rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: rejetto on June 14, 2016, 10:55:27 PM

Title: New version: 2.3i
Post by: rejetto on June 14, 2016, 10:55:27 PM: This is a very important security update.
Please go to:
Menu > updates > check for news/updates

what's new
+ Report range for partial downloads in the log http://www.rejetto.com/forum/hfs-~-http-file-server/add-to-log-range-(starting-and-ending-byte)/
- fixed Remote Command Execution http://www.rejetto.com/forum/bug-reports/execution-exploit/
- {.add header.} wasn't overwriting existing headers
- temporary files not deleted
- incorrect handling of empty rows in ban tables
Title: Re: New version: 2.3i
Post by: TrippTeam on June 15, 2016, 08:41:13 AM: ok i saw that update where is the link to that version ?
it was impossible to do a update in HFS

ok i found it because i have edit the exe it create a exe with .new.
size 2 443 kb old exe 2 442 kb

Build 297 hfs say now
Title: Re: New version: 2.3i
Post by: LeoNeeson on June 15, 2016, 01:32:05 PM: Quote from: rejetto on June 14, 2016, 10:55:27 PM
- {.add header.} wasn't overwriting existing headers
Great, thank you! (tested/working) :)
Title: Re: New version: 2.3i
Post by: MarkV on June 15, 2016, 11:07:07 PM: First time I've seen a warning message at update time. Unfortunately that very warning message blocks the auto-update that would have brought HFS up to date without much adoe! ;)

Gratz for fixing that fast.
Title: Re: New version: 2.3i
Post by: LeoNeeson on June 16, 2016, 06:32:04 AM: (http://i.imgur.com/3CSXJQe.png)
Yeah, that warning message was a nice idea to bring attention about this security update. And it was fixed very quickly. :)
Title: Re: New version: 2.3i
Post by: r2fi on June 16, 2016, 11:11:27 AM: +1 for the warning message, update was smooth. All working ok so far ! Thanks for the support rejetto.
Title: Re: New version: 2.3i
Post by: rejetto on June 19, 2016, 09:30:39 AM: i'm sorry some of you had a problem with the update.
I just tested and it went fine for me, after i clicked OK on the warning message, it auto-updated.
I couldn't reproduce the problem, so i don't know how to fix it.
Title: Re: New version: 2.3i
Post by: Mars on June 19, 2016, 07:13:26 PM: I'm like rejetto, I have not managed to reproduce the popup, I have not found elsewhere which was scheduled the warning message
Title: Re: New version: 2.3i
Post by: pacmancat on June 22, 2016, 02:55:05 AM: Quick note: I was having trouble with the update, and it turned out that the realtime filesystem protection in Microsoft Security Essentials (Win7 64) was detecting the 2.3i version as Trojan: Win32/Spallowz.A!cl and automatically deleting it after it downloaded...

I turned off realtime protection, downloaded the file from a few of the mirrors (melauto.it, kilobyte.cz, turekuba.cz) and scanned them in VirusTotal, and other than ESET's "a variant of Win32/Server-Web.HFS.A potentially unsafe" false positive they came up clean. I had to whitelist the executable in Microsoft Security Essentials to stop it from auto-deleting... anyone else getting this behavior?
Title: Re: New version: 2.3i
Post by: LeoNeeson on June 22, 2016, 05:52:22 AM: Quote from: pacmancat on June 22, 2016, 02:55:05 AM
Quick note: I was having trouble with the update, and it turned out that the realtime filesystem protection in Microsoft Security Essentials (Win7 64) was detecting the 2.3i version as Trojan: Win32/Spallowz.A!cl and automatically deleting it after it downloaded...

I turned off realtime protection, downloaded the file from a few of the mirrors (melauto.it, kilobyte.cz, turekuba.cz) and scanned them in VirusTotal, and other than ESET's "a variant of Win32/Server-Web.HFS.A potentially unsafe" false positive they came up clean. I had to whitelist the executable in Microsoft Security Essentials to stop it from auto-deleting... anyone else getting this behavior?
This is being discussed here (http://www.rejetto.com/forum/hfs-~-http-file-server/'unsafe'/). If all the antivirus worked properly, this should not happen.
Title: Re: New version: 2.3i
Post by: funbsd on June 22, 2016, 06:25:55 AM: Still not working with Chinese searching.

It's work well until #267.
It does not work well since #269.

I can not download #268 from:http://www.melauto.it/rejetto/beta/hfs268.exe.So I don't test it.
It's really weird. #268 is missing, and since then, Search with Chinese word does not work well.
Title: Re: New version: 2.3i
Post by: LeoNeeson on June 23, 2016, 08:20:31 AM: Quote from: funbsd on June 22, 2016, 06:25:55 AM
Still not working with Chinese searching.

It's work well until #267.
It does not work well since #269.

I can not download #268 from:http://www.melauto.it/rejetto/beta/hfs268.exe.So I don't test it.
It's really weird. #268 is missing, and since then, Search with Chinese word does not work well.
Besides the fact it's an old version, with known security risks, I don't know if Rejetto keeps the source code of those two versions, to find a possible 'regression'. Anyway, it's recommended to use of the last version, since old versions have multiple vulnerabilities.

I only have the versions starting HFS v2.3 #288.
Title: Re: New version: 2.3i
Post by: bmartino1 on June 25, 2016, 02:17:30 PM: Quote from: LeoNeeson on June 23, 2016, 08:20:31 AM
Besides the fact it's an old version, with known security risks, I don't know if Rejetto keeps the source code of those two versions, to find a possible 'regression'. Anyway, it's recommended to use of the last version, since old versions have multiple vulnerabilities.

I only have the versions starting HFS v2.3 #288.

if i recall corectly, I have a hard time tranvesing sourfogre with it goin to aut download stuff, you can go back to that build and pull the source code form the archve of the site...
https://sourceforge.net/projects/hfs/files/

it been a while, ir ecal geitng to and area and chagning the build nube to the one i was looking for...
(as ther are still downlads of soucre code and defatult tempaltes befre the use of jquery...)
Title: Re: New version: 2.3i
Post by: LeoNeeson on June 26, 2016, 06:35:40 AM: Quote from: bmartino1 on June 25, 2016, 02:17:30 PM
https://sourceforge.net/projects/hfs/files/
Sadly, this Build #268 is not hosted on SourceForge. There is a big 'gap' of builds missing there, between 2009 (v2.2f Build 155) and 2014 (v2.3 Build 288). I guess Build #268 was released approximately in August/September 2010. If we had the source code of #267, #268 & #269, we could try to find the changes, but they are unavailable to download.

I did a deep search, and I found that someone reported this, back in 2011 (here (http://www.rejetto.com/forum/bug-reports/search-chinese-characters-get-a-wrong-result-hsf-2-3-279/)) and you reported this on 2014 (here (http://www.rejetto.com/forum/bug-reports/can-not-search-chinese-word-in-recent-2-3-beta-version/)), but since Rejetto doesn't have a chinese system to test this, it's hard for him to fix this issue.
Title: Re: New version: 2.3i
Post by: rejetto on June 29, 2016, 04:44:28 PM: Quote from: funbsd on June 22, 2016, 06:25:55 AM
Still not working with Chinese searching. It's work well until #267. It does not work well since #269.

hi, i've found now your previous years-old posts where you report this information. Sorry for not replying before, i guess i just overlooked.
I too don't have #268. I can't remember, but i guess it was a build produced for testing purposes of a single user. Never mind.
I analyzed 267-269 differences, and i think i've found what has caused your problems, yet i'm not sure about the correct solution.
I will send you privately a test version and you'll tell me if it works for you.