blob: b160b42b483435898654c70aa289d2ecfee52334 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>pyftpdlib Release Notes</title>
</head>
<body>
<div id="wikicontent">
<h1><a name="Version:_0.5.0_-_Date:_2008-09-20" id="Version:_0.5.0_-_Date:_2008-09-20">Version: 0.5.0 - Date: 2008-09-20</a></h1>
<h2><a name="Major_enhancements" id="Major_enhancements">Major enhancements</a></h2>
<ul>
<li><a title="Implement idle-timeouts" href="http://code.google.com/p/pyftpdlib/issues/detail?id=72">Issue #72</a>: pyftpdlib now provides configurable idle timeouts to disconnect client after a long time of inactivity. </li>
<li><a title="pyftpdlib should impose a delay before replying for invalid credentials" href="http://code.google.com/p/pyftpdlib/issues/detail?id=73">Issue #73</a>: impose a delay before replying for invalid credentials to minimize the risk of brute force password guessing. </li>
<li><a title="Implement permissions overriding" href="http://code.google.com/p/pyftpdlib/issues/detail?id=74">Issue #74</a>: it is now possible to define permission exceptions for certain directories (e.g. creating a user which does not have write permission except for one sub-directory in FTP root). </li>
<li>Improved bandwidth throttling capabilities of <a href="http://code.google.com/p/pyftpdlib/source/browse/tags/release-0.5.0/demo/throttled_ftpd.py" rel="nofollow">demo/throttled_ftpd.py</a> script by having used the new CallLater class which drastically reduces the number of calls to time.time(). </li>
</ul>
<h2><a name="Bugfixes" id="Bugfixes">Bugfixes</a></h2>
<ul>
<li><a title="Some unit tests failing on dual core machines" href="http://code.google.com/p/pyftpdlib/issues/detail?id=62">Issue #62</a>: some unit tests were failing on dual core machines. </li>
<li><a title="Socket handles are leaked when a data transfer is in progress and user QUITs" href="http://code.google.com/p/pyftpdlib/issues/detail?id=71">Issue #71</a>: socket handles are leaked when a data transfer is in progress and user QUITs. </li>
<li><a title="Orphaned file is left behind in case STOU fails for insufficient user permissions" href="http://code.google.com/p/pyftpdlib/issues/detail?id=75">Issue #75</a>: orphaned file was left behind in case STOU failed for insufficient user permissions. </li>
<li><a title="Incorrect OOB data management on FreeBSD" href="http://code.google.com/p/pyftpdlib/issues/detail?id=77">Issue #77</a>: incorrect OOB data management on FreeBSD. </li>
</ul>
<h2><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">API changes since 0.4.0</a></h2>
<ul>
<li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">FTPHandler, DTPHandler, PassiveDTP and ActiveDTP classes gained a new timeout class attribute. </a></li>
<li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">DummyAuthorizer class gained a new override_perm method. </a></li>
<li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">A new class called CallLater has been added. </a></li>
<li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">AbstractedFS.get_stat_dir method has been removed. </a></li>
</ul>
<h2><a name="Migration_notes" id="Migration_notes">Migration notes</a></h2>
<p><a name="Migration_notes" id="Migration_notes">Changes applied to the 0.5.0 trunk should be fully compatible with the previous 0.4.0 version. Your existing 0.4.0 based code will most likely work without need to be modified. The new features in this release are detailed below. </a></p>
<h3><a name="Idle_timeouts_and_new_class" id="Idle_timeouts_and_new_class">Idle timeouts and new CallLater</a> class</h3>
<p>The previous version suffered the problem of not having a mechanism to disconnect clients after a long time of inactivity. This posed the risk for the FTP server to be easily vulnerable to DoS attacks in which a lot of connected clients could clump system's resources and sockets. </p>
<p>0.5.0 version solved this problem by implementing a brand new polling loop which, other than serving the connected clients, also checks if it is the proper time for scheduled functions to be called (if any). Thanks to the new loop and the new CallLater class implementing <a href="http://code.google.com/p/pyftpdlib/issues/detail?id=72" rel="nofollow">timeouts</a> and <a href="http://code.google.com/p/pyftpdlib/issues/detail?id=73" rel="nofollow">delays to invalid credential replies</a> have been possible. </p>
<p>FTPHandler class gained a new timeout attribute defaulting to 300 seconds which is the maximum time of inactivity a remote client may spend before being disconnected. </p>
<p>Also DTPHandler class gained a new timeout attribute defaulting to 300 seconds which roughly is the maximum time the data transfers can stall for with no progress. </p>
<h3><a name="Permission_exceptions" id="Permission_exceptions">Permission exceptions</a></h3>
<p><a name="Permission_exceptions" id="Permission_exceptions">The DummyAuthorizer now gives the possibility to define permission exceptions for directories. For example, if you want to create a user which does not have write permission except for one sub-directory in FTP root, you can now do as follows: </a></p>
<pre><a name="Permission_exceptions" id="Permission_exceptions">>>> from pyftpdlib import ftpserver<br />>>> authorizer = ftpserver.DummyAuthorizer()<br />>>> authorizer.add_user('user', 'password', '/home/ftp', perm='elr')<br />>>> authorizer.override_perm('user', '/home/ftp/pub', 'elradfmw', recursive=True)</a>
</pre>
</div>
</body>
</html>
|
