Articles and news
- 🗂 Categories
- 🔖 ftp (1)
- 🔖 infrastructure (3)
- 🔖 privacy (1)
- 🔖 compliance (1)
- 🔖 client-side (1)
- 🔖 general (84)
- 🔖 blog (6)
- 🔖 press (2)
- 🔖 australia (1)
- 🔖 client (17)
- 🔖 release (81)
- 🔖 article (14)
- 🔖 security (24)
- 🔖 server (19)
- 🗄 Archive
- 📌 2001 (3)
- 📌 2005 (1)
- 📌 2006 (1)
- 📌 2007 (1)
- 📌 2008 (1)
- 📌 2012 (1)
- 📌 2013 (3)
- 📌 2014 (13)
- 📌 2015 (20)
- 📌 2016 (23)
- 📌 2017 (14)
- 📌 2018 (38)
- 📌 2019 (17)
SFTPPlus Release 3.39.0
Fri 05 October 2018 | release security
We are announcing the latest release of SFTPPlus version 3.39.0.
Customers using the SCP protocol are urged to upgrade to this version. Any previous version contains a security issue when overwriting files over SCP.
New Features
- In the event handler configuration, it is now possible to filter the events based on their groups. [#2483]
- When the remote FTP/FTPS server supports the MLST command, SFTPPlus will use it to determine the existence of remote paths. [client-side][ftp][ftps] [#3885]
- The events emitted at the start or at the end of a client-side file transfer now contain the size of the file, duration and transfer speed. [client-side] [#5067]
Defect Fixes
- When overwriting files using the SCP file transfer, the content of the existing file is completely erased. In previous versions, when overwriting an existing file with a new file which was smaller in size, the resulting file would still have the file size of the previous file, with the extra data kept from the previous file. [security][server-side][scp] [#5087]
- When using execute_on_destination_before in a transfer for which the destination location is stopped, the transfer will automatically start the location. In previous versions, the transfer would failed as the location was stopped, requiring a manual start of the location. [client-side] [#3511]
- When checking the existence of a remote FTP file, the operation now fails when the server returns an error other than 'Path not found'. In previous versions, the error was ignored and the path was considered as non-existing. [client-side][ftp][ftps] [#3576]
- FTP/FTPS client operation can now successfully detect the absence of a file on a remote server. [client-side][ftp][ftps] [#3885]
- You can now disable the timeout for the FTP data connection by setting its value to 0. In previous versions, when set to 0, the connection was disconnected right away due to the timeout. [server-side][ftp][ftps] [#5049]
- When changing the extra_data configuration for the HTTP event handler, the Local Manager UI now shows that a restart is required for the event handler. [#5079]
- You can now change from the Local Manager the list of SSH ciphers available to the SFTP and SCP file transfer services. This was a regression introduced in 3.37.0. [server-side][sftp][scp] [#5085]
Deprecations and Removals
- When a FTP server-side operation fails due to a permission error, the error code is now 553. In previous versions, it was 550, which was the same error code for Path not found or the generic error code for other error cases. [server-side][ftp] [#3576]
You can check the full release notes here.
• • •
SFTPPlus Release 3.38.0
Fri 21 September 2018 | general release
We are pleased to announce the latest release of SFTPPlus version 3.38.0.
New Features
- When the remote FTP/FTPS server supports the MLST command, SFTPPlus will use it to determine the existence of remote paths. [client-side][ftp][ftps] [#3885]
- For a transfer, it is now possible to execute on destination commands which will include the source and destination path and file name. [client-side] [#4522]
- New permissions allow-create-folder, allow-delete-folder, allow-delete-file, and allow-set-attributes were added to help defining a stricter configuration. [server-side] [#4955-1]
- A new permission, deny-full-control was added to deny any action to the configured path. [server-side] [#4955]
- You can now add custom values to the JSON payload sent by the HTTP event handler. This allows sending SFTPPlus HTTP events to existing webhooks like Slack or Splunk. [api] [#5068]
Defect Fixes
- FTP/FTPS client operation can now successfully detect the absence of a file on a remote server. [client-side][ftp][ftps] [#3885]
You can check the full release notes here.
• • •
SFTPPlus Release 3.37.1
Thu 13 September 2018 | security release
We are pleased to announce the latest release of SFTPPlus version 3.37.1.
Defect Fixes
- The HTTP API authentication for an account now fails when the account is accepted by the remote HTTP API but the associated group is disabled. [server-side][security] [#5058]
- A defect was fixed in Local Manager which was causing the Local Manager to fail on Internet Explorer 11. [#5061]
Deprecations and Removals
- Event with ID 20060 was removed and replaced by event with ID 20136. [server-side] [#5058]
You can check the full release notes here.
• • •
SFTPPlus Release 3.37.0
Thu 06 September 2018 | general release
We are pleased to announce the latest release of SFTPPlus version 3.37.0.
New Features
- The HTTP and HTTPS file transfer API now support session based authentication. The Basic Auth login is still supported. [server-side][http][https] [#5009-1]
- The HTTP and HTTPS file transfer services now have a session based login page. The Basic Auth login is still supported for web clients which don't support cookies. [server-side][http][https] [#5009]
- LDAP authentication method was extended to allow defining a LDAP filter for LDAP users which are allowed to act as administrators through the Local Manager service. [manager] [#5010-1]
- You can now define multiple authentication methods for the Local Manager service. [manager] [#5010-2]
- OS authentication method was extended to allow defining a list of Operating System account groups which are allowed to act as administrators through the Local Manager service. [manager] [#5010]
- You can now use Local Manager to configure the accounts and groups of the local-file authentication method. [#5041]
- It is now possible to configure an event handler filter based on excluded usernames or components by using the ! (exclamation mark) to mark a value which needs to be excluded. [server-side][client-side] [#5043]
- The MDTM FTP command now shows microseconds when displaying time. [server-side][ftp][ftps] [#93-1]
- The FTP/FTPS server now supports MLST and MLSD commands (Listings for Machine Processing) as specified in RFC 3659. [server-side][ftp][ftps] [#93]
Defect Fixes
- The authentication process now fails when an authentication is configured but not running. In previous versions, the stopped authentication method was skipped, and the authentication process continued with the next configured method. [security] [#5010]
- When sending files to an FTP or FTPS destination location, transfers will no longer saturate the network, instead they will follow the TCP congestion signaling. In previous versions this issue was causing excessive memory usage and transfer failures over low bandwidth networks. [client-side][ftp][ftps] [#5033]
- Comma-separated values in Local Manager can now be configured using a simple free-text input box. This allows editing existing values and makes it easier to reorder them. [management] [#5043]
Deprecations and Removals
- HTTP file transfer service API now uses cookie-based authentication by default. In previous versions the default authentication method was HTTP Basic authentication, which remains an available method. [server-side][http][https][#5009-1]
- The HTTP file transfer service API now uses JSON as the default content type for responses. In previous versions you would have to explicitly ask for JSON. Now, you need to explicitly ask for HTML. [server-side][http][https] [#5009]
- Events with ID 20005 and 50008 were removed and replaced with event 20136. Events with ID 20135 and 20138 were removed and replaced with event 20142. [#5010-1]
- Event with ID 50009 was removed, as OS administrators now use the OS authentication method. [#5010-2]
- With the introduction of multiple authentication methods for the Local Manager service, you will now need to explicitly define the [server] manager_authentications configuration option. If manager_authentications is not defined (or left empty), SFTPPlus will fall back to the first defined Application authentication method. [#5010-3]
- The include_os_group configuration options for roles was removed. Now you can explicitly define an OS authentication method for the Local Manager server. include_os_group was replaced by the manager_allowed_groups configuration option for the OS authentication method. [server-side] [#5010]
You can check the full release notes here.
• • •
SFTPPlus Release 3.36.0
Thu 02 August 2018 | general release
We are pleased to announce the latest release of SFTPPlus version 3.36.0.
New Features
- The Azure File Service of the Azure Storage Account is now available as a location for client-side transfers. [client-side][http] [#4988]
- It is now possible to define a client-side file transfer that will wait for a signaling filename before it starts transferring the files. [client-side] [#4989]
- It is now possible to configure transfers which will monitor the source recursively and will then transfer to the same non-recursive destination. [client-side] [#4998]
- It is now possible to configure a transfer rule which will use a destination file name that is different to the source name. [client-side] [#5007]
Defect Fixes
- The Windows installer is now signed. [#4794]
- It is now possible to clear the data attributes and structured fields configuration for an event handler and the allowed groups for an OS authentication mode from the Local Manager. In previous versions saving these configuration changes was generating an error. [#5018]
- When the local file event handler is rotating the files based on time, it now preserves the file extension. In previous versions the timestamp was used as the file extension. [#5036]
You can check the full release notes here.
• • •