CVE-2022-24573: Element-IT software products news

2022

Tuesday, February 01, 2022

Security vulnerability

Security vulnerability is found in the HTTP Commander application.
Type of vulnerability: Cross-Site Scripting
Affected versions: HTTP Commander 5.0.0-5.3.5 and HTTP Commander 7.0.0
Details: It potentially allows an unauthenticated user to inject arbitrary JavaScript into the logs, which can be executed in the admin panel, when administrator opens ‘Logs’ tab.
How to protect ?
If you are currently on the 5.x (from 5.0.0 to 5.3.5) or 7.0.0 version, do not open Logs tab in the admin panel if you do not see the check mark symbol (✓) after the tab label. This symbol (✓) is added by the patch and informs an administrator about sucessfully applied patch.

Solution: How to fix the issues immidiately without upgrade to a new version?
We have prepaired a simple executable utility to fix the issue. Download it from here, put it into the application folder (default is c:\inetpub\htcomnet ) on the web server and execute. This utiliy performs search and replace of particular string in JS files of the admin panel.
If you do not want to execute exe file, you can edit js files manually or simply perform an upgrade to the most recent version.
Here are the steps to apply fix manually without upgrade:

1. Open HTCOMENT/Scripts/admin/[used-theme-name]/app.js file in a text editor. Where [used-theme-name] is the name of the theme specified in the StyleThemeName setting (‘triton’ by default for 5.x version and ‘main’ for version 7 ).
2. Search for the "{more_info}"
3. and replace it with the "{more_info:htmlEncode}"
4. Save the file.

Fixed versions of the HTTP Commander:

• v7.0.2 : Forms Windows Installer
• v5.3.6 : Forms Windows Installer

2021

Tuesday, November 30, 2021

MS Windows KB5007192 brakes deleagtion

“Folder does not exist” error message is displayed after installition of the KB5007192 (Nov 2021 security update) on the DC when users tryies to access network folder from the HTTP Commander in case if delegation is required for this . Affected auth types: Windows integrated, ADFS, Azure AD.

If HTTP Commander worked fine and suddenly started to fail load network folder, then most probably it is related to the KB5007192.
Here is list patches for different Windows OS versions to fix this issue (Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server):

• Server 2012 R2 - KB5008603
• Server 2016 - KB5008601
• Server 2019 - KB5008602

Thursday, June 17, 2021

HTTP Commander v 7.0.0 release

• (new) Added Authorization Rules settings. They can be used to esiesy allow/deny access for users/groups.
• (new) Added Zip and download on the fly. No more temp files on your server!
  Also Zip/Unzip settings moved to the Zip section on the settings tab.
• (new) Added password history for password policy settings.
• (new) New mobile UI. It is based on the desktop UI, therefore the functionality is almost the same.
• (new) Added new font icons.
• (new) Default set of items on toolbar is changed. No it looks much more user friendly.
• (new) Added setting to set color for font icons.
• (new) JS Image editor library is replaced.
• (new) Add/Remove to/from Favorites now much easier : can be done right from the context menu or with the special icon on the file/folder.
• (new) New User Settings toolbar item.
• (fix) New Dropbox JS SDK used
• (new) Added ZipAESKeySize option for ZIP-archive with password protection
• (new) Single quick search field is used:search is performed by name or by content (if enabled)
• (new) Added server side filtering for the logs in the Admin panel on the logs tab and for the “Watch for modifications” window in the main UI.
  It allows to select only needed data from the logs and export them if required.
• (new) Added new FoldersXmlPath setting to specify path to the XML file with folders list (Folders.xml).
  If value is empty (by default), then path from the ‘DataFolderPath’ setting and default name ‘Folders.xml’ will be used.
• (new) Added view of active sessions in the Admin Panel (“Active sessions” tab).
• (new) Added %DISPLAYNAME%, %SIMPLEUSERNAME% placeholders for folder path.
• (new) Added separate settings for Public Links Password Policy.
• (new) Skipped logout event logging for anonymous users
• (new) Added setting to disable “Zip and Download” completely for all folders
• (new) Renamed DefaultDomainName setting to the ExternalAppUrl
• (new) Added new parameter MSOFBACookieExpirationDays to configure the authorization lifetime when editing in MS Office when using the MSOFBA Protocol
• (fix) Fixed thumbnails generation for PDF files in thumbnails view mode.
• (fix) Checked and updated the list of video playback files (mp4, mov, ogg, webm, 3gp, mkv, ogv, avi)
• (fix) Removed default Client ID/Secret for Box. Now you need to configure your Box app yourself.
• (new) Updated third party libraries

Check full changelog.

Thursday, May 13, 2021

HTTP Commander v 5.3.5 release

• (fix) Fixed several medium and low risk security vulnerabilities including reported by the SySS GmbH (syss.de).

Check full changelog.

Friday, April 30, 2021

HTTP Commander v7.0. is coming soon!

The next major version release is coming soon. It will have version number 7.0. We decided to skip version number 6 to avoid mess with an old branch of the HTTP Commander that was ended in 2010 exactly with the version number 6.

Friday, April 30, 2021

HTTP Commander v 5.3.4 release

• (fix) Fixed work of Dropbox integration. Replaced JS SDK Url.
  To fix the issue without update, you will need to edit app.js file in a text editor. Here are the steps:
  1. Open HTCOMENT/Scripts/main/[used-theme-name]/app.js file in a text editor. Where [used-theme-name] is the name of the theme specified at the StyleThemeName setting (triton by default for 5.x version).
  2. Search for the "https://unpkg.com/dropbox/dist/Dropbox-sdk.min.js"
  3. and replace it with the "https://unpkg.com/[email protected]/dist/Dropbox-sdk.min.js"
  4. Save the file.
• (fix) AdminPanelGroupsFilter setting now applies also when Azure AD integration is used.
• (new) Optimized work with Azure AD groups/users in the Admin panel.
• (new) Added new placeholders for folder path : DISPLAYNAME, SIMPLEUSERNAME
  USERNAME placeholder will be always resolved to the username.
  DISPLAYNAME will be resolved to the display name if possible and fallback to the username.
  SIMPLEUSERNAME - will be resolved to the username without domain name prefix\postfix.

Check full changelog.

2020

Thursday, November 19, 2020

HTTP Commander v 5.3.3 release

• (fix) Fixed search when used combined mode “Standard search after Windows Search Services”
• (fix) Fixed upload (chunked) of files with size > 4MB to Office 365
• (fix) Fixed max upload size for OneDrive (added new options OneDriveUploadMaxSizeKb and OneDriveUploadChunkSizeKb)
• (fix) Fixed retrieve of users Home Folder from AD when “Forms auth with Windows users” authentication mode is used.
• (fix) Fixed possible overwrite of documents when they are edited in the Office 365.

Check full changelog.

Friday, September 18, 2020

HTTP Commander v 5.3.0 release

• (fix) Fixed an issue with the authentication popup dialog dislayed on the piblic link page when Windows authentication is used. (the problem appeared in the 5.2.5 version).
• (new) New setting: DisableSenderEmailField. If it set to true and current user has a correct email in the profile, then sender email fieldbox in the “Send email” window will be disabled (preventing user to change sender email).
• (new) The address book window now displays more user-friendly usernames instead of distinguished usernames.
• (fix) Improved compliance with the WCAG 2.1 standard.
• (fix) Now different scopes are used for “Edit in Google Docs” and “Upload/Download to/from Google docs” operations. In the first case, fewer permissions will be required, and there will be no warnings that the web application has not been verified by Google.
• (fix) Fixed OneDrive integration in the mobile UI : corrected url to the sdk js library.
• (fix) Fixed thumbnails view layout in the mobile ui.
• (new) Updated third party libraries
• (fix) Additional check of the LdapContainer setting vallue to replace backslashes (\) with slashes (/) .
• (fix) Keep correct “impersonation” settings during automatic upgrade.

Check full changelog.

2022

Wednesday, March 02, 2022

HTTP Commander v 5.2.5 release

• (fix) Fixed issue with reuse of forms auth cookies after logout.
• (fix) Now restored web.config settings for the PublicLinkUrlPathName location during upgrade
• (fix) Fixed change password from Default.aspx when “Forms auth with Windows users” auth mode is used
• (new) Removed output of sensitive information from AnonymousDownload.ashx when it loaded without any parameters
• (new) Updated third party libraries

Check full changelog.

2020

Friday, April 17, 2020

HTTP Commander v 5.2.3 release

• (fix) Fixed work with Autodesk Viewer. Now you need to get your Client ID and Secret to work
• (fix) Windows auth version: fixed thumbnails generation for video files and antivirus scanning.
• (new) Updated third party libraries
• (new) Added setting FixResolveRealm or Acive Directory integration. By default it set to false. Set it to true if you have issues with getting Home drive from AD profile, or when you have Domain Forest.

Check full changelog.

Monday, March 23, 2020

HTTP Commander v 5.2.2 release

• (new) Zip content window. Now you can open for preview files directly from the zip archive without having to unzip the file first.
• (new) Forms auth with Windows users. Correct behavior when authorization settings are used in the web.config file to restrict access to the application.
• (fix) Fixed issue with password protected public links. Password was not accepted, therefore users could not get access to the publicy shared files/folder. Issue is introduced by the 5.2.1 version.
  To fix the issue without update, you will need to edit web.config file in a text editor. Here are the steps:
  1. Open HTCOMENT/web.config file in a text editor.
  2. Search for the <appSettings> tag
  3. Put into this tag the following code:
     <add key="owin:AutomaticAppStartup" value="false"/>
  4. Save the file.
• (fix) Azure AD auth. If UPN claim is missed, administrator rights assignment does not work as expected.
• (fix) Fixed load of Users tab for first time, when this tab is first in the tabs list (when sub-admin open admin panel).
• (fix) Fixed getting groups membership from Claims when Azure AD auth is used. Names of groups are loaded from Azure AD with additional request.
• (fix) Fixed slow render of User groups membership window in admin panel when there are a lot of groups. The same for groups window.
• (fix) Fixed issue with getting more than 100 groups/users from Azure AD.
• (fix) Fixed Auth0 integration for newly created Auth0 accounts. Updated Auth0 integration instructions.

Check full changelog.

Wednesday, February 26, 2020

HTTP Commander v 5.2.1 release

• (new) Added Azure AD Authentication support.
• (new) Added JavaScript based image editor.
• (new) Added ability to export logs to XLSX file. Feature available for logs tab in admin panel and for “Watch for modifications” grid in main UI.
• (new) Added setting to limit maximum file size allowed for download.
• (new) Added Password Policy/Complexity settings for Forms auth version.
• (new) Changed the password change scheme, added PasswordChanged log event.
• (new) Added setting RetainLastModificationDate with default TRUE value. File last modification date will be restored on server side after upload or webDAV PropPatch request (if possible).
• (new) Added AdminPanelGroupsFilter setting to filter groups in AdminPanel. Allow to load users only from specified groups.
• (new) Added feature to force refresh of users/groups in admin panel (load them from Domain and not from cache) by click on the “refresh” button.
• (new) Optimized load seed for the full list of users and groups in the admin panel. It allow to speed up to 15 times.
• (new) Add support of “User must change password on the next logon” feature to AD version. If user able to login into application, password change window will be displayed right after logon.
• (new) Now upload window is closed (cloud and from computer) after successful upload.
• (new) File size is logged for more log events.
• (update) Updated third party libraries: SQLite to 1.0.112, BoxV2 API to 3.21.0, ACE Code Editor to 1.4.7, LightGallery to 1.6.12, Auth0 LockJs to 11.18.1, Microsoft.Graph to 1.20.0, Google APIs to 1.43.0
• (fix) Fixed timeout for DropBox and Box clouds for large files.
• (fix) Implemented chunked download from One Drive. Avoided timeout for large files.
• (fix) Dropped support Abode Crative Cloud Image Editor
• (fix) Fixed view in Autodesk
• (fix) Excluded from viewing (for download) OneNote files for OneDrive / Office 365
• (fix) Fixed paging on Anonymous links tab in admin panel.
• (fix) Fixed small issue with get properties (for Details Pane) and thumbnails for files when enabled long path support

Check full changelog.

2019

Wednesday, November 20, 2019

JavaPowUpload certificate update

Signature of jar files signed with old code sign certificate(valid up to 20 Nov 2019), became invalid because of revoked (expired) timestamp certificate. For those who still uses JavaPowUpload in production, we signed JAR files of JavaPowUpload java applet with fresh code sign certificate and timestamp server certificate is valid for next 10 years. We hope that this is final signature of JavaPowUpload and you would need to update it anymore.

Friday, September 20, 2019

HTTP Commander v 5.0.5 release

• (fix) Fixed issue with automatic conversion of Links.xml (public links) into SQLite database during upgrade from 3.x to 5.x version.
• (update) Updated (documentaiton) instuctions of integration with OneDrive/Office365 .

Check full changelog.

Thursday, September 05, 2019

HTTP Commander v 5.0.4 release

• (fix) Fixed broken integration with OneDrive, Office 365. Updated url to Javascript SDK for OneDrive/Office365 (added new parameter MsGraphJsSdkUrl in Office section)
  To fix the issue without update, you will need to edit app.js file in a text editor. Here are the steps:
  1. Open HTCOMENT/Scripts/main/[used-theme-name]/app.js file in a text editor. Where [used-theme-name] is the name of the theme specified at the StyleThemeName setting (triton by default for 5.x version).
  2. Search for the "https://unpkg.com/@microsoft/microsoft-graph-client/lib/graph-js-sdk-web.js"
  3. and replace it with the "https://unpkg.com/@microsoft/[email protected]/lib/graph-js-sdk-web.js"
  4. Save the file.
• (fix) Fixed issue with automatic conversion of Links.xml (public links) into SQLite database during upgrade from 3.x to 5.x version.

Check full changelog.

Monday, February 25, 2019

HTTP Commander v 5.0.3 release

• (new) Added the ability to specify a friendly URL path for public links (parameter PublicLinkUrlPathName) Now you will see more user friendly link. Like http://domain.com/path/public/?id=67389 instead of /Handlers/AnonymousDownload.ashx
• (new) Updated third party libraries: ExtJs to 6.7.0, Auth0 API to 5.11.0, BoxV2 API to 3.12.0, Microsoft Graph APIs to 1.13.0, Google APIs to 1.38.0, Newtonsoft.Json to 12.0.1, ACE Code Editor to 1.4.2, Auth0 LockJs to 11.12.1, Dropbox API to 4.9.3, Autodesk to 1.5.1
• (fix) Fixed getting user display name for UI, Description
• (fix) Fixed detection of user groups membership in the Windows version
• (fix) Fixed checks for DomainName parameter
• (fix) Fixed ignored relative folder path on chunked upload
• (fix) Fixed path value for AntivirusScannerPath property
• (fix) Fixed editing images in Pixlr and Adobe Creative Cloud (Aviary)
• (fix) Fixed column filtes for Logs tab in Admin Panel
• (fix) Fixed non-clickable leaf checkboxes in cloud storages upload/download windows

Check full changelog.

2018

Tuesday, November 20, 2018

HTTP Commander v 5.0.2 release

• (new) Added the ability to show the ‘Alerts’ tab in the Details Panel at the right side (hidden setting ‘HowToDisplayAlertsTabOnDetailsPane’ in the UI section)
• (new) Replaced ‘Unknown file type’ to ‘<EXTENSION_UPPER_CASE> File’ for ‘Type’ column in file list
• (new) Added protection against the file corruption when saving Accounts, Folders, etc…
• (new) Added possibility to display the root folder description on the Details Pane at the right side
• (new) Added new parameter ‘ViewFolderDescriptionInTree’ to configure the place of the description of the folder in the tree (Above/Below the folder name or only in the tooltip)
• (new) Updated FileTypes.xml: added 3gp, 3g2 file types
• (new) Updated third party libraries: Dropbox API to 4.9.2, Google APIs to 1.36.1, Microsoft.Graph API library for OneDrive to 1.12.0, BouncyCastle.Crypto to 1.8.4 (see Manual/Update.html)
• (fix) Fixed display ‘combox’ field for the list of folders in the folder properties window (in Admin Panel) if the AllowedFoldersPaths and ListAllowedFoldersPaths parameters are configured
• (fix) Fixed deletion of files from the Cloud Disk after editing them (OneDrive, Office365, Google Drive)
• (fix) Fixed behavior when EnableOffice365Editor=true and EnableMsOfficeOnlineEditor=false
• (fix) Fixed impersonation when flow across asynchronous points for cloud handlers (OneDrive, Dropbox, Box)
• (fix) Fixed empty subfolders in mapped WebDAV root folder if enabled AnonymousEditingOffice
• (fix) Fixed getting the list of folders for a drive letter if the AllowedFoldersPaths is specified and long path support is enabled (EnableSupportLongPaths=true)
• (fix) Fixed Google TFA login in Mobile Applications
• (fix) Fixed display field with quick search by content if disabled search by content
• (fix) Fixed remove users/groups from tables in Admin Permissions tab

Check full changelog.

Monday, November 12, 2018

Web site design/layout update

We updated the design of our website. Now it has a responsive layout and looks good on mobile devices and on desktop computers as well.

Friday, October 12, 2018

HTTP Commander v 5.0.1 release

• (new) Added opening of ZIP archives by double-clicking (‘Zip Content’)
• (new) Added X-Forwarded-For header check for IP address detection (for login events)
• (new) Added validation for parameters with HTML markup (LogoHeaderHtml, WelcomeWindowMessage, etc…)
• (new) Added hidden parameter EnableDragNDrop (in UI section) to enable (by default) or disable drag’n’drop support of copy/move operations (etc.) between folders in the list/tree
• (new) Updated third party libraries: SQLite to 1.0.109.2, Google APIs to 1.35.2, Poppler to 0.68 (for PDF thumbnails), Autodesk.Forge to 1.4.0, RestSharp to 106.4.2 (see Manual/Update.html)
• (fix) Fixed view thumbnails for EPUB files
• (fix) Fixed save advanced properties in Details Pane
• (fix) Fixed create/navigate shortcuts (.lnk) if enabled long path support
• (fix) Fixed view comments, labels on public file/folder page. Fixed view dates for comments, labels, details in main UI
• (fix) Fixed crash on start a second ASP.NET application on the same pool if enabled long path support (EnableSupportLongPaths parameter in Main section).
• (fix) Fixed view Flash Movies (.swf files) in Chrome and Safari browsers
• (fix) Fixed view legend in Public link window (and other) for Safari 11+
• (fix) Added support drag’n’drop upload folders for Safari 11.1+
• (fix) Fixed visiblility of the ‘Folders’ button on the toolbar if the Tree with folders is disabled (TreeView=Disabled)

Check full changelog.

Friday, October 12, 2018

HTTP Commander v 4.6.6 release

• (fix) Fixed automatic upgrade to the new version (5+)
• (fix) Fix Javascript error on first open Details window
• (fix) Fixed Shibboleth Module for v3
• Updated Dropbox API library to 4.9.0, SQLite SDK to 1.0.109.2, LightGallery to 1.6.11, ACE Code Editor to 1.4.1, Poppler to 0.68 (for PDF thumbnails)

Check full changelog.

Friday, September 21, 2018

HTTP Commander v 5.0.0 release

• We moved from outdated ExtJS 3.x framework to latest ExtJS 6.x with better support of modern browsers and their features.
• Client side UI re-written from scratch. We kept main UI concepts untouched, so users would not need to get used to new UI.
  At the same time we improved and optimized a lot of features and UI parts:
  1. We simplified Upload window. Now user should not choose between different types of uploaders, HTTP Commander will automatically use best upload method available for current browser. Flash, Java and Silverlight uploaders are removed as outdated and unsupported by most of the browsers.
  2. File properties window now contain tabs with all related data to file/folder : Comments, History, Public Links, etc
  3. Public link window have UI with tabs.
  4. New themes
  5. And more
• Migrated to .NET Framework 4.7.2, dropped support Windows 2003, 2008 (not R2), Vista, IE 10 and below.
  Now system requirements are: Server 2008 R2 SP1 and later, IIS7.5 and later, .NET Framework 4.7.2 or above.
• (new) Added experimental support for long paths (see advanced parameter EnableSupportLongPaths in Main section)
• Google URL shortening service is retired. Now we use Firebase Dynamic Links.
• (fix) Dropped support Version Control feature (check-in, check-out)
• (new) Migrated to new Microsoft.Graph API (for upload/download/edit in OneDrive and Office 365 (OneDrive for Business))
• (new) Migrated to Google Drive API v3 (for upload/download/edit in Google Drive)
• (new) Updated third party libraries: SQLite SDK to 1.0.109.1, Dropbox.Api to 4.9.0, Box.V2 to 3.9.3, Auth0 APIs to 5.10.0, Trinet.Core.IO.Ntfs to 4.1.1, WindowsAPICodePack to 1.1.3.3, Autodesk Forge to 1.3.0, ACE Code Editor to 1.4.1 and LightGallery to 1.6.11
• (new) Added Google Authenticator as Two Factor auth provider.
• (new) Added LoginAttempt event for logging (see Main/LogEvents parameter)
• (new) On send emails added real sender for “Reply”
• (fix) Fixed keep Auth0 groups when pool recycled
• (fix) Fixed Shibboleth Module for v3
• (new) Migrated Google Analytics ga script to analytics script (parameters GoogleAnalyticsWebPropertyID and GoogleAnalyticsLoginUsersDimensionIndex)
• (fix) Fixed auto-upgrade to feature versions

Friday, May 11, 2018

HTTP Commander v 4.6.5 release

• Fixed security issue of the WebDAV library.
  To apply fix without upgrade perform following steps:
  1. Download zip archive with fixed library for appropriate build of HTTP Commander: for versions 3.0-4.5.3, for versions 4.5.3-4.6.3
  2. Open IIS management console, navigate to application pools section and stop the application pool of the HTTP Commander applicaiton.
  3. Make backup copy of the /bin folder of the HTTP Commander.
  4. Copy dll files from the downloaded zip archive into /bin folder of HTTP Commander.
  5. Start application pool.
• (fix) Migrated from Google URL Shortener to Google Firebase Dynamic Links for create short links for public links.
• (fix) Fixed saving the document after editing in Microsoft Office 365.
• (fix) Fixed issue with resolve of DNS/NetBios domain and user/group names. This issue caused in soem cases problems with getting info (user home folder, groups) from AD.
• (fix) Fixed availability of context menu items when DoubleClickAction=’Select’.
• (fix) Improved performance.
• (fix) Fixed refresh file list after close LightGallery.
• (fix) The menu items for creating new documents in cloud services are hidden if the folder does not have the download permissions.
• (fix) Fixed issues with auto-upgrade to feature versions (5+).
  Version 4.6.5 or later should used to perform automatic upgrade to version 5.0 from admin panel.
• (new) The use of the template %USERNAME_SUBSTRN_L% (and %GROUPNAME_SUBSTRN_L%) is extended to use the substring to the end of the name.
• (fix) Ready to use the .NET Framework 4.5 and above (httpRuntime/targetFramework in Web.config file).
• (new) Updated third party libraries: Dropbox.Api to 4.8.0, Newtonsoft.Json to 11.0.2, SQLite to 1.0.108, Trinet.Core.IO.Ntfs to 4.1.1, ACE Code Editor to 1.3.3 and LightGallery to 1.6.10.

Check all changes in the changelog.

Thursday, February 08, 2018

HTTP Commander v 4.6.3 release

Fixed issue with not working DropBox integration. To fix this issue without upgrade perform following steps:

• Open /scripts/main.js and /Scripts/mobile/st2/app.js file in a text editor.
• Search for new Dropbox(
• Replace it with new Dropbox.Dropbox(
• Save both files.

Other changes:

• (fix) Fixed display of the user name in the log list for the ‘Login’ event
• (fix) Fixed issue with not working option “Nothing” for DoubleClickAction setting
• (fix) Fixed issue with “download all” button in Downlopad Window in IE when folder selected for download.
• (new) For Standard Seach by metadata (details), a search is also added for the fields specified in DetailsFields
• (fix) Fixed issue with data.db SQLite with UNC path (if DataFolderPath is of the form \\network\share)
• (update) Updated code sign certificate, Java applets signed with new code sign certificate.
• Other minor changes

Check all changes in the changelog.

2017

Monday, November 20, 2017

JavaPowUpload certificate updated

JavaPowUpload *.jar files are signed with new code sign certificate. Timestamping was used to sign *.jar files. With timestamp applet should be valid (launched by JRE) even after code sign certificate is expired.

Download .

Tuesday, November 14, 2017

HTTP Commander v 4.6.2 release

• (fix) Fixed issue (“LiveConnect session not created” error message) with OneDrive integration (Live SDK API) for newly registered users in Microsoft Dev Console. Appropriate section of the docummentation (Manual/CloudsStorages.html#onedrive) is updated
• (fix) Fixed public link expire date increased on each save
• (fix) Fixed incorrect date format in public link email template and public link page
• (new) Added new actions for double click: show public link window or show window and automatically create new public link

Check all changes in the changelog.

Tuesday, October 10, 2017

Android 8 (Oreo) HTTP Commander fix

Starting from Android 8 (Oreo), User-Agent string of Chrome browser was changed.
This change breaks the mobile UI of HTTP Commander.
We did fixed this issue in the latest release (4.6.1) of HTTP Commander (10.10.2017). You can download it from the downloads page.

Below are the steps to fix the problem in earlier versions of HTTP Commander:

1. Navigate to the HTCOMENT/Scripts/mobile/st2/ folder

2. Make a backup copy of app.js file.

3. Open app.js file in a text editor

4. Search for

  **if(p.match(/OPR/))**  

5. and replace with

   if(k!=="ChromeMobile"&&p.match(/OPR/))

6. Save app.js file, clear browser cache and test on mobile device.

Tuesday, October 10, 2017

HTTP Commander v 4.6.1 release

Integration with Auth0 service.
Integration with OnlyOffice (edit office documents).
Preview of thumbnails for video, office, pdf, exe and epub files.
New image viewer.
View Djvu and Epub files in browser.
Ability for users to select default action for double click on each file type.
Check all changes in the changelog.

Monday, May 01, 2017

HTTP Commander v 4.5.2 release

Fixed issue with upload from cloud storages (Box, Dropbox, Google Drive, OneDrive, Office365) to the HTTP Commander folder (only when it was added to the HTTP Commander as a network folder).

Friday, April 21, 2017

JavaPowUpload Java 8 u131 security fix

- JavaPowUpload *.jar files are re-signed with stronger sign algorithm to make JPU compatible with Java 8u131. Download fixed build.

JDK 1.8 u131 release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned.

Therefore all JavaPowUpload releases signed before April 2017 would not work anymore with Java release 8u131 and later.

http://www.oracle.com/technetwork/java/javase/8u131-relnotes-3565278.html

Thursday, March 23, 2017

HTTP Commander v 4.5.1 release

Added the ability to upload files over 2GB on the Drag’N’Drop uploader tab Added support for uploading folders in Firefox 45+ on the ‘Standrad’ tab. Bug fixes. Check all changes in changelog.

Friday, March 10, 2017

HTTP Commander v 4.5.0 release

Details pane, Trash, Recents, Watch for modifications, Indexed search and full-text search, logs in SQLite database, two factor authentication and many other new features! Check them all in changelog.

2016

Tuesday, September 13, 2016

HTTP Commander v 4.0.8 release

Added possibility to upload folders structure (include empty folders) in ‘Drag and Drop’ upload tab for Chomium based browsers. Added recover user name via email in Forms version. Check all changes in changelog.

Tuesday, June 28, 2016

HTTP Commander v 4.0 release

Added new themes with more modern look and feel. Edit office documents in online services: Google Drive / MS Office Online / MS Office365. Support of MSOFBA(Office Form Based Authentication) protocol. Labels and comments for files/folders and many other new features! Check them all in changelog.

Monday, January 04, 2016

HTTP Commander v 3.2.0 Java applets certificate update

Java applets used in HTTP Commander for file upload/download and to launch MS Office/OpenOffice now has new 256bit code sign certificate up to December 2017. Updated files stored in Uploaders\ folder.

2015

Wednesday, December 30, 2015

JavaPowUpload signed with new certificate up to December 2017

JavaPowUpload now has new 256bit code sign certificate up to December 2017

Saturday, August 01, 2015

HTTP Commander v 3.2.0 release

HTTP Commander 3.2.0 minor update.
See changelog

2014

Monday, December 08, 2014

HTTP Commander v 3.1.16 release

HTTP Commander 3.1.16 minor update.
See changelog

Monday, October 06, 2014

HTTP Commander v 3.1.15 release

HTTP Commander 3.1.15 minor update.
See changelog

Tuesday, July 29, 2014

HTTP Commander v 3.1.8 release

HTTP Commander 3.1.8 minor update.
See changelog

Tuesday, June 17, 2014

Note! HTTP Commander v1.7 - 2.x ADBlock BUG FIX

Note! HTTP Commander versions 1.7 … 2.0.11 won’t work in Chrome browser with ADBlock extention installed (popular ad blocker).
It is easy to fix issue with AdBlock extension:
1. You should rename /Scripts/ext-adv.js file to different name . For example to /Scripts/ext-mod.js
2. Open file “Default.aspx” in NotePad or any text editor and replace “<script type="text/javascript” src="Scripts/ext-adv.js">" with the “<script type="text/javascript” src="Scripts/ext-mod.js">" . Then save file.
3. Do the same at the “AdminPanel.aspx” if your admins also using ADBlock extention.
HTTP Commander starting version 3.x has this problem fixed.

Tuesday, April 22, 2014

MultiPowUpload 3.4.5 minor release

MultiPowUpload v 3.4.5 released.
See list of all features and changes in change log

2013

Thursday, December 05, 2013

HTTP Commander v 2.0.10 release

HTTP Commander 2.0.10 minor update.
See changelog

Monday, July 15, 2013

Ultimate Uploader v 1.6.3 minor release

Ultimate Uploader v 1.6.3 minor release.
See list of all features and changes in change log

Thursday, July 11, 2013

MultiPowUpload 3.4.3 minor release

MultiPowUpload v 3.4.3 released.
See list of all features and changes in change log

Tuesday, July 02, 2013

HTTP Commander v 2.0.5 release

HTTP Commander 2.0.5 minor update.
See changelog

Friday, June 14, 2013

HTTP Commander v 2.0.4 release

HTTP Commander 2.0.4 minor update.
See changelog

Monday, May 06, 2013

MultiPowUpload 3.4.2 minor release

MultiPowUpload v 3.4.2 released.
See list of all features and changes in change log

Monday, May 06, 2013

Ultimate Uploader v 1.6.2 minor release

Ultimate Uploader v 1.6.2 minor release.
See list of all features and changes in change log

Friday, April 19, 2013

JavaPowUpload 2.2.2 minor release

JavaPowUpload 2.2.2 minor update. Latest Java security update support.
See all changes at changelog file.

Friday, January 18, 2013

HTTP Commander v 2.0.3 release

HTTP Commander 2.0.3 minor update.
See changelog

Monday, February 25, 2013

JavaPowUpload 2.2.1 minor release

JavaPowUpload 2.2.1 minor update.
See changelog file.

2012

Friday, December 14, 2012

HTTP Commander v 2.0.1 release

HTTP Commander 2.0.1 new MAJOR version release.
See changelog

Wednesday, June 20, 2012

JavaPowUpload 2.1.1 minor release

JavaPowUpload 2.1 minor update.
See changelog file.

Wednesday, June 20, 2012

MultiPowUpload 3.4 minor release

MultiPowUpload v 3.4 released.
See list of all features and changes in change log

Wednesday, June 20, 2012

Ultimate Uploader v 1.6.1 minor release

Ultimate Uploader v 1.6.1 minor release.
See list of all features and changes in change log

Thursday, April 12, 2012

HTTP Commander 1.7 now supports integration with SharePoint and OWA

Web file manager HTTP Commander now can be integrated with SharePoint and OWA (Outlook web access). Examples of integration added to Manual. Also examples of SSO (Single sign-on) and Forms authentication for Active Directory users added to FAQ. Note! Application was not modifed.

Wednesday, March 21, 2012

HTTP Commander v 1.7 release

HTTP Commander 1.7 minor release.
See changelog

Wednesday, February 01, 2012

Ultimate Uploader v 1.6 minor release

Ultimate Uploader v 1.6 minor release.
See list of all features and changes in change log

Wednesday, February 01, 2012

MultiPowUpload 3.3.3 minor release

MultiPowUpload v 3.3.3 released.
See list of all features and changes in change log

Wednesday, February 01, 2012

ActiveXPowUpload 1.2 new digital code signature

Strongly recommended for upgrade: Digital code signature renewed up to 2014

Wednesday, February 01, 2012

JavaPowUpload 2.1 minor release (New digital code signature)

JavaPowUpload 2.1 minor update.
Strongly recommended for upgrade! New digital code signature (up to 2014 year) See changelog.html file.

2011

Monday, November 21, 2011

Web site update

New web site design.

Tuesday, October 11, 2011

HTTP Commander v 1.6.2 release

HTTP Commander 1.6.2 minor release.
Some of most important changes:

• Integration with SkyDrive (Microsoft Live) - allows users to uplod/download documents and then edit via Microsoft Web Apps (Online Office). Desktop MS Office also allows to upload/download/edit documents at the SkyDrive accounts.
• Multiple images preview with slideshow
• Multiple download to DropBox

Bug fixes:

• Fixed: Corruption of files if online editing used (Application added some wrong symbols to the end of file if modified file is less then original. MS Office can restore such files. After editing the document in version 1.6.2 file will be corrected also.)
• Fixed: If admin adds few groups with default permissions once then only one group is added.
• Google Doc viewer now supports DOCX format.

Monday, September 12, 2011

Ultimate Uploader v 1.5 minor release

Ultimate Uploader v 1.5 minor release.
- A lot of new methods and event handlers for JavaScript API.
- Increased speed of upload process.
- Fixed issue with not inited default values for ShowBackgroundImage and BackgroundImageUrl properties.
See changes at history.txt file .

Tuesday, August 30, 2011

HTTP Commander v 1.6.1 release

HTTP Commander 1.6.1 minor release.
Some of most important changes:

• Integration for Novell EDirectory
• Public links to files and folders (Users can share own files/folders without authentication needed)
• Bulk mail sending. Now users can send email to whole groups.

See list of all features in change log

Friday, July 08, 2011

HTTP Commander v 1.6 release

HTTP Commander minor release.
Some of most important changes:

• Web interface to set applications settings
• Files version control
• View office files in Mobile version via Google Docs and Zoho

See list of all features in change log

Thursday, July 14, 2011

MultiPowUpload 3.3 minor release

MultiPowUpload v 3.3 released. Main changes:
Now includes universal uploader:

• HTML 5 drag-n-drop upload
• Flash uploader
• Silverlight uploader
• Classic uploader (Form based)

See list of all features and changes in change log

Tuesday, April 19, 2011

HTTP Commander v 1.5.1 minor release

HTTP Commander minor release with many new features. Free update for existing v.AJS 1.x customers.
Some of most important changes:

• Works in latest IE 9, FireFox 4 and Chrome 10 browsers.
• Mobile version (for Smartphones and touchpads)
• WebDav access (folder mapping to local OS)
• Integration with MS Office, OpenOffice.org
• Integration with Google Docs, Zoho docs, Dropbox.com
• Email notifications, send email features
• Logs, thumbnails view feature

See list of all features in change log

Friday, April 15, 2011

Special offer for File Uploaders. 3 products for price of one.

Special offer in April-May 2011. With purchasing Enterprise license of any File Upload control: MultiPowUpload, JavaPowUpload or Ultimate Uploader you also got licenses for 2 other products (Enterprise licenses without source code).

Friday, April 15, 2011

Ultimate Uploader v 1.4.4 minor release

Ultimate Uploader v 1.4.4 minor release. Known bugs fixed. See changes at history.txt file .

Friday, April 15, 2011

MultiPowUpload 3.2 minor release

MultiPowUpload v 3.2 released. Main changes:

• Added support of BMP image format. Now MultiPowUpload can read images encoded in BMP format and also it can generate thumbnails encoded in BMP format. Set the value of the thumbnail.format paramneter to “BMP” to generate thumbnails in BMP format
• Increased speed of thumnails generation process (in preview).
• Added ability set custom icons (in thumbnails view) to different file types
• Added feature of automatic scroll to the item which is currently processed (thumbnail generation, thumbnail upload or upload process started).
• Some bugs fixed

See all changes in changelog

Friday, April 15, 2011

JavaPowUpload 2.0.6 minor update

JavaPowUpload 2.0.6 minor update.
Some issues fixed. Tested in latest IE 9, FireFox 4, Chrome 10
See changelog.html file.

Monday, January 24, 2011

OfficeOpen control for and online editing in Microsoft Office and OpenOffice.org (WEBDAV) released

OfficeOpen v 1.0 released. OfficeOpen control is a multipurpose web based control that automatically opens and gives the possibility to edit documents on-line in desktop applications Microsoft office and free OpenOffice.org. OfficeOpen control supports built-in function of Microsoft office and OpenOffice.org to edit and create documents online (WEBDAV).

2010

Friday, December 17, 2010

Ultimate Uploader v 1.4.3 with drag and drop feature has been released

Ultimate Uploader v 1.4.3 has been released. Most requested feature added: "Files drag and drop".
Now it has license key for registered version. Existing customers can request key via email. Please see changes at history.txt file .

Thursday, December 02, 2010

JavaPowUpload 2.0.5 minor update

JavaPowUpload 2.0.5 minor update.
Main feature added: Automatic detection of user language and loading of corresponding translation file. The distribution package contains 30+ translation files (English, French, German, Spanish, Italian and other).
See changelog.html file.

Tuesday, October 26, 2010

MultiPowUpload 3.1 minor release

MultiPowUpload v 3.1 released. Main changes:

• Multilingual interface now includes 30+ languages
• Fixed for correct work at latest browsers: Internet Explorer 9 beta, Firefox 4 beta, Android 2.2 (Google mobile OS)
• Auto resize and auto layout for UI elements (depending on language selected and labels length)

See all changes in changelog

Monday, August 09, 2010

HTTP Commander Major update

HTTP Commander major update. Full rebuilt. Now application is 100% AJAX and JavaScript. Version called AJS 1.0. See change log

Tuesday, July 06, 2010

MultiPowUpload v 3.0 released

MultiPowUpload v 3.0 released. Main changes:

• Theme and skin support.
• New user interface.
• New thumbnails generation modes.
• Build-in thumbnails preview.
• New upload mode - chunked. This mode provide resumable upload functionality and hasn’t known Adobe Flash cookie bug.
• A lot of new parameters and methods.

Wednesday, June 09, 2010

JavaPowUpload 2.0.3 minor update

JavaPowUpload 2.0.3 minor update.
Main feature added: Chunk upload (Allow resumable and very large file upload)
See changelog.html file.

Thursday, May 27, 2010

Ultimate Uploader v 1.4.2 has been released

Ultimate Uploader v 1.4.2 has been released. Please see changes at history.txt file .

Monday, May 24, 2010

ActiveXPowUpload 1.2 released (now 32 and 64 bit!)

ActiveXPowUpload 1.2 released. See changelog.html file.
Main changes:
1. Now both 32 and 64 bit versions available.
2. Graphic Icons and some minor features added.
3. Some bugs fixed.

Thursday, April 29, 2010

Web file manager HTTP Commander minor update

HTTP Commander minor update. Bug fixed: Error while download of files with some regional specific symbols. See change log

Wednesday, April 21, 2010

ASP.NET file manager HTTP Commander tested at latest IIS and 64-bit OS.

Latest HTTP Commander works success at IIS 7, 7.5 and Windows 2003 and 2008 64-bit. Documentation updated.

Friday, April 09, 2010

JavaPowUpload 2.0 released

After 2 years since we have JavaPowUpload version 2.0 released. Main changes:
1. Latest version 1.2.x changed to 2.0.
2. New serial key format.
Existing customers can upgrade with discount or crossgrade 1.x license at our website
3. Some bugs at 2.0 version was fixed. See changelog.html file.

Friday, March 19, 2010

HTTP Commander minor update

HTTP Commander minor update. 2 bugs fixed. See change log

Friday, March 19, 2010

JavaPowUpload 1.2.1 released

JavaPowUpload 1.2.1 released. See changelog.html file.

Tuesday, March 09, 2010

ASP.NET web file manager HTTP Commander minor update

HTTP Commander minor update. Few bugs fixed, changes at licensing and documentation. See change log

Tuesday, March 09, 2010

Ultimate Uploader v 1.4.1 has been released

Ultimate Uploader v 1.4.1 has been released. Please see changes at history.txt file .

Wednesday, February 24, 2010

HTTP Commander documentation updated

HTTP Commander documentation updated. Also now default web.config is IIS 7 compatible.

Wednesday, February 10, 2010

License types changed for JavaPowUpload file upload applet

We changed license types for JavaPowUpload product and made types depending of domain (like most our competitors offers). Now price is 50% less but license for Upload and Download features is different.

Friday, February 05, 2010

JavaPowUpload 1.2 released

JavaPowUpload 1.2 released. New interface, FTPS support and much more. Signed up to 2012 year. See changelog.html file.

Wednesday, February 03, 2010

PowUpload 1.3 updated. IIS 7 sample and last multiple upload controls added.

Wednesday, February 03, 2010

Element-IT Forum started. Now in testing mode. At nearest month it will be filled by info.

You can use email support as usual. Or try to use our Forum.

Tuesday, January 26, 2010

ActiveXPowUpload and JavaPowUpload controls has new code certificate up to 2012 year

ActiveXPowUpload 1.1 and JavaPowUpload 1.1.1 controls has new Thawte.com code certificate up to 2012 year. Existing customers can download trial version of these products and:
For ActiveXPowUpload replace old ActiveXPowUpload.cab file with new
For JavaPowUpload replace lib/ folder with new.

Wednesday, January 20, 2010

Ultimate Uploader v 1.4 has been released

Ultimate Uploader v 1.4 has been released. Please see changes at history.txt file .

Tuesday, January 19, 2010

RSS feed added

We add rss feed to our web site. Now you have easy access to Element-IT news, product releases and other information from our company.

2009

Friday, October 02, 2009

Ultimate Uploader v 1.3 released

Ultimate Uploader v 1.3 released

Friday, July 17, 2009

Ultimate Uploader v 1.2.2 released

Ultimate Uploader v 1.2.2 released

Friday, July 03, 2009

JavaPowUpload 1.1.1 released

JavaPowUpload 1.1.1 released

Monday, May 18, 2009

Ultimate Uploader v1.0 released

Ultimate Uploader v1.0 released

Friday, May 15, 2009

FTP2Web v 1.0 released

FTP2Web v 1.0 released

Thursday, April 23, 2009

MultiPowupload 2.1 released

MultiPowupload 2.1 released

Thursday, April 16, 2009

JavaPowUpload v 1.1 released

JavaPowUpload v 1.1 released

2008

Monday, December 08, 2008

ActiveXPowUpload 1.1 released

ActiveXPowUpload 1.1 released

Saturday, November 08, 2008

Remote Master 1.0 released

New product of Alexander Miloradov, Remote Master 1.0 released.

Friday, October 24, 2008

MultiPowUpload v 2.0 released

Friday, August 08, 2008

MultiPowUpload v 1.8 released

Wednesday, June 11, 2008

JavaPowUpload 1.0 and ActivexPowUpload 1.0 final release available

We fixed known bugs at beta versions and now it is finished products.

Tuesday, February 12, 2008

Beta versions of JavaPowUpload and ActiveXPowUpload now available

We released new products JavaPowUpload and ActiveXPowUpload.

2007

Tuesday, December 25, 2007

New product MultiPowUplod released

MultiPowUpload v 1.0 released

Tuesday, September 04, 2007

ASPPowUpload 1.0 released

ASPPowUpload 1.0 released.

Thursday, April 26, 2007

FileMetadata .NET control 1.0 released

FileMetadata control released.

Tuesday, April 17, 2007

ImageProperties .NET control 1.0 released

We released v1.0 of ImageProperties product.

2006

Wednesday, June 07, 2006

New product released: PowUpload - asp.net file upload control

PowUpload v.1.0 released.