Add xlight 3.9.4.5 configuration files and update bundle release version

[N6REJ]

PR Type

Enhancement, Configuration changes

---

Description

• Added configuration files for Xlight version 3.9.4.5.

• Updated URLs in extras.properties for new release.

• Updated build.properties and releases.properties with new release version.

• Introduced new server and user configuration files for Xlight.

---

Changes walkthrough 📝

Relevant files

Configuration changes

10 files extras.properties Updated URLs to point to the 2025.2.13 release.                    +3/-3      bearsampp.conf Added main configuration file for Xlight 3.9.4.5.                +4/-0      extras.properties Added extras configuration file for Xlight 3.9.4.5.            +3/-0      ftpd.hosts Added virtual server configuration for Xlight 3.9.4.5.      +5/-0      ftpd.option Added server options configuration for Xlight 3.9.4.5.      +4/-0      ftpd.password Added password configuration for Xlight 3.9.4.5.                  +4/-0      ftpd.rules Added placeholder rules file for Xlight 3.9.4.5.                  +1/-0      ftpd.users Added user configuration for Xlight 3.9.4.5.                          +9/-0      build.properties Updated bundle release version to 2025.2.13.                          +1/-1      releases.properties Added release entry for Xlight 3.9.4.5.                                    +1/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns FTP Security Configuration: The configuration enables anonymous FTP access with read permissions to the www directory and remote administration capability on all interfaces (0.0.0.0). While this might be intended for development purposes, it could pose security risks in production environments. Consider restricting anonymous access and limiting remote administration to specific IP addresses.

⚡ Recommended focus areas for review Security Configuration The anonymous FTP user configuration allows access to the www directory with read permissions. Validate if this is the intended configuration for security purposes. <username "anonymous"> AllowNoPassword:yes VirtualPath: "/|e:\Bearsampp-development\sandbox\www\|R--L---S" Network Security Remote admin interface is configured to listen on all network interfaces (0.0.0.0). Consider restricting to specific IP addresses if remote administration is needed. RemoteAdminIPPort:"0.0.0.0:0"

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Restrict remote admin access The remote admin port '0.0.0.0:0' is insecure as it allows connections from any IP address. Consider restricting it to localhost or a specific IP range. bin/xlight3.9.4.5/ftpd.option [2] -RemoteAdminIPPort:"0.0.0.0:0" +RemoteAdminIPPort:"127.0.0.1:2021" Apply this suggestion Suggestion importance[1-10]: 9 __ Why: Using "0.0.0.0:0" for remote admin access poses a significant security risk by allowing connections from any IP address. Restricting to localhost is a critical security improvement.	High
	Limit anonymous FTP access scope The anonymous FTP user has read access to the entire www directory. Consider restricting access to specific subdirectories only. bin/xlight3.9.4.5/ftpd.users [5] -VirtualPath: "/|e:\Bearsampp-development\sandbox\www\|R--L---S" +VirtualPath: "/|e:\Bearsampp-development\sandbox\www\public\|R--L---S" Apply this suggestion Suggestion importance[1-10]: 8 __ Why: Allowing anonymous FTP access to the entire www directory is a security vulnerability. Restricting access to a specific public subdirectory significantly reduces potential security risks.	Medium