SFTPPlus Release 3.43.0
We are announcing the latest release of SFTPPlus version 3.43.0.
- When defining a new password for an account, it is now possible to define a minimum level of complexity and strength. [#4700]
- You can now set an email as part of the user's account details. [#5125 …
Pro:Atria and SFTPPlus sponsor DVLA Code Challenge 2018 for School Children
Pro:Atria is delighted to be a sponsor of the DVLA Code Challenge 2018 for School Children.
DVLA runs the competition to provide Schools, Code Clubs and Community groups in Wales with IT equipment and promote STEM (Science, Technology, Engineering and Mathematics) subjects aimed at children aged 7-14.
DVLA work …
Secure your FTPS server with Let's Encrypt
What is Let's Encrypt?
Let's Encrypt (sometimes shortened as LetsEncrypt) is a certificate authority that provides SSL/X.509 certificates at no charge. You can read more on the subject in the Wikipedia article on Let's Encrypt.
A Let's Encrypt certificate is valid for …
SFTPPlus Release 3.42.0
We are announcing the latest release of SFTPPlus version 3.42.0.
- You can now define a custom CSS file for HTTP/HTTPS file transfer services. [server-side][http][https] [#5101]
- You can now automatically get SSL/X.509 certificates signed by Let's Encrypt's certificate authority. [ftps][https] [#5117 …
SFTPPlus Release 3.41.1
We are announcing the release of SFTPPlus version 3.41.1 which is a bugfix release to always transfer the marker file as the last file in marker based batch transfer.
By transferring the marker file as the last file, a failed transfer can be resumed.
No other changes were …
SFTPPlus Release 3.41.0
We are announcing the release of SFTPPlus version 3.41.0 which adds support for running HTTP/HTTPS services behind a Layer 7 HTTP Application load balancer.
- It is now possible to define a list of HTTP Host header origins accepted by the HTTP file transfer services and …
SFTPPlus Release 3.40.1
We are announcing the release of SFTPPlus version 3.40.1 which is a bugfix release. Starting with this version, the option to hide the SFTPPlus authentication session from the www-authenticate headers is visible in the Local Manager.
No other changes were done on this release on top of 3 …
SFTPPlus Release 3.40.0
We are announcing the latest release of SFTPPlus version 3.40.0.
- SuSE Enterprise Linux without the Security Module and OS X are now distributed with OpenSSL 1.1.0h, making it possible to use TLS 1.2 and SHA2. [#5030]
- It is now possible to use variable …
Security Advisory for SFTPPlus 3.39.0
A security advisory was created for SFTPPlus version 3.39.0 affecting the SCP protocol for which existing files were not always fully overwritten upon a new file upload request.
SFTPPlus Release 3.39.0
We are announcing the latest release of SFTPPlus version 3.39.0.
Customers using the SCP protocol are urged to upgrade to this version. Any previous version contains a security issue when overwriting files over SCP.
- In the event handler configuration, it is now possible to filter the …
SFTPPlus Release 3.38.0
We are pleased to announce the latest release of SFTPPlus version 3.38.0.
- When the remote FTP/FTPS server supports the MLST command, SFTPPlus will use it to determine the existence of remote paths. [client-side][ftp][ftps] [#3885]
- For a transfer, it is now possible to execute …
Security Advisory for SFTPPlus 3.37.1
A security advisory was created for SFTPPlus version 3.37.1 affecting authentication of accounts using the HTTP API.
SFTPPlus Release 3.37.1
We are pleased to announce the latest release of SFTPPlus version 3.37.1.
- The HTTP API authentication for an account now fails when the account is accepted by the remote HTTP API but the associated group is disabled. [server-side][security] [#5058]
- A defect was fixed in Local …
SFTPPlus Release 3.37.0
We are pleased to announce the latest release of SFTPPlus version 3.37.0.
- The HTTP and HTTPS file transfer API now support session based authentication. The Basic Auth login is still supported. [server-side][http][https] [#5009-1]
- The HTTP and HTTPS file transfer services now have a session …
SFTPPlus Release 3.36.0
We are pleased to announce the latest release of SFTPPlus version 3.36.0.
- The Azure File Service of the Azure Storage Account is now available as a location for client-side transfers. [client-side][http] [#4988]
- It is now possible to define a client-side file transfer that will wait …
Secure File Transfer and Business Continuity Planning
What is business continuity planning (BCP)?
According to Wikipedia, business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company.
Business Continuity Planning also includes these five components as defined by the SANS Institute. These components are:
- Business Resumption …
SFTPPlus Release 3.35.0
We are pleased to announce the latest release of SFTPPlus version 3.35.0.
- The OpenSSL library used by SFTPPlus on Windows was updated to OpenSSL 1.1.0h. [#4579]
- It is now possible to define virtual folders that are available to all accounts from a group. These …
Setting up security scanners for your SFTPPlus MFT Server
The following is a short guide on how you can set up a security scanner for your SFTPPlus MFT Server installation. For this guide, we have chosen a free and open source scanner, OWASP Zed Attack Proxy or zaproxy, as an example.
Of course, there are a number of …
Security Advisory for SFTPPlus 3.41.1
A security advisory was created for SFTPPlus version 3.41.1 affecting caching of HTTP files and injection of external content into HTTML error messages.
SFTPPlus Release 3.34.1
We have recently deployed the latest release of SFTPPlus version 3.34.1 which fixes the following defects:
- The files downloaded using the HTTP file transfer service now have explicit headers to disable caching. [security][http][https] [#4953]
- The HTTP service no longer returns user input as part of the …
IPv6 support for HTTP/S, FTP/S, SFTP and SCP File Transfer Services
Why get ready for IPv6?
According to the Akamai Q1 2017 State of the Internet Connectivity Report, "approximately 5 million IPv4 addresses were depleted from available pools at the Regional Internet Registries in the first quarter, leaving approximately 39 million addresses remaining."
In response to the steady depletion of IPv4 …
SFTPPlus Release 3.34.0
We are pleased to announce the latest release of SFTPPlus version 3.34.0.
A number of changes have been made in regards to how permissions are set in SFTPPlus.
If you are planning to upgrade your existing installation and you have custom permissions for SFTPPlus accounts and / or groups …
Secure cipher suites for the ssl_cipher_list configuration
Default SSL cipher suites
With the release of SFTPPlus 3.32.0, we have changed the default set of SSL cipher suites for the Local Manager and the HTTPS service. As with any product that runs in many environments, SFTPPlus uses a default set of SSL-related parameters that are a …
Security Advisory for SFTPPlus 3.33.0
A security advisory was created for SFTPPlus version 3.33.0 affecting Cross-Site Scripting Attacks for HTTP and HTTPS pages accessed via a web browser.
Security Advisory on CSRF and XSS attacks affecting HTTP/HTTPS services
Customers using HTTP/HTTPS services should upgrade to 3.33.0
The SFTPPlus version 3.33.0 release is a major security update for the HTTP/HTTPS file transfer service and the SFTPPlus Local Manager service.
This update addresses the vulnerabilities concerning Cross-Site Request Forgery Attacks and Cross-Site Scripting Attacks …
SFTPPlus Release 3.33.0 now supports IPv6 server-side functionalities
We are pleased to announce the latest release of SFTPPlus version 3.33.0.
This is a significant release in that it supports the Internet's next generation protocol, IPv6, for all server-side functionalities.
As we begin to hit the upper limit of IPv4 addresses, the current standard, what matters to …
Data Loss Prevention - Systems, Software and Strategies
What is Data Loss Prevention (DLP)?
Data Loss Prevention (or DLP for short) is the application of technology and policies in order to detect and prevent potential data breaches and data ex-filtration. Data that is of particular interest include sensitive emails, documents and other information leaving the organizational boundary. Data …
SFTPPlus and its relevance with the OIAC Privacy Act and ASD ISM
In this post, we outline two main compliance obligations relevant to Australia - the OIAC Privacy Act and the ASD ISM. For those familiar with other international compliance obligations, such as the GPG13 (Good Practice Guide) provided by the UK or HIPAA (Health Insurance Portability and Accountability Act) provided by the …
SFTPPlus Release 3.32.0
We are pleased to announce the latest release of SFTPPlus version 3.32.0.
- SFTP and SCP file transfer services can now listen on IPv6 addresses and accept connections from IPv6 clients. [server-side][sftp][scp] [#1924]
- The HTTP and HTTPS service now accepts creating new folders with the …
Understanding the exchange between SFTP Client and SFTP Server
Why read this?
As part of meeting the Accounting component of the AAA (Authorization, Authentication and Accounting) framework, each event and action on the server and/or the client-side are recorded by SFTPPlus. These events have an associated Event ID which is also publicly searchable both on our website and …
Protecting your SFTPPlus configuration against SWEET32
Details of attacks on DES (Data Encryption Standard) and Triple DES, Birthday attacks on 64-bit block ciphers were released with the CVE ID of CVE-2016-2183. Read more about the CVE details here).
DES and Triple DES ciphers, used in TLS and SSH protocols and in subsequent relation also used in …
SFTPPlus is not affected by the Meltdown and Spectre Vulnerabilities
SFTPPlus is not affected by Meltdown and Spectre. SFTPPlus secure file transfers does not allow any arbitrary application code execution.
SFTPPlus Release 3.31.0
We are pleased to announce the latest release of SFTPPlus version 3.31.0.
- The option to enforce unique names for uploaded files is now available for the HTTP and HTTPS file transfer services. [server-side] [#4465]
- A SOCKS version 5 (SOCKS5) proxy without authentication can now be used …
Tips to managing your file transfer requirements
Designing a file transfer system can be a difficult task. Which file transfer protocols should I use? Do I need server-side or client-side software or both? How do I authenticate my file transfer users securely?
Your first step in this journey is to understand your requirements. In this post, we …
SFTPPlus Client Release 1.5.65
We have released SFTPPlus Client version 1.5.65 which fixes a defect for recursive uploads over SFTP from a Windows client to a Linux server.
Announcing the SFTPPlus and Docker repository
Docker containers have been a constant presence in the worlds of DevOps and cloud computing. We have recognized this only through a passing mention in our product page that SFTPPlus can run in a Docker container.
However, we have not gone beyond that, until now.
We are pleased to announce …
SFTPPlus Release 3.30.0
We are pleased to announce the latest release of SFTPPlus version 3.30.0.
- It is now possible to dynamically dispatch files to different destinations based on the name of the file which was dispatched. [#4555]
- The HTTP authentication method can now send requests which are authenticated using …
Introducing SFTPPlus to high availability and resiliency
Where does SFTPPlus sit in your IT infrastructure
The SFTPPlus software stands at the OSI Layer 7 or the TCP Layer 4. In order to have a fully fault tolerant system, you need to implement resilience at all the other layers including the OS. SFTPPlus can be integrated with external …
Choosing the best protocols for securing data and file transfers
Why read this guide
In order to implement a secure managed file transfer system, you will need a good understanding of the supported services and protocols involved.
This article provides an overview of the supported protocols, including the advantages and disadvantages of these protocols as well as situations for the …
Securing data and file transfers between SFTPPlus and third parties
Why read this article
In order to have a fully established file transfer and sharing system, you need to implement integration at all the other layers including the OS. SFTPPlus can be integrated with external tools and third parties in order to help establish these integration requirements.
This article is …
SFTPPlus Release 3.29.0
We are pleased to announce the latest release of SFTPPlus version 3.29.0.
- An event with ID 30079 is now emitted when an SFTP location sends a banner message during authentication. [#4293]
- The HTTP file transfer service now supports the HEAD method for folders which return OK …
SFTPPlus MFT Trial Releases Now Available
It is now easier for all enterprises - large and small - to evaluate SFTPPlus MFT with the release of a trial version which includes full functionality of the software suite.
Customers seeking a trial have the choice of either the MFT Server, MFT Client or both for major operating systems on …