Articles from release category

SFTPPlus Release 3.33.0

Mon 23 April 2018 | general release Written by SFTPPlus

We are pleased to announce the latest release of SFTPPlus version 3.33.0.

This is a significant release in that it supports the Internet's next generation protocol, IPv6, for all server-side functionalities.

As we begin to hit the upper limit of IPv4 addresses, the current standard, what matters to us is to enable our customers and their businesses to set up their services on IPv6 with SFTPPlus.

In addition to IPv6 support, the following are new features and defect fixes associated with this release.

New Features

  • A new authentication method was added which allows the server to read application accounts from a separate file. [server-side] [#1056]
  • It is now possible to configure the supported ciphers for an SFTP location using the ssh_cipher_list configuration option. [#4619]
  • The FTP and FTPS file transfer services now support IPv6 as specified in RFC 2428. [server-side][ftp][ftps] [#4823-1]
  • The HTTP and HTTPS file transfer services now support IPv6. [server-side][http][https] [#4823]
  • The event with ID 30011 now contains details about the encryption used by the SFTP and SCP connections. [server-side][sftp][scp] [#4850]

Defect fixes

  • A defect was fixed in the SFTP service for the chmod operation. In previous versions, the chmod was ignored and always returned a success result. [server-side][sftp] [#4338]
  • The HTTP PUT method of the file transfer service now returns a correct code when the HTTP request contains Expect: 100-continue and the request fails to be authenticated. [server-side][http][https] [#4856]
  • When uploading files into an empty folder using a web browser which has Javascript enabled, you will now see the uploaded file in the folder listing. This issue was introduced in 3.31.0. This was not an issue for web browsers with Javascript disabled. [server-side][http][https] [#4865]
  • The HTTP file transfer service will now force any file to be downloaded by the browser. Previously, it was displaying HTML or images inside the browser without forcing a download. [server-side][http][https][security] [#4877-1]
  • The HTTP file transfer service and the Local Manager service were updated to prevent cross-site request forgery (CSRF / XSRF) attacks by validating the Origin and Referer headers against the Host header. [server-side][http][https][security] [#4877]
  • The HTTP file transfer service will now set the session cookie using the httpOnly and 'sameSite' options. [server-side][http][https][security] [#4881]
  • The error messages in the HTTP service were updated to prevent cross site scripting attacks (XSS). [server-side][http][https] [#4884]

You can check the full release notes here.

• • •

SFTPPlus Release 3.32.0

Thu 05 April 2018 | general release Written by SFTPPlus

We are pleased to announce the latest release of SFTPPlus version 3.32.0.

New Features

  • SFTP and SCP file transfer services can now listen on IPv6 addresses and accept connections from IPv6 clients. [server-side][sftp][scp] [#1924]
  • The HTTP and HTTPS service now accepts creating new folders with the HTTP PUT and WebDAV MKCOL methods. [server-side][http][https] [#4828-1]
  • The HTTP and HTTPS service now accepts deleting folders and files with the HTTP DELETE method. [server-side][http][https] [#4828-2]
  • The HTTP and HTTPS service now accepts file uploads using the HTTP PUT method. [server-side][http][https] [#4828]

Defect fixes

  • FTP and FTPS client side transfer can now transfer files larger than a few bytes from a remote FTP/FTPS server and to the local filesystem. This issue was introduced in SFTPPlus version 3.20.0. This defect was not affecting uploading / pushing files to a remote FTP/FTPS server. [client-side][ftp][ftps] [#4754]
  • The Developer Documentation for the HTTP authentication method was updated to make it clear the expected repose codes for the authentication server. [server-side] [#4758]
  • The JavaScript UI for the HTTP and HTTPS file transfer services no longer limit the file size to 256MB. This defect was introduced in 3.31.0. [server-side][http][https] [#4815]

Deprecations and Removals

  • The default secure ssl_cipher_list configuration was updated to HIGH:!PSK:!RSP:!eNULL:!aNULL:!RC4:!MD5:!DES:!3DES:!aDH:!kDH:!DSS. The previous value was ALL:!RC4:!DES:!3DES:!MD5:!EXP. In this way, when updating the OpenSSL library you will automatically get an update in the list of secure ciphers, without the need to update SFTPPlus. [security][ftps][https][client-side][server-side] [#4748]
  • The event (ID 40025) that was emitted when an unknown error was generated by the HTTP service during a JSON API request was removed. It has been replaced with event ID 40003. [server-side][http][https] [#4828]

You can check the full release notes here.

• • •

SFTPPlus Release 3.31.0

Tue 20 February 2018 | general release Written by SFTPPlus

We are pleased to announce the latest release of SFTPPlus version 3.31.0.

New Features

  • The option to enforce unique names for uploaded files is now available for the HTTP and HTTPS file transfer services. [server-side] [#4465]
  • A SOCKS version 5 (SOCKS5) proxy without authentication can now be used to connect to remote SFTP and SCP servers. [client-side][sftp][scp] [#4546]
  • A new event handler option is added in order to send filtered events to standard output. This can be used when running SFTPPlus in Docker or with other process supervisors. [#4645]
  • The option to enforce unique names for uploaded files is now available for the FTP, Implicit FTPS and Explicit FTPS protocols. [server-side] [#4650]
  • The file-dispatcher event handler can now be configured to automatically create destination folders. [#4652]
  • The close event description for SFTP and SCP client-side and server-side connection now contains the encryption used to protect connection. [client-side][server-side][sftp][scp] [#4668]
  • The HTTP and HTTPS file transfer services now allow uploading multiple files and adding files via drag and drop. [server-side][http][https] [#4673]
  • Support for Red Hat Enterprise Linux versions 7.0 to 7.3 with OpenSSL 1.0.1 was readded alongside support for RHEL 7.4 and newer using OpenSSL 1.0.2. [#4691]
  • A new secure configuration value is available for the ssl_cipher_list and ssh_cipher_list as part of the FTPS, SFTP, SCP, and HTTPS file transfer services. [security][client-side][server-side] [#4727]

Defect fixes

  • The transfer for SFTP and SCP locations is no longer interrupted when the remote server is requesting a SSH re-key exchange. This was affecting client-side transfers of files bigger than 1GB, as this is the point where some servers are re-keying. This is when either side forces the other to run the key-exchange phase which changes the encryption and integrity keys for the session. [client-side] [#4302]
  • It is now possible to stop the client shell at any time by pressing the Ctrl+C key combination. In previous versions this was not available while an operation was in progress. [#4626]
  • The AIX 7.1 build of SFTPPlus was updated to work with older OpenSSL versions. Previous versions of SFTPPlus (from 3.27.0 to 3.30.0) on AIX 7.1 required OpenSSL 1.0.2k or newer. [#4696]
  • SFTP and SCP client and server side can now handle key exchange process even for peers which advertise their SSH version string with trailing spaces. This can happen for Bitvise SSHD Server when configured to omit its version. [client-side][server-side][sftp][scp] [#4718]
  • The documentation for expression matching was updated to explain that regular expression matching is done as a search operation. For an exact match, use the start and end regex anchors. [#4724]

Deprecations and Removals

  • Events with ID 40015 and 40016 were replaced by already existing event with ID 40022. Event 40022 is now the only one emitted when there are errors during an upload operation. [server-side][http] [#4465]
  • The default configuration for SFTP, SCP, FTPS, and HTTPS connections was updated to exclude the 3DES cipher in order to prevent SWEET32 attacks. To not break backward compatibility for existing installations, this change affects only new installations. Existing installations will need to be manually updated to exclude the 3DES based ciphers. [#4727]

You can check the full release notes.

• • •

SFTPPlus Client Release 1.5.65

Wed 14 February 2018 | general release client Written by SFTPPlus

We have released SFTPPlus Client version 1.5.65 which fixes a defect for recursive uploads over SFTP from a Windows client to a Linux server.

• • •

SFTPPlus Release 3.30.0

Thu 25 January 2018 | general release Written by SFTPPlus

We are pleased to announce the latest release of SFTPPlus version 3.30.0.

New Features

  • It is now possible to dynamically dispatch files to different destinations based on the name of the file which was dispatched. [#4555]
  • The HTTP authentication method can now send requests which are authenticated using the HTTP Basic authentication (BA) method. [#4589-1]
  • The HTTP event handler can now send requests which are authenticated using the HTTP Basic authentication (BA) method. [#4589]
  • The file-dispatcher event handler now has the capability to delete files. [client-side] [#4624]
  • You can now configure an account to amend the requested file for an upload by prefixing it with a universally unique identifier (UUID4). This option is available for the SFTP and SCP protocols. [server-side][sftp][scp] [#4643]

Deprecations and Removals

  • The ${SHAREPOINT_CA} and ${SHAREPOINT_CRL} placeholders were replaced by the more inclusive ${MICROSOFT_IT_CA} and ${MICROSOFT_IT_CRL}. The ${SHAREPOINT_CA} and ${SHAREPOINT_CRL} placeholders will continue to be available as an alias for Microsoft IT CA. [#4625]

You can check the full release notes.

• • •