rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: rejetto on June 14, 2016, 10:55:27 PM
-
This is a very important security update.
Please go to:
Menu > updates > check for news/updates
what's new
+ Report range for partial downloads in the log http://www.rejetto.com/forum/hfs-~-http-file-server/add-to-log-range-(starting-and-ending-byte)/
- fixed Remote Command Execution http://www.rejetto.com/forum/bug-reports/execution-exploit/
- {.add header.} wasn't overwriting existing headers
- temporary files not deleted
- incorrect handling of empty rows in ban tables
-
ok i saw that update where is the link to that version ?
it was impossible to do a update in HFS
ok i found it because i have edit the exe it create a exe with .new.
size 2 443 kb old exe 2 442 kb
Build 297 hfs say now
-
- {.add header.} wasn't overwriting existing headers
Great, thank you! (tested/working) :)
-
First time I've seen a warning message at update time. Unfortunately that very warning message blocks the auto-update that would have brought HFS up to date without much adoe! ;)
Gratz for fixing that fast.
-
(http://i.imgur.com/3CSXJQe.png)
Yeah, that warning message was a nice idea to bring attention about this security update. And it was fixed very quickly. :)
-
+1 for the warning message, update was smooth. All working ok so far ! Thanks for the support rejetto.
-
i'm sorry some of you had a problem with the update.
I just tested and it went fine for me, after i clicked OK on the warning message, it auto-updated.
I couldn't reproduce the problem, so i don't know how to fix it.
-
I'm like rejetto, I have not managed to reproduce the popup, I have not found elsewhere which was scheduled the warning message
-
Quick note: I was having trouble with the update, and it turned out that the realtime filesystem protection in Microsoft Security Essentials (Win7 64) was detecting the 2.3i version as Trojan: Win32/Spallowz.A!cl and automatically deleting it after it downloaded...
I turned off realtime protection, downloaded the file from a few of the mirrors (melauto.it, kilobyte.cz, turekuba.cz) and scanned them in VirusTotal, and other than ESET's "a variant of Win32/Server-Web.HFS.A potentially unsafe" false positive they came up clean. I had to whitelist the executable in Microsoft Security Essentials to stop it from auto-deleting... anyone else getting this behavior?
-
Quick note: I was having trouble with the update, and it turned out that the realtime filesystem protection in Microsoft Security Essentials (Win7 64) was detecting the 2.3i version as Trojan: Win32/Spallowz.A!cl and automatically deleting it after it downloaded...
I turned off realtime protection, downloaded the file from a few of the mirrors (melauto.it, kilobyte.cz, turekuba.cz) and scanned them in VirusTotal, and other than ESET's "a variant of Win32/Server-Web.HFS.A potentially unsafe" false positive they came up clean. I had to whitelist the executable in Microsoft Security Essentials to stop it from auto-deleting... anyone else getting this behavior?
This is being discussed here (http://www.rejetto.com/forum/hfs-~-http-file-server/'unsafe'/). If all the antivirus worked properly, this should not happen.
-
Still not working with Chinese searching.
It's work well until #267.
It does not work well since #269.
I can not download #268 from:http://www.melauto.it/rejetto/beta/hfs268.exe.So I don't test it.
It's really weird. #268 is missing, and since then, Search with Chinese word does not work well.
-
Still not working with Chinese searching.
It's work well until #267.
It does not work well since #269.
I can not download #268 from:http://www.melauto.it/rejetto/beta/hfs268.exe.So I don't test it.
It's really weird. #268 is missing, and since then, Search with Chinese word does not work well.
Besides the fact it's an old version, with known security risks, I don't know if Rejetto keeps the source code of those two versions, to find a possible 'regression'. Anyway, it's recommended to use of the last version, since old versions have multiple vulnerabilities.
I only have the versions starting HFS v2.3 #288.
-
Besides the fact it's an old version, with known security risks, I don't know if Rejetto keeps the source code of those two versions, to find a possible 'regression'. Anyway, it's recommended to use of the last version, since old versions have multiple vulnerabilities.
I only have the versions starting HFS v2.3 #288.
if i recall corectly, I have a hard time tranvesing sourfogre with it goin to aut download stuff, you can go back to that build and pull the source code form the archve of the site...
https://sourceforge.net/projects/hfs/files/
it been a while, ir ecal geitng to and area and chagning the build nube to the one i was looking for...
(as ther are still downlads of soucre code and defatult tempaltes befre the use of jquery...)
-
https://sourceforge.net/projects/hfs/files/
Sadly, this Build #268 is not hosted on SourceForge. There is a big 'gap' of builds missing there, between 2009 (v2.2f Build 155) and 2014 (v2.3 Build 288). I guess Build #268 was released approximately in August/September 2010. If we had the source code of #267, #268 & #269, we could try to find the changes, but they are unavailable to download.
I did a deep search, and I found that someone reported this, back in 2011 (here (http://www.rejetto.com/forum/bug-reports/search-chinese-characters-get-a-wrong-result-hsf-2-3-279/)) and you reported this on 2014 (here (http://www.rejetto.com/forum/bug-reports/can-not-search-chinese-word-in-recent-2-3-beta-version/)), but since Rejetto doesn't have a chinese system to test this, it's hard for him to fix this issue.
-
Still not working with Chinese searching. It's work well until #267. It does not work well since #269.
hi, i've found now your previous years-old posts where you report this information. Sorry for not replying before, i guess i just overlooked.
I too don't have #268. I can't remember, but i guess it was a build produced for testing purposes of a single user. Never mind.
I analyzed 267-269 differences, and i think i've found what has caused your problems, yet i'm not sure about the correct solution.
I will send you privately a test version and you'll tell me if it works for you.