Cerberus FTP Server

[Camel1965]

Cerberus FTP Server 13.0.0​

Changes in Cerberus FTP Server 13.0.0 (2023-04-10):

• New: Folder Automation Events
• New: Single Sign-On (SSO) via SAML/SCIM Azure AD
• New: Administrators can now log off logged-in users
• New: OpenSSL ciphers are now available for SSH
• New: OpenSSL 3 features
• New: Automate sending multiple files or a folder
• Added: Support for SSH keys based on ED25519 format
• Added: Support for aes256-gcm via SSH
• Added: Support for ChaCha20 in SSH
• Added: SAML logging and diagnosis
• Added: Updated documentation for SCIM/SAML username mapping
• Added: cURL has been updated to 7.88.0
• Fixed: User Manager SSH public key selection no longer results in text “disappearing.”
• Fixed: Generate Password button no longer populates both password fields
• Fixed: More useful information is now displayed when a reference to an SCIM cache object is missing
• Fixed: Resolved an XSS security issue related to the jquery-ui’s handling of checkboxes/radio buttons

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 13.0.1​

Changes in Cerberus FTP Server 13.0.1 (2023-05-22):​

• Fixed: SSH ChaCha20_Poly1305 correctly handles SHA1 signed Key Exchange
• Fixed: SQL Server LocalDB now successfully stores rows that would be truncated
• Fixed: The “Find” checkbox in the HTTPS client is now translatable with the L_SEARCH_FIND translation tag
• Fixed: AD User and Group mapping no longer display users in red
• Fixed: SSO SAML now accepts non-password based authentication types from Azure AD
• Fixed: SSO SCIM Provisioning now correctly serializes international characters
• New: Improved logging for Folder Monitor
• Fixed: Web client password change browser back and refresh attack mitigation

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 13.1.0​

September 5, 2023

• New: Added multi-key support for SFTP/SCP
• New: Added new web-based SSH Key management dialog to Web Administration
• New: Added new web-based Certificate Signing Request (CSR) dialog to Web Administration
• New: Added new web-based SSH Public Key exporter dialog to Web Administration
• New: Add support for EXT_INFO message in SSH
• New: Upgraded OpenSSL to 3.0.10
• New: Upgraded cURL to 8.2.1
• New: Upgraded log4cxx to 1.1.0
• Improved: Added X.509 SubjectPublicKeyInfo format to SSH Public Key exporter
• Improved: Updated web-based Self-Signed Certificate to include additional supported certificate types
• Improved: Added additional certificate types to CSR
• Improved: SAML User Atttributes may now be customized for Azure AD SSO configurations
• Improved: Expanded auditing of manual user and group creations and deletions
• Improved: Added additional logging to Backup Users and Settings
• Removed: Old Windows dialog based native console only CSR and SSH Export menu items from Tools menu
• Fixed: Made Event RegEx comparisons case-insensitive as variables are always lowercase
• Fixed: OpenSSH 8.8+ will now connect when Cerberus has an RSA host key
• Fixed: ‘Password Change Required’ checkbox now correctly works for “unchecked” option also for all the scenarios.
• Fixed: Active Directory users no longer need read-access to the Cerberus FTP Server installation directory.
• Fixed: Corrected handling of CIDR IP addresses.
• Fixed: Virtual Directory listing fixed in ‘New User’ and ‘New Group’ wizards
• Fixed: Prevent Event Rules with Match All and no conditions from running

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 13.2.0​

November 14, 2023

• New: Added One Time Password option to public shares
• New: Upgraded OpenSSL to 3.0.12
• New: Upgraded cURL to 8.4.0
• New: Upgraded Bootstrap to 5.3.1 version for Web Client Login Page
• Known Issue: Customised Themes other than Default Theme wont be applied to client login page
• Improved: skipping invalid too long password hashing to help prevent DOS
• Improved: public share reporting with a PostgreSQL database provides the same information as other DBs
• Improved: Zip actions are better reflected in the File Report, with additional information when objects are added to archives
• Improved: In Event Manager conditions, clarify if a rule has an implicit OR; allow using a comma without interpreting as an OR
• Improved: In Server Manager : Security, the TLS and SSH Verify routines have been separated allowing verifying a specific section
• Improved: User passwords will now be automatically upgraded to selected Password Storage and system iterations during login
• Improved: Admin passwords will be automatically re-hashed to the strongest hash and iterations supported during login
• Improved: Public shares now have a right click download and zip options
• Improved: New native users and groups may not start/end with whitespace
• Improved: On initial install, Cerberus now enables stronger default security settings
• Improved: Improved security warnings, summary page now warns on more insecure settings
• Improved: When SSH Security Defaults are reset, algorithms with warnings will not be enabled
• Improved: In Stats, add share link to email list when creating an emailed share
• Fixed: Account request submission messages updated
• Fixed: Account requests cannot be done with non-matching password and password confirm
• Fixed: File, Login and Audit Reports now use the locale when formatting the reports date range
• Fixed: Ensure that the system setting for password iterations is always valid
• Fixed: Allow clearing username/password in SMTP Event Target
• Fixed: PasswordType:lain passwords set by SOAP API are now always hashed before serialization
• Fixed: Changing SMTP Settings no longer requires a service restart
• Fixed: Moved uisettings.xml to a per user file to tighten permissions and allow per Administrator customizations when system has non-default permissions
• Fixed: Web Client context menu actions now disabled when the user is not allowed to perform them
• Fixed: ‘Allow FTP Renames to Overwrite Existing Files’ now works as expected
• Fixed: Renamed SSO configurations from “Azure AD” to “Entra ID”

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 13.2.1​

December 13, 2023

• Improved: UI enhanced for Public Share administration
• Improved: Added a One Time Password auto-unlock feature to the administration page for public shares
• Improved: Added file size to Get/Send-A-File logs
• Improved: Corrected appearance and layout of 2FA UI Page of Web Client after upgrade to Bootstrap 5.3.1 Version
• Improved: In Web Client login page the panels for Login form and Welcome message are widened appropriately
• Improved: Changing admin passwords now requires current primary admin validation
• Improved: First-time Setup Wizard now requires an admin password when not yet set
• Improved: Improved security warnings: summary page now warns on non-SSL LDAP authentication
• Fixed: Authenticated user remote full path disclosure (CVE-2023-50452)
• Fixed: Public share download button
• Fixed: Reset check all box when navigating directories in folder view for client & public shares
• Fixed: Fix crash when SSH client sends incorrectly sized packet for key exchange
• Fixed: Generate SSH compatible DSA host keys
• Fixed: Disable SSH DSA host key in FIPS mode
• Fixed: Removed sourcemap references from JS & CSS files
• Fixed: SAML SSO now uses Reply URL for SSO Config selection. This fixes authentication failures when multiple SSO Configs use the same Identity Provider
• Fixed: SOAP failed to complete Service restart

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 24.1.0

Changes in Cerberus FTP Server 24.1 (2024-02-29):

• New: Added support for SSH strict Kex extension to address Terrapin style attacks (CVE-2023-48795)
• New: Added TOTP and Duo two-factor authentication support for SSH passwords with SFTP/SCP
• New: Upgraded DataTables to 1.13.6
• New: Upgraded ZipArchive to 4.6.9
• New: Upgraded jQuery to 3.7.1
• New: upgraded to OpenSSL 3.0.13 to address CVE-2024-0727, CVE-2023-6237, CVE-2023-6129, and CVE-2023-5678
• New: upgraded to cURL 8.6.0 to address CVE-2023-46218 and CVE-2023-46219
• New: upgraded to log4cxx 1.2.0
• New: upgraded to gSoap 2.8.132
• Improved: Upgraded Duo to support Duo Universal Prompt
• Improved: Users and groups support requiring 2FA for SFTP/SCP login
• Improved: Added support to run a Scheduled Task as queued event which runs as soon as possible
• Improved: Defaulting the public sharing SMTP will now auto-save
• Improved: All the fields of Event Mail can be included or excluded via configuration
• Fixed: Admin account modification is no longer possible with SOAP API if the primary admin account is 2FA-enabled
• Fixed: IP Listeners Window now correctly shows security icon status
• Fixed: SSO Users unable to use public shares with One Time Password
• Fixed: Resolved issue with admin removal of a public share
• Fixed: Themes for webclient login page are functional now

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 2024.1.1​

Mar 12, 2024

• Improved: Enhanced shutdown processing to clear all message queues before exit
• Fixed: Users could not add/edit OTP guest addresses
• Fixed: OTP Guest filter is now reset when closing the wizard
• Fixed: OTP Guest table paging buttons render correctly
• Fixed: Ensure all executable code in Cerberus FTP Server is signed

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 24.1.2​

Changes in Cerberus FTP Server 24.1.2 (2024-03-15):​

• Fixed: Remove FIPS module signature conflict
• Fixed: Edit action on Scheduled Task now includes ‘Report:’ to select a saved query

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 2024.2.0​

May 23, 2024

• New: Ability for an admin to restrict all public share users from zipping files
• New: Added support to import IP addresses in csv format for Firewall Management blocklists
• Improved: Added certificate chain validation when updating TLS certificate
• Improved: Event system disabled the “Run” button when a rule is disabled or doesn’t have an associated action
• Improved: Scan a Folder scheduled task actions may now select a remote system to list in addition to a local folder (FTP/FTPS/Local Folder)
• Improved: Scanned File Event Rules may now filter files based on timestamps
• Improved: Unlicensed features now display with a link that describes the feature. This can be hidden in the Help/Licensing menu
• Improved: Account Reports now include two-factor authentication status
• Improved: Allow ignoring two-factor authentication during SSH SFTP/SCP login
• Improved: Directory deletions are now reflected in the File Report separately from file deletions

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 2024.2.1​

Changes in Cerberus FTP Server 2024.2.1 (2024-07-23):​

• Event manager can now support UNC paths for ‘Get a file’ in Scheduled Tasks
• Upgraded cURL to Version 8.8.0 (used for transferring data to and from a server)
• Upgraded OpenSSL to Version 3.0.14 or the latest version (used for generating private keys and identifying certificate information)
• Made improvements to Installation Wizard to provide additional user options for configuration
• Updated text and icon for two-factor authentication for SSH/SFTP/SCP
• Updated End User License Agreement (EULA) to the latest Redwood Software version
• In User Manager→Groups, ‘Allowed Protocols’ and ‘Virtual Directories’ are now visible on all group information tabs
• SSH public keys are now exported in UTF-8
• ‘Blank Value’ now accepted in Event Rules Variables
• Made improvements to File operations (Copy/Move/Delete) while using ‘File Scanned Events’

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 2024.3.0​

Sep 18, 2024

• Improvement: Update first run wizard to show new feature
• Improvement: Identify IP address type in IP Manager
• Improvement: Verify correct IP format is inserted in IP Manager
• Improvement: Extend the “File Scanned Event” to handle the SFTP client mlsd formats
• Improvement: Dev Work CFS-3509: Upgrade cURL to 8.9.1
• Fixed: SOAP API: GetUserInformationRequest not working
• Fixed: Cerberus logs showing certificate errors with
  Zaloguj lub Zarejestruj się aby zobaczyć!
• Fixed: Cerberus 24.2 Broken dropdown for user Web client
• Fixed: Setup Wizard – Extra Folders Created under User Home Directory, change messaging for results

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 2024.3.0 (2024-10-13)​

Changes in Cerberus FTP Server 2024.3.0 (2024-10-13):​

• New: Added Storage Encryption Report
• New: Upgraded to cURL 8.9.1, addressing vulnerabilities CVE-2024-7264, CVE-2024-6874, and CVE-2024-6197.
• Enhanced the Getting Started Wizard with a streamlined, modern web-based interface.
• Fixed: Resolved the issue with the license renewal link for licensed users.
• New: Added functionality to identify IP address types in the IP Manager.
• New: Implemented validation for correct IP format in the IP Manager.
• Fixed: Enabled scanning of UTF characters in files.
• Improved: Tightened password security.

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Cerberus FTP Server 2024.4.0​

Changes in Cerberus FTP Server 2024.4.0 (2024-12-10):​

• New: Added ability to assign multiple Native users to a Primary group.
• Improved: Upgraded jquery.validate to 1.21.0
• Improved: Scan a Folder scheduled task actions may now select a SFTP remote system to list in addition to a local folder (SFTP/FTP/FTPS/Local Folder).
• Improved: Updated Client UI.
• Improved: Upgrade cURL to 8.11.0 for addressing CVE-2024-9681 and CVE-2024-8096.
• Fixed: Improved malform zipname detection.
• Fixed: Deleting member from group no longer drops group membership issue in Microsoft Entra.
• Fixed: SSO Group Mappings no longer limited to first 1000 groups, and not alphabetically sorted.
• Fixed: New Security Updates.
• Fixed: Error after submitting account request.

Zaloguj lub Zarejestruj się aby zobaczyć!