Articles from general category

SFTPPlus Release 4.11.0

Fri 07 May 2021 | general release

We are announcing the latest release of SFTPPlus version 4.11.0.

This is an incremental release which updates the security libraries together with various defect fixes and adding backward compatible new features.

It included an important change that fixes the display in Internet Explorer of the Authentications page.

Below are the complete changes for this release.

Security Fixes

  • Python has been patched with latest security patches from ActiveState. Fixes CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492. On Linux and macOS, CVE-2021-3177 has also been fixed. [#5600-2]
  • The OpenSSL libraries used for Python's cryptography on Windows, generic Linux, and macOS were updated to version 1.1.1k. Fixes CVE-2020-1971, CVE-2021-23840, CVE-2021-23841, CVE-2021-3449, and CVE-2021-3450. On generic Linux and macOS, same CVEs were fixed for Python's stdlib ssl module. [#5600]

New Features

  • The LDAP authentication method now supports IPv4 LDAP over TLS/SSL, also referred to as LDAPS. [server-side] [#2227]
  • It is now possible to configure the timeout delay for the external commands called during a transfer. In previous versions this was fixed to 15 seconds. [client-side] [#5549]
  • You can now configure the OS authentication method to associate the authenticated accounts to a specific SFTPPlus group or to a SFTPPlus group having the same name as the OS group name. In previous versions, the accounts were associated with the default SFTPPlus group. [server-side] [#5559]
  • The client-side WebDAV location is now configured using a URL. This allows for configuring the connection to WebDAV pages that are not located in the HTTP server's root path. [client-side][webdav] [#5602]
  • The file-dispatcher event handler now supports explicit globbing matching expressions to define a full destination path. In the previous version, when a globbing expression was used, the destination path was defining only the base directory and the file name was always appended to it. [#5604-1]
  • You can now explicitly define a globbing matching expression using the g/EXPRESSION/ format. [#5604]
  • Events with ID 60012 and 60017 emitted on a successful client-side transfer now contain the destination file path as part of the attached data. [client-side] [#5597]

Defect Fixes

  • In the Local Manager, in the list of accounts for a local file authentication method, you will now see the name of the associated group. In previous versions, the group was listed as UNKNOWN. [#2368]
  • The authentications page of the Local Manager web console was fixed to work with Internet Explorer. This was a defect introduced in version 4.10.0. [#5547]
  • Defining configuration options inside the Local Manager using text values containing new lines characters other than the default Unix or Windows characters no longer generates an invalid configuration file. [manager] [#5553]
  • The OS authentication manager will now show an error at startup when no group is configured for allowed users or administrators. In the previous versions, the OS authentication would start just fine and then deny any authentication request. [#5559]
  • On Linux and macOS the OpenPGP event handler now works when the main SFTPPlus process is started as root. [#5592]
  • For a file transfer configured to not transfer duplicated files via the transfer_memory_duration and ignore_duplicate_paths options, when the rename operation fails the full file transfer is retried as a transfer restart. In previous versions the file was not re-transferred after the failed rename operation. [client-side] [#5597]
  • The documentation for the file-dispatcher event handler was updated to include information about variables available when defining the destination path. [#5604]
  • The FTP idle_data_connection_timeout will now use the default value when set to zero or a negative number, as documented. In previous versions, the timeout was disabled when the value was zero. [server-side][ftp] [#5610]

Deprecations and Removals

  • For transfers executed using a temporary file name, the destination_path attribute of the events with ID 60012 now contains the temporary path. This is because, at the time the event is emitted, the file is not yet renamed to the final destination path. In previous versions, it was containing the final destination path. [client-side] [#5597]
  • Specific support for Amazon Linux 2 and Red Hat Enterprise Linux 7.x (including derivatives such as CentOS and Oracle Linux) has been removed due to OpenSSL 1.0.2 no longer being supported by the upstream cryptography project. Use the generic x64 Linux package instead. [#5600]
  • The address and port configuration options for the WebDAV client were removed and replaced with the url configuration. The configuration options are automatically migrated to the url option. [client-side][webdav] [#5602]
  • The default value for connection_retry_interval was increased from 60 seconds to 300 seconds (5 minutes). The default value for connection_retry_count was increased from 2 to 12. This will make a connection for a remote SFTP or FTP location to be retried for 1 hour before stopping the transfers. [client-side] [#5610]

You can check the full release notes here.

• • •

sftpplus.com without cookies

Mon 19 April 2021 | general compliance press

No cookies banner

In order to further protect the privacy of our customers, we have removed all HTTP web browser cookies from our SFTPPlus website.

This includes the download page and the documentation pages.

This allows us to remove the cookie banner. No one likes cookie banners.

EU law requires you to use cookie banners if your website contains cookies that are not required for it to work. Common examples of such cookies are those used by third-party analytics, tracking, and advertising services. These services collect information about people’s behavior across the web, store it in their databases, and can use it to serve personalized ads.

We want to protect the privacy of our customers and we found as simple solution to the cookie problem: don’t use any cookies. Pretty simple, as we don't have authenticated users on our website.

We have a long history of prioritizing customers privacy, often going above and beyond any legal requirement or economic interest. For example, we still don't require customer to obtain a product key that for other products is used to associated and track the product usage of a customer.

We are committing that going forward, we will only use cookies that are required for us to serve our customers and don't share any private information with 3rd parties.

To help us better understand the needs of our customers. we continue to track the activity of our download page based on anonymous access and without using cookies.

Click here to read more about our cookie usage.

• • •

SFTPPlus Release 4.10.0

Wed 17 March 2021 | general release

We are announcing the latest release of SFTPPlus version 4.10.0.

This contains a fix for an important defect preventing SFTPPlus from handling paths containing the single quote (`) character.

New Features

  • You can now configure a recursive transfer to automatically delete the source parent directory of a successfully transferred file. [client-side] [#2594]
  • You can now configure a password history policy in SFTPPlus. [#5406]
  • A new event handler was added to allow publishing audit events to a RabbitMQ AMQP 0-9-1 server. [#5554]
  • SFTPPlus can now authenticate users using an external RADIUS server over the UDP protocol. [#5562]
  • You can now configure the authentication for an account to require both a valid password and a valid SSH key. [server-side][sftp][scp] [#5573]

Defect Fixes

  • Paths containing single quotes are now correctly handled. In previous versions, single quote characters were replaced with path separators, invalidating path requests. [#5585]
  • On Linux and macOS, the GPG external utility required by the OpenPGP event handler is now distributed together with SFTPPlus. [linux][macos] [#5584]

Deprecations and Removals

  • The Microsoft certificate revocation lists were removed from ${MICROSOFT_IT_CRL} placeholder as they are no longer updated. [#5554]

You can check the full release notes here.

• • •

SFTPPlus Release 4.9.0

Fri 05 February 2021 | general release

We are announcing the latest release of SFTPPlus version 4.9.0.

New Features

  • The SSL Certificate Authority configuration now supports validating partial CA chains. This allows for authenticating remote HTTPS connections through self-signed and self-issued certificates. Using a pinned non-CA certificate is also allowed. [#2198-1]
  • The AS2 server can now respond to asynchronous AS2 MDNs. [server-side][as2] [#2198]
  • You can now configure an account to receive files over AS2 without requiring a password. Files received over AS2 still need to be validated for signature and encryption. [server-side][as2] [#5490]
  • HTTP connection requests to HTTPS services such as the Local Manager web administration interface or the HTTPS file transfer service are now automatically redirected to HTTPS. [server-side] [#5512]
  • You can now configure a client-side transfer to operate on files using a temporary prefix. Previous versions only supported a temporary suffix. [client-side] [#5514]
  • The SSH (SFTP/SCP) list of secure ciphers no longer contains CBC mode ciphers. They are no longer enabled by default, although still supported. You can still explicitly enable Cipher Block Chaining modes for aes256-cbc, aes192-cbc, and aes128-cbc using the ssh_cipher_list configuration. [sftp][scp] [#5529-1]
  • The SFTP/SCP file transfer services and locations now support ECDSA SSH keys. Supported SSH key types are ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, and ecdsa-sha2-nistp521. [sftp][server-side][client-side] [#5529]
  • The SFTP/SCP file transfer services and locations now support Ed25519 SSH keys for system using OpenSSL version 1.1.1 or above. Supported SSH key type is ssh-ed25519. [sftp][server-side][client-side] [#5529]
  • SSH host keys for SFTP/SCP server-side services are now configured using a single configuration option named ssh_host_keys. [server-side][sftp] [#5533]

Defect Fixes

  • When transferring concurrent files through multiple transfers, the transfer queue is no longer stalled after the destination location is reconnected. [client-side] [#5519]
  • Components listed on the Local Manager general status page are now sorted in alphabetical order. [manager] [#5537]

Deprecations and Removals

  • The following SSH ciphers are no longer supported: cast128-ctr, blowfish-ctr, and 3des-ctr. The CBC mode for these ciphers are still supported. [sftp] [#5529]
  • The rsa_private_key and dsa_private_key configuration options were removed, being replaced by a single ssh_host_keys configuration option. For backward compatibility, the old configuration options are still supported. [server-side][sftp] [#5533]
  • The SSH (SFTP/SCP) list of secure ciphers no longer contains CBC mode ciphers. Cipher Block Chaining modes aes256-cbc, aes192-cbc, and aes128-cbc were removed for potential security vulnerabilities. [sftp][scp] [#5529-1]

You can check the full release notes here.

• • •

SFTPPlus Release 4.8.0

Thu 19 November 2020 | general release

We are announcing the latest release of SFTPPlus version 4.8.0.

New Features

  • The embedded OpenSSL libraries used on Windows, macOS, and generic Linux were updated to version 1.1.1h. [#5496]
  • You can now configure an overwrite rule for the file dispatcher event handler. [#5510-1]
  • You can now configure the file dispatcher event handler to copy a file using a temporary name and then rename it to the original name at the end of the transfer. [#5510]

Defect Fixes

  • The states for authentication methods are now correctly displayed in the Local Manager GUI. This regression was introduced in version 3.51.0. Since then, their states were always shown as disabled. [#5458]
  • When a transfer is configured with a stable_interval value lower than the value of changes_poll_interval, the stable_interval value is ignored. The number of seconds used is 1 more than what is set for changes_poll_interval. [client-side][#5496]

You can check the full release notes here.

• • •