CompleteFTP's year of 2015

CompleteFTP is a secure Windows server that supports a number of file transfer protocols such as FTP, FTPS, SFTP, SCP and HTTP/S. During the last eight years, its regular release cycle means it has been continuously enhanced.

Here's some of the important changes made during 2015.

Security. A number of key security changes were made to CompleteFTP in recent months. Password hashing now uses PBKDF2 with SHA256, making it computationally infeasible to retrieve the salted passwords. Importantly, support for TLS 1.2 was added, including TLS secure renegotiation. We also added support for TLS_FALLBACK_SCSV in TLS, and made a number of other security fixes.

Features. The most useful new feature was probably scheduled events. Scheduled events can be set up to fire at a predefined schedule, such as once per hour or at midnight every weekday. We also added many new Javascript Server-Side (JSS) features, and some new command-line administration commands such as chmod and chown, as well as other minor enhancements.

Resources. We significantly reduced memory consumption, and CompleteFTP now uses the NET 4.x framework if it is installed, which has significantly better memory management than earlier frameworks. CompleteFTP now reuses the passive port for the same client, meaning the passive port range is used far more efficiently.

Bugs. We fixed all the bugs that users reported to us. In particular, we fixed a tricky issue with our certificate signing requests (CSRs) that meant Verisign/Symantec would not accept them.