Articles from release category

SFTPPlus Release 4.11.0

Fri 07 May 2021 | general release

We are announcing the latest release of SFTPPlus version 4.11.0.

This is an incremental release which updates the security libraries together with various defect fixes and adding backward compatible new features.

It included an important change that fixes the display in Internet Explorer of the Authentications page.

Below are the complete changes for this release.

Security Fixes

  • Python has been patched with latest security patches from ActiveState. Fixes CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492. On Linux and macOS, CVE-2021-3177 has also been fixed. [#5600-2]
  • The OpenSSL libraries used for Python's cryptography on Windows, generic Linux, and macOS were updated to version 1.1.1k. Fixes CVE-2020-1971, CVE-2021-23840, CVE-2021-23841, CVE-2021-3449, and CVE-2021-3450. On generic Linux and macOS, same CVEs were fixed for Python's stdlib ssl module. [#5600]

New Features

  • The LDAP authentication method now supports IPv4 LDAP over TLS/SSL, also referred to as LDAPS. [server-side] [#2227]
  • It is now possible to configure the timeout delay for the external commands called during a transfer. In previous versions this was fixed to 15 seconds. [client-side] [#5549]
  • You can now configure the OS authentication method to associate the authenticated accounts to a specific SFTPPlus group or to a SFTPPlus group having the same name as the OS group name. In previous versions, the accounts were associated with the default SFTPPlus group. [server-side] [#5559]
  • The client-side WebDAV location is now configured using a URL. This allows for configuring the connection to WebDAV pages that are not located in the HTTP server's root path. [client-side][webdav] [#5602]
  • The file-dispatcher event handler now supports explicit globbing matching expressions to define a full destination path. In the previous version, when a globbing expression was used, the destination path was defining only the base directory and the file name was always appended to it. [#5604-1]
  • You can now explicitly define a globbing matching expression using the g/EXPRESSION/ format. [#5604]
  • Events with ID 60012 and 60017 emitted on a successful client-side transfer now contain the destination file path as part of the attached data. [client-side] [#5597]

Defect Fixes

  • In the Local Manager, in the list of accounts for a local file authentication method, you will now see the name of the associated group. In previous versions, the group was listed as UNKNOWN. [#2368]
  • The authentications page of the Local Manager web console was fixed to work with Internet Explorer. This was a defect introduced in version 4.10.0. [#5547]
  • Defining configuration options inside the Local Manager using text values containing new lines characters other than the default Unix or Windows characters no longer generates an invalid configuration file. [manager] [#5553]
  • The OS authentication manager will now show an error at startup when no group is configured for allowed users or administrators. In the previous versions, the OS authentication would start just fine and then deny any authentication request. [#5559]
  • On Linux and macOS the OpenPGP event handler now works when the main SFTPPlus process is started as root. [#5592]
  • For a file transfer configured to not transfer duplicated files via the transfer_memory_duration and ignore_duplicate_paths options, when the rename operation fails the full file transfer is retried as a transfer restart. In previous versions the file was not re-transferred after the failed rename operation. [client-side] [#5597]
  • The documentation for the file-dispatcher event handler was updated to include information about variables available when defining the destination path. [#5604]
  • The FTP idle_data_connection_timeout will now use the default value when set to zero or a negative number, as documented. In previous versions, the timeout was disabled when the value was zero. [server-side][ftp] [#5610]

Deprecations and Removals

  • For transfers executed using a temporary file name, the destination_path attribute of the events with ID 60012 now contains the temporary path. This is because, at the time the event is emitted, the file is not yet renamed to the final destination path. In previous versions, it was containing the final destination path. [client-side] [#5597]
  • Specific support for Amazon Linux 2 and Red Hat Enterprise Linux 7.x (including derivatives such as CentOS and Oracle Linux) has been removed due to OpenSSL 1.0.2 no longer being supported by the upstream cryptography project. Use the generic x64 Linux package instead. [#5600]
  • The address and port configuration options for the WebDAV client were removed and replaced with the url configuration. The configuration options are automatically migrated to the url option. [client-side][webdav] [#5602]
  • The default value for connection_retry_interval was increased from 60 seconds to 300 seconds (5 minutes). The default value for connection_retry_count was increased from 2 to 12. This will make a connection for a remote SFTP or FTP location to be retried for 1 hour before stopping the transfers. [client-side] [#5610]

You can check the full release notes here.

• • •

SFTPPlus Release 4.10.0

Wed 17 March 2021 | general release

We are announcing the latest release of SFTPPlus version 4.10.0.

This contains a fix for an important defect preventing SFTPPlus from handling paths containing the single quote (`) character.

New Features

  • You can now configure a recursive transfer to automatically delete the source parent directory of a successfully transferred file. [client-side] [#2594]
  • You can now configure a password history policy in SFTPPlus. [#5406]
  • A new event handler was added to allow publishing audit events to a RabbitMQ AMQP 0-9-1 server. [#5554]
  • SFTPPlus can now authenticate users using an external RADIUS server over the UDP protocol. [#5562]
  • You can now configure the authentication for an account to require both a valid password and a valid SSH key. [server-side][sftp][scp] [#5573]

Defect Fixes

  • Paths containing single quotes are now correctly handled. In previous versions, single quote characters were replaced with path separators, invalidating path requests. [#5585]
  • On Linux and macOS, the GPG external utility required by the OpenPGP event handler is now distributed together with SFTPPlus. [linux][macos] [#5584]

Deprecations and Removals

  • The Microsoft certificate revocation lists were removed from ${MICROSOFT_IT_CRL} placeholder as they are no longer updated. [#5554]

You can check the full release notes here.

• • •

SFTPPlus Release 4.9.0

Fri 05 February 2021 | general release

We are announcing the latest release of SFTPPlus version 4.9.0.

New Features

  • The SSL Certificate Authority configuration now supports validating partial CA chains. This allows for authenticating remote HTTPS connections through self-signed and self-issued certificates. Using a pinned non-CA certificate is also allowed. [#2198-1]
  • The AS2 server can now respond to asynchronous AS2 MDNs. [server-side][as2] [#2198]
  • You can now configure an account to receive files over AS2 without requiring a password. Files received over AS2 still need to be validated for signature and encryption. [server-side][as2] [#5490]
  • HTTP connection requests to HTTPS services such as the Local Manager web administration interface or the HTTPS file transfer service are now automatically redirected to HTTPS. [server-side] [#5512]
  • You can now configure a client-side transfer to operate on files using a temporary prefix. Previous versions only supported a temporary suffix. [client-side] [#5514]
  • The SSH (SFTP/SCP) list of secure ciphers no longer contains CBC mode ciphers. They are no longer enabled by default, although still supported. You can still explicitly enable Cipher Block Chaining modes for aes256-cbc, aes192-cbc, and aes128-cbc using the ssh_cipher_list configuration. [sftp][scp] [#5529-1]
  • The SFTP/SCP file transfer services and locations now support ECDSA SSH keys. Supported SSH key types are ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, and ecdsa-sha2-nistp521. [sftp][server-side][client-side] [#5529]
  • The SFTP/SCP file transfer services and locations now support Ed25519 SSH keys for system using OpenSSL version 1.1.1 or above. Supported SSH key type is ssh-ed25519. [sftp][server-side][client-side] [#5529]
  • SSH host keys for SFTP/SCP server-side services are now configured using a single configuration option named ssh_host_keys. [server-side][sftp] [#5533]

Defect Fixes

  • When transferring concurrent files through multiple transfers, the transfer queue is no longer stalled after the destination location is reconnected. [client-side] [#5519]
  • Components listed on the Local Manager general status page are now sorted in alphabetical order. [manager] [#5537]

Deprecations and Removals

  • The following SSH ciphers are no longer supported: cast128-ctr, blowfish-ctr, and 3des-ctr. The CBC mode for these ciphers are still supported. [sftp] [#5529]
  • The rsa_private_key and dsa_private_key configuration options were removed, being replaced by a single ssh_host_keys configuration option. For backward compatibility, the old configuration options are still supported. [server-side][sftp] [#5533]
  • The SSH (SFTP/SCP) list of secure ciphers no longer contains CBC mode ciphers. Cipher Block Chaining modes aes256-cbc, aes192-cbc, and aes128-cbc were removed for potential security vulnerabilities. [sftp][scp] [#5529-1]

You can check the full release notes here.

• • •

SFTPPlus Release 4.8.0

Thu 19 November 2020 | general release

We are announcing the latest release of SFTPPlus version 4.8.0.

New Features

  • The embedded OpenSSL libraries used on Windows, macOS, and generic Linux were updated to version 1.1.1h. [#5496]
  • You can now configure an overwrite rule for the file dispatcher event handler. [#5510-1]
  • You can now configure the file dispatcher event handler to copy a file using a temporary name and then rename it to the original name at the end of the transfer. [#5510]

Defect Fixes

  • The states for authentication methods are now correctly displayed in the Local Manager GUI. This regression was introduced in version 3.51.0. Since then, their states were always shown as disabled. [#5458]
  • When a transfer is configured with a stable_interval value lower than the value of changes_poll_interval, the stable_interval value is ignored. The number of seconds used is 1 more than what is set for changes_poll_interval. [client-side][#5496]

You can check the full release notes here.

• • •

SFTPPlus Release 4.7.0

Thu 05 November 2020 | general release

We are announcing the latest release of SFTPPlus version 4.7.0.

New Features

  • You can now configure the PGP and archive extraction event handlers using an event that has a list of files attached. [#5502]
  • The PGP and extract archive event handlers can now be configured to overwrite an existing destination. [#5503]
  • A new event handler was added to allow creating ZIP archives. [#5504]

Defect Fixes

  • A typo was fixed in the name of the configuration for {day.of_year_padded}. In previous version it was defined as day.of_year_paddedd. [#5504]
  • The SFTPPlus Windows Service manager was updated so that it no longer depends on the .NET framework.

You can check the full release notes here.

• • •