Cerberus FTP Server

[Mohammad.Poorya]

Cerberus FTP Server 11.2.6

Changes in Cerberus FTP Server 11.2.6 (2020-08-11):

• Fixed: Even when logging in via SFTP and the SSH Authentication Method is “Public Key,” Cerberus unnecessarily prompted for a password change

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Mohammad.Poorya]

Cerberus FTP Server 11.2.7

Changes in Cerberus FTP Server 11.2.7 (2020-09-03):

• Fixed: Cerberus crashed when HTTP clients request invalid ranges
• Fixed: Cerberus crashed when loading certificates from an invalid PFX file
• Fixed: LDAP user was not able to change password when LDAP configuration has SSL enabled
• Fixed: Memory leak in Cerberus Desktop GUI
• Fixed: In Event Manager, Session Report email did not render correctly in MS Outlook
• In web administration, tables did not remember settings for number of rows per page
• Other minor bug fixes and improvements

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 11.2.8

Changes in Cerberus FTP Server 11.2.8 (2020-10-19):

• Fixed: Updated to the latest version of MomentJS to address a vulnerability to regular expression denial of service
• Fixed: HTTP/S web client localization allowed language translations that could include malicious JavaScript
• Fixed: Cerberus crashed when HTTP/S web client served a file with a timestamp in which the year is more than 3000
• Fixed: In the log, Cerberus sometimes attributed system tasks to users
• Fixed: When uploading via SCP, some SCP clients showed the transfer as failed even though the transfer was successful
• Fixed: In SOAP API, GetGroupInformation always returned empty “sshOptions”
• Fixed: Sync Manager added a new server entry instead of updating the existing entry when editing the IP address
• Authentication for Active Directory users now only queries users using a legacy API if “Try Alternative Active Directory Check” is enabled
• In web administration and web client, Cerberus now creates intermediate directories when creating directories
• Cerberus now supports DUO Federal for two-factor authentication
• Report Manager now creates a database index on the ‘files’ table for MySQL/MariaDB
• User Manager now sets the Last Login value for a cloned user account to be “Unknown”
• Other minor bug fixes and improvements

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 11.2.9

October 26, 2020

• Fixed: In User Manager, CSV export of users allowed formula symbols that could enable an attacker to inject malicious commands when viewed in Microsoft Excel
• Fixed: In Server Manager, the private key password and the Duo secret key were disclosed in an unmasked format in the HTTP response
• Fixed: In User Manager, a warning message was shown when creating a new user
• Fixed: In Event Manager, an error message was shown when creating a scheduled task even though the scheduled task was created successfully
• In Log Manager, the Time column no longer wraps
• In Server Manager, the Remote page now shows a message to secondary admins indicating only primary admins are allowed to access these settings
• User Manager now sets the Password Last Changed value for a cloned user account to the current time
• Other minor bug fixes and improvements

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Mohammad.Poorya]

Cerberus FTP Server 11.3.0

Changes in Cerberus FTP Server 11.3.0 (2020-11-17):

• New: User Manager now has a “horizontal” layout to reduce the amount of scrolling when administering native users and groups
• New: Usability improvements to Extension Blocking in User Manager
• New: The Summary page now warns when a certificate is expiring or has expired
• New: The Summary page now warns when remote host certificate verification is disabled
• New: In Server Manager, admins can now customize the issuer name to something other than “Cerberus” when using OTP for two-factor authentication
• Fixed: Cerberus did not enforce password history policy for web administrator accounts
• Fixed: In web administration and web client, Cerberus allowed a malicious actor to spoof content with misleading messages designed to trick users
• Fixed: In web administration and web client, browsers may store pages in the user’s browser cache that could be accessible to a malicious actor on a public computer, a shared system, or a machine in a semi-public area.
• Fixed: In web administration, Cerberus disclosed passwords or other sensitive data in an unmasked format in the HTTP response
• Fixed: In Report Manager, the log showed numerous errors when using SQL Server Express LocalDB 2012
• Fixed: Enhanced log filtering only filtered the first IP address and ignored any additional filters
• Many minor bug fixes and improvements

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Mohammad.Poorya]

Cerberus FTP Server 11.3.1

Changes in Cerberus FTP Server 11.3.1 (2020-12-15):

• New: Cerberus now uses KeyPair’s FIPS 140-2-validated cryptographic module with Certificate #3503
• New: In Server Manager, Cerberus now allows a configurable value for the Web Administration session timeout
• New: In the Interfaces window, Cerberus now displays more detailed security-related feedback and messages for each listener.
• New: User Manager now allows searching users by their first and last names
• New: User Manager now displays the date a user was created
• New: Web Administration now shows the labels for SMTP servers to more easily differentiate between multiple servers
• New: Report Manager now warns when an unsupported ODBC driver is selected
• Fixed: Addressed OpenSSL security vulnerabilities with patches for CVE-2020-1971 and CVE-2020-1968
• Fixed: Upgraded to curl 7.74.0 to address curl security vulnerabilities
• Fixed: Cerberus passed sensitive values in URLs that could expose them to people with access to server and application logs
• Fixed: Cerberus crashed when server certificate and private key are missing and SSL/TLS is enabled
• Fixed: Cerberus failed to verify an LDAP server without manually entering the correct password on the Binding Options page
• Fixed: In Report Manager, Cerberus logs errors when writing audit records for administrator actions to a MySQL database
• Fixed: Users could not enable 2FA even though they are required to do so because “Allow 2 Factor” had not been checked
• Fixed: Users cannot login because User Manager allowed admins to set the invalid state in which “Require Password Change on Login” is checked but the user is not allowed to change their password
• Fixed: Report Manager cannot connect to SQL Server database when the database name includes a hyphen
• Many minor bug fixes and improvements

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 11.3.2

Changes in Cerberus FTP Server 11.3.2 (2021-01-21):

• New: On the Advanced tab of Server Manager, Cerberus now allows enabling experimental beta features
• New: Active Directory Users page allows native-like administration and mapping changes for AD users (beta feature)
• New: LDAP Users page allows native-like administration and mapping changes for LDAP users (beta feature)
• New: Cerberus now provides more logging when repairing a corrupted stats.dat file
• New: User Manager now allows the revocation of a public share from the context menu
• New: Server Manager now allows admins to force users’ browsers to reload HTTP/S Web Client static resources instead of loading cached versions
• Fixed: Cerberus Desktop GUI is slow or unresponsive after updating to version 11.3.1
• Fixed: Cerberus crashed when SFTP clients sent an invalid SFTP packet
• Fixed: LDAP search results failed to find users when there are more than 1000 users
• Fixed: When disabling FIPS 140-2, Server Manager did not display a warning that Cerberus needs to be restarted
• Many minor bug fixes and improvements

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 11.3.3

February 24, 2021

• New: Improved performance for customers with many client connections per second and authenticating with native Cerberus users
• New: In User Manager, improved search performance when there are many users
• New: When viewing a selected user account, User Manager now allows creating a new group in addition to selecting an existing group
• Fixed: Addressed OpenSSL security vulnerabilities with patches for CVE-2021-23839, CVE-2021-23840, CVE-2021-23841
• Fixed: Upgraded to jQuery validation 1.19.3 to address security vulnerabilities
• Fixed: Cannot access Cerberus Desktop GUI when cookie support is disabled
• Fixed: Cerberus Desktop GUI showed many errors when the “HTTP/S Web Admin Session Timeout” value was very low
• Fixed: Cerberus did not consistently timeout Web Administration sessions
• Fixed: In Server Manager, HSTS cannot be set on HTTP/S Admin listeners
• Fixed: In Report Manager, the log showed numerous errors when using SQL Server 2012
• Fixed: In User Manager, users and groups with special characters did not display correctly
• Many minor bug fixes and improvements

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 11.3.4

March 9, 2021

• New: In Server Manager, there is now an option to control exclusive upload file locking for SSH SFTP version 4 and lower
• New: Upgraded to curl 7.75.0

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Mohammad.Poorya]

Cerberus FTP Server 11.3.5

Changes in Cerberus FTP Server 11.3.5 (2021-04-07):

• Fixed: Cerberus contained a privilege escalation vulnerability
• Fixed: Upgraded to curl 7.76.0 to address security vulnerabilities
• Fixed: Cerberus crashed when Report Manager has a bad database configuration and sending a session report email
• Fixed: Memory leak when encrypting/decrypting data
• Fixed: Cisco Unified Communications Manager cannot send backups to Cerberus via SFTP when FIPS is enabled
• Fixed: Cisco hardware cannot upload via SCP and fails with error message
• Fixed: SFTP clients failed key exchange when the server or the client sent an initial key exchange packet and incorrectly guessed the algorithm the other side was using
• Fixed: HTTP/S web client and Event Manager cannot unzip zip files that are not entirely consistent
• Fixed: In HTTP/S web client, users that double-click on a directory can reach an inconsistent state and an incorrect breadcrumb

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 11.3.6

April 22, 2021

• Fixed: Cerberus contained a privilege escalation vulnerability from loading a DLL from a non-privileged path
• Fixed: In HTTP/S web client, users cannot download a folder or file with a percent sign in the name
• Fixed: Upgraded to curl 7.76.1

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 11.3.7

May 18, 2021

• Fixed: Duplicate folders when AD user is assigned to multiple groups with the same virtual directories
• Fixed: Missing file and directory upload browser button icons on mobile devices
• Fixed: Cerberus terminates due to unhandled exception
• New: SCP preserve timestamps option for file uploads

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 12.0.0

June 9, 2021

• New: Support for Active Directory Web Administration users
• New: Active Directory Users page that allows native-like administration and mapping changes for AD users
• New: LDAP Users page that allows native-like administration and mapping changes for LDAP users
• New: Support for “includeSubDomains” and “preload” with HTTPS Strict Transport Security (HSTS)
• New: Public shares guided wizard for creating and emailing a public share
• New: Public shares notification option to be emailed on every file access
• New: Public shares session-based isolated uploads
• New: Public shares global option to hide original shared file or folder name in public URL
• New: Public shares CC and BCC options when sending a public share via email
• Improved: Public shares generated password is now automatically shown
• Improved: Web client file share notifications now contain the file names of files accesses through public share folders
• New: Web client dialog prompt for overwriting or resuming existing files on upload
• New: Web client growl-based notifications for reporting operations status
• New: Web client activity center to see any growl notifications generated on the current page
• New: Web client listener options to add a welcome message to password-protected public shares
• New: Web client listener options to require welcome message acknowledgement for password-protected public shares
• New: Web client listener option to hide the ‘Accounts’ page for all users
• New: Web client listener option to prevent creating permanent zip files on the server
• New: Web client can generate MD5 (non-FIPS mode only), SHA1, SHA256, SHA512 hashes of any web client file
• New: Web client option for users to enable auto-uploads for their account, or on a per-queue basis
• New: Web client option for users to enable auto-clearing of the completed upload file list for their account, or on a per-queue basis
• New: Web client option for users to disable upload image and video previews on their account
• New: Web client option to allow users to open a file in a new tab
• New: Web client now has all interface and messaging available to be customized for localization
• New: Web client allows HTML in the Login and Public Share welcome messages
• New: Web client no longer allows changes to be made to anonymous account’s settings by the user
• New: Web client now shows the date of password expiration on the Accounts page
• New: User Manager now shows the date of password expiration on the user’s details page
• Improved: Numerous small bugs, UI improvements, and performance improvements
• Removed: Can no longer be installed on Windows Server 2008 and Vista
• Removed: Legacy Server Manager, IP Manager, and User Manager
• Removed: Support for 32-bit operating systems

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 12.0.1

June 15, 2021

• Fixed: After upgrading to version 12.0.0, HTTP/S web client public shares no longer allowed public downloads
• Fixed: In Server Manager, unable to set HTTP/S Temporary Files Folder using the file browser
• Fixed: HTTP/S web client showed links and buttons to download files when the user does not have download permission

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 12.0.2

June 16, 2021

• Fixed: HTTP/S web client was not displaying correctly in the browser
• New: On the Remote tab of Server Manager, there is now a legend for the Administrator Accounts table

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!