Articles from release category

SFTPPlus Release 3.21.0

Wed 31 May 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.21.0.

This fixes a security issue related to the execution of the FTP LIST command for an OS account. This security issue was introduced in 3.17.0.

Users that are on SFTPPlus version 3.17.0 are encouraged to upgrade to the latest version containing the fix, 3.21.0.

Environments that use both OS and application accounts are affected.

Environments that only use SFTP, that only use application accounts or only use OS accounts exclusively are not affected.

Overview of the fix.

When executing the FTP LIST command for an OS account, it will no longer put on hold the whole SFTPPlus process running under that OS account while the LIST command is executed.

In this case, if the command is executed under the OS account and during that command execution, a file is uploaded by the application account, the command is not on hold and subsequently the uploaded file is owned by the application account.

Alternatively, if a command is executed towards an account (such as an FTP LIST command), SFTPlus is still responsive and can accept new connections and perform other operations. This is the case even if there is a connection timeout configured with the service - the connection (both data and commands) should not be closed as it processes the commands.

In addition, should there be a log rotation occurring during the list process, the log process should also be owned by the SFTPPlus process account and not the OS account.

Upgrading your version of SFTPPlus can be done with very minimal disruption to existing services or users. Please follow the upgrade procedures available in our Documentation.


In this release we have introduced support for FreeBSD 10 on Intel X86_64.

You can now store the server log in CSV format in order to get structured logging.

The following are some of the defect fixes targeted in this release:

  • A transfer with a WebDAV source location will no longer fail at runtime if the WebDAV server is temporary unavailable.
  • A transfer with a WebDAV source location will no longer fail at runtime if the proxy server is temporary unavailable.
  • When failing to close the source or destination file for a transfer, the failure is no longer ignored and the transfer failure is observed.
  • The audit message emitted after an account is successfully authenticated now include the correct information about the local path used by that account and whether it is locked.
  • When using the FTP LIST command with an explicit path, the member's name in the resulting listing will no longer include the parent path.

You can check the full release notes.

• • •

SFTPPlus 3.20.1 Release

Wed 12 April 2017 | general release

SFTPPlus version 3.20.1 was release as a bugfix release.

It fixes that SFTP server side defect in which SFTP client connection hangs when the quit command is issued by the client, as the command was ignored by the server.

You can check the full release notes.

• • •

SFTPPlus Release 3.20.0

Sat 08 April 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.20.0.

Starting with this release, SharePoint Online server is a supported location for client-side transfer. Now you can set up transfers to push or pull files to a SharePoint Online site as part of the Office 365 suite.

In this release we have introduced support for Solaris 10 11/06 U3. It can be used for any Solaris 10 releases up to (and including) U7.

The LDAP authentication method was updated to allow filtering the accepted LDAP entries based on a LDAP search filter. Also regarding LDAP authentication, it is now possible to authenticate LDAP entries which are located inside the LDAP tree in multiple branches. For example, you can authenticate users from multiple organizations, each organization having its own sub-tree.

The following are some of the defect fixes targeted in this release:

  • The SSL/TLS shutdown operation was updated to abort the connection when the remote peer is no longer actively undergoing the shutdown. The connection is aborted if the shutdown sequence needs more than 2 seconds to complete.
  • When the SCP server-side service successfully received an uploaded file, it will close the process with exit code 0.
  • The Local File event handler will now detect failures occurred during operation and will stop the handler.

You can check the full release notes.

• • •

SFTPPlus 3.19.0 Release

Tue 21 February 2017 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.19.0.

The target of this release is fixing a series of defects.

In this release we have introduced support for macOS Sierra (10.12) with the OpenSSL 1.0.2 provided by the Homebrew project, making TLS 1.2 supported on Apple OS X.

The following are some of the defect fixes targeted in this release:

  • When a resource is disconnected it will now be in the Disconnected state instead of the previous Stalled state. When the source or destination for a transfer are not available the state will be Source has failed or Destination has failed instead of the previous Stalled state.
  • A transfer with scheduled resume/stop action will no longer have the actions active after the transfer was stopped.
  • Fix the issue when event data is not displayed in the "Attached data" section on event details page. The page is available from "Past activity" page ("Local Manager") by clicking on any event link.
  • An internal server error is no longer produced when the SSH server is sending a global request.
  • Installing on Linux with partitions mounted with noexec or with SELinux restriction will no longer trigger a MemoryError.
  • The restart required label is no longer displayed for components which are in the process of being started, but only for those which are already started and operational.
  • The configuration file for the SFTP service which is created by default as part of the installation process was fixed to point to the right DSS/DSA private key. It was wrongly pointing to the RSA key. The configuration file should be dsa_private_key = configuration/ssh_host_dsa_key instead of the wrong dsa_private_key = configuration/ssh_host_rsa_key.
  • An internal error is no longer raised when calling the admin-commands command line tool with unknown parameters.
  • Globbing/wildcard operation are now available for the FTP NLST command. This regression was introduced in 3.17.0.
  • The stop operation for a SFTP location will no longer hang when stopping from the stalled or disconnected state.
  • Monitoring a SFTP location for changes will no longer hang for a SFTP transfer when the folder listing operation is done in the same time as the remote server is closing the connection.

You can check the full release notes.

• • •

SFTPPlus 3.18.0 Release

Thu 15 December 2016 | general release

We are pleased to announce the latest release of SFTPPlus, version 3.18.0.

It includes support for listening on port below 1024 using Unix special capabilities and permissions.

The server-side home folder creation capabilities were improved to allow creating a set of directories and subdirectories after an account is successfully authenticated.

Here is the list of adder minor improvements:

  • It is now possible for event handlers to filter an event based on the UUID of the component which has generated the event.
  • It is now possible to configure a template for generating the body of the email sent by the email-sender event handler.
  • The audit message for loading a CRL was updated to include the date and time at which the CRL will be reloaded together with information about the date and time advertised by the CRL for the next publish and next update.

This release also comes with a few defect fixes. Here are the most important defect fixes:

  • On Linux and Unix systems, when the SFTP server-side creates new files, their permissions are filtered against the configured umask. This was a regression introduced in version 2.8.0, in which the umask value was not used for the newly created files.
  • Monitoring/watching a location is no longer stopped when a file is quickly moved then removed, moved then create another file with the same name or moved and then modify the moved file.

You can check the full release notes.

• • •