SocketTools Release Notes

Version 9.5.9500.3142

  • Additional assemblies that explicitly target .NET Framework versions 3.5 and 4.5 have been included and are automatically selected as the defaults during installation, based on the version of Visual Studio installed on the development system.
  • Changed the shared location for .NET assemblies to the C:\Program Files (x86)\Common Files\SocketTools folder. All future versions of SocketTools will use this shared location. The shortcut in the installation folder to the assemblies will reflect this new location.
  • When using Visual Studio 2012 or later versions, it will now default to using the .NET 4.5 Framework assemblies rather than version 4.0 assemblies.
  • Registry scripts have been included with the .NET Edition and SocketTools Subscription that make it easier to switch between default framework versions. They are found in the Framework folder where SocketTools has been installed.
  • Modified the MIME components and API to manage memory more efficiently when processing messages that have very large file attachments.
  • Improved handling of certain non-standard response codes returned by third-party FTP servers.
  • Improved processing of RSS newsfeed XML parsing to handle larger newsfeeds.
  • Changed the default encoding used for email messages to use 8-bit characters and UTF-8 encoding, which is compatible with virtually all modern mail servers and clients. The application can specify 7-bit text for legacy mail servers that do not support the use of 8-bit characters in MIME formatted messages. This change only affects message text, and not file attachments or inline images.
  • Improved internal handling of an error condition when the SSH component would attempt a connection to a server that advertised support for AES encryption, but would not actually use AES as the preferred encryption method.
  • Modified the fallback option to use earlier versions of TLS with legacy servers so it always includes TLS 1.0 as a supported option regardless of the selected security protocol version, and will always permit the use of older cipher suites. By default, SocketTools will only use TLS 1.2 and strong cipher suites for secure connections.
  • Corrected a problem that could prevent an email message from being parsed correctly when it contained a very long block of text that did not include linebreaks. This usually occurred with email messages that used automatically generated HTML formatting.
  • Corrected a problem that could prevent the TLS handshake from completing correctly when a client connects to a server running on Windows XP or Windows Embedded when the client requested any version of TLS from version 1.0 to 1.2.
  • Corrected a problem that could prevent Internationalized Domain Names (IDNs) from resolving correctly on versions of Windows prior to Windows 10 and Windows Server 2016.
  • Corrected a problem that would result in an unexpected error when performing an asynchronous file transfer using a secure HTTP connection, although the transfer actually completed successfully.
  • Corrected a problem that could result in an unhandled exception when attempting a secure connection to server that only supports TLS 1.1.
  • Corrected a problem that could cause secure connections to fail on Windows XP and Windows Vista because it would not fallback to using TLS 1.0 under some circumstances. This was a side effect of changing the default security options to only use TLS 1.2 on current Windows platforms.
  • Corrected an intermittent problem with the HTTP server component rejecting multiple simultaneous connections from the same IP address, even though it did not exceed the connection limits.
  • Modified the installer to require a valid email address when performing a new installation or upgrade.
  • Corrected a problem that could cause certain .NET class properties to throw an unhandled exception when assigned a value by an application targeting the .NET 4.7 Framework.
  • Updated the Internet Mail .NET class and ActiveX control to include changes to the default message encoding.
  • Corrected a problem that could result in incomplete data being returned when reading a block of data from a secure socket connection and the provided buffer size was smaller than the data in the socket’s receive buffer.
  • Corrected a problem with the ActiveX controls with assigning a property value using a variant variable type. If the property expected an integer value, this could result in in an exception being generated.
  • Updated several compression and security related libraries that are used internally to address potential buffer overflow problems.
  • Additional updates to the documentation and examples.

Version 9.3.9320.2834

  • Corrected a problem with the SSH components that could prevent a connection from being established, failing with an error indicating that an invalid argument has been specified.
  • Corrected a problem that could cause the HttpPostData function to fail with an invalid parameter error if a zero-filled buffer was provided to store the server response to the request.
  • Corrected a problem that could cause the Visual Basic 6 IDE to hang or crash when setting a breakpoint inside an asynchronous task event handler, such as OnTaskBegin or OnTaskRun.
  • Changed the HttpCommand function to safely handle calls that specify a query parameter string without including the terminating null character in the length.
  • Changed the InetWriteLine function and the WriteLine methods in the .NET classes and ActiveX controls to check if the string being sent to the remote host was already terminated with a linefeed (LF) or carriage return (CR) character; if it is, it will be automatically converted to the standard CRLF end-of-line sequence.
  • Corrected a problem with the Unicode version of the InetReadLine function that could cause it to fail with an invalid parameter error when a valid buffer length was specified.
  • Changed how email addresses are parsed to improve tolerance for certain types of malformed addresses.
  • Updated all .NET client components that support secure connections using TLS to select TLS 1.2 as the only default protocol requested during the initial handshake with the server. TLS 1.0 will continue to be used on versions of Windows that do not support TLS 1.2.
  • Updated the documentation to reflect the security changes that were made in the previous updates with regards to the default security protocols.
  • Minor updates to the documentation and examples.

Version 9.3.9310.2784

  • Updated to remove default support for weaker cipher suites that use RC4 and/or MD5, which are no longer considered cryptographically secure.
  • Added an option to allow a secure connection to fallback to using weaker cipher suites. This enables the client to connect to legacy services that do not support current security standards.
  • Corrected a problem in the FtpClient and HttpClient components where the URL property would not handle IDN host names correctly under some circumstances. This would primarily impact code where the URL property was assigned a value using an IDN host name, and then the Connect method would be called without any arguments.
  • Corrected a problem where Unicode error descriptions would not be returned for valid error codes under certain conditions.
  • Corrected a problem where malformed base64 encoding could corrupt the stack under certain conditions, causing the application to terminate.
  • If the FtpServer or HttpServer component is configured to use secure connections, and the CertificateName property is not defined, the server name will be used as the certificate common name.
  • Corrected a problem where FTP directory listings could fail with an error or return zero matching files if wildcards were used and the server advertised support for the MLST feature.
  • Added the functions InetNormalizeHostName and InetHostNameToUnicode to assist with processing internationalized domain names.
  • Added the GetMessageDigest function which was used internally in previous versions but not exported as part of the API.
  • Corrected a problem where certain optional values passed to an ActiveX control’s method would not enable the desired option. This rarely occurred and only under specific conditions, but it could result in unexpected behavior such as invalid argument exceptions being thrown when calling a method.
  • Corrected a problem with the IneternetMail ActiveX control where it would ignore the Timeout value passed to the Idle method.
  • Corrected a problem with the FileTransfer ActiveX control and .NET class where large file sizes for FTP transfers would not be reported corrected during the OnProgress event.
  • Changed the GetFileSize method in the FtpClient and HttpClient .NET classes to throw System.OverflowException rather than truncating the value if a file size would exceed the size of a 32-bit integer. Applications should use the overloaded version of the GetFileSize method that accepts a long (64-bit) integer instead.
  • Minor updates to the documentation and examples.

Version 9.3.9300.2758

  • This update includes improved support for Unicode and Internationalized Domain Names (IDNs) for all networking components.
  • Updated to support TLS 1.2 on Windows Embedded POSReady 2009, Windows XP SP3 and Windows Server 2008 SP2 if update KB4019276 has been installed on the system.
  • Corrected a problem in the FTP and HTTP components and libraries where the GetFile and PutFile methods would fail if the local filename contained Unicode characters that were not defined for the current locale.
  • If an FTP server advertises support for UTF-8, the client will always send the OPTS UTF8 ON command when a connection is established. The default encoding for all client sessions will be UTF-8, rather than being undefined.
  • If an FTP server advertises support for the MLST and MLSD commands, they will be preferred as the default method of requesting file information instead of using the STAT and LIST commands.
  • The initial FTP server result code and welcome message are preserved with a successful connection, providing more consistent behavior across different types of servers.
  • The contents of a directory returned by the Unicode version of the FtpGetFileList function will always convert UTF-8 encoded filenames to UTF-16, rather than return them in their encoded form.
  • Corrected a problem where enumerating HTTP headers could cause the application to return invalid data if the header value contained UTF-8 encoded characters.
  • Assigning the URL property in the FtpClient and HttpClient components to an empty string will explicitly clear the current host name and port number, and will reset security options to their default values.
  • Corrected a problem where the PostJson and PostXml methods in the HttpClient component could fail if the XML or JSON data included non-ASCII characters.
  • Corrected an issue with the FTP server component that could cause a file handle to be left open after computing a CRC or MD5 value for a local file.
  • Corrected an issue with HTTP requests to a host that used internationalized domain names (IDNs) that would result in a 400 (bad command) error being returned by the server.
  • Corrected an issue that could result in an unhandled exception being thrown or an invalid host name being returned if MX records for a host contained very long domain names.
  • The base domain name for a host will be queried when resolving DNS mail exchange (MX) records if the specified host name does not have any records defined.
  • Additional checks are made against domain names to protect against IDN homograph attacks and intentionally malformed names that use Unicode.
  • The ANSI versions of functions in the SocketTools Library Edition will accept UTF-8 encoded host names and local file names. This will enable ANSI (MBCS) applications to use Unicode host names and file names if needed.
  • Added the functions DnsNormalizeHostName and DnsHostNameToUnicode to assist with processing internationalized domain names.
  • Corrected an issue where host names or file names that contained certain Unicode characters were not accepted even though the names were valid.
  • Corrected an issue that could cause the FTP and HTTP server components to throw an unhandled exception if a client aborted a secure connection during the TLS handshake.
  • Corrected an issue where the FTP client components could generate too many progress event notifications over a short period of time during large file transfers. Depending on how the event handler was implemented, this could have a negative impact on the user interface until after the transfer completed.
  • Corrected an issue where certain malformed MBCS or UTF-8 encoded file names could cause an internal buffer overrun that would result in a general protection fault or unexpected behavior.
  • Updated the MIME components to be more tolerant of email messages that are imported with certain malformed headers, rather than failing to load them.
  • Corrected an issue with the HTTP server component that could cause an invalid error to be returned under certain circumstances when a virtual path was specified by the client.
  • Corrected an issue where the Unicode versions of the compression related methods in the encoding components and libraries would not accept file names with non-Latin1 characters.
  • Corrected an issue where specifying an invalid certificate, or an invalid password provided for a certificate file, would not generate the correct error during the initial connection process.
  • Additional checks are made to ensure the validity of certificates that are used to accept or establish secure connections.
  • Minor updates to the documentation and examples.

Version 9.2.9210.2580

  • Secure connections using SSH will no longer support the v1 protocol by default when establishing a connection. This version of the protocol is considered deprecated and will only be used if the application explicitly requests it. By default, all SSH connections (including connections to SFTP servers) will use SSH v2.
  • The internal list of various cipher suites offered by the SSH components has been modified to prioritize SHA-256 over SHA-1. This addresses a problem where some SSH servers would reject the connection because SHA-1 is a weaker hash algorithm.
  • Updated to reject connections to servers that advertise support for AES encryption but do not negotiate for AES-128 or AES-256 during the handshake. Previously, the component would silently attempt to renegotiate a connection using a weaker cipher suite.
  • Corrected a potential deadlock issue where a background worker thread that established an SFTP connection would connect to a server and then block indefinitely waiting for file transfers to complete on another thread.
  • Corrected several methods in the SocketTools.FileTransfer, SocketTools.FtpClient and SocketTools.HttpClient classes where file offsets were specified as 32-bit integer values instead of 64-bit values, or would truncate 64-bit values to 32-bit values. This would prevent an application from specifying offsets in very large files (over 4.2GiB)
  • Corrected an issue where Unicode file names were not being encoded or decoded correctly in some cases, notably with names that did not contain characters in the Latin-1 character set.
  • Corrected a problem with the ActiveX controls that could result in an unhandled exception when converting Unicode strings between UTF-16 and UTF-8.
  • Corrected a problem that could result in an unhandled exception when certain malformed URLs would be passed by the caller to the FTP and HTTP components.
  • Corrected a problem where querying a DNS server for a list of mail exchange (MX) records would fail unexpected or return a truncated list of mail servers.
  • Corrected a problem where multiple DNS queries could cause a minor memory leak if the Unicode version of the functions were used.
  • Corrected several methods in various C++ class implementations that did not work correctly or were omitted if the application was compiled using Unicode.
  • Updated several .NET examples that targeted the wrong version of the .NET Framework based on the version of Visual Studio they were built with.
  • Updated several Visual C++ examples that were configured to use earlier toolsets and/or earlier versions of the Windows SDK. This would prevent the example from compiling unless the previous version of Visual Studio was also installed on the same development system.
  • Updated the technical reference documentation for the current release.

Version 9.2.9200.2450

  • All SocketTools components and libraries will now use TLS 1.2 as the default for secure connections and will not advertise support for earlier, less secure versions of the protocol. If the platform is Windows XP, Windows Vista or Windows Server 2003, then TLS 1.0 will be supported for backwards compatibility. Applications may still explicitly request that older versions of the TLS protocol be used if required.
  • Updated security related internals to prioritize stronger encryption and hashing algorithms in conjunction with the change to use only TLS 1.2 as the default protocol. When connecting to older servers that have not been updated to use more recent cipher suites, it may be necessary to explicitly specify that the control or library use TLS 1.0 in addition to or instead of TLS 1.2.
  • TLS Session Resumption is available on Windows 8 and later versions of the platform for client-side connections. Server support is available on Windows 8.1, Windows 10 and Windows Server 2016. This feature is not available on earlier versions of Windows.
  • The FtpServer and HttpServer ActiveX controls and .NET classes will now validate the server certificate before allowing the server to start. Previously, the certificate validation was done at the point where a client would connect to the server. With this change, the server application will immediately know if the certificate does not exist or is invalid.
  • The OnProgress event for the FtpClient and HttpClient ActiveX controls will now return the number of bytes copied and the total number of bytes as a Double floating-point number if the value would exceed 2 GiB, the maximum value that can be represented as a signed 32-bit integer.
  • The TransferBytes property for the FtpClient and HttpClient ActiveX controls will return -1 if the value would exceed 2 GiB, instead of returning an arbitrarily large negative value. If large files are being transferred, the application should use the new TransferBytesXL property which will return the number of bytes as a Double floating-point value.
  • The OnProgress event for the FtpClient and HttpClient .NET class will now return the number of bytes copied and the total number of bytes as a long (64-bit) integer. The TransferBytes property has also been updated to return a long integer value.
  • The HttpClient ActiveX control and .NET class provides improved support for submitting JSON data using the PostJson method. The client library also includes a HttpPostJson function and PostJson method for the C++ class.
  • The TransferBytes, TransferRate and TransferTime properties were added to the HttpClient ActiveX control and .NET class.
  • The TransferBytes, TransferRate and TransferTime property values will now persist after a connection has been closed. Their values will reset to zero when a new connection is established.
  • Corrected a problem where the TransferRate property could return incorrect values, or no value at all.
  • Corrected a problem where incorrect values could be returned for UTF-8 encoded directory and file names. For example, the GetDirectory method for the FtpClient class could return an invalid value. This was usually indicated by “?” characters being interspersed throughout the string.
  • Corrected a problem where certain valid multipart MIME messages with very large header blocks were not being parsed correctly. Either the message could not be parsed at all, or it would return an incorrect number of message parts, if it included file attachments or alternative message content.
  • The FtpClient ActiveX control, .NET class and library will now recognize URIs that use the “ftp-authssl” scheme in addition to “ftpes”
  • Updated the core tracelog (logging) facility shared by all libraries and components to be more efficient when writing large amounts of data, or appending to a large logfile. This should result in a reduced impact on applications where logging is enabled.
  • The default logging mode now includes generating a hexdump of the data exchanged between the client and server. For the ActiveX controls and .NET classes, this typically means that it is no longer necessary to explicitly set the TraceFlags property when enabling logging.
  • Log file names may now contain embedded environment variables that are replaced with their values. For example, a log file name of “%LocalAppData%\MyLogFile.txt” would create the file in the local application data folder for the current user.
  • Log files will be created in the current user’s Documents folder by default, if no folder path is specified. In addition, logging will automatically be disabled if the specified log file is read-only, or if it specifies an executable or system file.
  • Updated the installer to address an issue where a new version release of SocketTools would attempt to replace only specific components of a previously installed version. This could prevent ActiveX controls from being registered correctly or an incorrect folder location would be referenced for the .NET assemblies.
  • Updated the technical reference documentation for the current release.

Version 9.1.9100.2138

  • Updated to include support for Visual Studio 2017 and .NET Framework 4.6.2, along with previous versions of Visual Studio.
  • Corrected an issue that could cause a secure session to fail if only one version of the TLS protocol was selected as an option.
  • Updated internal compatibility checks for Windows XP and Windows Vista to prevent secure connections from attempting to use cipher suites that are not supported on those platforms.
  • Updated to make additional compatibility checks for Windows 7 and Windows Server 2008 R2 based on the cipher suites that those platforms support.
  • Corrected an issue that could cause the IMAP client to become out of sync with the server under certain conditions, incorrectly reporting success or error conditions.
  • Corrected an issue that would prevent file transfers using FTP or FTPS from notifying the client application that they completed successfully, and could return incorrect file transfer statistics under some conditions.
  • Corrected an issue with the FTP and HTTP components where file names would not be converted to UTF-8 when using the ActiveX controls, even when the server supports UTF-8 encoding.
  • Updated to improve the performance of internal UTF-16 and UTF-8 encoding of file names, eliminating duplicative conversion calls.
  • Corrected an issue with the server components that could prevent an application from being notified when an internal change in state occurred. For example, under some conditions, applications were not being notified when the server entered an idle state.
  • Corrected an issue that could cause server applications to become non-responsive for several seconds when a client session terminated at the same time that a new secure connection was being accepted.
  • Corrected a rare issue that could cause corrupted data to be returned when a server responded with large amounts of data to an HTTP POST request. This impacted both the .NET HttpClient class and ActiveX control.
  • Corrected an issue where the SMTP component did not correctly check authentication requirements over a standard connection under some circumstances, resulting in a failed submission because credentials were not being provided.
  • Corrected an issue with the DNS components when performing a reverse DNS lookup that could prevent a valid domain name from being returned.
  • Changed internal limit on the maximum size of a GET request to the HTTP server component to accommodate very long query parameters. This corresponds with an internal change to the maximum amount of memory that may be allocated for a client session based on the request type.
  • Corrected a problem with the HTTP server component that could cause a virtual path to be resolved incorrectly, preventing access to an existing resource.
  • Corrected a problem that could prevent an SFTP session from authenticating correctly if the server only supported interactive keyboard authentication.
  • Corrected a problem that could result in an error when extracting an attachment from a MIME message if a UTF-8 encoded file name was specified.
  • Updated the SMS component with recent changes to service provider information in the United States and Canada.
  • Corrected an issue with the ICMP component that could cause incorrect statistical information to be returned to the application under some rare conditions.
  • Updated the technical reference documentation for the current release.

Version 9.0.9000.1420

  • Support for Windows 10 and Windows Server 2016 platforms and the current version of the TCP/IP stack on those platforms. It is recommended that applications which target these platforms upgrade to the current version.
  • New security options for all networking components that introduces explicit support for TLS 1.2 and provides a mode that is compliant with PCS DSS v3.1 standards. In this mode, a connection will not complete unless both the client and server support strong encryption and the TLS 1.2 protocol.
  • Support for Visual Studio 2015 and .NET Framework 4.6, along with previous versions of Visual Studio including Visual Studio 6.0, and continued support for the .NET 2.0 Framework for legacy applications.
  • SocketTools continues support for Windows XP SP3 and Windows Server 2003, however those platforms have limited feature sets and security options.
  • Updated the SSH and SFTP networking components to be compatible with the OpenSSH 7 library and those services which use it. Improved backwards compatibility with older servers, primarily those on embedded devices, that do not support the typical suite of encryption algorithms.
  • Improved support for Unicode aware servers using UTF-8 as the default character set for file and resource names.
  • Improved support for IPv6 networking on Windows servers that do not have an IPv4 stack enabled or configured.
  • Improved internal support for virtual machines (VMs) running on a host using NAT or bridged network connections.
  • Increased the number of connections that the server components can accept and process, based on the amount of physical and virtual memory available on the system.
  • Improved performance for very large file transfers to some servers, and made internal improvements to the ability to automatically recover a transfer that may have stalled.
  • Corrected a problem with the FTP components that could cause incorrect information to be returned when parsing directory listings from certain types of servers. This could result in invalid file sizes or date values to be returned to the application.
  • Corrected a problem where the FTP and HTTP components may not parse certain types of URLs correctly if they were constructed in a specific way.
  • Adjusted parsing and encoding requirements for certain types of HTTP requests to accommodate servers that would not decode queries correctly. This prevented unnecessary redirections that could cause unrelated errors or delays in loading content.
  • Updated the Library Edition C/C++ header files to improve compatibility with older versions of the Visual C++ compiler and third-party C/C++ compilers.
  • Corrected a problem with the MIME components when parsing messages that contained certain malformed headers in the main header block of the message. This resulted in attachments that could not be accessed by the application.
  • Relaxed certain authentication restrictions internal to the client, depending on the server to indicate whether a specific command is authorized or not instead of depending on the state of specific authentication requests.
  • Corrected a problem that could cause the IMAP and POP3 components to attempt a secure connection using the credentials provided, even if the server was not configured to support them and security options were not enabled.
  • Corrected a problem with the FTP components where transfer restart byte offsets would be ignored even if the FTP server supported the option and the entire file would be transferred.
  • Modified the FTP components to return a more meaningful error code when attempting to append data to a file and specifying a restart byte offset greater than zero; they will now return an error indicating that the operation is not supported.
  • Corrected a problem with the FTP components where the GetFileSize method could return an incorrect error code, indicating that a file does not exist on the server when the cause of the failure was an unrecognized command.
  • Updated the .NET components to be more consistent with how they threw exceptions when property values were being set incorrectly, with error information more consistent with the actual cause of the problem rather than just throwing a general exception.
  • Corrected a problem that could prevent the .NET components from initializing correctly under some circumstances with applications that targeted x64 platforms (64-bit Windows) on Windows 10.
  • Standardized many of the constant values embedded in the DLL type libraries used by some programming languages.
  • Corrected a problem in the server component that could prevent the current thread from obtaining the handle to the socket for the client session.
  • Corrected a problem with HTTP components that could prevent a file date from being adjusted for the local timezone if the server was returning the date and time using the UTC timezone.
  • Corrected a problem with the PostFile method in the HTTP component where the method would fail when a URL was used unless the caller had explicitly established a connection with a previous call to the Connect method.
  • Modified the .NET components to return errorProductNotLicensed rather than the more ambiguous errorNotConnected in certain situations where a connection could not be established because the component has not been initialized with a runtime license key or the evaluation license has expired.
  • Changed all .NET components to throw an exception if an invalid license key is specified using the RuntimeLicense attribute.
  • Corrected a problem with the server components that could cause a client session handle to become orphaned when a remote host closed its connection to the server.
  • Corrected a problem with the SocketWrench component that would cause the Accept and Connect methods to ignore security options when passed as a parameter to the method.
  • Changed the Reset and Dispose methods in all networking components to explicitly release the unmanaged memory allocated for a security context used with secure TLS and SSH sessions.
  • Changed the Secure property to consistently throw an exception across all .NET networking components if the program attempts to change the value after a secure connection has been established.
  • Improved the core SSH code to handle high latency conditions and resolved a problem that could cause a general protection fault if the network connection was lost during the middle of a transfer using SFTP.
  • Corrected a problem that could cause the networking components to always attempt to establish a secure connection if the previous connection was secure.
  • Corrected a problem that could prevent the networking components from re-initializing the appropriate security and proxy-related property values after the Reset method has been called.
  • Corrected a problem with the networking components that could prevent the UserName and Password properties from being updated after the Connect method was called with the user credentials passed as arguments.
  • Modified the FTP components to automatically change the current working directory for the session if a connection URL was specified and it designates a path on the remote host.
  • Corrected a problem with the FTP components that could cause the class to ignore the value of the Account property if a secure connection was established. This only affected those servers which require an account name, preventing the client session from authenticating correctly.
  • Corrected a problem that could cause the FtpChangeDirectory function and ChangeDirectory methods in the FtpClient and FileTransfer classes to fail if the server type could not be determined.
  • The FileTransfer, InternetMail and SocketWrench components have all been merged into their respective SocketTools Editions and are available in each of those products, along with the SocketTools Subscription.
  • Updated the technical reference documentation for the current release.