Technical Notes

A new option, Store trusted certificates in the common application data folder, is now available in the Reflection Certificate Manager on the Trusted Certificate Authorities tab. By default trusted roots are added to a user-specific location. When this option is selected, trusted roots are saved to the following location, which makes them available to all users of the computer:

Note the following:

If a shared store exists, trusted roots are read exclusively from the shared store. Trusted roots you have configured for individual user accounts no longer have any effect.·

To revert to user-specific trusted root stores after creating a shared store, you must delete or rename the shared trust_store.p12 file. If you simply clear this setting, subsequent changes will modify your personal store, but the personal store continues to have no effect on Reflection's behavior as long as trust_store.p12 is still present in the common application data folder.·

If the operating system has been configured by the administrator to deny users write access to common_application_data_folder\Attachmate\Reflection, this setting is not available to those users and they will not be able to modify items in the shared trusted root store.

This service packs addresses vulnerabilities described in Microsoft Security Bulletin MS09-035 and Microsoft Security Advisory 973882: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution.

This resolves a problem seen when data is split and transmitted as two packets to the workstation client.

This service pack resolves problems seen when browsing files using the Level button. The Level command now correctly handles strings that include a period and commands in which the filter supplied is a subset of the current view.

When set to use Japanese locale, Reflection now places the cursor correctly when it receives an Insert Cursor order.

The PKCS #11 tab of the Reflection Certificate Manager includes a setting called Disconnect automatically when token is removed. Prior to this service pack, removing the token correctly triggered a disconnect, but reinserting it caused the client to close unexpectedly. This service pack fixes this issue; you can now reinsert your token and connect again.

If Reflection is configured for a TLS connection and has no suitable certificates, it now sends a certificate message containing no certificates as specified in RFC 2246. Previously Reflection terminated the connection. This change enables Reflection to connect to a server that requests a client certificate but doesn't require one.

This service packs addresses vulnerabilities described in Microsoft Security Bulletin MS09-035 and Microsoft Security Advisory 973882: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution.

This service pack resolves some issues seen when processing traces or using the StartTrace method.

This service pack resolves several issues reported when connecting to a server configured to use the Korean UFT8 locale.

If Reflection is configured for a TLS connection and has no suitable certificates, it now sends a certificate message containing no certificates as specified in RFC 2246. Previously Reflection terminated the connection. This change enables Reflection to connect to a server that requests a client certificate but doesn't require one.

The Reflection X profiler no longer closes unexpectedly when you click the Font server fonts storage settings button.

This service pack corrects a Japanese display problem in the X Screen panel that was introduced in SP6.

Reflection X uses the following approach to support GLX functionality. It attempts to offer 8bit GLX pixmaps of both the RGBA render type and the COLORINDEX render type. If the GLX pixmap was created with pre-GLX 1.3 protocol, Reflection uses the visual in the render context to determine which kind to use.

The HTTP proxy dialog box no longer appears unexpectedly when making a client Telnet connection.

All drawing into a pixmap now has the same orientation as drawing into a GLXPixmap that was made from the X pixmap.

Reflection now updates the host drop-down list in the Reflection X Manager immediately when a client command is run on a host for the first time.

Top-level windows now show correct window decoration (display of the title bar, close button, window border, etc.) if the window's Motif hints ask for a title bar. This fixes problems that were reported against Reflection version 14 SP 6 by customers using ILOG and CADENCE a-SX applications.

Copy and paste now works correctly between Windows applications and X applications running in an X terminal window. This fixes a problem reported in version 14 SP6.

This service pack provides additional fixes for Japanese character display problems seen in the Windows taskbar display.

Reflection X sessions configured to connect using SECURE SHELL now display the following error message when a host is unknown or the host name can't be resolved: "No such host is known".

The X Client Wizard is now supported on platforms that use the path /usr/bin for common X clients.

When the setting Auto start XI Driver Client is selected, the XI Driver Client dialog box is now minimized when you start the Reflection X Manager, and the dialog box title bar now includes buttons to support minimizing and restoring the dialog box display.

Reflection X no longer closes unexpectedly when drawing many thousands of PolyPoints multiple times on an x86 system with a current nVidia video driver.

A new site-specific setting, Preserve timestamps and file attributes, is available for SFTP transfers. When this option is selected, file attributes and timestamps are not modified when files are transferred to and from the server. To configure this setting, select your site, click Security, then click the Secure Shell tab. Note: Selecting this setting sets the PreserveTimestamps in the Secure Shell configuration file.

You can now configure global default attributes for file transfers to and from any server using Tools > Options > Attributes. (Note: To be able to specify non-default attributes during a file transfer, go to the Site Properties dialog box. On the Transfer tab, enable Show upload options before transfer and/or Show download options before transfer.)

File view filters (configured using either View > Filter, or Site Properties > Directories > File view filter) are now supported for SFTP connections.

This service pack resolves a problem that caused intermittent errors in transfers made using the FTP Client API. The error interrupted program execution and reported "File or directory not found" even though the required files were present on the server and the program was able to execute successfully on many other attempts.

A new option, Store trusted certificates in the common application data folder, is now available in the Reflection Certificate Manager on the Trusted Certificate Authorities tab. By default trusted roots are added to a user-specific location. When this option is selected, trusted roots are saved to the following location, which makes them available to all users of the computer:

Notes the following:

If a shared store exists, trusted roots are read exclusively from the shared store. Trusted roots you have configured for individual user accounts no longer have any effect.·

To revert to user-specific trusted root stores after creating a shared store, you must delete or rename the shared trust_store.p12 file. If you simply clear this setting, subsequent changes will modify your personal store, but the personal store continues to have no effect on Reflection's behavior as long as trust_store.p12 is still present in the common application data folder.·

If the operating system has been configured by the administrator to deny users write access to common_application_data_folder\Attachmate\Reflection, this setting is not available to those users and they will not be able to modify items in the shared trusted root store.

Improvements have been made to how CPU is managed in Citrix ennviroments.

The client now presents the unknown host key prompt if a reky occures and the host key is not present.

The PKCS #11 tab of the Reflection Certificate Manager includes a setting called Disconnect automatically when token is removed. Prior to this service pack, removing the token correctly triggered a disconnect, but reinserting it caused the client to close unexpectedly. This service pack fixes this issue; you can now reinsert your token and connect again.

The client now correctly handles new line requests in banners displayed in Secure Shell connections. This fixes a problem that was reported with SP 6.

Prior to this service pack some failing scp transfers returned a zero error code. This was reported for transfers in which the error was "Access is denied" and "The system cannot find the path specified". These errors now return the appropriate non-zero error codes.

This service pack resolves a problem reported with Secure Shell connections that sometimes resulted in no host logout message being displayed in the Reflection terminal window.

Reflection no longe sends incorrect pixel values with the client's Window-change request. This resolves a problem caused the Secure Shell connection to be terminated when using the BalaBit Shell Control Box.

Prior to this service pack, some smartcard hardware and software configurations led to authentication failures with the error "ProviderException (11) when attempting to sign data." This problem has been resolved.

After execution of the command scp -r user@host:Demo, the directory "Demo" is now created on the server. Previously only files and subdirectories contained within "Demo" were copied to the server

During Secure Shell password authentication, error messages from the server are now displayed in the Reflection window.

Authentication now succeeds when you authenticate using a valid certificate stored in the Reflection Key Agent.

The "Use Window Logon" option is not available on some 64-bit operating systems, which don't support this option. Previously, attempts to use this option on these systems caused an unexpected shutdown. The control is no longer available to set on systems that don't support it.

The default value of a setting configured using the Reflection Secure Shell Settings dialog box is now written to the user-specific config file if and only if a non-default value for that setting is configured in a system-wide ssh_config file. Also, if a user adds a default value by manually editing the user-specific configuration file, the default value is honored and not removed from the user's file.

Prior to this service pack, if a global configuration file was present, any non-default values in the global file were written to the user-specific file when the user made any changes using the Secure Shell Settings dialog box. Settings configured in the system-wide ssh_config file no longer have any effect on user-specific config files.

If you specify a remote command that includes spaces as part of an ssh command line, the remote command is now executed as expected.

Single -record files can now be successfully uploaded to an AS400 host using LIPI.

Reflection no longer closes unexpectedly when you open an .mto file from a mapped drive or an invalid .mto file.

The transfer buttons are now available when you configure IND$FILE CICS file transfer and select filenames containing and asterisk (*) or a question mark (?).

FTP file transfer now works as expected in sessions configured to connect using SSL/TLS.

You can now configure connections through an HTTP proxy server. From the Connection Setup dialog box, select TELNET. Click Security, then configure use of an HTTP server using the Proxy tab. (To configure Secure Shell connections, through an HTTP or SOCKS proxy, open the Reflection Secure Shell Settings and use the Proxy tab in that dialog box.)

Pressing Ctrl+Break or using the Connection > Send Break menu command now successfully sends a break signal to the host.

You can now copy and paste multi-byte Unicode characters from the Reflection window into Microsoft applications without using the Paste Special option.

A problem with slow speed of writing data to the screen has been resolved.

Problems with double-byte character display have been resolved. Reflection now handles a dangling DBCS lead byte in last column correctly.

Line drawing characters in VT sessions now print correctly.

Reflection no longer closes unexpectedly when a shared macros file is saved using the same name in a different location.

Reflection now supports up to 5 numeric characters for configuring a PKCS#11 slot ID.

Reflection now prints correctly to a Dymo LabelWriter 400 (USB) printer.

A new setting called Use exclusive grab is available in the XInput Extension Advanced Settings dialog box (Settings > Server > Extensions > XInput). Clear this setting and select Ignore extension devices to allow other applications that use the XInput extension (such as Catia V5 or Google Earth) to have access to the extension when those applications have window focus.

You can now copy and paste between most X Windows applications and Windows applications when running in a Citrix environment. Note: With some X clients, this support is not available. In this case, click on the Citrix window desktop to cause Reflection X to lose focus, then click in the local desktop window and paste.

When Secure Shell connection reuse is enabled and multiple xterm windows are started, you can now successfully launch X clients from the first window. This resolves a problem that generated an error messages saying "connection broken" , and "explicit kill or server shutdown."

The Reflection X root window now restores with a single click on the taskbar icon.

All controls in the screen settings panel are now spoken by the Window-Eyes application.

Closing the X Client Wizard no longer generates an unhandled exception in rxwizard.exe.

Reflection X now exports correct character metrics for all single row MS fonts, not just iso8859-1 and iso8859-15 fonts.

Large stippled rectangles drawn to 1-bit deep pixmaps no longer reverse black and white.

Reflection X successfully processes command-line options regardless of the order in which commands are specified.

Reflection X no longer closes intermittently when using the Local IME option in a Japanese locale.

This service pack fixes a number of problems seen in the display of taskbar titles when the window title involves a mix of double-byte and ASCII characters.

This service pack adds the Japanese iso10646 Unicode font to the \fonts\utfmisc folder located in the Reflection X program files folder. This provides support for display of Japanese characters in uxterm sessions.

When Reflection X is configured to connect using Secure Shell, rxstart.exe no longer consumes a high percentage of the CPU load while a dialog box requesting user input is displayed.

When Reflection X is configured to connect using Secure Shell, additional instances of rxstart.exe no longer continue to run after the session is terminated.

This service pack improves rendering performance when switching between images that use large, complicated pixmap clips.

When Use IPID host is selected in the Network Settings panel, Reflection X now uses the IPID client to obtain an IP address. If the IPID client is unable to obtain an address, then Use IPID host is cleared, and Autodetect network interface is selected.

Reflection X now shuts down or resets at the end of a CDE sessions that has been manually initiated (not started from the dtsession daemon but from running the Xsession shell).

Double-clicking an .rxc file or clicking a shortcut to an .rxc file no longer results in the following error when Reflection X is not running: "The Registry key specified (path\filename.rxc) is invalid. Using the 'config' Registry key. (RX278)."

When error RX281 occurs, Reflection X no longer shows information for error RX279.

This service pack integrates additional aliases for Windows ANSI fonts.

Windows created by some java applications compiled with 1.6 now receive focus properly. This fixes a problem seen when Reflection X is running in multiple-window mode and there is no remote window manager.

You can now configure FTP connections through an HTTP proxy server. From the Connect to FTP Site dialog box, click Security, then configure use of an HTTP or SOCKS server using the Proxy tab. (To configure Secure Shell SFTP connections, through an HTTP or SOCKS proxy, open the Reflection Secure Shell Settings and use the Proxy tab in that dialog box.)

Two new settings are available on the site properties Transfer tab: Show download options before transfer and Show upload options before transfer. Enable these settings to be queried for the transfer method (for example, ASCII or binary) and and file properties (UNIX attributes or Windows read-only or hidden properties, depending on the server) before each transfer. Note: The FTP server must support the SITE UMASK command for the attributes settings to succeed on uploads.

You can now specify an initial umask value to send to the server upon connection. The FTP server must support the SITE UMASK command for this setting to succeed. This value modifies the default permissions attributes set on subsequently created files. From the Connect to FTP Site dialog box, go to Properties > Connection > Initial umask. Note: This setting is not available for SFTP connections.

You can now specify host names using IPv6 addresses.

Changing the Use structured listing data setting (Security > Secure Shell) no longer cause the client to shut down unexpectedly. This fixes a problem that was reported when configuring settings to some SSH servers.

The FTP Client now does not display a Secure Shell error message when you cancel a file upload.

Configuring connections using PASV mode with an HTTP proxy no longer leads to a timeout and error message.

To provide greater security, the client now supports additional encryption ciphers. By default, the client now proposes the following ciphers in this order: "aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour".

The client now supports the hmac-sha25 and hmac-sha512 MACs. The client now proposes the following MACS by default (in this order):"hmac-sha1,hmac-sha256,hmac-sha512, hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96".

You can now configure Secure Shell connections through an HTTP proxy server. From the Reflection Secure Shell Settings, configure use of an HTTP server using the new Proxy tab.

Note: SOCKS proxy support is now configured using the new Proxy tab. (In previous releases it was configured on the General tab.)

You can now include Windows environment variables when you specify values for the following configuration file keywords: UserConfigDirectory, IdentityFile, PasswordFile, UserKnownHostsFile, GlobalKnownHostsFile, User, and AuthCookie. Use "%" before and after the environment variable name. For example:

You can now specify IPv6 host names when using the Secure Shell command line utilities. Note: IPv6 formatted IP addresses must be enclosed in square brackets. For example:

When the client detects a change in the host key file, you are now given the option of adding a new key to the known hosts file (using the same host name but a different IP address, port, or key) in addition to the option of overwriting the existing key.

Use the new CheckHostPort keyword to configure the client to check the host port in the known hosts file in addition to checking the host public key. When this keyword is set to "yes", the connection is allowed only if the host port in the known hosts list matches the port you are using for the connection. The default is "no". Note: This setting has no effect if StrictHostKeyChecking = no.

You can now configure whether or not Reflection includes a reference to a shared macros settings file using the new setting "Automatically add a reference to Shared Macros settings file." The default value of this setting is Yes. To configure this, go to Setup > View Settings.

You can now configure whether or not Reflection sends a LISTDS command during IND$FILE transfer using the new setting TSO Require Member Name. Use this setting if the LISTDS command causes information to be sent to the terminal screen, which causes an application error. When set to No (the default) a "LISTDS <dataset>" is issued to determine if the dataset is a PDS. If it is, and no member name has been supplied, a new member name is created automatically based on the source file name. When set to Yes, this feature is disabled, and the user must supply a member name (for example, dataset(member)) or the transfer attempt fail with the following error: TRANS17 Missing or incorrect TSO data set name: file transfer cancelled.

Updates have been made to ensure compliance with Section 508 accessibility standards.

Reflection now handles the Alt+F6 keystroke combination correctly when it is running as an ActiveX control.

This service pack resolves problems seen when running macros and saving settings files that use the SaveSettings method.

This service pack resolves a printing issue that was seen when Reflection is configured for 5553 DBCS printer emulation and the print job contains wide columns. Reflection now acknowledges a single FormFeed character from the host.

Reflection can now handle multiple synchronous calls issued by HLLAPI clients. This resolves a problem that was reported when opening several sessions in quick succession using the eSSO single signon solution.

LIPI file transfers that use the JOIN BY statement no longer generate the error "Spaces not allowed in library, file, or member names."

The file transfer Show Host Files feature now works correctly when you are connected through a Visara controller and logged onto TSO.

You can now map DBCS characters that were previously not supported in the Reflection DBCS Translation Table Editor.

You can now configure whether or not Reflection includes a reference to a shared macros settings file using the new setting "Automatically add a reference to Shared Macros settings file." The default value of this setting is Yes. To configure this, go to Setup > View Settings.

Use the new setting Ambiguous Width Unicode Chars Are Always Displayed as Wide. To configure this, go to Setup > View Settings.

This feature is available for Secure Shell connections. Use the new setting Cache Secure Shell User Name. To configure this, go to Setup > View Settings. When this setting is Yes (the default), the user name remains in memory after the client disconnects and users can reconnect without re-entering their user name. The user name remains in memory until Reflection closes and can be seen using the read-only setting Connection Setting UserName. When this setting is No, the user name is cleared from memory when the client disconnects, and users must re-enter their user name for each connection.

Updates have been made to ensure compliance with Section 508 accessibility standards.

Reflection running on a 64-bit version of Windows now supports connections using a serial port.

This service pack resolves some copy and paste problems that were introduced in Service Pack 4.

You can now update and save settings in a settings file that includes a locked VBA project.

This service pack resolves a problem reported with Telnet connections that sometimes resulted in no host logout message being displayed in the Reflection terminal window.

Reflection now sends a "WILL TERMINAL TYPE" to the server with the initial Telnet negotiation packet.

Reflection now runs correctly when it is installed on a computer configured for metering by the Reflection for the Web metering server.

If you are configuring Rlogin or Secure Shell connections using the Connection directory (a prior version feature), you can now specify just the host name with no user name. You will be prompted for the user name when you connect.

You can now launch Reflection on a computer running on Windows Vista when certain other software programs (including Dell Support Center) are running.

This service pack resolves problems that caused SOCKS connections to become disconnected with an unknown packet error in some environments with a slow server response time.

Saved changes to terminal window fonts are now preserved correctly for all terminal types.

The new -xdmcptimeout parameter can be used in conjunction with the -b, -d, and -i options to set an XDMCP timeout when initiating XDMCP from the command line. If not specified, the timeout defaults to 15 seconds.

Syntax: -xdmcptimeout <number> (where number is number of seconds)

Example with timeout set to 30 seconds: "C:\Program Files\Attachmate\Reflection\Rx.exe" -xdmcptimeout 30 -d <host>

You can now use the Reflection X x64 Installer package to upgrade an older x32 Reflection X product that is running on an x64 platform. The upgrade converts Reflection X x32 to the new x64 version of Reflection X 14.0.5.

The new Use retained fonts check box allows users to control whether Reflection X will use cached font server fonts. By default Reflection X looks for cached fonts and uses them. Previously, Reflection X always implicitly looked for the fonts and used them if found.

The new -template startup option can be used in conjunction with the -s option to specify that Reflection X should treat the settings file used to start the X server as a template, and that all settings previously associated with that server should be deleted.

Example: "C:\Program Files\Attachmate\Reflection\Rx.exe" -template -s "C:\Documents and Settings\larry\<file>.rxs"

Using this option guarantees that when the X server is started, a predictable set of X server settings are used. Settings in the -template server settings file are honored every time the file is launched with this switch. Server settings that are not in the file will inherit application default values.

Four new templates can be used to obtain X application displays from X clients running on VMS hosts over Telnet or SSH. To obtain the templates see Technical Note 1840.

When a Windows scalable font is opened, Reflection X now creates font property atoms filled in with default or computed values when those values were not explicitly set by the client when it specified the XLFD name. For example, when the client specifies 0 for point size, pixel size, and width, Reflection X will compute values and report those in the font property atoms. This behavior now matches what Reflection X does for scalable X bitmap fonts.

Reflection X now shows window titles in icons correctly in X desktop mode in both Japanese and Chinese locales.

When pasting Japanese characters in the GNOME text editor (gEdit), Reflection X now uses the current Windows cursor location as the insertion point. There is no reliable way to determine the insertion point for gEdit based on X protocol received.

Rapid zooming and unzooming in Synopsys CATS application no longer causes Reflection X to crash.

Updates have been made to ensure compliance with Section 508 accessibility standards.

Screen mm width and height now account for virtual screen sizes and screens that span multiple monitors.

Panning no longer forces an X terminal desktop root window back to a specific monitor even though it was configured to be placed initially on a specific monitor.

On Vista systems, a minimized Reflection X root window is now restored with a single click on the taskbar button.

Reflection X now logs the font file name when font logging is on and the font was retrieved from a font server.

The -noglx command line option now functions correctly, launching Reflection X without GLX enabled.

When you clear the "Create a shortcut when saving X client files" check box and click OK, Reflection X now saves the changed state.

On all hosts, the display macro now sends the IP address and display number to the host. The macro no longer includes the screen number in information sent.

Reflection X no longer waits indefinitely on an unresponsive font server. When a font server stops responding, Reflection X will put the client to sleep and intermittently check to see if the font server is available. When it becomes available Reflection X will wake the client and allow it to continue where it left off.

Updates have been made to ensure compliance with Section 508 accessibility standards.

Users without local administrative rights can now successfully transfer folders containing compressed zip files when the FTP Client is configured to use SFTP transfer.

Using the OpenDirectoryListing method with an asterisk (.OpenDirectoryListing "*" ) now works as expected.

From the Reflection Secure Shell Settings dialog box, click the new Host Data tab. Under Environment variables, click Add to specify a new variable and value. (This change is saved to the Secure Shell configuration file using the SendEnv keyword.)

From the Reflection Secure Shell Settings dialog box, click the new Host Data tab. Use the Command text box to specify one or more remote commands. Use a semi-colon (;) to separate multiple commands. (This change is saved to the Secure Shell configuration file using the RemoteCommand keyword.)

The client now continues to transfer the remaining files and folders after a "permission denied" error occurs during an scp -r transfer.

During a rekey exchange, the client now searches for the host key in the global known hosts file in addition to the user-specific known hosts file.

When an scp -u transfer fails, the source file is no longer removed from the remote host.

You can now enforce FIPS-approved ciphers and MACs from the ssh command line using ssh -o FipsMode.

Batch transfers made using the scp and sftp command line utilities no longer fail with a packet too long error when a packet exceeds the expected length.

Executing multiple, simultaneous scp and sftp batch files no longer results in several rssh.exe processes left running after the scp.exe and sftp.exe processes have completed.

When an scp -r transfer fails because the folder doesn't exist, the client now returns an error.

The scp command now correctly handles commands that specify a folder name rather than a file name on the command line.

The client can now import trusted root certificates that contain UTF-8 strings. If a parsing error occurs when loading a certificate, the client logs the error and continues running.

The -k and -o UserKnownHostsFile options now work as expected with the ssh2, sftp2, and scp2 command line utilities.

The sftp command line utility now warns users when you attempt to rename a file using an existing filename.

The timestamp is now preserved when you download read-only files from the remote server using scp -p.

When the ssh command line utility is used with StrictHostKeyChecking set to yes, warning messages for failed connections are now displayed in the command window rather than in a pop-up. This change enables scripts to run without requiring user intervention.

Transfers made using scp no longer fail when certain Japanese characters are used in the file or folder name.

The scp2 command line utility no longer requires you to include user@ with the host name.

This setting is off by default. When set to 'Yes', unpaired SIs do not result in a XPROG 750, but are also not marked as being part of a SO/SI subfield.

This service pack fixes a problem that caused Reflection running on VISTA to crash when you opened a transfer request file (mto) with the local folder pointing to a mapped drive.

This service pack fixes a problem reported for transfers using IND$FILE structured field file transfer. Transfers presented a Transfer in Progress dialog box and the message, "Transfer failed: TRANS13 Error writing file to host: file transfer canceled"

Closing the Configure PKI dialog box using the OK button enabled the Use OCSP setting and caused connections to fail. This service pack fixes this problem.

When attempting a 5250 file transfer over a secure connection, the connection failed if the Host name did not match the Host name in the certificate even when "Certificate host name must match host being contacted" was not selected. This service pack fixes this problem.

This service pack fixes a problem that caused Reflection to crash in module r8xfrpcs.dll when transferring variable length fields.

This service pack fixes this problem.

You can now configure Reflection to execute actions before a connection is made. To do this, go to Setup > Events > New. Under Event Type, select "Before a connection is made."

When this setting is True (the default) Reflection copies both unicode and text to the clipboard. When it is False, Reflection copies only the text of the display memory to the clipboard. Setting this to False can speed up the copy command. To change this setting, use Setup > View Settings.

This service pack fixes this problem.

Reflection no longer crashes with an application error when closed by the Windows Task Scheduler. Note: Even with this fix in place, the best practice is to use Reflection commands to close the application exit rather than using the Task Scheduler.

This service pack fixes this problem.

This problems was caused by an off-by-one error in VT UDK escape sequence processing. This service pack fixes this problem.

This service pack fixes a problem that caused some host application problems when running Secure Shell sessions in the Reflection terminal window. In one reported case the host prompt was displayed before the user pressed the Enter key, which resulted in an error message from the server. The Reflection GUI client was sending an extra Secure Shell window change message after connecting. With this fix, extra window change messages are not sent.

This service pack fixes this problem.

In settings files with a large number of subroutines, executing GetMacroList could cause the Reflection session to crash. This service pack fixes this problem.

This service pack fixes this problem.

This Service Pack contains a new setting called Ignore Windows taskbar (Settings menu > Display). When this setting is disabled (the default), Reflection X creates a root window that does not intersect the Windows taskbar. When this setting is enabled, Reflection X creates a root window that uses the entire area of the primary monitor (as long as no virtual size is specified that would cause different dimensions to be used). The size, location, and state of the Windows taskbar are ignored.

Additional information has been added to the warning dialog box that displays when certain types of system changes occur, such as a change in the size of the desktop work area or a change in color depth. In addition, when there's a change to desktop work area, the warning dialog box that appears has a check box that enables the decision to be remembered until Reflection X is shut down.

This Service Pack adds support for GLX, version 1.4.

Starting with this Service Pack, when you enable the GLX extension (Settings menu > Server > Extensions), Reflection X advertises GL_EXT_texture3d.

In previous versions of Reflection X, when two .rxs files with the same base name in different locations were used with Reflection X shortcuts, it was not clear to the user which .rxs file settings were in effect. Both .rxs files were associated with the same Reflection X server instance. A change provided with this Service Pack fixes this issue. Now, there is a one-to-one mapping between .rxs files and server instance names. In the case where there's an existing mapping and a second .rxs file is introduced, the second .rxs file becomes associated with the server instance and the association with the first .rxs file is removed.

In earlier versions, Reflection failed to correctly show some window names for CDE sessions whose locale was set to ja_SP.SJIS. This issue has been fixed.

When a font server becomes unresponsive, Reflection X will no longer wait indefinitely for a reply from the font server. Now, Reflection X will sleep the client that is causing it to communicate with the font server and intermittently check to see if it has become available. When the font server becomes available, Reflection X will wake the client and allow it to continue where it left off.

Reflection X now consistently draws correct solid, zero-width diagonal lines when Perfect pixelization (Settings menu > Speed) is enabled.

In earlier versions, closing the Host Response dialog box for an SSH connection resulted in SSH connections being terminated. Now, for SSH connections, there is a Hide button in the Show Host Response dialog box. This allows users to remove the dialog box from view without affecting the connection.

To enhance protocol traces, DBE protocol processing has been added.

Previously, Reflection X was unable to iconify an olwm-managed window while in Microsoft Desktop mode. This problem has been fixed.

In previous versions, Reflection X would disable Host-based security if no valid hosts were listed in the host security file. Now, when this situation occurs, Host-based security continues to be enabled.

Font aliases have been added to enhance Reflection's compatibility with certain WindU/Bristol X-based applications.

This Service Pack includes support for several OpenGL enumerants that were missing in earlier versions.

In previous versions, multiple server instances were not allowed to start if the Reflection X Manager was disabled via the Profiler or the "-nc" command line switch. Now, each subsequent server instance is allowed to start and is given a notification tray icon for server management functions.

Starting with this Service Pack, when you use a shift key in combination with a number pad key, extraneous Microsoft Windows-generated key release and key press events are ignored.

You can now edit server files directly from the server pane display. To do this, right-click on a server file and select Edit. The FTP Client downloads the file to your system and opens the associated editor. When you save and close the file, the FTP Client uploads it back to the server.

The FTP Client can now connect correctly through the proxy server when client authorization is enabled on the proxy.

The thumbprint of the Reflection for the Web security proxy server certificate is now correctly reported by the client.

When you double-click a server file to view it, the client downloads a copy of file. Prior to this fix, this action would always overwrite an existing local file with the same name regardless of the If File Exists setting. With this fix, the client honors your If File Exists setting. Note: Update and Unique are not used when downloading to view server files. If either of these preferences is set, users are asked if they want to download the server file if a file of the same name already exists.

This service pack fixes this problem by allowing passive mode connections to HP3000 servers.

On Windows 2000 systems, double-clicking in the local pane opened a folder in a new Explorer window rather than navigating through the FTP client local pane. This service pack fixes this problem.

You can now specify which key exchange algorithms the client supports, and the order of preference. To configure this, open the Reflection Secure Shell Settings dialog box and use the Encryption tab. The keyword used to configure this setting is KexAlgorithms.

Secure Shell error messages now include much more detailed information that can be used to facilitate troubleshooting.

You can now use getext and setext with the sftp command line utility to view and set file extensions that will use ascii transfer.

You can now supply commands to command-line utilities using an input file as shown in this example:

This service pack improves the way the client handles loss of a network connection.

This service pack fixes a problem that led to the above error message when putting files to a chroot account on HP-UX 11.1 using the sftp2 command line utility.

This service pack fixes this problem.

The client now displays only one error message when scp and scp2 transfers are directed to a folder that doesn't exist on the server.

The return codes displayed for the ssh2, scp2, and sftp2 command line utilities now match those returned by prior version F-Secure products.

The scp -u switch can be used to remove a file after copying with the scp or scp2 command line utility. Previously this switch was supported but not documented. It is now included in the command line usage you see when you enter "scp -h" or "scp2 -h".

When attempting to connect from a WinCvs client to a CVS repository via the client; the WinCvs client appeared to hang during the connection process. The client could be interrupted, but never displayed the archive. This problem has been resolved.

In order to facilitate scripting, warning messages are now displayed in the cmd.exe window rather than in popup windows that require user interaction.

The HostCharacterSet keyword now sets the specified host character set when code page support is available.

Keys are now uploaded correctly to Tectia servers.

The client now correctly handles redirection of debug output to a file on the command line, as shown here:

This service pack fixes a problem that caused the sftp quit command to set a non-zero return value.

sftp batch file execution now continues even if one of the batch commands fails. The exit code is 0 for successful execution of the batch file, with no command failures. With command failures the exit code is 1.

A new setting is available to support double-byte character input in an AS400 single-byte field. To enable this setting, go to Setup > View Settings > 5250 Allow DBCS in SBCS field.

A new setting is available to support use of a non-alpha leading character in the host file name. To enable this setting, go to Setup > View Settings > Allow Leading Digit in CICS Host Filename.

A new setting is available which enables the Reflection input method editor (IME) to behave identically to the Korean Extra Universal Client IME. When this setting is enabled, the IME changes mode depending on the current field attributes. In a DBCS field, the IME switches to DB Hangul; in a SBCS field, it switches to single byte English. To enable this setting, go to Setup > View Settings > Korean EUCC IME Behavior.

Prior to this fix, adding a reference to a Reflection settings file caused macros recorded in the referenced file to be removed if they had the same name as macros saved in the local settings file.

This patch resolves a problem that caused Reflection to close down unexpectedly when references were added to another Reflection settings file.

Reflection now supports version 1 certificates.

With QPWDLVL=2 on the AS/400, a new, stronger algorithm for creating passwords is used, which supports longer and case-sensitive passwords. The Reflection Transfer utility now correctly handles these passwords.

This setting is relevant when you have established a Secure Shell session and set the file transfer protocol to "FTP". (In this configuration Reflection uses SFTP file transfer.) This setting specifies which data list style Reflection uses to generate the directory display. Changing the value of this setting may help troubleshoot file transfer problems. When it is set to No (the default), Reflection uses the standard UNIX-style data list. When it is set to yes, Reflection uses the structured data list style. To change the value of this setting, go to Setup > View Settings > FTPUseSftpStructuredListing.

Use this new property to configure the password for Secure Shell connections. It does not affect other connection types. For example, in a Reflection session that is configured to connect to your host using Secure Shell, the following macro connects to the host and sends the specified password.

Reflection now supports the Euro character (€) when Host character set is set to ISO Greek (8858-7).

Reflection no longer crashes when started from the command line with an extremely long parameter list.

Reflection X will now fully exit from a CDE session that was manually launched from a dtsession process (instead of from a dtlogin process).

If you want Reflection X to handle the calculation of mmWidth and mmHeight values, enter 0 (zero) for Width and Height in the Dimensions (mm) area of the X Screen Settings dialog box (Settings menu > X Screen). If you enter a value other than 0, Reflection X will use that value when it responds to X clients. This affects the "resolution" field ( you can see this when you use a client like xdpyinfo).

Reflection X will no longer send mouse and keyboard events that are duplicates of the previous mouse or keyboard events

Reflection X will no longer leave artifacts in a window with a PseudoColor visual that has been occluded and has save unders enabled.

Reflection X will now perform correctly when a GLX render context is made current with a GLX pixmap.

To resolve timeout issues, there is now a small but arbitrary amount of time between when Reflection X sends a command to a VMS host and when it reads the host's response while connecting via REXEC and RSH.

When Reflection X is in X terminal desktop mode, X windows that are dragged off screen, then on screen, are now redrawn correctly.

The 64-bit version of Reflection X will no longer crash when it attempts to supply default resolution values while looking up an XLFD.

You no longer need to reset or restart Reflection X when Remote Assistant attempts to connect.

Strings that contain Korean characters are now correctly displayed in window titles, the Windows taskbar icon, and on the Alt-Tab dialog.

In earlier versions of Reflection X that used the Secure Shell connection method, Tunnel X11 connections was enabled by default, appeared to be editable, but in fact could not be changed. After this patch is applied, the user interface will show the actual state of the setting and the setting can be disabled. To change this setting: Secure Shell connection method > Advanced button > Tunneling tab. Note that clearing this setting means that Secure Shell is used for authentication only; X11 data is sent in the clear.

Client connections that used the Secure Shell connection method sometimes resulted in excessive CPU usage. This problem has been fixed.

On an IBM AIX X client host, if you need the "time_last_login" field in /etc/security/lastlog updated on a successful login using the SECURE_SHELL method, then you will need to set a Reflection X registry key.

To set the necessary registry key:

If the value for SSHUsePty key is the default (No), then a successful login to IBM AIX hosts using the SECURE_SHELL method will not update the "time_last_login" field in /etc/security/lastlog.

A new setting, Use IPV6, has been added to the Connection tab in the Site Properties dialog box. Options are Always, Never, When Available. The default is When Available. Previously IPV6 support was configurable using the command window, and this technique is also still available.

A new setting, Connect through NAT server, has been added to support SSL/TLS connections through a NAT proxy server. To configure this setting click the Security button, then click the SSL/TLS tab.

Three new settings are available for configuring Reflection to forward FTP data through the SSH tunnel. Use these settings when the FTP server is on a different host from the Secure Shell server. To configure these settings, go to the Connect to FTP Site dialog box, click Security, then click the Secure Shell tab. The new settings are:

Configuring these settings is equivalent to using the following ssh command line:

The FTP Open method now supports sending passwords for Secure Shell sessions. The following sample configures a Secure Shell connection, connects to the specified host, and sends the specified user name and password.

The FTP Client now correctly remembers the state of the Encrypt data stream setting for SSL/TLS sessions.

This patch fixes a problem that caused intermittent connection problems because the client was not correctly sending the AUTH TLS message.

In the Directories tab of the FTP Client Site Properties dialog box, modifying the Cache directory listing setting now correctly enables the Apply button on this tab.

This patch fixes a problem that led to a missing openssh.dll error message when launching the FTP Client from a Visual Basic project.

This patch reduces the time it takes to display directory listings in the local pane.

This patch reduces the time it takes to display directory listings in the server pane.

The Preserve server file date option (available on the Transfer tab of the site properties dialog box) now works as expected for SFTP transfers.

When NoShell is set to "Yes", the client creates a tunnel without opening a terminal session. This option can be used in combination with ConnectionReuse to create a tunnel that can be reused by other ssh connections. You can configure this option in the Secure Shell configuration file, or using the -o command-line option.

This patch includes changes that support faster SFTP and SCP file transfers.

This patch reduces the time it takes to display directory listing in SFTP sessions.

Prior to this patch, server certificate validation failed if the certificate contained unknown extended key usage OIDs. These extensions are now checked during intermediate certificate validation only if they are marked as "Critical" or if you are running Reflection in DOD mode.

Error messages for the ssh command-line utility are now sent to stderr.

The sftp and sftp2 command line usage help now displays the following additional syntax for uploading files to the server: sftp [options] sourcefile [user@]host[#port]:[destination file]. This information is displayed when you use the -h command-line option.

Reflection no longer displays a blank "Reflection Secure Shell Client" dialog box when you are configured to use keyboard-interactive authentication. This dialog box was introduced by changes made to the SP2 patch.

This patch fixes a problem that caused a halt in data display when large chunks of data are being received. Prior to the fix it was sometimes necessary to use the Enter key to view the entire display.

This patch fixes a problem that caused Reflection to show multiple entries for the same user key when both a user-specific config file and a global ssh_config file were present on the same computer.

You can now specify which SSL or TLS version to use. The choices are TLS Version 1.0 (this is the newer protocol and is the default) and SSL version 3.0. To change this setting, go to Connection > Session Setup > Security > SSL/TLS > SSL/TLS version.

You can now easily copy text from one region of a host screen to the same region on another screen. To use this feature go to Setup > View Settings. Set Retain selection to Yes. Also, set Clear selection on screen when copied to No to ensure that the selection is not cleared after the copy/append action.

Reflection was incorrectly sending a PA2 when the Show Host Files button was used to upload a file with no host file name defined. This problem has been resolved.

You can now specify which SSL or TLS version to use. The choices are TLS Version 1.0 (this is the newer protocol and is the default) and SSL version 3.0. To change this setting, go to Connection > Connection Setup > Security > SSL/TLS > SSL/TLS version.

Reflection events now fire as expected when you add a reference to a Reflection session from a .NET environment.

Reflection can now save data to display memory that is cleared using partial screen clear commands. To enable this functionality, go to Setup > View Settings, and change the new setting Save On Partial Clear to Yes.

Under some conditions Reflection was not displaying Chinese characters correctly. This service pack corrects UTF8 display problems with wide characters.

SP2 fixes a problem that caused Reflection to close unexpectedly when the StopRecordingMacro built-in function was called when recording was not in progress.

When multiple instances of Reflection were launched at the same time, or many settings files containing macros were opened simultaneously, a message was displayed indicating that the SharedMacros settings file could not be created. This problem has been resolved.

SP2 corrects a problem that caused Reflection for HP to close unexpectedly when processing a trace that contained VT escape sequences.

Reflection X now supports up to 256 client connections. Note that the number of client connections is limited to the number of sockets (also set to 256); each client connection requires a socket, and Reflection uses sockets for other things such as font servers. For example, if Reflection has two listen sockets configured for TCP and DECnet and it's connected to three font servers, it can support 251 client connections (256 - 2 - 3 = 251).

Reflection's SHAPE X server extension now supports version 1.1 and has been enhanced to expose an Input region for windows. This newly exposed region is a subset of the Bounding region that restricts which portion of the window receives mouse events. With this enhancement, portions of the window not in the Input region pass mouse events through to underlying windows.

The XI Driver Client dialog box, which allows you to confirm your X server display and 3D CAD/CAM client application profile, now has a minimize control in its title bar.

Reflection X has a new registry keyname called EnableFlashNotification (default: Yes). If EnableFlashNotification is set to No and X terminal desktop is enabled, the root window's taskbar entry will not flash when it appears in the taskbar and there is some X Window activity. Note: Registry keynames can be changed by clicking Settings > View Settings from the top menu bar in Reflection X Manager (do not click the Setting button near the bottom on the dialog box).

Reflection X has a new registry keyword called AutoIncrementStart (default value: 1; valid values: 0-1023). AutoIncrementStart is the starting value that Reflection X uses to compute the dynamic display number when Reflection X is running in a Citrix/Remote Desktop session. Note: Registry keynames can be changed by clicking Settings > View Settings from the top menu bar in Reflection X Manager (do not click the Setting button near the bottom on the dialog box).

In addition to the client and server template files that install by default, there are templates that you can download from Attachmate's web site. For more information, see Technical Note 1840.

A problem was fixed that occurred when "Allow font scaling" was enabled and an X client sent the protocol request ListFontWithInfo to the X server, requesting iso10646-1 encoded fonts.

After a DEL key was mapped to the RM key of a DEC keyboard, the resulting keycode for the unshifted key was sometimes not displayed correctly. This intermittent problem has been fixed.

When 0 (zero) is entered in the Dimensions (mm) text boxes (Settings menu > X Server > Configure X screen), Reflection relies on its own internal screen size calculations, drawing from a variety of sources, when responding to X clients. If non-zero values are entered in the Dimensions (mm) text boxes, Reflection will use those values, among others.

In previous versions, a window created with the PseudoColor visual that was resized after being mapped sometimes resulted in the window not being drawn. This problem has been fixed.

Previously, if a selection was in COMPOUND_TEXT format, the Copy To Editor action in the Copy Selection dialog only copied the first character to your editor of choice. This behavior has been fixed.

This Service Pack fixes a problem with how Reflection reported "max char width" for Windows fonts.

Reflection will report server default values for point size and x and y resolutions for a font in a ListFontWithInfo request if those values are not specified in its XLFD. Reflection will no longer fail to report information on a ListFontWithInfo request if the font can be found.

In earlier versions of Reflection, when Microsoft Windows desktop was enabled as the Windows mode, the taskbar icons for each client window displayed the same information. Now, each taskbar icon displays unique information for easier identification.

Reflection X will re-optimize objects that it de-optimized because of resource limits that were exceeded as imposed by the resource control in the X server's speed settings panel.

In earlier versions of Reflection X, the Enable mouse wheel scroll option was not available for remote desktop sessions; it is now enabled.

Reflection X now correctly draws CoordModePrevious lines to root in IncludeInferriors mode.

You can now specify which SSL/TLS version to use. The choices are TLS Version 1.0 (this is the newer protocol and is the default) and SSL version 3.0. To change this setting, select a site in the Connect to FTP dialog box, then go to > Security > SSL/TLS > SSL/TLS version.

This service pack resolves a problem that caused some FTP servers to reject the connection when Reflection FTP was configured to use Kerberos.

Reflection FTP Client server file display has been optimized to decrease the amount of time it takes to display and refresh the server display pane.

You can now disconnect from the server (the preferred way to terminate network connections) or close the client when connected to a site that is configured to use SSL/TLS. When you close a connected session, the client now disconnects the SSL/TLS-secured FTP connection before shutting down.

You can now specify which hash algorithm the client uses in the process of proving possession of the private key during public key user authentication. To configure this, open the Reflection Secure Shell Settings dialog box. On the Encryption tab, under Signature types, select the hash you want to use for RSA and DSA keys.

This service pack fixes a problem that would sometimes cause very large (gigabyte) data transfers to hang when Reflection was configured to use the Secure Shell protocol. This problem was seen with transfers using the Reflection user interface and also using Reflection command line utilities.

This error message was displayed incorrectly when the Reflection scp command line utility was used with the -r switch. This problem has been resolved.

Sftp file transfers that use wildcard GET commands now work as expected.

In Reflection applications running with Service Pack 1 applied, the sftp and scp clients could not simultaneously access the same local file for uploading. This problem has been resolved.

This service pack corrects a problem in the Secure Shell protocol that could cause this error message to be displayed for slow or bad network connections.

On some 3270 host screens with protected numeric fields, the cursor skips valid available input fields when the user enters data that spans multiple fields. This problem has been corrected.

Macros that use the OpenSettings method to open partial settings files now work correctly. For example, the command Session.OpenSettings rcKeymap, "C:\temp\sample.map" now correctly opens the sample.map keymap file.

This patch fixes a problem that caused the following error message to display after selecting multiple files in the file transfer dialog box: "Length of Transfer Remote Filenames (IND$FILE) entry (nnn) is too long. Maximum length is 260."

Reflection now supports executing host-initiated Reflection Basic commands through the VBA command interpreter. This feature can be used to resolve problems in which host-initiated Reflection Basic commands fail to launch another application or do not return from the GetSaveAsFileName method after previous execution of a Reflection Basic script. See Technical Note 2148 for details.

Settings exported to XML now contain the correct data for customized toolbars. Previously Reflection was not correctly storing data for bitmap images assigned to customized toolbar buttons.

Buttons created using the Reflection DefineToolbarButton method now work correctly.

Wide characters (such as Japanese or Chinese) now display correctly when the Reflection host character set is set to UTF8.

Data assigned to the Reflection UserData property is now correctly stored and recalled when it contains a string longer than 261 bytes.

This patch fixes a problem that was observed when the Transmit method was invoked from a different session and the password was retrieved with GetPassword or GetLogin using rcDecodePassword. Reflection now correctly decodes encrypted passwords saved from a different session. Note that this is not designed as a secure way to store passwords: it is simply to obfuscate a password instead of storing it in clear text.

This Service Pack addresses a rendering problem. Now, when Reflection X is set to Coarse pixelization or Fine pixelization, Reflection X will render wide outline rectangles at least as fast as when it is set to Perfect pixelization.

Reflection X no longer leaves unpainted areas when a complex graphics expose event is delivered to a PseudoColor emulation window.

Starting and stopping Remote Assistance no longer results in the X Manager resetting or restarting.

Some users experience problems pasting items from the Windows clipboard into a terminal window. One problem is characterized by Reflection X not pasting items correctly if the paste occurs after a previous client has exited (also known as a "last client exit reset"). Pasting an item after initial startup or after resetting Reflection X from the user interface is successful. This and other related problems have been fixed.

When Line, segment or arc drawing is set to Coarse or Fine pixelization and a user draws a line segment with a length and width of 0 (zero), instead of drawing nothing in response to the polysegment request, Reflection draws a pixel. This problem has been fixed.

Several problems have been fixed in Reflection X when a second or third monitor is the left or above monitor number one (in negative coordinates). Reflection X does not support the display of X clients on negative coordinate monitors.

A problem introduced in Reflection 14.0 using the -c startup command line switch has been fixed. Now, the client file name parameter that follows -c does not need to be fully qualified if the client file is located in the user's personal folder (typically, C:\Documents and Settings\\My Documents\Attachmate\Reflection).

In situations where a mapped window has been created with no control decorations and Microsoft Windows is the Default local window manager, Reflection X will still send a ReparentNotify event when the window is mapped.

When Reflection X has Window mode set to X terminal desktop, the X screen configuration set to Full size (no title bar), and a user clicks near the border of the root window, the mouse pointer is repositioned. This results in some application controls becoming inaccessible. This problem has been fixed.

A problem involving drawing behavior was fixed. Now, when Coarse pixelization is enabled and the last segment in a list of segments is clipped out, Reflection X draws the segments that were not clipped out to a window with backing store or to a window that uses a PseudoColor emulation (PCE) visual.

If you are experiencing problems connecting over VPNs or if you have a high latency connection, you may need to increase the values of the Prompt timeout and Response timeout settings in your RXC file (Advanced Client Connection settings dialog box). These settings control the speed at which rsh/rexec connections send and receive data. Sometimes, extra delays are necessary over slow connections or connections that go through a VPN.

The icons and buttons in a customer's client application change to an incorrect color. This is because the client application changes the size of the terminal window to a negative value. While the fix provided in this service pack delays the color change, it cannot fix the problem. Only a change to the client application can fix the problem.

This service pack addresses a problem with font scaling.

This service pack fixes a problem that occurs when Reflection X is in Microsoft Windows desktop mode, with one monitor and the Windows taskbar on top or to the left of the screen. When Reflection is configured this way, the mouse cannot be moved into the region on the edge of the monitor opposite from the Windows taskbar (bottom or right).

When the Japanese 106/109 keyboard is used, Reflection X does not send a keyboard event if the key pressed has no symbol assigned to it. This problem has been fixed.

In previous versions, mouse wheel mappings that used the Alt key modifier did not work as expected. This problem has been fixed.

This service pack adds support to confine the cursor to a window with a non-rectangular shape.

A fix in this service pack addresses a problem in which KDE 3.3 desktop clients keep running after the Microsoft Windows screensaver is dismissed.

Three-button mouse emulation now functions correctly.

If text is selected in an xterm window, performing a Copy Rectangle to Windows Clipboard now overwrites the contents of Windows Clipboard with the rectangle you copied. Previously, the rectangle would be immediately overwritten by the string that was selected in the xterm window.

Reflection X now correctly handles colors with NULL terminators.

Two new settings have been added to the Transfer tab of the Site Properties dialog box:

This patch fixes a number of problems that were seen when handling files whose size is larger than 2 gigabytes. Problems included files that could not be displayed, files that failed to transfer, and file transfers that failed to resume properly. Note that some FTP or SFTP servers still may not be able to display or transfer files greater than 4 gigabytes, in which case the Reflection client may also experience problems.

The error message above displays if you attempt to install only the FTP client on a system on which F-Secure was installed. This patch fixes this problem; the Reflection F-Secure Migration wizard will not launch when an installation doesn't include Reflection for HP, Reflection for Unix and OpenVMS, or Reflection for ReGIS Graphics.

The FTP Client now launches successfully if your Desktop or My Documents folder is not in your roaming profile.

The SSH Config Scheme value is now written to properly when you export your settings from the FTP Client. Previously the SSH Config Scheme name was written out incorrectly in the exported XML and consequently the value was not set when the xml was reimported into the FTP Client.

If the Reflection FTP client is installed and launched for the first time on a system that already contains a file called "settings.rfw", any existing settings in the registry are migrated to a file called "settings0.rfw" and Reflection FTP loads the existing "settings.rfw" file. Settings are now migrated only if a previous version of Reflection FTP was installed on the system.

When the Directory Definition Wizard is used to create custom rules for parsing directory listings, a manually added "Include Suffix" value is now honored.

You can now configure Reflection Secure Shell and SSL/TLS connections to use one or more OCSP responders to check if certificates are still valid.

By default, Reflection applications allow some configurations that do not meet DOD PKI requirements. Administrators can now use Reflection Group Policies to configure all Reflection sessions to meet DOD PKI requirements. To do this, you must first install the latest version of the Reflection Administrator's Toolkit.

For additional information, see "DOD PKI information" in the Reflection application Help index after you've installed this service pack.

Administrators can now use the Reflection Customization Manager to create custom Reflection installations that include PKI settings. For additional information, see "PKI, deploying PKI settings in a customized install" in the Reflection application Help index after you've installed this service pack.

You can now choose to export the private key of a public private key pair. To do this, open the User Keys tab of the Secure Shell Settings dialog box, click Export, then select Export Private Key.

The Reflection Windows client now uses the SECSH file format by default for exported keys. This matches the format used by other Reflection for Secure IT applications. To configure Reflection to export keys in OpenSSH format (the previous default), open the User Keys tab of the Secure Shell Settings dialog box, click Export, then select Save in OpenSSH format.

Fixed security vulnerability, US-Cert VU#845620, http://www.kb.cert.org/vuls/id/845620 -- Multiple RSA implementations fail to properly handle signatures. For more details see the General Security Alerts and Advisories section of Technical Note 1708.

The sftp and sftp2 command line utilities now accept syntax to copy host files to the local root directory or to the root directory of another local drive. Commands such as the following are now supported:

The Reflection session now remains connected if you attempt to change to an empty directory. Previously either of the following commands disconnected the session:

Reflection no longer closes unexpectedly when the network connection goes down or the server terminates while the SFTP client is transferring a file.

The scp and scp2 command line utilities now correctly support the -i identity file switch. Commands like the following are now handled correctly. Previously this would result in an invalid error option.

Reflection now correctly creates the .pki folder when a user's My Documents folder is specified using a UNC path.

This patch provides improved SFTP support for traversing directories on OpenVMS systems.

The Host Key Authenticity dialog box now displays the host key fingerprint in both bubble-babble and hex format. The bubble-babble format uses a SHA-1 hash for the fingerprint and the hex format uses an MD5 hash.

A fix was made for SSH1 connections that were failing intermittently.

The sftp and sftp2 command line utilities now display the day of the month. Previously this part of the date was not included in the date fields.

A fix was added that prevents a Secure Shell or SFTP connection from hanging when downloading a large amount of data.

Reflection now reads private keys created with F-Secure that have a passphrase with more than 23 characters.

Fixed security vulnerability, US-Cert VU#845620, http://www.kb.cert.org/vuls/id/845620 -- Multiple RSA implementations fail to properly handle signatures. For more details, see the General Security Alerts and Advisories section of Technical Note 1708.

Reflection now correctly creates the .pki folder when a user's My Documents folder is specified using a UNC path.

The last character of the default principal, default realm, and KDC host name is no longer dropped when you have selected Use Windows logon value in the Reflection Kerberos Initial Configuration dialog box.