FileZilla Forums

Welcome to the official discussion forums for FileZilla
Donate to project
It is currently 2015-03-04 04:19

All times are UTC




Post new topic  Reply to topic  [ 38 posts ]  Go to page 1 2 3 Next
Author Message
PostPosted: 2014-04-09 13:47 
Offline
500 Command not understood

Joined: 2014-04-09 13:37
Posts: 2
First name: javier
Last name: b
Hi Support:

Today I've tried to install Filezilla Server 0.9.44 on this Windows Server 2003 and it says this OS is no longer supported and it will not work on this OS.

Will you please provide us with some workaround as the previous version is seriously crippled by the openSSH vulnerability?

Best Regards,
Javier


Last edited by botg on 2014-04-12 08:02, edited 2 times in total.
Fixed topic title, it's OpenSSL.


Top
   
PostPosted: 2014-04-09 13:53 
Offline
500 Command not understood

Joined: 2014-04-09 12:54
Posts: 1
First name: Jay
Last name: Stanyer
Hi,

I'm also having this issue - will there be a version released that is compatible with Windows Server 2003?

Thanks


Top
   
PostPosted: 2014-04-09 15:17 
Offline
500 Command not understood

Joined: 2014-04-09 15:12
Posts: 2
First name: Dan
Last name: McCann
Me too.


Top
   
PostPosted: 2014-04-09 16:50 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 24705
First name: Tim
Last name: Kosse
Windows Server 2003 is a derivative of Windows XP. Support for Windows XP and derivates has been dropped, XP since its an outdated and unsupported operating system, derivatives for technical reasons.


Top
   
PostPosted: 2014-04-09 17:52 
Offline
500 Command not understood

Joined: 2014-04-09 13:37
Posts: 2
First name: javier
Last name: b
Sorry to hear about that but thank you anyway for your quick reply.
Best Regards,
Javier


Top
   
PostPosted: 2014-04-09 18:48 
Offline
500 Command not understood

Joined: 2014-04-09 18:33
Posts: 2
First name: Otto
Last name: Monnig
You had my gratitude for providing an excellent product.

By withdrawing support for Windows XP, you also withdrew support for Server 2003. Many of us sysadmins are stuck maintaining older server platforms, with no chance of upgrading soon.

The Heartbleed bug has caused a mad scramble around my shop the verify which software was vulnerable. I commend you for quickly offering a patch.

But, because you no longer support Server 2003, I have to rip your software from all of my servers and find a replacement. Immediately. :x

Please reconsider support for Server 2003.


Top
   
PostPosted: 2014-04-09 21:40 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 24705
First name: Tim
Last name: Kosse
Why not upgrade to a more modern Windows version?


Top
   
PostPosted: 2014-04-10 00:44 
Offline
504 Command not implemented

Joined: 2014-04-10 00:29
Posts: 11
First name: surreal
Last name: surreal
It's not always feasible to say: upgrade your operating system and hope that all of your software/modules/etc still work. Oh yah, and do it right now because there is a major security flaw out there in a 3rd party component not associated with the operating system.

I don't mind that you don't support XP/2k3 anymore. But there's still a lot of people who use those operating systems and it would be nice to see some concern for your users who do so.

Some ideas or brainstorming on what can be done to protect these users who are unable to install the patched v.44 would be very gratifying to see.

Would it be possible to just use the updated files pertaining to OpenSSL from the v.44 package and copy them into existing v.43/v.42 installs:

ssleay32.dll
libeay32.dll

Would that work in protecting affected users on older systems?

Would there be anything else necessary to do in addition to copying those new files from the v.44 install in order to update OpenSSL for your software?

An OS upgrade isn't possible for some, not feasible for others, and while there are some considering and preparing for an OS upgrade since XP/2k3 support just ended, the DO IT RIGHT NOW OR YOU'RE DATA IS EXPOSED is not always possible without proper testing of existing software/modules/etc.

A major vulnerability should bring people together to find a solution instead of alienating those users and basically telling them to go somewhere else.

I have some customers who have upgraded, who are in the process of upgrading, and those who are considering upgrading. I also have a couple of customers who use only software that works on the older operating systems and CAN'T upgrade. Just a thought.


Top
   
PostPosted: 2014-04-10 08:20 
Offline
500 Command not understood

Joined: 2014-04-10 07:17
Posts: 1
First name: Antonio
Last name: Casado
Hi all

I need update Filezilla Server in Windows Server 2003 R2. The EOL is 14/07/2015.

Can you release the software for Windows Server 2003?

Thanks you.


Top
   
PostPosted: 2014-04-10 10:00 
Offline
504 Command not implemented

Joined: 2014-04-10 00:29
Posts: 11
First name: surreal
Last name: surreal
Considering the severity of this vulnerability, I would think that the extra time to compile a Windows XP and Server 2003 as an exception this one time should be at least considered.

Yes, it would take a bit of extra time.. but would you rather have users get their data stolen and hacked instead?

I don't know anything about compiling and I can't find instructions on how to compile FileZilla Server, or I would give it a try for Windows XP myself.

The best I found was the compiling instructions for FileZilla Client, and didn't get past the first command without errors when following the instructions step by step.. so either the instructions are old, are incomplete, or not sufficient for me to be able to get it done.


Top
   
PostPosted: 2014-04-10 12:13 
Offline
500 Command not understood

Joined: 2014-04-10 11:36
Posts: 2
First name: Chester
First of all as a long time software developer I want to say how much respect I have for Tim's achievements with Filezilla.
However Officially Windows 2003 Server Support continues from Microsoft until 7/14/2015.
It has been a good product and we plan to continue using it until it's life cycle is completed.
Thanks ahead for any consideration for continuing 2003 server support.


Top
   
PostPosted: 2014-04-10 15:42 
Offline
500 Command not understood

Joined: 2014-04-10 15:35
Posts: 1
First name: mark
Last name: mannix
Since you are not releasing a 2003 version, if the ssl capablity is turned off is there still a vulnerability?


Top
   
PostPosted: 2014-04-10 17:24 
Offline
Contributor
User avatar

Joined: 2006-05-01 03:28
Posts: 21109
Location: Germany
mmannix316 wrote:
Since you are not releasing a 2003 version, if the ssl capablity is turned off is there still a vulnerability?

Using unencrypted FTP is even worse.

_________________
### BEGIN SIGNATURE BLOCK ###
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
All support requests per PM will be ignored!
### END SIGNATURE BLOCK ###


Top
   
PostPosted: 2014-04-10 17:43 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 24705
First name: Tim
Last name: Kosse
Actually the SSL vulnerability is worse than not using SSL in the first place. That's how bad this vulnerability is.


Top
   
PostPosted: 2014-04-11 13:59 
Offline
500 Command not understood

Joined: 2010-03-15 18:23
Posts: 3
First name: Chris
Last name: Van Brederode
I took a look at the svn logs, and it seems support for XP/2003 was removed simply by changing the Visual Studio project files.

For my own use (since I run server 2003 and don't the money or hardware to upgrade), I'm going to (try to) roll back those changes and build my own version that will install and run. If anyone wants me to send them info or perhaps a binary (once I'm done and successful), drop me a line.

C


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 38 posts ]  Go to page 1 2 3 Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited