2017 Archive

SFTPPlus Release 3.28.0

Wed 29 November 2017 | security release

We are pleased to announce the latest release of SFTPPlus version 3.28.0.

New Features

  • It is now possible to set permission for file management operations for accounts authenticated with the FTP/FTPS service. [ftp][ftps][server-side] [#3399]
  • You can now implement custom event handlers using our Python based API. [#4192]
  • SFTPPlus is now distributed with the CA chains for SharePoint Online and Let's Encrypt. [#4365]
  • The FTPS client-side connections now show the SSL/TLS method used together with the cipher protecting the communication. [client-side][ftps] [#4370]
  • FTPS server-side events emitted when the command connection is closed now contains the cipher used to secure the connection. [ftps][server-side] [#4458]
  • It is now possible to define the permissions of file management operations set by accounts that are authenticated with the SCP and SFTP services. [scp][sftp][server-side] [#4461]
  • It is now possible to define the permissions of file management operations set by accounts that are authenticated with the HTTP/HTTPS services. [http][https][server-side] [#4462]
  • A rename-prepend-unixtime method was added to the file dispatcher event handler. It will allow the event handler to conduct an instant, atomic rename of the source file. [#4466]
  • You can now use additional SSL/TLS configuration options to protect HTTPS URL set for the HTTP authentication method. [server-side] [#4482]
  • HTTPS client connections now support the Server Name Indication (SNI) TLS extension. [#4490]
  • You can now use HTTPS url for the HTTP Post event handler. [#4512]

Defect Fixes

  • The WebDAV location can now be configured with SSL/TLS details in order to set up the parameter for the SSL/TLS connection. [security][client-side][webdavs][https] [#3912]
  • The events emitted by the file dispatcher event handler will now contain the full path to the destination file. In previous versions, the events contained the destination paths. [#4501]
  • An internal server error is no longer raised when the STMP client connects to the server and the server drops the connection. [#4509]

Deprecations and Removals

  • The event with ID 40002 is now associated with a server-side error when obtaining the attributes of a path. In previous versions, it was only used when the path was not found. [server-side][http][https] [#4462]
  • Support was removed for Red Hat Enterprise Linux 6 and Generic Linux on IBM System z s390x mainframe and the Hercules mainframe emulator. If you are still using these platforms, please get in touch with us. [#4503-1]
  • Support was removed for Ubuntu 14.04 LTS on POWER8 (little endian). Ubuntu 14.04 LTS is still supported on Intel X86_64. If you are still using this platform, please get in touch with us. [#4503-2]
  • Support was removed for Red Hat Enterprise Linux 6 on POWER8 (big endian). Red Hat Enterprise Linux 6 is still supported on Intel X86_64. If you are still using this platform, please get in touch with us. [#4503-3]
  • Support was removed for Solaris 10 11/06 U3 on SPARC and X64. Latest Solaris 10 on both SPARC and X64 are still supported. If you are still using these platforms, please get in touch with us. [#4503]

You can check the full release notes.

• • •

Faster GDPR compliance with SFTPPlus MFT

Fri 24 November 2017 | press blog

As of April 2016, the European Parliament and Council adopted a new legislation that will replace, in May 2018, the old personal data protection law for European Union (EU) and European Economic Area (EAA) residents. The new regulation is called The General Data Protection Regulation (GDPR).

The purpose of the new legislation is to protect the personal data of the EU and EAA residents by imposing rules to the organizations which hold or process the data within or outside of Europe. The companies from the United Kingdom are also affected (even after the Brexit). In case of a breach, the sanctions include warnings and can lead to high fines.

The SFTPPlus team offers services to the clients from the EU, EAA and the rest of the world. In this article, we would like to share and clarify how the new legislation can affect the file transfer operations in a company and how SFTPPlus MFT helps our customers comply with the regulations.

Industries

General Data Protection Regulation and File Transfers

To start, the key areas described in the regulation and affecting the data transfer operations inside an organization include:

  • Data portability and how open standards are required to achieve compliance.
  • Data protection, storage and the encryption at rest of the data.
  • Authentication and data access control, and the purpose of audit logging.

Let's review step-by-step the list above and outline how exactly SFTPPlus MFT Client and Server addresses the technical areas of GDPR compliance.

Data Portability

Article 20 GDPR covers data portability concerns and the importance of access to one's own data. File transfer technology should not imply any limitations or requirements on the format of data or the access to services providing such data.

SFTPPlus MFT was designed to address the data portability concerns. Our product uses open and standard file transfer protocols like SFTP, FTPS, and HTTP(S). All the data sent over a connection using these protocols is first encrypted using public and private cryptographic keys. The security layer is taking care of all the communication exchanged between your computer and SFTPPlus.

The open and standard technology respects the GDPR requirements and guarantees long-term support and consistent integration with the existing infrastructure. Using the SFTPPlus MFT web interface one can enable or disable multiple services within the same installation where the end-users benefit from user-friendly web portal for downloading and uploading files directly from their browsers or mobile phones.

Data Protection and Security of Processing

The data protection by design and by default is described in the Article 25 and the security of processing of the personal data is part of the Article 32. The two outline procedures for secure storage and secure access to personal data for processing at a later stage.

By using the SFTPPlus managed file transfer Client and Server organizations can automate the distribution and the synchronization of the data with full encryption support. For a better data protection in the age of cloud services, SFTPPlus can be configured to encrypt the data using local encryption keys before sending it remotely, just as described in the ENISA report (Privacy and Data Protection by Design).

The SFTPPlus MFT pre- and post-processing functionality and the external program execution support are particularly relevant here. These two simplify and make the deployments much easier for complex operations like the decryption of the data before the transfer and the encryption of the data after the transfer. It also works with both, the custom encryption/decryption solutions and the standard GPG tools.

Reporting

General Data Protection Regulation also addresses the audit and reporting concerns. The Article 30 does not refer directly to the transfer of the data, but it focuses on the tracking and the maintenance of persistent data operations activity log. This information can be required by the supervisory authority on request and is a GDPR requirement.

We cover the audit logging and reporting requirements in the SFTPPlus MFT. Our product integrates with the MySQL and SQLite databases to provide custom filtering, export, and integration with external reporting tools. The web-based administration panel offers a simple and user-friendly interface to browse the logs which is essential for the internal research in case of an incident.

The authentication and the data access control are also easier with our product. SFTPPlus provides multiple authentication methods, from virtual users to system accounts and remote account databases like LDAP.

Summary

At first, the General Data Protection Regulation might look intimidating and complex to understand, but with more than 10 years in the secure managed file transfer services, we are ready to help!

Our clients work with personal data on a daily basis and use our products in various industries: government agencies, the financial sector, healthcare and other PHI processing organizations. And while we know we can not change the compliance process, we are confident we can speed up the process for your organization by using our technology.

Try SFTPPlus MFT and reach faster GDPR compliance now!
• • •

SFTPPlus MFT is positioned for securing enterprise data with release of latest software version

Wed 15 November 2017 | press

The security and automation of file transfers has become easier for all enterprises – large and small - to use and integrate with the release of the latest version of SFTPPlus MFT.

SFTPPlus MFT is a software suite for managed file transfer (MFT) with Client and Server that may be licensed and used as standalone modules or together as a MFT solution. SFTPPlus MFT provides functionality to automate file transfers between systems, users inside an organization and with third-parties. The software is designed to work on major operating systems including Windows, Linux and UNIX. SFTPPlus MFT supports the most popular file transfer protocols like FTPSSFTP, HTTPS and WebDAV and provides external authentication support, integration with built-in and external logging solutions and audit functionality. SFTPPlus MFT also integrates with external encryption solutions and offers an API for third-party integrations.

SFTPPlus MFT suite has become the main product of the company which is continuously developed and supported using automated tests, high-quality assurance and documentation. Security, correctness, functionality and performance as well as integration support and no vendor lock-in are key requirements of SFTPPlus MFT.

Tim Adams, Director, said “We have found an increasing demand from customers who do not want vendor lock-in with proprietary protocols and prefer a solution that can be quickly installed to use basic functions and are then delighted to find the extra functions that are typically only available with high cost solutions. Part of our mission has always been to make high end functionality available with a cost-effective and affordable product.”

New features and functionality have been added – in many cases this is driven by customer requests as well as market needs – and includes those required due to changes in FIPS, PCI and other security standards.

A new website has been launched at sftpplus.com which has added new pricing and discount information to ensure new customers can quickly find information they need and access further information through trials and documentation. Discounts are not only available for larger deployments but also for small companies in order to encourage and enable best practice for every enterprise of any size.

Tim Adams, Director, said “We encourage new customers to take a free, supported trial to see the ease with which the software can be installed and used in order to explore the rich functionality and features. Our consultants will be happy to help with best practice and discuss integration, if required. We are always pleased to work with companies of all sizes where needs may be a single Server or Client as well as with large enterprises and government where needs may be for an enterprise wide solution that requires integration with other systems.”

Adi Roiban, CTO, said “We have listened carefully to customers who are keen to use open standards and require a solution that helps ensure security of data while enabling many options for automation and authentication. Our larger customers need a product that can be integrated with existing workflow and other systems and can also be installed on multiple operating systems.”

“Key to our success has been our team of developers and support specialists who ensure that SFTPPlus MFT fits customer needs whether on legacy systems or latest technology and they will assist, if required, with use of features and best practice as well as help with integration.”

“We see increasing demands due to changing requirements to meet FIPS, PCI and other security standards. We work closely with customers to ensure that current and future needs are met in a timely way with functionality that is based on the RFC and specific standards as well as particular integration or other use.”

Our worldwide customer profile includes government agencies and businesses large and small across Europe, USA, Middle East, Asia, Australia and Far East. Pro:Atria also works with integrators and system design teams including IBM, DXC, Fujitsu, Capita and Tata (amongst others). Customers are from all sectors including retail, financial, manufacturing, healthcare, education and transport as well as government agencies and departments. Support is provided by our team of staff who are based across Europe.

For more information on SFTPPlus MFT and how Pro:Atria can help secure and automate file transfers go to - sftpplus.com.

END


Notes to editors

For further information

Issued by Pro:Atria Ltd. For more information please contact Tim Adams on +44 (0)1963 441311 or email tim.adams@proatria.com.

All news releases can be accessed on our web site.

About Pro:Atria Ltd

Pro:Atria was founded in 2001 in the UK and provides commercial on-premise software products and support to it’s worldwide client base. Its flagship product, SFTPPlus MFT, enables enterprise users and IT teams to secure and automate file transfers across a wide range of platforms that includes Windows, Unix and Linux. The original SFTPPlus product was launched in 2005 and has been under continuous development since then.

With customers that include government agencies and businesses - large and small - Pro:Atria also works with integrators and system design teams on a worldwide basis. Support is provided by its team of staff who are based across Europe.

Our mission is to provide a cost-effective and secure software product with a rich feature list for authentication, automation and integration together with the highest quality service, ensuring that enterprises of all sizes can secure and automate their data transfers both internally and externally with third parties. Data is secured using open standards that include the protocols FTPS, SFTP and HTTPS - amongst others.

For more information, visit our web site.

• • •

SFTPPlus Release 3.27.0

Tue 07 November 2017 | security release

We are pleased to announce the latest release of SFTPPlus version 3.27.0.

New Features

  • It is now possible to define the expiration date and time when configuring an account of type application or OS. [server-side] [#1152]
  • An audit event is now emitted when the HTTP connection is made and when it is closed. [client-side][http][https] [#3925]

Defect Fixes

  • When the user is authenticated based on the SSL certificate, the FTPS server now responds with code 230 instead of 232. [ftps][server-side] [#3563]
  • FTPS client connections will now verify the identity of the remote FTPS server when configured to check against a certificate authority. [ftps][client-side][security] [#3566]
  • When a WebDAV location fails to re-authenticate, it will enter the fail state and no other operations are performed. [client-side][http][https] [#4339-1]
  • When a WebDAV client session has its session credentials rejected and multiple WebDAV client requests are made at the same time, only a single re-authentication request is made. [client-side][http][https] [#4339]
  • Use a PID file in $INSTALL_ROOT in the init/unit files too, as used by the bin/admin-commands.sh script by default. This avoids mismatches when the daemon is started with this script and the status is checked with an init script. [#4388]

Deprecations and Removals

  • Support for AIX 5.3 was removed. AIX 7.1 is still supported. If you are still using this platform, please get in touch with us. [#4361-1]
  • Support for Raspbian Linux was removed. If you would like to use SFTPPlus on this platform, please get in touch with us. [#4361]
  • Support for SUSE Enterprise Linux 10 was removed. If you are still using this platform, please get in touch with us. [#4397]

You can check the full release notes.

• • •

SFTPPlus Release 3.26.0

Wed 04 October 2017 | general release

We are pleased to announce the latest release of SFTPPlus version 3.26.0.

New Features

  • It is now possible for the LDAP authentication to accept a direct username. In this way you, can leverage the Active Directory implementation and authentication using the User Principal Name (UPN). [server-side] [#4352]

Defect Fixes

  • An internal server error is no longer emitted for long uploads taking more than 15 minutes to complete over HTTP/HTTPS. [server-side][http][https] [#2533]
  • Stopping the SFTPPlus during a transfer which is pending a reconnection, the stop procedure is no longer delayed until all reconnection retries are exhausted. [client-side] [#2656]
  • The WebDAV location will detect changes into folders, when the letter cases in the configured path does not match the cases on the server. [client-side][http][https] [#3945-1]
  • The WebDAV location can now get members and attributes for paths containing the + (plus) character, as well as detecting changes into folders with such names. [client-side][http][https] [#3945]
  • When the destination of a transfer is changed, the Local Manager will not mark the transfer as requiring a restart. Unless the transfer is restarted, the files are transferred using the destination defined a start time. [client-side] [#4245]
  • The event with ID 10079 was updated to show the reason of the failure. [ftp][ftps][server-side] [#4326]
  • The references to recursive transfers were removed, as recursive transfers are not yet supported. Recursive transfers were never supported, and we have accidentally referenced them in the documentation and the administration UI. [client-side] [#4367]

Deprecations and Removals

  • Support for Windows XP, Windows Vista, and Windows Server 2003 was removed. If you are still using these operating systems, please get in touch with us. [#3415]
  • Events with IDs 30009, 30010 and 30066 were replaced by the generic event with ID 30008. [server-side][sftp] [#4326]

You can check the full release notes.

• • •

SFTPPlus Release 3.25.1

Fri 15 September 2017 | general release

Please take note the latest release of SFTPPlus version 3.25.1.

The release fixed the following defects:

When using the client-shell with a FTP/FTPS location, the path attributes will show the modified time assuming that the server is in the same timezone as the client. [ftp][ftps][client-side] [#3038]

When using OS and application accounts containing @ in their names, the home folder is no longer automatically translating the @ character to the dot (.) character. [server-side] [#4257]

No removals, deprecations or features were added in this release.

You can check the full release notes.

• • •

SFTPPlus Release 3.25.0

Tue 12 September 2017 | general release

We are pleased to announce the latest release of SFTPPlus version 3.25.0.

This release adds the following new supported platform:

Ubuntu Server 16.04 on ARM64 (ARMv8-A/AArch64) [#4321]

The release fixed the following defect:

When downloading files over WebDAV, the file content is now correctly transferred.

In the previous version, small files (below 10kB) might have be transferred without content and larger files (over 10kB) may have the last few bytes missing. [client-side][http][webdav] [#4329]

Please take note of the following removal:

Support for Ubuntu Server 14.04 on ARM64 (ARMv8-A/AArch64) was removed. Please contact us if you still need to deploy on this Ubuntu version. [#4321]

You can check the full release notes.

• • •

SFTPPlus Release 3.24.1

Fri 01 September 2017 | general release

We are announcing the release of SFTPPlus version 3.24.1, which is a defect fix only release. No new functionalities have been added.

The release fixed the following defects:

  • When a failure occurs rotating a Local File Handler event handler, the error is now logged properly and the event handler will stop after a specified number of failures.
  • Timeouts for HTTP and WebDAV requests were increased from 15 to 30 seconds for download requests and from 20 to 120 seconds for file upload requests.
  • An internal server error is no longer generated when uploading large files to a WebDAV server.

You can check the full release notes.

• • •

SFTPPlus Release 3.24.0

Wed 09 August 2017 | general release

We are pleased to announce the latest release of SFTPPlus version 3.24.0.

This release adds the following new functionalities:

  • The Past Activity page, accessible from Local Manager, now has an option to download all events in CSV format.
  • The WebDAV location now supports the get_attributes client shell command. [http][https][webdav][client-side]
  • The Solaris 10 and 11 packages for SPARC are now only available in 32bit in order to keep Python's memory usage low.
  • SUSE Enterprise Linux 11 with Security Module is now a supported platform, providing stronger cryptography than base SLES 11, with support for TLS 1.2 and SHA2.
  • The OpenSSL version distributed in our Windows version was updated to OpenSSL 1.1.0f. [ftps][https]
  • Transient errors generated while watching a location will now emit an event. [client-side]

The release fixed the following defects:

  • You can now run file uploads taking longer than 20 seconds. A timeout is no longer raised after 20 seconds when performing a long upload over HTTP, as long as chunks are transferred with a delay smaller than 20 seconds. [http][https][client-side]
  • A defect was fixed which previously allowed bad configurations for the structured_fields Local File Event Handler configuration option.
  • An internal error is not triggered when a local file event handler with time based rotation has a bad configuration.

Please take note of the following deprecations and removals:

  • The following events where renamed as part of event ID reorganization. Please ensure to check your usage of the following event IDs: Event with ID 32001 was renamed to 30004, 70001 to 30071, 70002 to 30072, 70003 to 30073, 70005 to 30075, 70006 to 30076, 70007 to 30077, 70008 to 30078, 80002 to 10102, 80003 to 10103, 80004 to 10104, 80005 to 10105, 80006 to 10106.
  • Standard support for Red Hat Enterprise Linux 5 was removed. RHEL 5 has reached the end of production phase. Please contact us if you need extended life-cycle support.
  • The Windows renamed installation file is no longer provided as part of the standard download files. Please contact us if you are not able to download the standard Windows installation kit.

You can check the full release notes.

• • •

SFTPPlus Release 3.23.0

Thu 06 July 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.23.0.

This release adds the following new functionality:

  • The Local File Event Handler now includes a header when log entries are stored using the CSV format.

This release fixes the following defects:

  • FTP client-side transfer now works with FTP servers which don't support the FEAT command. [ftp][ftps][client-side] [#4180]
  • For WebDAV client-side operation, the authentication token is automatically refreshed once it is no longer valid. [http][https][client-side] [#4194]

You can check the full release notes.

• • •

SFTPPlus Release 3.22.0

Wed 21 June 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.22.0.

This release adds the following new functionalities:

  • The Local File Event Handler can now rotate files daily on a certain time.
  • It is now possible to configure the certificate chain advertised by the SFTPPlus services which act as SSL/TLS servers.
  • You can now define the filter for an event handler based on the structured data associated to the event.

The release also fixed the following defects:

  • The time based log rotation now occurs exactly at the configured time, not only when a new event is emitted.
  • HTTP/HTTPS client-side connections which take more than 15 seconds to be initialized, more than 20 seconds to send the headers once connection is established, more than 15 seconds to send a fragment of the body content, are now considered stalled and are closed with a timeout error.

You can check the full release notes.

• • •

SFTPPlus Release 3.21.0

Wed 31 May 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.21.0.

This fixes a security issue related to the execution of the FTP LIST command for an OS account. This security issue was introduced in 3.17.0.

Users that are on SFTPPlus version 3.17.0 are encouraged to upgrade to the latest version containing the fix, 3.21.0.

Environments that use both OS and application accounts are affected.

Environments that only use SFTP, that only use application accounts or only use OS accounts exclusively are not affected.

Overview of the fix.

When executing the FTP LIST command for an OS account, it will no longer put on hold the whole SFTPPlus process running under that OS account while the LIST command is executed.

In this case, if the command is executed under the OS account and during that command execution, a file is uploaded by the application account, the command is not on hold and subsequently the uploaded file is owned by the application account.

Alternatively, if a command is executed towards an account (such as an FTP LIST command), SFTPlus is still responsive and can accept new connections and perform other operations. This is the case even if there is a connection timeout configured with the service - the connection (both data and commands) should not be closed as it processes the commands.

In addition, should there be a log rotation occurring during the list process, the log process should also be owned by the SFTPPlus process account and not the OS account.

Upgrading your version of SFTPPlus can be done with very minimal disruption to existing services or users. Please follow the upgrade procedures available in our Documentation.


In this release we have introduced support for FreeBSD 10 on Intel X86_64.

You can now store the server log in CSV format in order to get structured logging.

The following are some of the defect fixes targeted in this release:

  • A transfer with a WebDAV source location will no longer fail at runtime if the WebDAV server is temporary unavailable.
  • A transfer with a WebDAV source location will no longer fail at runtime if the proxy server is temporary unavailable.
  • When failing to close the source or destination file for a transfer, the failure is no longer ignored and the transfer failure is observed.
  • The audit message emitted after an account is successfully authenticated now include the correct information about the local path used by that account and whether it is locked.
  • When using the FTP LIST command with an explicit path, the member's name in the resulting listing will no longer include the parent path.

You can check the full release notes.

• • •

SFTPPlus 3.20.1 Release

Wed 12 April 2017 | general release

SFTPPlus version 3.20.1 was release as a bugfix release.

It fixes that SFTP server side defect in which SFTP client connection hangs when the quit command is issued by the client, as the command was ignored by the server.

You can check the full release notes.

• • •

SFTPPlus Release 3.20.0

Sat 08 April 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.20.0.

Starting with this release, SharePoint Online server is a supported location for client-side transfer. Now you can set up transfers to push or pull files to a SharePoint Online site as part of the Office 365 suite.

In this release we have introduced support for Solaris 10 11/06 U3. It can be used for any Solaris 10 releases up to (and including) U7.

The LDAP authentication method was updated to allow filtering the accepted LDAP entries based on a LDAP search filter. Also regarding LDAP authentication, it is now possible to authenticate LDAP entries which are located inside the LDAP tree in multiple branches. For example, you can authenticate users from multiple organizations, each organization having its own sub-tree.

The following are some of the defect fixes targeted in this release:

  • The SSL/TLS shutdown operation was updated to abort the connection when the remote peer is no longer actively undergoing the shutdown. The connection is aborted if the shutdown sequence needs more than 2 seconds to complete.
  • When the SCP server-side service successfully received an uploaded file, it will close the process with exit code 0.
  • The Local File event handler will now detect failures occurred during operation and will stop the handler.

You can check the full release notes.

• • •

SFTPPlus 3.19.0 Release

Tue 21 February 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.19.0.

The target of this release is fixing a series of defects.

In this release we have introduced support for macOS Sierra (10.12) with the OpenSSL 1.0.2 provided by the Homebrew project, making TLS 1.2 supported on Apple OS X.

The following are some of the defect fixes targeted in this release:

  • When a resource is disconnected it will now be in the Disconnected state instead of the previous Stalled state. When the source or destination for a transfer are not available the state will be Source has failed or Destination has failed instead of the previous Stalled state.
  • A transfer with scheduled resume/stop action will no longer have the actions active after the transfer was stopped.
  • Fix the issue when event data is not displayed in the "Attached data" section on event details page. The page is available from "Past activity" page ("Local Manager") by clicking on any event link.
  • An internal server error is no longer produced when the SSH server is sending a global request.
  • Installing on Linux with partitions mounted with noexec or with SELinux restriction will no longer trigger a MemoryError.
  • The restart required label is no longer displayed for components which are in the process of being started, but only for those which are already started and operational.
  • The configuration file for the SFTP service which is created by default as part of the installation process was fixed to point to the right DSS/DSA private key. It was wrongly pointing to the RSA key. The configuration file should be dsa_private_key = configuration/ssh_host_dsa_key instead of the wrong dsa_private_key = configuration/ssh_host_rsa_key.
  • An internal error is no longer raised when calling the admin-commands command line tool with unknown parameters.
  • Globbing/wildcard operation are now available for the FTP NLST command. This regression was introduced in 3.17.0.
  • The stop operation for a SFTP location will no longer hang when stopping from the stalled or disconnected state.
  • Monitoring a SFTP location for changes will no longer hang for a SFTP transfer when the folder listing operation is done in the same time as the remote server is closing the connection.

You can check the full release notes.

• • •