Issue tracker at http://code.google.com/p/pyftpdlib/issues/list


History
=======

Version: 0.5.1 - Date: 2009-01-21
---------------------------------

Enhancements:

 * Issue #79: added two new callback methods to FTPHandler class to handle
   "on_file_sent" and "on_file_received" events.

 * Issue #82: added table of contents in documentation.

 * Issue #92: ASCII transfers are now 200% faster on those systems using
   "\r\n" as line separator (typically Windows).

 * Issue #94: a bigger buffer size for send() and recv() has been set resulting
   in a considerable speedup (about 40% faster) for both incoming and outgoing
   data transfers.

 * Issue #98: added preliminary support for SITE command.

 * Issue #99: a new script implementing FTPS (FTP over TLS/SSL) has been added
   to the demo directory. See:
   http://code.google.com/p/pyftpdlib/source/browse/trunk/demo/tls_ftpd.py

Bugfixes:

 * Issue #78: the idle timeout of passive data connections gets stopped in case
   of rejected "site-to-site" connections.

 * Issue #80: demo/md5_ftpd.py should use hashlib module instead of the
   deprecated md5 module.

 * Issue #81: fixed some tests which were failing on SunOS.

 * Issue #84: fixed a very rare unhandled exception which could occur when
   retrieving the first bytes of a corrupted file.

 * Issue #85: a positive MKD response is supposed to include the name of the
   new directory.

 * Issue #87: SIZE should be rejected when the current TYPE is ASCII.

 * Issue #88: REST should be rejected when the current TYPE is ASCII.

 * Issue #89: "TYPE AN" was erroneously treated as synonym for "TYPE A" when
   "TYPE L7" should have been used instead.

 * Issue #90: an unhandled exception can occur when using MDTM against a file
   modified before year 1900.

 * Issue #91: an unhandled exception can occur in case accept() returns None
   instead of a socket (it happens sometimes).

 * Issue #95: anonymous is now treated as any other case-sensitive user.

API changes since 0.5.0:

 * FTPHandler gained a new "_extra_feats" private attribute.

 * FTPHandler gained two new methods: "on_file_sent" and "on_file_received".


Version: 0.5.0 - Date: 2008-09-20
---------------------------------

Enhancements:

 * Issue #72: pyftpdlib now provides configurable idle timeouts to disconnect
   client after a long time of inactivity.

 * Issue #73: imposed a delay before replying for invalid credentials to
   minimize the risk of brute force password guessing (RFC-1123).

 * Issue #74: it is now possible to define permission exceptions for certain
   directories (e.g. creating a user which does not have write permission except
   for one sub-directory in FTP root).

 * Improved bandwidth throttling capabilities of demo/throttled_ftpd.py script
   by having used the new CallLater class which drastically reduces the number
   of time.time() calls.

Bugfixes:

 * Issue #62: some unit tests were failing on certain dual core machines.

 * Issue #71: socket handles are leaked when a data transfer is in progress and
   user QUITs.

 * Issue #75: orphaned file was left behind in case STOU failed for insufficient
   user permissions.

 * Issue #77: incorrect OOB data management on FreeBSD.

API changes since 0.4.0:

 * FTPHandler, DTPHandler, PassiveDTP and ActiveDTP classes gained a new timeout
   class attribute.

 * DummyAuthorizer class gained a new override_perm method.

 * A new class called CallLater has been added.

 * AbstractedFS.get_stat_dir method has been removed.


Version: 0.4.0 - Date: 2008-05-16
---------------------------------

Enhancements:

 * Issue #65: It is now possible to assume the id of real users when using
   system dependent authorizers.

 * Issue #67: added IPv6 support.

Bugfixes:

 * Issue #64: Issue #when authenticating as anonymous user when using UNIX and
   Windows authorizers.

 * Issue #66: WinNTAuthorizer does not determine the real user home directory.

 * Issue #69: DummyAuthorizer incorrectly uses class attribute instead of
   instance attribute for user_table dictionary.

 * Issue #70: a wrong NOOP response code was given.

API changes since 0.3.0:

 * DummyAuthorizer class has now two new methods: impersonate_user() and
   terminate_impersonation().


Version: 0.3.0 - Date: 2008-01-17
---------------------------------

Enhancements:

 * Issue #42: implemented FEAT command (RFC-2389).

 * Issue #48: real permissions, owner, and group for files on UNIX platforms are
   now provided when processing LIST command.

 * Issue #51: added the new demo/throttled_ftpd.py script.

 * Issue #52: implemented MLST and MLSD commands (RFC-3659).

 * Issue #58: implemented OPTS command (RFC-2389).

 * Issue #59: iterators are now used for calculating requests requiring long
   time to complete (LIST and MLSD commands) drastically increasing the daemon
   scalability when dealing with many connected clients.

 * Issue #61: extended the set of assignable user permissions.

Bugfixes:

 * Issue #41: an unhandled exception occurred on QUIT if user was not yet
   authenticated.

 * Issue #43: hidden the server identifier returned in STAT response.

 * Issue #44: a wrong response code was given on PORT in case of failed
   connection attempt.

 * Issue #45: a wrong response code was given on HELP if the provided argument
   wasn't recognized as valid command.

 * Issue #46: a wrong response code was given on PASV in case of unauthorized
   FXP connection attempt.

 * Issue #47: can't use FTPServer.max_cons option on Python 2.3.

 * Issue #49: a "550 No such file or directory" was returned when LISTing
   a directory containing a broken symbolic link.

 * Issue #50: DTPHandler class did not respect what specified in
   ac_out_buffer_size attribute.

 * Issue #53: received strings having trailing white spaces was erroneously
   stripped.

 * Issue #54: LIST/NLST/STAT outputs are now sorted by file name.

 * Issue #55: path traversal vulnerability in case of symbolic links escaping
   user's home directory.

 * Issue #56: can't rename broken symbolic links.

 * Issue #57: invoking LIST/NLST over a symbolic link which points to a
   direoctory shouldn't list its content.

 * Issue #60: an unhandled IndexError exception error was raised in case of
   certain bad formatted PORT requests.

API changes since 0.2.0:

 * New IteratorProducer and BufferedIteratorProducer classes have been added.

 * DummyAuthorizer class changes:
   * The permissions management has been changed and the set of available
     permissions have been extended (see Issue #61). add_user() method
     now accepts "eladfm" permissions beyond the old "r" and "w".
   * r_perm() and w_perm() methods have been removed.
   * New has_perm() and get_perms() methods have been added.

 * AbstractedFS class changes:
   * normalize() method has been renamed in ftpnorm().
   * translate() method has been renamed in ftp2fs().
   * New methods: fs2ftp(), stat(), lstat(), islink(), realpath(), lexists(),
     validpath().
   * get_list_dir(), get_stat_dir() and format_list() methods now return an
     iterator object instead of a string.
   * format_list() method has a new "ignore_err" keyword argument.

 * global debug() function has been removed.


Version: 0.2.0 - Date: 2007-09-17
---------------------------------

Major enhancements:

 * Issue #5: it is now possible to set a maximum number of connecions and a
   maximum number of connections from the same IP address.

 * Issue #36: added support for FXP site-to-site transfer.

 * Issue #39: added NAT/Firewall support with PASV (passive) mode connections.

 * Issue #40: it is now possible to set a range of ports to use for passive
   connections.

RFC-related enhancements:

 * Issue #6: accept TYPE AN and TYPE L8 as synonyms for TYPE ASCII and TYPE
   Binary.

 * Issue #7: a new USER command can now be entered at any point to begin the
   login sequence again.

 * Issue #10: HELP command arguments are now accepted.

 * Issue #12: 554 error response is now returned on RETR/STOR if RESTart fails.

 * Issue #15: STAT used with an argument now returns directory LISTing over the
   command channel (RFC-959).

Security enhancements:

 * Issue #3: stop buffering when extremely long lines are received over the
   command channel.

 * Issue #11: data connection is now rejected in case a privileged port is
   specified in PORT command.

 * Issue #25: limited the number of attempts to find a unique filename when
   processing STOU command.

Usability enhancements:

 * Provided an overridable attribute to easily set number of maximum login
   attempts before disconnecting.

 * Docstrings are now provided for almost every method and function.

 * Issue #30: HELP response now includes the command syntax.

 * Issue #31: a compact list of recognized commands is now provided on HELP.

 * Issue #32: a detailed error message response is not returned to client in
   case the transfer is interrupted for some unexpected reason.

 * Issue #38: write access can now be optionally granted for anonymous user.

Test suite enhancements:

 * File creation/removal moved into setUp and tearDown methods to avoid leaving
   behind orphaned temporary files in the event of a test suite failure.

 * Issue #7: added test case for USER provided while already authenticated.

 * Issue #7: added test case for REIN while a transfer is in progress.

 * Issue #28: added ABOR tests.

Bugfixes:

 * Issue #4: socket's "reuse_address" feature was used after the socket's
   binding.

 * Issue #8: STOU string response didn't follow RFC-1123 specifications.

 * Issue #9: corrected path traversal vulnerability affecting file-system path
   translations.

 * Issue #14: a wrong response code was returned on CDUP.

 * Issue #17: SIZE is now rejected for not regular files.

 * Issue #18: a wrong ABOR response code type was returned.

 * Issue #19: watch for STOU preceded by REST which makes no sense.

 * Issue #20: "attempted login" counter wasn't incremented on wrong username.

 * Issue #21: STAT wasn't permitted if user wasn't authenticated yet.

 * Issue #22: corrected memory leaks occurring on KeyboardInterrupt/SIGTERM.

 * Issue #23: PASS wasn't rejected when user was already authenticated.

 * Issue #24: Implemented a workaround over os.strerror() for those systems
   where it is not available (Python CE).

 * Issue #24: problem occurred on Windows when using '\\' as user's home
   directory.

 * Issue #26: select() in now used by default instead of poll() because of a
   bug inherited from asyncore.

 * Issue #33: some FTPHandler class attributes wasn't resetted on REIN.

 * Issue #35: watch for APPE preceded by REST which makes no sense.


Version: 0.1.1 - Date: 2007-03-27
----------------------------------

 * Port selection on PASV command has been randomized to prevent a remote user
   to guess how many data connections are in progress on the server.

 * Fixed bug in demo/unix_ftpd.py script.

 * ftp_server.serve_forever now automatically re-use address if current system
   is posix.

 * License changed to MIT.


Version: 0.1.0 - Date: 2007-02-26
----------------------------------

 * First proof of concept beta release.
