 3.5.5. | * TLS/SSL core upgraded to OpenSSL 3.5.5. | ||
| * WebDAV/HTTP core upgraded to neon 0.36.0. | * WebDAV/HTTP core upgraded to neon 0.36.0. | ||
| - | * XML parser upgraded to Expat 2.7.5. | + | * XML parser upgraded to Expat 2.7.4. |
| * Installer upgraded to Inno Setup 6.7.0 with dark mode support enabled. | * Installer upgraded to Inno Setup 6.7.0 with dark mode support enabled. | ||
| * Increased WinSCP memory limit to 4 GB. [[bug>2412]] | * Increased WinSCP memory limit to 4 GB. [[bug>2412]] | ||
| Line 88: | Line 122: | ||
| * Bug fix: Pasting cut files from the clipboard into a local panel copies them instead of moving them. [[bug>2400]] | * Bug fix: Pasting cut files from the clipboard into a local panel copies them instead of moving them. [[bug>2400]] | ||
| * Bug fix: Some edits did not save their value to history when submitting with ''Enter''. | * Bug fix: Some edits did not save their value to history when submitting with ''Enter''. | ||
| - | * Bug fix: Too long edit history dropdown can overflow monitor bounds. | + | * Bug fix: Too long edit history dropdown can overflow monitor bounds. [[bug>2432]] |
| * Bug fix: Message box texts and some control labels are not visible to screen readers. [[bug>2413]] | * Bug fix: Message box texts and some control labels are not visible to screen readers. [[bug>2413]] | ||
| * Bug fix: Failure when clicking tab close button while the session is already being closed. [[bug>2416]] | * Bug fix: Failure when clicking tab close button while the session is already being closed. [[bug>2416]] | ||
| - | ===== [[6.5.6]] 6.5.6 (not released yet) ((2026-03-18)) ===== | + | ===== [[6.5.7]] 6.5.7 (not released yet) ((2026-06-12)) ===== |
| + | |||
| + | * Translations completed: Croatian, Finnish, Georgian, Italian and Serbian. | ||
| + | * TLS/SSL core upgraded to OpenSSL 3.3.7. | ||
| + | * Back-propagated fixes from 6.6.2 beta release: | ||
| + | * Bug fix: Failure setting ''Session.DebugLogPath'' when running in impersonated context. [[bug>2441]] | ||
| + | * Security issue: fixed a remotely triggerable double-free in RSA key exchange. [[pbug>rsakex-double-free]] | ||
| + | * Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. [[pbug>ecdsa-remotely-triggerable-assertion]] | ||
| + | * Bug fix: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. CVE-2026-45447 fix from OpenSSL 3.4.6. | ||
| + | |||
| + | ===== [[6.5.6]] 6.5.6 ((2026-03-25)) ===== | ||
| * Translations completed: Macedonian, and updated: Lithuanian, and Russian. | * Translations completed: Macedonian, and updated: Lithuanian, and Russian. | ||
| * TLS/SSL core upgraded to OpenSSL 3.3.6. | * TLS/SSL core upgraded to OpenSSL 3.3.6. | ||
| - | * Back-propagated improvement from 6.6–6.6.1 beta release: | + | * Back-propagated improvements from 6.6–6.6.1 beta release: |
| * New DigiCert EV code signing certificate valid until March 2029 is used for signing binaries. | * New DigiCert EV code signing certificate valid until March 2029 is used for signing binaries. | ||
| * XML parser upgraded to Expat 2.7.5. | * XML parser upgraded to Expat 2.7.5. | ||
| Line 169: | Line 213: | ||
| * Translations completed: Belarusian, Brazilian Portuguese, Catalan, Czech, Dutch, Finnish, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese, Romanian, Russian, Simplified Chinese, Slovak, Spanish, Swedish, Tamil, Traditional Chinese and Turkish; updated: Norwegian; and started: Georgian. | * Translations completed: Belarusian, Brazilian Portuguese, Catalan, Czech, Dutch, Finnish, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese, Romanian, Russian, Simplified Chinese, Slovak, Spanish, Swedish, Tamil, Traditional Chinese and Turkish; updated: Norwegian; and started: Georgian. | ||
| * SSH core and SSH private key tools (PuTTYgen and Pageant) upgraded to [[&url(puttychanges)|PuTTY 0.83]]. \\ It brings the following change: | * SSH core and SSH private key tools (PuTTYgen and Pageant) upgraded to [[&url(puttychanges)|PuTTY 0.83]]. \\ It brings the following change: | ||
| - | * Bug fix: crash in Pageant if an SSH connection is abandoned while waiting for a deferred decryption passphrase. | + | * Bug fix: crash in Pageant if an SSH connection is abandoned while waiting for a deferred decryption passphrase. [[pbug>pageant-aborted-decrypt-crash]] |
| * TLS/SSL core upgraded to OpenSSL 3.3.3. | * TLS/SSL core upgraded to OpenSSL 3.3.3. | ||
| * Installer upgraded to Inno Setup 6.4.1. | * Installer upgraded to Inno Setup 6.4.1. | ||
| Line 300: | Line 344: | ||
| * Bug fix: Caption of permissions group labels disappears when hovered over on Windows 11. | * Bug fix: Caption of permissions group labels disappears when hovered over on Windows 11. | ||
| - | ===== [[6.3.8]] 6.3.8 (not released yet) ((2025-10-31)) ===== | + | (*===== [[6.3.9]] 6.3.9 (hotfix) ((2026-06-01)) =====*) |
| + | (**) | ||
| + | (* * Back-propagated fix from 6.6.2 beta release:*) | ||
| + | (* * Security issue: fixed a remotely triggerable double-free in RSA key exchange. [[pbug>rsakex-double-free]]*) | ||
| + | (* * Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. [[pbug>ecdsa-remotely-triggerable-assertion]]*) | ||
| + | (**) | ||
| + | ===== [[6.3.8]] 6.3.8 (hotfix) ((2026-04-08)) ===== | ||
| * TLS/SSL core upgraded to OpenSSL 3.2.6. | * TLS/SSL core upgraded to OpenSSL 3.2.6. | ||
| - | * Back-propagated fixes from 6.4.3–6.5.5 releases: | + | * Back-propagated fixes from 6.4.3–6.5.6 releases: |
| + | * New DigiCert EV code signing certificate valid until March 2029 is used for signing binaries. | ||
| * Change: Skipping symlinks in //Search for Text// extension. [[bug>2365]] | * Change: Skipping symlinks in //Search for Text// extension. [[bug>2365]] | ||
| - | * XML parser upgraded to Expat 2.7.3. | + | * XML parser upgraded to Expat 2.7.5. |
| * Bug fix: Local directories sometimes cannot be deleted. [[bug>2380]] | * Bug fix: Local directories sometimes cannot be deleted. [[bug>2380]] | ||
| * Bug fix: Failure or silently missing headers when when S3 request headers were too long. | * Bug fix: Failure or silently missing headers when when S3 request headers were too long. | ||
| * Bug fix: Incorrect hostname validation when connecting to S3 endpoint with certificate that does not cover root S3 hostname. [[bug>2409]] | * Bug fix: Incorrect hostname validation when connecting to S3 endpoint with certificate that does not cover root S3 hostname. [[bug>2409]] | ||
| - | |||
| - | ===== [[6.3.7]] 6.3.7 ((2025-02-20)) ===== | ||
| - | |||
| - | * Translation completed: Belarusian. | ||
| - | * TLS/SSL core upgraded to OpenSSL 3.2.4. | ||
| - | * Back-propagated fixes and improvements from upcoming 6.4.2 beta release: | ||
| - | * Added new ''ap-southeast-7'' and ''mx-central-1'' AWS regions. | ||
| - | * Bug fix: Failure when opening two SSH sessions at the same time. [[bug>2334]] | ||
| - | * Bug fix: Tunneled session password is not remembered. [[bug>2335]] | ||
| - | * Bug fix: Stray ''set'' command in source code package build script. [[bug>2340]] | ||
| - | * Bug fix: Source code package build script exits parent ''cmd'' console on error. [[bug>2341]] | ||
| [[history_old|Older versions]] | [[history_old|Older versions]] | ||
| ~~NOTOC~~ | ~~NOTOC~~ | ||
| ~~ARCHIVE=history_old~~ | ~~ARCHIVE=history_old~~ | ||