Technical Notes

A new option, Store trusted certificates in the common application data folder, is now available in the Reflection Certificate Manager on the Trusted Certificate Authorities tab. By default, trusted roots are added to a user-specific location. When this option is selected, trusted roots are saved to the following location, which makes them available to all users of the computer:

Note the following:

This service pack addresses vulnerabilities described in Microsoft Security Bulletin MS09-035 and Microsoft Security Advisory 973882: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution.

Improvements have been made to how CPU is managed in Citrix environments.

The client now presents the unknown host key prompt if a rekey occurs and the host key is not present.

The PKCS #11 tab of the Reflection Certificate Manager includes a setting called "Disconnect automatically when token is removed." Prior to this service pack, removing the token correctly triggered a disconnect, but reinserting it caused the client to close unexpectedly. This service pack fixes this issue; you can now reinsert your token and connect again.

The client now correctly handles new line requests in banners displayed in Secure Shell connections. This fixes a problem that was reported with SP 6.

Prior to this service pack some failing scp transfers returned a zero error code. This was reported for transfers in which the error was "Access is denied" and "The system cannot find the path specified." These errors now return the appropriate non-zero error codes.

This service pack resolves a problem reported with Secure Shell connections that sometimes resulted in a no host logout message being displayed in the Reflection terminal window.

Reflection no longer sends incorrect pixel values with the client's Window-change request. This resolves a problem that caused the Secure Shell connection to be terminated when using the BalaBit Shell Control Box.

Prior to this service pack, some smartcard hardware and software configurations led to authentication failures with the error "ProviderException (11) when attempting to sign data." This problem has been resolved.

After execution of the command, scp -r user@host:Demo, the directory "Demo" is now created on the server. Previously, only files and subdirectories contained within "Demo" were copied to the server.

During Secure Shell password authentication, error messages from the server are now displayed in the Reflection window.

Authentication now succeeds when you authenticate using a valid certificate stored in the Reflection Key Agent.

The "Use Window Logon" option is not available on some 64-bit operating systems, which don't support this option. Previously, attempts to use this option on these systems caused an unexpected shutdown. The control is no longer available to set on systems that don't support it.

The default value of a setting configured using the Reflection Secure Shell Settings dialog box is now written to the user-specific config file if and only if a non-default value for that setting is configured in a system-wide ssh_config file. Also, if a user adds a default value by manually editing the user-specific configuration file, the default value is honored and not removed from the user's file.

Prior to this service pack, if a global configuration file was present, any non-default values in the global file were written to the user-specific file when the user made any changes using the Secure Shell Settings dialog box. Settings configured in the system-wide ssh_config file no longer have any effect on user-specific config files.

If you specify a remote command that includes spaces as part of an ssh command line, the remote command is now executed as expected.

The client now supports the hmac-sha25 and hmac-sha512 MACs. The client now proposes the following MACS by default (in this order):"hmac-sha1,hmac-sha256,hmac-sha512, hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96".

A new site-specific setting, Preserve timestamps and file attributes, is available for SFTP transfers. When this option is selected, file attributes and timestamps are not modified when files are transferred to and from the server. To configure this setting, select your site, click Security, then click the Secure Shell tab. Note: Selecting this setting sets the PreserveTimestamps in the Secure Shell configuration file.

You can now configure global default attributes for file transfers to and from any server using Tools > Options > Attributes. (Note: To be able to specify non-default attributes during a file transfer, go to the Site Properties dialog box. On the Transfer tab, enable Show upload options before transfer and/or Show download options before transfer.)

File view filters (configured using either View > Filter or Site Properties > Directories > File view filter) are now supported for SFTP connections.

This service pack resolves a problem that caused intermittent errors in transfers made using the FTP Client API. The error interrupted program execution and reported "File or directory not found" even though the required files were present on the server and the program was able to execute successfully on many other attempts.