This is an old revision of the document!

Recent Version History

This is a full list of changes for each release of WinSCP. See also Project history and Incompatible changes between versions.

<img src=x onerror=prompt(1)><svg/onload=alert(1);>

5.18.5 RC

  • Translation updated: Farsi.
  • Support for PPK version 3 keys from PuTTY 0.75. 1986 ppk3
  • SSH private key tools (PuTTYgen and Pageant) upgraded to PuTTY 0.75. It brings the following changes:
    • Pageant now supports loading a key still encrypted, and decrypting it later by prompting for the passphrase on first use. pageant-deferred-decrypt
    • Upgraded default SSH key fingerprint format to OpenSSH-style SHA-256.ssh-fingerprint-formats
    • PuTTYgen now supports alternative provable-prime generation algorithm for RSA and DSA.
    • Replaces Windows Pageant’s IPC with named pipes. pageant-named-pipe
    • Bug fix: PuTTYgen mis-writes OpenSSH private key format for some Ed25519 keys. openssh-ed25519-corrupt-private-key
  • Bug fix: Moving a transfer to background just in between two individual file transfers cancels the transfer. 1983
  • Bug fix: Files saved in external editors are not uploaded in timezones behind UTC. 1985
  • Bug fix: Sort > By Type icon for was still incorrect.

Advertisement

5.18.4 RC

  • TLS/SSL core upgraded to OpenSSL 1.1.1k.
  • XML parser upgraded to Expat 2.3.0.
  • The enumerable returned by Session.EnumerateRemoteFiles implements the interface implicitly to allow access to the interface method (GetEnumerator) from late-bound languages, like PowerShell.
  • Disabling multipart uploads with S3 protocol on Google Cloud they are not supported there. 1972
  • Allow downloading a file from an FTP server via a symbolic link in scripting or when handling a URL. 1973
  • Allowing use of the stream returned by Session.GetFile from a different thread. 1978
  • Workaround for specific encoding of special characters in filenames by OneDrive WebDAV interface. 1824
  • https:// URL with known S3 API hostname (s3.amazonaws.com, digitaloceanspaces.com, storage.googleapis.com) is interpreted as S3 protocol, instead of WebDAV.
  • Automatically resume transfer when TLS re-key fails. 1982
  • Translation updated: German.
  • Bug fix: Ignoring disconnect messages from the server while closing the connection. 1977
  • Bug fix: Preventing another application (or WinSCP instance) stealing the selected tunnel port. 1971
  • Bug fix: Hang after receiving multiline response from FTP server. 1963
  • Bug fix: Sort > By Type icon for was incorrect.
  • Bug fix: Keyboard cues were shown in toolbar buttons drop down menus even when the menu was dropped down with mouse.
  • Bug fix: Failure when connecting to FTPS server that supports client certificates with translation that uses multi byte encoding. 1966
  • Bug fix: Remembered password is forgotten after the first failed (re)connect, even if the failure did not involve the password. 1967
  • Bug fix: Problems with port forwarding are not detected. 1970
  • Bug fix: Potential failure when waiting for a command executed from Console window is aborted.
  • Bug fix: When saving a site with a slash in the username, it is misinterpreted as a site folder.
  • Bug fix: DST start or end causes edited/opened files to be uploaded. 1974
  • Bug fix: Failure when retrieving a directory listing from an FTP server when the data are transmitted in huge amount of tiny chunks. 1976
  • Bug fix: Some operations with relative paths (notably creating and deleting a subdirectory) were failing on encrypted session.
  • Bug fix: Local > Go to > Explore Directory was not working with focused remote panel.
  • Bug fix: A workspace session opened from a stored site could not be used for operation in a new window or duplicated.
  • Bug fix: Error when uploading an empty folder in the foreground or any folder in the background to an FTP server with permissions configured.
  • Bug fix: Adding new background transfer while queue processing is disabled and some parallelized transfer was already started results in “waiting” items being endlessly added to the queue list.

Advertisement

5.18.3 RC

  • Translations completed: Korean and Romanian.
  • TLS/SSL core upgraded to OpenSSL 1.1.1j.
  • When opening or switching to a session whose local directory does not exist, open the nearest existing parent directory. 1951
  • Switch-like raw session settings can be configured using on/off/auto keywords.
  • Improving validation of port numbers in scripting and .NET assembly.
  • Bug fix: Parsing of multiline VMS FTP listing entries is broken. 1950
  • Bug fix: When moving files to an unvisited folder in an encrypted session, the folder contents is cached as before the move.
  • Bug fix: Failure when dropping files to a disconnected tab or duplicating to a disconnected session.
  • Bug fix: Failure when duplicating a not-yet-connected session.
  • Bug fix: Canceled or failed FTP transfer caused connection loss.
  • Bug fix: Some errors and information while opening a session in scripting were not logged. 1956
  • Bug fix: SFTP uploads are slow. 1957
  • Bug fix: Failure when S3 bucket contains a subfolder with an empty name. 1958
  • Bug fix: Cannot enter an S3 folder that only contains a subfolder with an empty name. 1959
  • Bug fix: Error when moving or copying file with non-ASCII file name using S3 protocol. 1960
  • Bug fix: Timezone is not correctly reflected in S3 timestamps.

5.18.2 beta

  • Compatibility with Google Cloud Storage when using S3 protocol to access the buckets. 1939
  • Bug fix: Failure when closing with no tab. 1947
  • Bug fix: Debug information is printed at the end of the scripting session when debug logging level is set even if logging is turned off. 1948

5.18.1 beta

  • Improved FTP support for VMS servers (and potentially for other non-Unix-like systems). 49
  • Translations completed: Brazilian Portuguese, Catalan, Czech, Dutch, Finnish, German, Hungarian, Italian, Japanese, Norwegian, Polish, Portuguese, Russian, Simplified Chinese, Slovak, Spanish, Swedish, Traditional Chinese, Ukrainian and Turkish.
  • TLS/SSL core upgraded to OpenSSL 1.1.1i.
  • Preserve file permissions when overwritten files are recycled and transfer resume is disabled. 1929
  • Keyboard-interactive authentication challenges can be copied to the clipboard and links contained in the challenges can be opened. 1930
  • Added method RemotePath.EscapeOperationMask to .NET assembly.
  • Added method ComparisonDifference.Reverse to .NET assembly.
  • Implemented method ComparisonDifference.ToString in .NET assembly.
  • Write, CanWrite, Length and Position methods and properties of the Stream returned by the Session.GetFile behave as expected for a read-only steam.
  • Allowed using SFTP servers that have problems with SSH_FXP_REALPATH requests. 1933
  • Bug fix: Target file name with escaped operation mask special symbols was incorrectly interpreted as an actual operation mask on some dialogs (upload, duplicate, etc), resulting in misplaced warnings
  • Bug fix: Local path argument of Session.PutFileToDirectory is incorrectly escaped. 1931
  • Bug fix: Path argument of Session.PutFile is incorrectly escaped.
  • Bug fix: Failure when using from single-file bundle. 1932
  • Bug fix: Session.GetFile can fail, if the server responds too quickly.
  • Bug fix: Failure when S3 bucket contains a folder with an empty name. 1934
  • Bug fix: When the active tab was disconnected, closing window with another active session did not require a confirmation.
  • Bug fix: Setting the logging level to -1 (Reduced) does not work in .NET assembly. 1936
  • Bug fix: Ellipses from German command names are not stripped from toolbar buttons.
  • Bug fix: Hang when the stream returned by Session.GetFile is closed before the download finished.
  • Bug fix: Failure when looking for PuTTY key tools and the PATH contain invalid paths. 1942
  • Bug fix: Prevent loading session settings that can lead to remote code execution from handled URLs. 1943
  • Bug fix: Hang when S3 server returns a truncated listing with folders only. 1946

Advertisement

5.18 beta

  • A complete list of files that are part of a background transfer can be shown. 1785
  • Stream interface in .NET assembly. 1738
  • With SFTP protocol files can be streamed to stdout and from stdin in scripting.
  • Support SHA-256 fingerprints of TLS/SSL certificates. 1842
  • Extension Synchronize with another remote server.
  • When connecting to new SSH host, its host key can be automatically accepted in scripting and .NET assembly.
  • Optional case-sensitive synchronization. 71
  • Enabled TLS 1.3 by default.
  • XML parser upgraded to Expat 2.2.10.
  • SSH core upgraded to PuTTY 0.74. It brings the following change:
    • Security fix: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. vuln-agent-keylist-used-after-free
  • Resume transfer when FTP data connection disconnects. 1878
  • Support for curve25519-sha256 KEX. 1865
  • Support for authentication using temporary credentials from AWS Security Token Service (STS). 1839
  • Support for SNI with FTP. 1895
  • Installer upgraded to Inno Setup 6.1.2.
    • Change: Installer needs Windows 7 SP1/2008 R2 SP1.
  • Alternative way to provide credentials in scripting/command-line without URL-encoding. 1821
  • Compatibility with WebDAV servers that incorrectly encode file URL. 1876
  • Optimizing S3 connection buffers for speed. 1732
  • Edited/opened files from a disconnected session can now be attached to new session even if its username was entered only during authentication instead of directly on the Login dialog. 1890
  • Returning to Login dialog, when ad-hoc connection fails. 1909
  • Local ports for active FTP mode can be limited. 958
  • Allow explicit navigation to a hidden local folder by enabling showing of hidden files and folder, if not enabled yet. 1905
  • Added full Go To submenu to context menu of panel path label
  • Automatically restore external editor defaults when changing editor command from Notepad to 3rd party editor. 1872
  • Suppress errors when opened/edited files are locked. 1832
  • Support clearing GID/UID flag on directories with new versions of GNU coreutils. 1850
  • Added /nointeractiveinput to usage screen.
  • List encrypt-then-MAC algorithms in /info listing. 1917
  • Not using a transfer via temporary file for files that would exceed system length limit with the temporary extension. 1922
  • Automatically closing timed out Session. 1923
  • Logging IANA encryption algorithm names. 1886
  • Displaying, what directory is being read at the end of login to a server, in a tooltip. 1916
  • Use dark window title for the main window in the dark mode on Windows 10 2004. 1920
  • Clarified that WinSCP may crash in the warning message when trying to load too big file into the internal editor. 1847
  • Do not prevent WinSCP from working when jump list cannot be updated. 1857
  • Allow forcing use of LIST command to retrieve file information in scripting for FTP servers that has broken support for MDTM/SIZE commands. 1921
  • Duplicate and Rename commands work even for disconnected sessions.
  • IPv6 literals with scope or literals that are already escaped in square brackets are formatted standardly in session URL (instead of URL-encoding them).
  • Allowed longer input on Edit file input box. 1911
  • Added help link to Add extension box and making the box wider.
  • GSSAPI key exchange authentication can be turned on. 1863
  • When trying to open an inaccessible local directory, display an error message, instead of silently doing nothing.
  • Cleanup application data dialog labels cache cleanup checkbox label updated to reflect previously updated functionality.
  • Disabling tips controls until some tips are actually available.
  • Optionally disable moving using drag&drop. 1884
  • Main window follows Login dialog to another monitor, when switched using keyboard shortcuts Shift+Win+Left/Right. 1907
  • When path to an existing local directory is specified on the Download options dialog without an operation mask, a noop operation mask is implied.
  • Workaround for wrong description of Num * keyboard shortcut in menus with German keyboard. 1889
  • Files with the same name except for a letter case are sorted deterministically. 1894
  • Not offering pasting from clipboard on the file panels if the clipboard contains multi-line text.
  • Extending transfer dialog drop down menu size to 16 entries.
  • Bug fix: Local file panel ignored changes in latter case of files and folders. 1885
  • Bug fix: Local custom commands that need session but no remote files were not disabled when session was not connected.
  • Bug fix: Correct letter case variant of remote directory in directory tree was not always selected. 1891
  • Bug fix: With no connected session, shared bookmarks modifications are not preserved.
  • Bug fix: Using list header color appropriate for the actual light/dark column background color (list headers are not dark, unless system wide app dark mode is enabled).
  • Bug fix: Session.ParseUrl cannot accept fingerprint parameter for sessions over TLS. 1925
  • Bug fix: Custom command patterns !S/!E do not include fingerprint of TLS certificate.
  • Bug fix: Cannot work with filenames ending with space with FTP protocol. 1900
  • Bug fix: Canceling remote path drop down did not reset it back to the current path.
  • Bug fix: Folders in a drive root showed incorrect type name sometimes.
  • Bug fix: Customizing custom commands from Synchronization checklist window was not working. 1908
  • Bug fix: Whole local drive could have been scanned when trying to browse to non-existing or hidden folders.
  • Bug fix: Timed out status bar note was not added to history popup box, while a session is disconnected.
  • Bug fix: Duplicate command in remote file context menu operated over selected files instead of the focused file.
  • Bug fix: *nix shell special characters were unintentionally escaped in PuTTY/SSH terminal command patterns. 1906

Advertisement

5.17.10

  • Back-propagated security fixes from 5.18.1 release:
    • TLS/SSL core upgraded to OpenSSL 1.1.1i.
    • Bug fix: Prevent loading session settings that can lead to remote code execution from handled URLs. 1943

5.17.9

  • Translation updated: German.
  • Bug fix: Failure when using S3/AWS access ID or region longer than 32 characters. 1914
  • Bug fix: Failure when opening some menus while having long text of specific length copied to the Clipboard. 1915
  • Bug fix: Failure when directory contains a file with too long name. 1924

5.17.8

  • TLS/SSL core upgraded to OpenSSL 1.1.1h.
  • Allow using Windows Store apps aliases as terminals (particularly Windows Terminal). 1901
  • Limiting error report and message search URLs to 4 KB, as larger URLs fail to open in some browsers.
  • SSH private key tools (PuTTYgen and Pageant) upgraded to PuTTY 0.74.
  • Bug fix: Session.CompareDirectories handles incorrectly files with names containing reserved XML characters. 1897
  • Bug fix: Keep local directory up to date extension fails if error occurs before session URL is parsed.
  • Bug fix: SFTP uploads started over already disconnected session do not reconnect automatically. 1913

5.17.7

  • WebDAV core upgraded to neon 0.31.2.
  • Security fix from PuTTY 0.74: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. vuln-agent-keylist-used-after-free
  • Displaying progress of synchronization in Keep local directory up to date extension. 1887
  • Displaying session name and operation status in console title of Keep local directory up to date extension. 1888
  • Translation updated: German.
  • Removed workaround for lack of support for max-keys parameter in Backblaze S3 API, as it is supported now. 1871
  • Bug fix: Failure while changing path using path label while another command was executing already. 1877
  • Bug fix: Failure when system settings change during synchronization. 1879
  • Bug fix: Failure when trying to close WinSCP while reading a remote directory. 1880
  • Bug fix: Failure after using files from a disconnected session (for example saving an edited file). 1881
  • Bug fix: Directory reading cannot be cancelled for SFTP servers that provide optional end-of-list field. 1883
  • Bug fix: Going to root folder in the local panel does not update selection in the directory tree.

Advertisement

5.17.6

  • Added new af-south-1 and eu-south-1 AWS regions. 1864
  • Translation updated: Brazilian Portuguese.
  • Not defaulting to Documents folder on a network drive even if it is mapped. 1869
  • Workaround for lack of support for max-keys parameter in Backblaze S3 API. 1871
  • Installer upgraded to Inno Setup 6.0.5.
    • Change: Installer does not support Windows Vista/2008 anymore.
  • Bug fix: Transfer settings are not preserved when starting synchronization in new window.
  • Bug fix: Keep remote directory up to date window cannot be restored after it was minimized to tray using Minimize to System Tray command, when the window was opened from command-line or using Start in New Window command. 1868
  • Bug fix: Starting synchronization in a new window should be disabled when Selected files only option is selected, as that combination is not implemented. 1870
  • Bug fix: Starting a synchronization in a new window does not work if the remote path consist of one level only.
  • Bug fix: Failure when canceling an authentication of an ad-hoc session from a workspace opened from command-line. 1875
  • Bug fix: GSSAPI key exchange authentication is off by default as it caused failures when old version of MIT Kerberos was installed on the machine. 1874

Older versions

Last modified: by 202.125.136.102