# Govern file transfers with policy

## `zli v. 6.7.3`

### New

* **Distinguish `bzero` targets by environment.** `zli connect` allows users to differentiate non-unique `bzero` target names by adding its corresponding environment name or environment UUID to the command. Do this by appending a period and the environment name or UUID after the target you wish to connect to. This may look like:

  * `zli connect target-user@target-name.environment-name`
  * `zli connect target-user@target-name.environment-id`
  * `zli connect target-name.environment-id`

  Command logs now include target type, environment UUID, and environment name columns for clarity. Connection event logs also include environment name and UUID

{% hint style="info" %}
**BEST PRACTICES TIP**

As part of this change, we *<mark style="background-color:purple;">strongly</mark>* recommend that target names no longer contain periods. This will reduce the risk of conflict when trying to connect to a target containing periods in the name or a target that is distinguished by environment.
{% endhint %}

## `bzero v. 6.4.2`

### Fixes

* **TCP connections.** Resolved issue with certain TCP connections that caused data truncation and out-of-order writes
* **`Kubectl exec` commands.** Resolved issue where daemon quit following a `kubectl exec` command
* **`Sudo` using `ssm-user` and `bzero-user`.** Resolved issue when using the `bzero` agent as the `bzero-user` and `ssm-user` that required a password when executing a `sudo` command
* **\[Released 25 June] SSH tunneling on `bzero`.** Resolved issue with opening a tunnel using the `bzero` agent

## Web app & backend

### New

* **Use policy to govern file upload/download.** Policy manages if a user can upload/download to a `bzero` target using `scp` and `stfp` protocols from their terminal. This capability allows administrators to remove a users' tunnel and/or shell access to a `bzero` target and maintain their file transfer access. File transfers will continue to appear in the session logs as an SSH event. *<mark style="color:purple;">To take advantage of this new feature, make sure to upgrade to</mark>* *<mark style="color:purple;">`zli v.6.7.3`</mark><mark style="color:purple;">,</mark>* *<mark style="color:purple;">`bzero v.6.4.2`</mark><mark style="color:purple;">, and run a fresh</mark>* *<mark style="color:purple;">`zli generate sshConfig`</mark>* *<mark style="color:purple;">from your terminal</mark>*

### Enhancements

* **Prompt for log in.** Identity providers routinely rotate their keys. When this happens, BastionZero will prompt users for new log in

### Fixes

* **Container autodiscovery script on AL2 machines.** Resolved an issue where running the container autodiscovery script on AL2 machines produced an error when starting the `bzero` agent
* **Connect to a non-unique target.** Resolved an issue where naming conflicts between online and offline targets were not detected and blocked valid connection requests
* **`zli connect` error message.** Resolved typo in the `zli connect` error message that displayed an erroneous `$`
* **Sort on the admin's user management tab.** Resolved issue with sorting columns in the user management tab
* **\[Released 10 June] Connect to `bzero` target using single-user policy.** Resolved an issue where a `zli connect` to a `bzero` target, governed by a single-user policy, resulted in a handshake timeout
* **\[Released 15 June] In response to CVE-2022-1650.** Upgraded `eventsource` dependency proactively based on potential vulnerability outlined in CVE-2022-1650
* **\[Released 17 June] User-specific registration keys.** Resolved an issue where user-specific registration keys were being rejected as API keys when global registration keys were not enabled
* **\[Released 27 June] Trouble accessing cloud.bastionzero.com.** Resolved issue with intermittent 504s on the BastionZero web app