Articles from release category

New Features

• SFTP and SCP file transfer services can now listen on IPv6 addresses and accept connections from IPv6 clients. [server-side][sftp][scp] [#1924]
• The HTTP and HTTPS service now accepts creating new folders with the HTTP PUT and WebDAV MKCOL methods. [server-side][http][https] [#4828-1]
• The HTTP and HTTPS service now accepts deleting folders and files with the HTTP DELETE method. [server-side][http][https] [#4828-2]
• The HTTP and HTTPS service now accepts file uploads using the HTTP PUT method. [server-side][http][https] [#4828]

Defect fixes

• FTP and FTPS client side transfer can now transfer files larger than a few bytes from a remote FTP/FTPS server and to the local filesystem. This issue was introduced in SFTPPlus version 3.20.0. This defect was not affecting uploading / pushing files to a remote FTP/FTPS server. [client-side][ftp][ftps] [#4754]
• The Developer Documentation for the HTTP authentication method was updated to make it clear the expected repose codes for the authentication server. [server-side] [#4758]
• The JavaScript UI for the HTTP and HTTPS file transfer services no longer limit the file size to 256MB. This defect was introduced in 3.31.0. [server-side][http][https] [#4815]

Deprecations and Removals

• The default secure ssl_cipher_list configuration was updated to HIGH:!PSK:!RSP:!eNULL:!aNULL:!RC4:!MD5:!DES:!3DES:!aDH:!kDH:!DSS. The previous value was ALL:!RC4:!DES:!3DES:!MD5:!EXP. In this way, when updating the OpenSSL library you will automatically get an update in the list of secure ciphers, without the need to update SFTPPlus. [security][ftps][https][client-side][server-side] [#4748]
• The event (ID 40025) that was emitted when an unknown error was generated by the HTTP service during a JSON API request was removed. It has been replaced with event ID 40003. [server-side][http][https] [#4828]

You can check the full release notes here.

New Features

• The option to enforce unique names for uploaded files is now available for the HTTP and HTTPS file transfer services. [server-side] [#4465]
• A SOCKS version 5 (SOCKS5) proxy without authentication can now be used to connect to remote SFTP and SCP servers. [client-side][sftp][scp] [#4546]
• A new event handler option is added in order to send filtered events to standard output. This can be used when running SFTPPlus in Docker or with other process supervisors. [#4645]
• The option to enforce unique names for uploaded files is now available for the FTP, Implicit FTPS and Explicit FTPS protocols. [server-side] [#4650]
• The file-dispatcher event handler can now be configured to automatically create destination folders. [#4652]
• The close event description for SFTP and SCP client-side and server-side connection now contains the encryption used to protect connection. [client-side][server-side][sftp][scp] [#4668]
• The HTTP and HTTPS file transfer services now allow uploading multiple files and adding files via drag and drop. [server-side][http][https] [#4673]
• Support for Red Hat Enterprise Linux versions 7.0 to 7.3 with OpenSSL 1.0.1 was readded alongside support for RHEL 7.4 and newer using OpenSSL 1.0.2. [#4691]
• A new secure configuration value is available for the ssl_cipher_list and ssh_cipher_list as part of the FTPS, SFTP, SCP, and HTTPS file transfer services. [security][client-side][server-side] [#4727]

Defect fixes

• The transfer for SFTP and SCP locations is no longer interrupted when the remote server is requesting a SSH re-key exchange. This was affecting client-side transfers of files bigger than 1GB, as this is the point where some servers are re-keying. This is when either side forces the other to run the key-exchange phase which changes the encryption and integrity keys for the session. [client-side] [#4302]
• It is now possible to stop the client shell at any time by pressing the Ctrl+C key combination. In previous versions this was not available while an operation was in progress. [#4626]
• The AIX 7.1 build of SFTPPlus was updated to work with older OpenSSL versions. Previous versions of SFTPPlus (from 3.27.0 to 3.30.0) on AIX 7.1 required OpenSSL 1.0.2k or newer. [#4696]
• SFTP and SCP client and server side can now handle key exchange process even for peers which advertise their SSH version string with trailing spaces. This can happen for Bitvise SSHD Server when configured to omit its version. [client-side][server-side][sftp][scp] [#4718]
• The documentation for expression matching was updated to explain that regular expression matching is done as a search operation. For an exact match, use the start and end regex anchors. [#4724]

Deprecations and Removals

• Events with ID 40015 and 40016 were replaced by already existing event with ID 40022. Event 40022 is now the only one emitted when there are errors during an upload operation. [server-side][http] [#4465]
• The default configuration for SFTP, SCP, FTPS, and HTTPS connections was updated to exclude the 3DES cipher in order to prevent SWEET32 attacks. To not break backward compatibility for existing installations, this change affects only new installations. Existing installations will need to be manually updated to exclude the 3DES based ciphers. [#4727]

You can check the full release notes.

New Features

• It is now possible to dynamically dispatch files to different destinations based on the name of the file which was dispatched. [#4555]
• The HTTP authentication method can now send requests which are authenticated using the HTTP Basic authentication (BA) method. [#4589-1]
• The HTTP event handler can now send requests which are authenticated using the HTTP Basic authentication (BA) method. [#4589]
• The file-dispatcher event handler now has the capability to delete files. [client-side] [#4624]
• You can now configure an account to amend the requested file for an upload by prefixing it with a universally unique identifier (UUID4). This option is available for the SFTP and SCP protocols. [server-side][sftp][scp] [#4643]

Deprecations and Removals

• The ${SHAREPOINT_CA} and ${SHAREPOINT_CRL} placeholders were replaced by the more inclusive ${MICROSOFT_IT_CA} and ${MICROSOFT_IT_CRL}. The ${SHAREPOINT_CA} and ${SHAREPOINT_CRL} placeholders will continue to be available as an alias for Microsoft IT CA. [#4625]

You can check the full release notes.

New Features

• An event with ID 30079 is now emitted when an SFTP location sends a banner message during authentication. [#4293]
• The HTTP file transfer service now supports the HEAD method for folders which return OK when the folder exists. [#4493]
• The HTTP event handler now sends the local timestamp for the generated event. Previously, the event was sent without a timestamp and the event timestamp was supposed to be created by the PHP WebAdmin. To take advantage of this change, you will need PHP WebAdmin version 1.9.0 or newer. [#4577]

Defect Fixes

• An error is no longer produced when the source location for a SFTP transfer is a Bitvise SSH server. [#4297]
• An internal server error is no longer produced by the HTTP file transfer service when a file or a folder is accessed with an unsupported method. [server-side][http] [#4493]
• The HTTP event handler now sends the IP and PORT of the remote peer associated with the event. Previously, this detail was omitted and PHP WebAdmin was using the address of the SFTPPlus server instead of the client connected to the server. [#4577]
• The limit of pending files to be transferred for a single transfer was raised from 5 000 files to 100 000 files. [client-side] [#4586]

You can check the full release notes.