FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Moderator: Project members
-
- 500 Command not understood
- Posts: 2
- Joined: 2014-04-09 13:37
- First name: javier
- Last name: b
FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Hi Support:
Today I've tried to install Filezilla Server 0.9.44 on this Windows Server 2003 and it says this OS is no longer supported and it will not work on this OS.
Will you please provide us with some workaround as the previous version is seriously crippled by the openSSH vulnerability?
Best Regards,
Javier
Today I've tried to install Filezilla Server 0.9.44 on this Windows Server 2003 and it says this OS is no longer supported and it will not work on this OS.
Will you please provide us with some workaround as the previous version is seriously crippled by the openSSH vulnerability?
Best Regards,
Javier
Last edited by botg on 2014-04-12 08:02, edited 2 times in total.
Reason: Fixed topic title, it's OpenSSL.
Reason: Fixed topic title, it's OpenSSL.
-
- 500 Command not understood
- Posts: 1
- Joined: 2014-04-09 12:54
- First name: Jay
- Last name: Stanyer
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Hi,
I'm also having this issue - will there be a version released that is compatible with Windows Server 2003?
Thanks
I'm also having this issue - will there be a version released that is compatible with Windows Server 2003?
Thanks
-
- 500 Command not understood
- Posts: 2
- Joined: 2014-04-09 15:12
- First name: Dan
- Last name: McCann
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Windows Server 2003 is a derivative of Windows XP. Support for Windows XP and derivates has been dropped, XP since its an outdated and unsupported operating system, derivatives for technical reasons.
-
- 500 Command not understood
- Posts: 2
- Joined: 2014-04-09 13:37
- First name: javier
- Last name: b
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Sorry to hear about that but thank you anyway for your quick reply.
Best Regards,
Javier
Best Regards,
Javier
-
- 500 Command not understood
- Posts: 2
- Joined: 2014-04-09 18:33
- First name: Otto
- Last name: Monnig
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
You had my gratitude for providing an excellent product.
By withdrawing support for Windows XP, you also withdrew support for Server 2003. Many of us sysadmins are stuck maintaining older server platforms, with no chance of upgrading soon.
The Heartbleed bug has caused a mad scramble around my shop the verify which software was vulnerable. I commend you for quickly offering a patch.
But, because you no longer support Server 2003, I have to rip your software from all of my servers and find a replacement. Immediately.
Please reconsider support for Server 2003.
By withdrawing support for Windows XP, you also withdrew support for Server 2003. Many of us sysadmins are stuck maintaining older server platforms, with no chance of upgrading soon.
The Heartbleed bug has caused a mad scramble around my shop the verify which software was vulnerable. I commend you for quickly offering a patch.
But, because you no longer support Server 2003, I have to rip your software from all of my servers and find a replacement. Immediately.
Please reconsider support for Server 2003.
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Why not upgrade to a more modern Windows version?
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
It's not always feasible to say: upgrade your operating system and hope that all of your software/modules/etc still work. Oh yah, and do it right now because there is a major security flaw out there in a 3rd party component not associated with the operating system.
I don't mind that you don't support XP/2k3 anymore. But there's still a lot of people who use those operating systems and it would be nice to see some concern for your users who do so.
Some ideas or brainstorming on what can be done to protect these users who are unable to install the patched v.44 would be very gratifying to see.
Would it be possible to just use the updated files pertaining to OpenSSL from the v.44 package and copy them into existing v.43/v.42 installs:
ssleay32.dll
libeay32.dll
Would that work in protecting affected users on older systems?
Would there be anything else necessary to do in addition to copying those new files from the v.44 install in order to update OpenSSL for your software?
An OS upgrade isn't possible for some, not feasible for others, and while there are some considering and preparing for an OS upgrade since XP/2k3 support just ended, the DO IT RIGHT NOW OR YOU'RE DATA IS EXPOSED is not always possible without proper testing of existing software/modules/etc.
A major vulnerability should bring people together to find a solution instead of alienating those users and basically telling them to go somewhere else.
I have some customers who have upgraded, who are in the process of upgrading, and those who are considering upgrading. I also have a couple of customers who use only software that works on the older operating systems and CAN'T upgrade. Just a thought.
I don't mind that you don't support XP/2k3 anymore. But there's still a lot of people who use those operating systems and it would be nice to see some concern for your users who do so.
Some ideas or brainstorming on what can be done to protect these users who are unable to install the patched v.44 would be very gratifying to see.
Would it be possible to just use the updated files pertaining to OpenSSL from the v.44 package and copy them into existing v.43/v.42 installs:
ssleay32.dll
libeay32.dll
Would that work in protecting affected users on older systems?
Would there be anything else necessary to do in addition to copying those new files from the v.44 install in order to update OpenSSL for your software?
An OS upgrade isn't possible for some, not feasible for others, and while there are some considering and preparing for an OS upgrade since XP/2k3 support just ended, the DO IT RIGHT NOW OR YOU'RE DATA IS EXPOSED is not always possible without proper testing of existing software/modules/etc.
A major vulnerability should bring people together to find a solution instead of alienating those users and basically telling them to go somewhere else.
I have some customers who have upgraded, who are in the process of upgrading, and those who are considering upgrading. I also have a couple of customers who use only software that works on the older operating systems and CAN'T upgrade. Just a thought.
-
- 500 Command not understood
- Posts: 1
- Joined: 2014-04-10 07:17
- First name: Antonio
- Last name: Casado
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Hi all
I need update Filezilla Server in Windows Server 2003 R2. The EOL is 14/07/2015.
Can you release the software for Windows Server 2003?
Thanks you.
I need update Filezilla Server in Windows Server 2003 R2. The EOL is 14/07/2015.
Can you release the software for Windows Server 2003?
Thanks you.
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Considering the severity of this vulnerability, I would think that the extra time to compile a Windows XP and Server 2003 as an exception this one time should be at least considered.
Yes, it would take a bit of extra time.. but would you rather have users get their data stolen and hacked instead?
I don't know anything about compiling and I can't find instructions on how to compile FileZilla Server, or I would give it a try for Windows XP myself.
The best I found was the compiling instructions for FileZilla Client, and didn't get past the first command without errors when following the instructions step by step.. so either the instructions are old, are incomplete, or not sufficient for me to be able to get it done.
Yes, it would take a bit of extra time.. but would you rather have users get their data stolen and hacked instead?
I don't know anything about compiling and I can't find instructions on how to compile FileZilla Server, or I would give it a try for Windows XP myself.
The best I found was the compiling instructions for FileZilla Client, and didn't get past the first command without errors when following the instructions step by step.. so either the instructions are old, are incomplete, or not sufficient for me to be able to get it done.
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
First of all as a long time software developer I want to say how much respect I have for Tim's achievements with Filezilla.
However Officially Windows 2003 Server Support continues from Microsoft until 7/14/2015.
It has been a good product and we plan to continue using it until it's life cycle is completed.
Thanks ahead for any consideration for continuing 2003 server support.
However Officially Windows 2003 Server Support continues from Microsoft until 7/14/2015.
It has been a good product and we plan to continue using it until it's life cycle is completed.
Thanks ahead for any consideration for continuing 2003 server support.
-
- 500 Command not understood
- Posts: 1
- Joined: 2014-04-10 15:35
- First name: mark
- Last name: mannix
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Since you are not releasing a 2003 version, if the ssl capablity is turned off is there still a vulnerability?
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Using unencrypted FTP is even worse.mmannix316 wrote:Since you are not releasing a 2003 version, if the ssl capablity is turned off is there still a vulnerability?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
Actually the SSL vulnerability is worse than not using SSL in the first place. That's how bad this vulnerability is.
-
- 500 Command not understood
- Posts: 3
- Joined: 2010-03-15 18:23
- First name: Chris
- Last name: Van Brederode
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
I took a look at the svn logs, and it seems support for XP/2003 was removed simply by changing the Visual Studio project files.
For my own use (since I run server 2003 and don't the money or hardware to upgrade), I'm going to (try to) roll back those changes and build my own version that will install and run. If anyone wants me to send them info or perhaps a binary (once I'm done and successful), drop me a line.
C
For my own use (since I run server 2003 and don't the money or hardware to upgrade), I'm going to (try to) roll back those changes and build my own version that will install and run. If anyone wants me to send them info or perhaps a binary (once I'm done and successful), drop me a line.
C