Articles from server category
- ⬅ All articles
- 🗂 Categories
- 🔖 ftp (1)
- 🔖 infrastructure (3)
- 🔖 privacy (1)
- 🔖 compliance (1)
- 🔖 client-side (1)
- 🔖 general (81)
- 🔖 blog (6)
- 🔖 press (2)
- 🔖 australia (1)
- 🔖 client (17)
- 🔖 release (78)
- 🔖 article (14)
- 🔖 security (24)
- 🔖 server (19)
- 🗄 Archive
- 📌 2006 (1)
- 📌 2013 (3)
- 📌 2014 (10)
- 📌 2015 (4)
- 📌 2016 (1)
SFTPPlus Server 2.9.0 Release
Tue 09 December 2014 | general server
We are pleased to announce the latest release of SFTPPlus Server, version 2.9.0 which simplifies account's SSH key based authentication and provides a web based tool for generating new SSH keys and converting existing keys in OpenSSH, SSH.com or PuTTY format to be used in SFTP and SCP file transfer servers. The new SSH keys management tool replaces the external PuTTYgen tool.
To prevent creating huge log files, starting with this version the default configuration creates a log file which is automatically rotated at the end of the day.
The FTP and FTPS service was updated to work behind a NAT even with legacy FTP clients which don't support the EPSV (RFC 2428) command, by advertising an explicit IP address in PASV responses.
This release contains a fix for removing files which are marked as read-only in Windows
These are just the highlights of this release. For more details please see the full release notes.
SFTPPlus Server 2.8.0 Release
Fri 24 October 2014 | general server
SFTPPlus Team is pleased to announce the latest release of SFTPPlus Server, version 2.8.0 which was released as a response to SSLv3 POODLE vulnerability.
Starting from this version SSLv3 is no longer enabled by default for FTPS (implicit and explicit), HTTPS and Local Manager protocols.
We have also updated the list of supported operating systems to include the Red Hat Enterprise Linux 7 and CentOS 7 on X86_64 together with Apple OS X 10.8 also on X86_64.
This version fixed a bug affecting the loading of Certificate Revocation Lists for FTPS, HTTPS and Local Manager protocols.
For more details please see the full release notes.
SSLv3 POODLE vulnerability and SFTPPlus
Wed 22 October 2014 | security server client
Issue
In late September, a team at Google discovered a serious vulnerability in SSL 3.0, known as “POODLE”.
By exploiting this vulnerability, an attacker can gain access to data send over what is supposed to be a secured connection.
Affected protocols
SFTPPlus Server and Client are affected by SSLv3 POODLE vulnerability for FTPS, HTTPS protocols as well as for the HTTPS web based management tool.
SFTP and SCP protocols are not affected.
This is a design flaw within the SSLv3 protocol itself and is not related to SFTPPlus specific implementation or any other vendor’s implementation.
Solution for SFTPPlus Server
As a way to fix this you should disable SSLv3 protocol and only use TLSv1 for FTPS (explicit or implicit) and HTTPS protocols, including the Local Manager web based administration interface.
To disable SSLv3 in SFTPPlus Server this can be done using the ssl_allowed_methods = tlsv1 configuration options for all vulnerable protocols. For more details see ssl_allowed_methods documentation.
The default configuration options support both SSLv3 and TLSv1. SSLv2 was never enabled as the protocol was also proved vulnerable.
In case you still need to use SSLv3 you should disable the CBC based cipher suites. This means enabling only the RC4-SHA cipher as this is the only cipher not using CBC. To do this, set ssl_cipher_list = RC4-SHA . For more details see ssl_cipher_list documentation.
We will soon release a new version of SFTPPlus Server which will disable SSLv3 by default.
Solution for SFTPPlus Client
SFTPPlus Client can also be configured to only use RC4-SHA cipher using the ciphers = 'RC4-SHA' configuration. For more details see ciphers documentation.
We will soon release a new version of SFTPPlus Client which will disable SSLv3 by default.
SFTPPlus Server 2.7.0 Release
Thu 18 September 2014 | general server
SFTPPlus Team is pleased to announce the latest release of SFTPPlus Server, version 2.7.0.
This version improves the managed file transfer component of the server by adding support for calling external command for monitored paths.
The server now supports more FTP commands like SITE CHMOD. For backward compatibility we have introduced support for the obsolete FTP commands: XCUP, XCWD, XMKD, XPWD, XRMD
Ubuntu 14.04 LTS on X86_64 is now a supported platform.
For more details please see the full release notes.
SFTPPlus Server 2.6.0 Release
Fri 08 August 2014 | general server
SFTPPlus Team is pleased to announce the latest release of SFTPPlus Server, version 2.6.0.
This version adds support for monitoring paths on local file systems and record activity inside the audit trail and a report containing last login date for all accounts.
For more details please see the full release notes.