What's new in Cerberus FTP Server 2024.1.2
Mar 15, 2024
- Fixed: Remove FIPS module signature conflict
- Fixed: Edit action on Scheduled Task now includes ‘Report:’ to select a saved query
New in Cerberus FTP Server 2024.1.1 (Mar 12, 2024)
- Improved: Enhanced shutdown processing to clear all message queues before exit
- Fixed: Users could not add/edit OTP guest addresses
- Fixed: OTP Guest filter is now reset when closing the wizard
- Fixed: OTP Guest table paging buttons render correctly
- Fixed: Ensure all executable code in Cerberus FTP Server is signed
New in Cerberus FTP Server 2024.1 (Mar 1, 2024)
- New: Added support for SSH strict Kex extension to address Terrapin style attacks (CVE-2023-48795)
- New: Added TOTP and Duo two-factor authentication support for SSH passwords with SFTP/SCP
- New: Upgraded DataTables to 1.13.6
- New: Upgraded ZipArchive to 4.6.9
- New: Upgraded jQuery to 3.7.1
- New: upgraded to OpenSSL 3.0.13 to address CVE-2024-0727, CVE-2023-6237, CVE-2023-6129, and CVE-2023-5678
- New: upgraded to cURL 8.6.0 to address CVE-2023-46218 and CVE-2023-46219
- New: upgraded to log4cxx 1.2.0
- New: upgraded to gSoap 2.8.132
- Improved: Upgraded Duo to support Duo Universal Prompt
- Improved: Users and groups support requiring 2FA for SFTP/SCP login
- Improved: Added support to run a Scheduled Task as queued event which runs as soon as possible
- Improved: Defaulting the public sharing SMTP will now auto-save
- Improved: All the fields of Event Mail can be included or excluded via configuration
- Fixed: Admin account modification is no longer possible with SOAP API if the primary admin account is 2FA-enabled
- Fixed: IP Listeners Window now correctly shows security icon status
- Fixed: SSO Users unable to use public shares with One Time Password
- Fixed: Resolved issue with admin removal of a public share
- Fixed: Themes for webclient login page are functional now
New in Cerberus FTP Server 13.2.1 (Dec 13, 2023)
- Improved: UI enhanced for Public Share administration
- Improved: Added a One Time Password auto-unlock feature to the administration page for public shares
- Improved: Added file size to Get/Send-A-File logs
- Improved: Corrected appearance and layout of 2FA UI Page of Web Client after upgrade to Bootstrap 5.3.1 Version
- Improved: In Web Client login page the panels for Login form and Welcome message are widened appropriately
- Improved: Changing admin passwords now requires current primary admin validation
- Improved: First-time Setup Wizard now requires an admin password when not yet set
- Improved: Improved security warnings: summary page now warns on non-SSL LDAP authentication
- Fixed: Authenticated user remote full path disclosure (CVE-2023-50452)
- Fixed: Public share download button
- Fixed: Reset check all box when navigating directories in folder view for client & public shares
- Fixed: Fix crash when SSH client sends incorrectly sized packet for key exchange
- Fixed: Generate SSH compatible DSA host keys
- Fixed: Disable SSH DSA host key in FIPS mode
- Fixed: Removed sourcemap references from JS & CSS files
- Fixed: SAML SSO now uses Reply URL for SSO Config selection. This fixes authentication failures when multiple SSO Configs use the same Identity Provider
- Fixed: SOAP failed to complete Service restart
New in Cerberus FTP Server 13.2.0 (Nov 14, 2023)
- New: Added One Time Password option to public shares
- New: Upgraded OpenSSL to 3.0.12
- New: Upgraded cURL to 8.4.0
- New: Upgraded Bootstrap to 5.3.1 version for Web Client Login Page
- Known Issue: Customised Themes other than Default Theme wont be applied to client login page
- Improved: skipping invalid too long password hashing to help prevent DOS
- Improved: public share reporting with a PostgreSQL database provides the same information as other DBs
- Improved: Zip actions are better reflected in the File Report, with additional information when objects are added to archives
- Improved: In Event Manager conditions, clarify if a rule has an implicit OR; allow using a comma without interpreting as an OR
- Improved: In Server Manager : Security, the TLS and SSH Verify routines have been separated allowing verifying a specific section
- Improved: User passwords will now be automatically upgraded to selected Password Storage and system iterations during login
- Improved: Admin passwords will be automatically re-hashed to the strongest hash and iterations supported during login
- Improved: Public shares now have a right click download and zip options
- Improved: New native users and groups may not start/end with whitespace
- Improved: On initial install, Cerberus now enables stronger default security settings
- Improved: Improved security warnings, summary page now warns on more insecure settings
- Improved: When SSH Security Defaults are reset, algorithms with warnings will not be enabled
- Improved: In Stats, add share link to email list when creating an emailed share
- Fixed: Account request submission messages updated
- Fixed: Account requests cannot be done with non-matching password and password confirm
- Fixed: File, Login and Audit Reports now use the locale when formatting the reports date range
- Fixed: Ensure that the system setting for password iterations is always valid
- Fixed: Allow clearing username/password in SMTP Event Target
- Fixed: PasswordType::Plain passwords set by SOAP API are now always hashed before serialization
- Fixed: Changing SMTP Settings no longer requires a service restart
- Fixed: Moved uisettings.xml to a per user file to tighten permissions and allow per Administrator customizations when system has non-default permissions
- Fixed: Web Client context menu actions now disabled when the user is not allowed to perform them
- Fixed: ‘Allow FTP Renames to Overwrite Existing Files’ now works as expected
- Fixed: Renamed SSO configurations from “Azure AD” to “Entra ID”
New in Cerberus FTP Server 13.1.0 (Sep 5, 2023)
- New: Added multi-key support for SFTP/SCP
- New: Added new web-based SSH Key management dialog to Web Administration
- New: Added new web-based Certificate Signing Request (CSR) dialog to Web Administration
- New: Added new web-based SSH Public Key exporter dialog to Web Administration
- New: Add support for EXT_INFO message in SSH
- New: Upgraded OpenSSL to 3.0.10
- New: Upgraded cURL to 8.2.1
- New: Upgraded log4cxx to 1.1.0
- Improved: Added X.509 SubjectPublicKeyInfo format to SSH Public Key exporter
- Improved: Updated web-based Self-Signed Certificate to include additional supported certificate types
- Improved: Added additional certificate types to CSR
- Improved: SAML User Atttributes may now be customized for Azure AD SSO configurations
- Improved: Expanded auditing of manual user and group creations and deletions
- Improved: Added additional logging to Backup Users and Settings
- Removed: Old Windows dialog based native console only CSR and SSH Export menu items from Tools menu
- Fixed: Made Event RegEx comparisons case-insensitive as variables are always lowercase
- Fixed: OpenSSH 8.8+ will now connect when Cerberus has an RSA host key
- Fixed: ‘Password Change Required’ checkbox now correctly works for “unchecked” option also for all the scenarios.
- Fixed: Active Directory users no longer need read-access to the Cerberus FTP Server installation directory.
- Fixed: Corrected handling of CIDR IP addresses.
- Fixed: Virtual Directory listing fixed in ‘New User’ and ‘New Group’ wizards
- Fixed: Prevent Event Rules with Match All and no conditions from running
New in Cerberus FTP Server 13.0.2 (Jul 6, 2023)
- New: L_MSG_ONLY_CREATE_ONE_SHARE localization string added, cleaner client file details
- Fixed: Removed unsafe-eval from the Content Security Policy
- Fixed: Made File Report “File path” case insensitive and made slash and backslash equivalent
- Fixed: L_SHARED_EDIT_DLG_NEW_AVAIL_LABEL_PH now being used correctly
- Fixed: MySQL and Postgres now support hypens in Database name
- Fixed: Welcome Acknowledgement required during SSO login when set on listener
- New: Azure AD SSO may now be configured to require signatures on the the SAML Assertion, Response, or Both.
- Before this change, “Both” were always required. Pre-existing configurations will still require “Both” after upgrade.
- Fixed: DH Group Exchange once again connects with older clients that use ssh-rsa host key
New in Cerberus FTP Server 13.0.1 (Jul 6, 2023)
- New: L_MSG_ONLY_CREATE_ONE_SHARE localization string added, cleaner client file details
- Fixed: Removed unsafe-eval from the Content Security Policy
- Fixed: Made File Report “File path” case insensitive and made slash and backslash equivalent
- Fixed: L_SHARED_EDIT_DLG_NEW_AVAIL_LABEL_PH now being used correctly
- Fixed: MySQL and Postgres now support hypens in Database name
- Fixed: Welcome Acknowledgement required during SSO login when set on listener
- New: Azure AD SSO may now be configured to require signatures on the the SAML Assertion, Response, or Both.
- Before this change, “Both” were always required. Pre-existing configurations will still require “Both” after upgrade.
- Fixed: DH Group Exchange once again connects with older clients that use ssh-rsa host key
New in Cerberus FTP Server 13.0.1 (Jul 6, 2023)
- New: L_MSG_ONLY_CREATE_ONE_SHARE localization string added, cleaner client file details
- Fixed: Removed unsafe-eval from the Content Security Policy
- Fixed: Made File Report “File path” case insensitive and made slash and backslash equivalent
- Fixed: L_SHARED_EDIT_DLG_NEW_AVAIL_LABEL_PH now being used correctly
- Fixed: MySQL and Postgres now support hypens in Database name
- Fixed: Welcome Acknowledgement required during SSO login when set on listener
- New: Azure AD SSO may now be configured to require signatures on the the SAML Assertion, Response, or Both.
- Before this change, “Both” were always required. Pre-existing configurations will still require “Both” after upgrade.
- Fixed: DH Group Exchange once again connects with older clients that use ssh-rsa host key
New in Cerberus FTP Server 13.0.1 (May 25, 2023)
- Fixed: SSH ChaCha20_Poly1305 correctly handles SHA1 signed Key Exchange
- Fixed: SQL Server LocalDB now successfully stores rows that would be truncated
- Fixed: The “Find” checkbox in the HTTPS client is now translatable with the L_SEARCH_FIND translation tag
- Fixed: AD User and Group mapping no longer display users in red
- Fixed: SSO SAML now accepts non-password based authentication types from Azure AD
- Fixed: SSO SCIM Provisioning now correctly serializes international characters
- New: Improved logging for Folder Monitor
- Fixed: Web client password change browser back and refresh attack mitigation
New in Cerberus FTP Server 13.0.0 (Apr 10, 2023)
- New: Folder Automation Events
- New: Single Sign-On (SSO) via SAML/SCIM Azure AD
- New: Administrators can now log off logged-in users
- New: OpenSSL ciphers are now available for SSH
- New: OpenSSL 3 features
- New: Automate sending multiple files or a folder
- Added: Support for SSH keys based on ED25519 format
- Added: Support for aes256-gcm via SSH
- Added: Support for ChaCha20 in SSH
- Added: SAML logging and diagnosis
- Added: Updated documentation for SCIM/SAML username mapping
- Added: cURL has been updated to 7.88.0
- Fixed: User Manager SSH public key selection no longer results in text “disappearing.”
- Fixed: Generate Password button no longer populates both password fields
- Fixed: More useful information is now displayed when a reference to an SCIM cache object is missing
- Fixed: Resolved an XSS security issue related to the jquery-ui’s handling of checkboxes/radio buttons
New in Cerberus FTP Server 12.11.6 (Feb 17, 2023)
- Fixed: Eliminate “file not found” errors when operating on files and folders in paths longer than 250 characters
- New: Upgraded to OpenSSL to 3.0.8 to address security vulnerabilities CVE-2023-0401, CVE-2023-0286, CVE-2023-0217, CVE-2023-0216, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-4203
- Fixed: Upgraded to curl 7.88.0 to address CVE-2023-23914, CVE-2023-23915, CVE-2023-23916
- Fixed: Multibyte user and group names are supported
- Fixed: Upgraded jquery.ui.widget to 1.13.2 to address CVE-2022-31160
New in Cerberus FTP Server 12.11.5 (Jan 19, 2023)
- Fixed: Extension allow/deny lists no longer affect renaming folders
- Fixed: Remove registry-related WARNING messages when running Cerberus as an unprivileged user
New in Cerberus FTP Server 12.11.4 (Dec 1, 2022)
- Fixed: Geoblocking blocks connections when geolocation fails in certain situations
- Fixed: SFTP authentication fails intermittently
New in Cerberus FTP Server 12.11.3 (Nov 22, 2022)
- New: Enable loading the legacy provider for old PFX files with weak encryption
New in Cerberus FTP Server 12.11.2 (Nov 18, 2022)
- Fixed: Geoblocking defaults to allow only mode when it should default to deny only mode
- Fixed: Geolocation fails if auto update checking and public IP autodetection are both disabled
- Fixed: When a native user is disabled or deleted their web sessions are logged off
- Fixed: Upgraded to moment.js 2.29.4 to address CVE-2022-31129
New in Cerberus FTP Server 12.11.1 (Nov 16, 2022)
- Fixed: When FIPS is enabled, Cerberus cannot validate a new license key
- Fixed: Cerberus crashes when Oracle XML Publisher connects to Cerberus via SFTP and FIPS is enabled
- Fixed: In Server Manager, the administrator was not informed that the Cerberus FTP Server service needs to be restarted after disabling FIPS
- Fixed: The RenameUser SOAP API did not correctly rename users
New in Cerberus FTP Server 12.11.0 (Nov 8, 2022)
- New: Cerberus can now block or allow connections based on the country the connection originates from
- New: Upgraded to OpenSSL to 3.0.7 with TLS 1.3 support
- New: Cerberus supports ChaCha20-Poly1305 cipher suite for TLS 1.3
- New: TLS 1.3 is now enabled by default, TLS 1.0 and TLS 1.1 are no longer enabled by default
- New: Web Client users can now look up their username if they forgot it
- New: When a user with a disabled account requests a password reset, Cerberus will now notify users that their account is disabled
- New: Web Client users can now select to delete all files from their public share once the share has expired
- New: In User Manager, the list of users may now display users’ email address
- New: In User Manager, a native user’s profile now includes the last login IP address
- New: User Manager now allows searching users by their email address
- New: Use HTTPS when connecting to ipstack’s geolocation service if it’s available
- New: SOAP API now allows setting a ‘requirePasswordChange’ option on ChangePassword API call
- Fixed: In HTTP/S web client, PDF preview has been disabled as it can no longer be supported securely
- Fixed: User to Group mappings now also match against the authenticating user’s sAMAccountName
- Fixed: Upgraded to curl 7.86.0 to address CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916
- Fixed: Upgraded to zlib 1.2.13 to address CVE-2022-37434
New in Cerberus FTP Server 12.10.1 (Sep 23, 2022)
- Fixed: In IP Manager, Auto Blocking and DoS Protection settings were disabled after a service restart
- Fixed: Cerberus crashes when renaming a file because of a lack of permissions
- Fixed: In Event Manager, Cerberus crashes when a Scheduled Task is set to repeat with a value of ‘0’
- Fixed: Administrators are incorrectly blocked from logging into Web Administration because of the maximum connection limit
- Fixed: Upgraded to the latest version of jQuery Validation to address a vulnerability to regular expression denial of service
New in Cerberus FTP Server 12.10.0 (Sep 12, 2022)
- New: Administrators can now set delete, rename, and list permissions for folders and files independently from one another
- New: Customers with many concurrent client connections should see faster connection acceptance
- Fixed: HTTP/S Admin listeners did not enforce the max connection limit
- Fixed: Updated to the latest version of jQuery UI to address a potential cross-site scripting (XSS) vulnerability
- Fixed: Upgraded to gSOAP 2.8.122
New in Cerberus FTP Server 12.9.0 (Jul 18, 2022)
- New: In User Manager, administrators can now create, upload, and edit client SSH public keys for users and groups
- Fixed: Event Manager now escapes event variables that are modifiable by users and are used in file paths
- Fixed: Removed logging for anonymous user passwords
- Fixed: When recursive file deletion fails, files are not deleted until Cerberus is restarted
- Fixed: When installing Cerberus, service account validation now displays an error message when an account does not exist
- Fixed: When uninstalling Cerberus, there is now an option to remove or keep the ‘Cerberus’ service account
- Fixed: In Report Manager, Professional and Standard editions show reports that are only available in Enterprise edition
- Fixed: In Report Manager, Professional and Standard editions cannot generate the Server Statistics report
- Fixed: Addressed OpenSSL security vulnerabilities with a patch for CVE-2022-2068
- Fixed: Upgraded to curl 7.84.0 to address CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
New in Cerberus FTP Server 12.8.0 (Jun 14, 2022)
- New: In addition to blocking file extensions, administrators can now configure Cerberus to only allow specified file extensions
- New: Cerberus now warns when RSA public keys have a weak exponent value
- Fixed: Upgraded to curl 7.83.1 to address CVE-2022-30115, CVE-2022-27782, CVE-2022-27781, CVE-2022-27780, CVE-2022-27779, CVE-2022-27778
New in Cerberus FTP Server 12.7.4 (Jun 2, 2022)
- Fixed: Security vulnerability introduced in 12.7.0
New in Cerberus FTP Server 12.7.3 (May 24, 2022)
- Fixed: FTP clients could not change to the root directory
- Fixed: On the login page for Web Administration, username was not HTML escaped
New in Cerberus FTP Server 12.7.2 (May 20, 2022)
- Fixed: Cerberus does not interpret FTP NLST command options correctly
- Fixed: On the Connections page, administrators cannot view the full path for Local Files with long file paths
New in Cerberus FTP Server 12.7.1 (May 13, 2022)
- Fixed: In HTTP/S web client, users cannot navigate into subfolders of public shares
New in Cerberus FTP Server 12.7.0 (May 9, 2022)
- New: Native Cerberus users with 2FA-enabled can now use the Forgot Password reset link
- New: HTTP/S web client and Web Administration now enforce a stricter Content Security Policy that blocks the execution of inline scripts
- New: Cerberus now supports long file paths, allowing folder paths longer than 260 characters
- New: FTP/S listeners now have a new option to enforce data connection resumption; FileZilla enforces resumption and Cerberus now enables this option automatically for FileZilla clients
- New: On the Summary page, administrators can now click on a user or group in a System Message and navigate directly to that account
- New: In Event Manager, Public File Transfer events now include variables for who shared the file and their email address
- Fixed: Upgraded to moment.js 2.29.3 to address CVE-2022-24785
- Fixed: Upgraded to zlib 1.2.12 to address CVE-2018-25032
- Fixed: Upgraded to curl 7.83.0 to address CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, and CVE-2022-27776
- Fixed: Addressed OpenSSL security vulnerabilities with a patch for CVE-2022-1292
- Fixed: In Report Manager, Clean Tables did not remove old records from the sessions table in the reporting database
- Fixed: In AD Users, when setting AD group to Cerberus group mappings, no groups were displayed for ‘.’ AD configurations (local user database)
- Fixed: Upgraded to gSOAP 2.8.121
- Many minor bug fixes and improvements
New in Cerberus FTP Server 12.6.0 (Mar 28, 2022)
- New: On the Summary page, System Messages can now be “acknowledged” and removed from the list
- New: On the Summary page, System Messages now warn if the service account for Cerberus is running as LocalSystem
- New: In Event Manager, Scheduled Tasks now allows sending a file when the “File Path From” is a UNC path
- Fixed: Updated to the latest version of jQuery UI to address cross-site scripting (XSS) vulnerabilities
- Fixed: Addressed OpenSSL security vulnerabilities with a patch for CVE-2022-0778
- Fixed: Cerberus may crash when initializing syslog
- Other minor bug fixes and improvements
New in Cerberus FTP Server 12.5.0 (Feb 23, 2022)
- New: HTTP/S web client now has a “Download as Zip” context menu option for easier downloading of multiple files and folders
- New: In HTTP/S web client, public shares are now allowed to never expire
- New: LDAP search results now page only when the LDAP server supports paging
- New: LDAP search paging can now be overridden by configuration option and defaults to using paging only when supported
- Fixed: In HTTP/S web client, when creating a zip file, there was no UI feedback that a zip file was being created
- Fixed: In HTTP/S web client, changes to the AM/PM of a public share expiration were not saved
- Fixed: In HTTP/S web client, public shares had the wrong expiration date when selecting the last available day of the maximum share duration
- Fixed: Microsoft Edge WebView2 process failures were not logged
- Fixed: In Report Manager, an error occurred when exporting a CSV for an Account report
- Fixed: AddUser SOAP API call ignored ipAllowList except when “priority” was also set
- Other minor bug fixes and improvements
New in Cerberus FTP Server 12.4.1 (Jan 26, 2022)
- Fixed: Cerberus crashed when SSL/TLS is disabled or failed to initialize
New in Cerberus FTP Server 12.4.0 (Jan 18, 2022)
- New: Report queries can now be saved, edited, and deleted
- New: Report generation now supports relative dates using a “search back” time period
- New: In Event Manager, Scheduled Tasks can now generate a report using a previously Saved Report and deliver it via email
- New: Significant performance improvements to the Cerberus Desktop GUI when using Microsoft Edge WebView2
- New: Microsoft Edge WebView2 runtime automatically downloaded and installed by the Cerberus installer
- Fixed: SSH server fingerprint changed when modifying SSL/TLS certificates
- Fixed: Memory leak in the Cerberus Desktop GUI
- Fixed: JavaScript error in Cerberus Desktop GUI when mapping to Cerberus Native groups for groups that only contain numeric characters
- Fixed: Upgraded to curl 7.80.0
- Other minor bug fixes and improvements
New in Cerberus FTP Server 12.3.4 (Jan 3, 2022)
- New: On the Protocols tab of Server Manager, under Advanced HTTP/S settings, Web Client zip compression level is now configurable
- Fixed: Cerberus FTP Server service failed to start when password expired for “Cerberus” service account
- Fixed: In Report Manager, Login report failed to show cipher strings for HTTPS sessions
- Other minor bug fixes and improvements
New in Cerberus FTP Server 12.3.3 (Nov 9, 2021)
- Fixed: AD and LDAP users should not be subject to the Cerberus password expiration policy (introduced in 12.3.0)
- Fixed: Password expiration times were incorrect and should not have been shown for AD and LDAP users
- Fixed: The sidebar navigation link to ‘LDAP Users’ does not work from Web Administration
New in Cerberus FTP Server 12.3.2 (Nov 4, 2021)
- Fixed: Group membership not evaluated for ‘localhost’ AD Users configurations
New in Cerberus FTP Server 12.3.1 (Nov 1, 2021)
- New: In Report Manager, the Account and Folder reports now allow navigating directly to users and groups
- Fixed: When upgrading from within the application, Cerberus could not upgrade to version 12.3 when upgrading from versions before 12.2
New in Cerberus FTP Server 12.3.0 (Oct 26, 2021)
- New: In the installer, administrators can now explicitly manage the service “Run As” identity during installation and upgrade
- New: In the installer, “LocalSystem” service identity is now deprecated and a new, unprivileged local user named ‘Cerberus’ is now the default identity
- New: Report Manager now has a Folder Report that shows all virtual directories and which users have access to them
- New: Faster AD user authentication
- New: Paged AD and LDAP user listings and other optimizations to improve administration page load times
- New: Significant performance improvements to AD and LDAP Account Report generation
- New: Removed the 1000 entry limit for AD and LDAP user enumeration on the AD Users, LDAP Users, and Account Reports
- New: In User Manager, the Members page for a group now enumerates all native, AD, and LDAP users that are members of that group
- New: In User Manager, on the Members page of a group, administrators can now click on a user account and be taken directly to that user account
- New: There is now a button link next to the primary or secondary group membership on a user account that will take the administrator directly to the group
- New: More context information for AD and LDAP users for directory properties like disabled, allow password change, password never expires, and anonymous
- New: IP Manager now shows the date and time when an IP address was blocked
- New: In Event Manager, Public File Transfer events now include an “Is a Byte Range Request” variable
- New: In Event Manager, User Account Blocked events include additional variables
- Fixed: For some AD configurations, the behavior of the virtual directory mode changed when upgrading to version 12.2 or higher
- Fixed: Upgraded to curl 7.79.1
- Fixed: For some passwords, passwords did not deserialize correctly causing failed password validations
- Fixed: Bug in SOAP API example powershell script ‘Example-GroupManipulation.ps1’
New in Cerberus FTP Server 12.2.2 (Sep 22, 2021)
- Fixed: Upgraded to curl 7.79.0 to address security vulnerabilities
- Fixed: Upgraded to gSOAP 2.8.116 to address security vulnerabilities
- Fixed: Infoblox devices could not upload files via SCP
- Fixed: In HTTP/S web client, iOS 12 devices could not upload files
- Fixed: Adding a new virtual directory overwrote an existing virtual directory with the same name
New in Cerberus FTP Server 12.2.1 (Sep 3, 2021)
- Fixed: Memory leak when using Web Administration or the Cerberus Desktop GUI
New in Cerberus FTP Server 12.2.0 (Sep 2, 2021)
- New: Native Cerberus users now have secondary groups to allow a user to be in multiple groups
- New: In AD Users, when displaying a user’s details, AD group to Cerberus group mappings now appear as secondary groups
- New: In User Manager, when displaying a user’s virtual directories, there is now a table column for the group(s) that the virtual directory was inherited from
- New: When upgrading to future versions of Cerberus, the account running the Cerberus service will no longer revert to LocalSystem
- New: In Report Manager, the Account Report now includes AD and LDAP users in addition to native Cerberus users
- New: In Report Manager, administrators can now remove old records from their reporting database using “Clean Tables”
- New: In Report Manager, each report now only shows filters relevant for that report type
- New: SCP now supports downloads with wildcards in the filename
- New: Added support for TLS Extension #23 Extended Master Secret (EMS) to mitigate Triple Handshake (3SHAKE) and other potential attacks
- New: In Server Manager, when adding an Active Directory user or group as a Cerberus admin, the distinguished name (DN) can now be searched with autocomplete
- New: In Event Manager, Folder Monitor now allows deleting read-only files
- New: In HTTP/S web client, public shares now includes a new option to send one email notification for all transferred files every 5 minutes
- New: In HTTP/S web client, public share notification emails now include the contents of downloaded zip files
- New: Improved performance for customers with many concurrent client connections
- Fixed: Addressed OpenSSL security vulnerabilities with a patch for CVE-2021-3712
- Fixed: Replaced colorbox jQuery lightbox plugin to address security vulnerabilities
- Fixed: Upgraded to curl 7.78.0 to address security vulnerabilities
- Fixed: Upgraded to handlebars 4.7.7 to address security vulnerabilities
- Fixed: Cerberus crashed intermittently for customers with many concurrent client connections
- Fixed: SCP preserve timestamps did not use the correct timestamps for recursive downloads
- Fixed: In HTTP/S web client, public share notification emails did not render correctly in MS Outlook
- Many minor bug fixes and improvements
New in Cerberus FTP Server 12.1.0 (Jul 20, 2021)
- New: In Event Manager, the Transfer File Target now allows retrieving files from another server via SFTP, FTP, FTPS, and HTTP/S GET
- New: In Event Manager, the “IP Blocked Event” now includes a variable for the reason why the IP was blocked
- New: When using the Cerberus Desktop GUI, clicking on links now launches your default web browser instead of Internet Explorer
- New: On the Public Shares tab of User Manager, there is now a legend for the Public Shares table
- Fixed: Address a vulnerability to SSL renegotiation denial of service
- Fixed: When using the Cerberus Desktop GUI, clicking on links leaked the desktop URL as the referring URL
- Fixed: In AD Users, it was not possible to modify the domain for an existing Active Directory Users configuration
- Fixed: After upgrading to version 12.0, HTTP/S web client no longer displayed the “Find” checkbox option for the search filter
- Fixed: Incorrect search results are shown in tables when there are multiple, concurrent search requests that are received out of order
- Many minor bug fixes and improvements
New in Cerberus FTP Server 12.0.2 (Jun 16, 2021)
- Fixed: HTTP/S web client was not displaying correctly in the browser
- New: On the Remote tab of Server Manager, there is now a legend for the Administrator Accounts table
New in Cerberus FTP Server 12.0.1 (Jun 15, 2021)
- Fixed: After upgrading to version 12.0.0, HTTP/S web client public shares no longer allowed public downloads
- Fixed: In Server Manager, unable to set HTTP/S Temporary Files Folder using the file browser
- Fixed: HTTP/S web client showed links and buttons to download files when the user does not have download permission
New in Cerberus FTP Server 12.0.0 (Jun 9, 2021)
- New: Support for Active Directory Web Administration users
- New: Active Directory Users page that allows native-like administration and mapping changes for AD users
- New: LDAP Users page that allows native-like administration and mapping changes for LDAP users
- New: Support for “includeSubDomains” and “preload” with HTTPS Strict Transport Security (HSTS)
- New: Public shares guided wizard for creating and emailing a public share
- New: Public shares notification option to be emailed on every file access
- New: Public shares session-based isolated uploads
- New: Public shares global option to hide original shared file or folder name in public URL
- New: Public shares CC and BCC options when sending a public share via email
- Improved: Public shares generated password is now automatically shown
- Improved: Web client file share notifications now contain the file names of files accesses through public share folders
- New: Web client dialog prompt for overwriting or resuming existing files on upload
- New: Web client growl-based notifications for reporting operations status
- New: Web client activity center to see any growl notifications generated on the current page
- New: Web client listener options to add a welcome message to password-protected public shares
- New: Web client listener options to require welcome message acknowledgement for password-protected public shares
- New: Web client listener option to hide the ‘Accounts’ page for all users
- New: Web client listener option to prevent creating permanent zip files on the server
- New: Web client can generate MD5 (non-FIPS mode only), SHA1, SHA256, SHA512 hashes of any web client file
- New: Web client option for users to enable auto-uploads for their account, or on a per-queue basis
- New: Web client option for users to enable auto-clearing of the completed upload file list for their account, or on a per-queue basis
- New: Web client option for users to disable upload image and video previews on their account
- New: Web client option to allow users to open a file in a new tab
- New: Web client now has all interface and messaging available to be customized for localization
- New: Web client allows HTML in the Login and Public Share welcome messages
- New: Web client no longer allows changes to be made to anonymous account’s settings by the user
- New: Web client now shows the date of password expiration on the Accounts page
- New: User Manager now shows the date of password expiration on the user’s details page
- Improved: Numerous small bugs, UI improvements, and performance improvements
- Removed: Can no longer be installed on Windows Server 2008 and Vista
- Removed: Legacy Server Manager, IP Manager, and User Manager
- Removed: Support for 32-bit operating systems
New in Cerberus FTP Server 11.3.7 (May 18, 2021)
- Fixed: Duplicate folders when AD user is assigned to multiple groups with the same virtual directories
- Fixed: Missing file and directory upload browser button icons on mobile devices
- Fixed: Cerberus terminates due to unhandled exception
- New: SCP preserve timestamps option for file uploads
New in Cerberus FTP Server 11.3.6 (Apr 22, 2021)
- Fixed: Cerberus contained a privilege escalation vulnerability from loading a DLL from a non-privileged path
- Fixed: In HTTP/S web client, users cannot download a folder or file with a percent sign in the name
- Fixed: Upgraded to curl 7.76.1
New in Cerberus FTP Server 11.3.5 (Apr 7, 2021)
- Fixed: Cerberus contained a privilege escalation vulnerability
- Fixed: Upgraded to curl 7.76.0 to address security vulnerabilities
- Fixed: Cerberus crashed when Report Manager has a bad database configuration and sending a session report email
- Fixed: Memory leak when encrypting/decrypting data
- Fixed: Cisco Unified Communications Manager cannot send backups to Cerberus via SFTP when FIPS is enabled
- Fixed: Cisco hardware cannot upload via SCP and fails with error message
- Fixed: SFTP clients failed key exchange when the server or the client sent an initial key exchange packet and incorrectly guessed the algorithm the other side was using
- Fixed: HTTP/S web client and Event Manager cannot unzip zip files that are not entirely consistent
- Fixed: In HTTP/S web client, users that double-click on a directory can reach an inconsistent state and an incorrect breadcrumb
New in Cerberus FTP Server 11.3.4 (Mar 9, 2021)
- New: In Server Manager, there is now an option to control exclusive upload file locking for SSH SFTP version 4 and lower
- New: Upgraded to curl 7.75.0
New in Cerberus FTP Server 11.3.3 (Feb 24, 2021)
- New: Improved performance for customers with many client connections per second and authenticating with native Cerberus users
- New: In User Manager, improved search performance when there are many users
- New: When viewing a selected user account, User Manager now allows creating a new group in addition to selecting an existing group
- Fixed: Addressed OpenSSL security vulnerabilities with patches for CVE-2021-23839, CVE-2021-23840, CVE-2021-23841
- Fixed: Upgraded to jQuery validation 1.19.3 to address security vulnerabilities
- Fixed: Cannot access Cerberus Desktop GUI when cookie support is disabled
- Fixed: Cerberus Desktop GUI showed many errors when the “HTTP/S Web Admin Session Timeout” value was very low
- Fixed: Cerberus did not consistently timeout Web Administration sessions
- Fixed: In Server Manager, HSTS cannot be set on HTTP/S Admin listeners
- Fixed: In Report Manager, the log showed numerous errors when using SQL Server 2012
- Fixed: In User Manager, users and groups with special characters did not display correctly
- Many minor bug fixes and improvements
New in Cerberus FTP Server 11.3.2 (Jan 22, 2021)
- New: On the Advanced tab of Server Manager, Cerberus now allows enabling experimental beta features
- New: Active Directory Users page allows native-like administration and mapping changes for AD users (beta feature)
- New: LDAP Users page allows native-like administration and mapping changes for LDAP users (beta feature)
- New: Cerberus now provides more logging when repairing a corrupted stats.dat file
- New: User Manager now allows the revocation of a public share from the context menu
- New: Server Manager now allows admins to force users’ browsers to reload HTTP/S Web Client static resources instead of loading cached versions
- Fixed: Cerberus Desktop GUI is slow or unresponsive after updating to version 11.3.1
- Fixed: Cerberus crashed when SFTP clients sent an invalid SFTP packet
- Fixed: LDAP search results failed to find users when there are more than 1000 users
- Fixed: When disabling FIPS 140-2, Server Manager did not display a warning that Cerberus needs to be restarted
- Many minor bug fixes and improvements
New in Cerberus FTP Server 11.3.1 (Jan 22, 2021)
- New: Cerberus now uses KeyPair’s FIPS 140-2-validated cryptographic module with Certificate #3503
- New: In Server Manager, Cerberus now allows a configurable value for the Web Administration session timeout
- New: In the Interfaces window, Cerberus now displays more detailed security-related feedback and messages for each listener.
- New: User Manager now allows searching users by their first and last names
- New: User Manager now displays the date a user was created
- New: Web Administration now shows the labels for SMTP servers to more easily differentiate between multiple servers
- New: Report Manager now warns when an unsupported ODBC driver is selected
- Fixed: Addressed OpenSSL security vulnerabilities with patches for CVE-2020-1971 and CVE-2020-1968
- Fixed: Upgraded to curl 7.74.0 to address curl security vulnerabilities
- Fixed: Cerberus passed sensitive values in URLs that could expose them to people with access to server and application logs
- Fixed: Cerberus crashed when server certificate and private key are missing and SSL/TLS is enabled
- Fixed: Cerberus failed to verify an LDAP server without manually entering the correct password on the Binding Options page
- Fixed: In Report Manager, Cerberus logs errors when writing audit records for administrator actions to a MySQL database
- Fixed: Users could not enable 2FA even though they are required to do so because “Allow 2 Factor” had not been checked
- Fixed: Users cannot login because User Manager allowed admins to set the invalid state in which “Require Password Change on Login” is checked but the user is not allowed to change their password
- Fixed: Report Manager cannot connect to SQL Server database when the database name includes a hyphen
- Many minor bug fixes and improvements
New in Cerberus FTP Server 11.3.0 (Nov 17, 2020)
- New: User Manager now has a “horizontal” layout to reduce the amount of scrolling when administering native users and groups
- New: Usability improvements to Extension Blocking in User Manager
- New: The Summary page now warns when a certificate is expiring or has expired
- New: The Summary page now warns when remote host certificate verification is disabled
- New: In Server Manager, admins can now customize the issuer name to something other than “Cerberus” when using OTP for two-factor authentication
- Fixed: Cerberus did not enforce password history policy for web administrator accounts
- Fixed: In web administration and web client, Cerberus allowed a malicious actor to spoof content with misleading messages designed to trick users
- Fixed: In web administration and web client, browsers may store pages in the user’s browser cache that could be accessible to a malicious actor on a public computer, a shared system, or a machine in a semi-public area.
- Fixed: In web administration, Cerberus disclosed passwords or other sensitive data in an unmasked format in the HTTP response
- Fixed: In Report Manager, the log showed numerous errors when using SQL Server Express LocalDB 2012
- Fixed: Enhanced log filtering only filtered the first IP address and ignored any additional filters
- Many minor bug fixes and improvements
New in Cerberus FTP Server 11.2.9 (Oct 26, 2020)
- Fixed: In User Manager, CSV export of users allowed formula symbols that could enable an attacker to inject malicious commands when viewed in Microsoft Excel
- Fixed: In Server Manager, the private key password and the Duo secret key were disclosed in an unmasked format in the HTTP response
- Fixed: In User Manager, a warning message was shown when creating a new user
- Fixed: In Event Manager, an error message was shown when creating a scheduled task even though the scheduled task was created successfully
- In Log Manager, the Time column no longer wraps
- In Server Manager, the Remote page now shows a message to secondary admins indicating only primary admins are allowed to access these settings
- User Manager now sets the Password Last Changed value for a cloned user account to the current time
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.2.8 (Oct 19, 2020)
- Fixed: Updated to the latest version of MomentJS to address a vulnerability to regular expression denial of service
- Fixed: HTTP/S web client localization allowed language translations that could include malicious JavaScript
- Fixed: Cerberus crashed when HTTP/S web client served a file with a timestamp in which the year is more than 3000
- Fixed: In the log, Cerberus sometimes attributed system tasks to users
- Fixed: When uploading via SCP, some SCP clients showed the transfer as failed even though the transfer was successful
- Fixed: In SOAP API, GetGroupInformation always returned empty “sshOptions”
- Fixed: Sync Manager added a new server entry instead of updating the existing entry when editing the IP address
- Authentication for Active Directory users now only queries users using a legacy API if “Try Alternative Active Directory Check” is enabled
- In web administration and web client, Cerberus now creates intermediate directories when creating directories
- Cerberus now supports DUO Federal for two-factor authentication
- Report Manager now creates a database index on the ‘files’ table for MySQL/MariaDB
- User Manager now sets the Last Login value for a cloned user account to be “Unknown”
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.2.7 (Sep 3, 2020)
- Fixed: Cerberus crashed when HTTP clients request invalid ranges
- Fixed: Cerberus crashed when loading certificates from an invalid PFX file
- Fixed: LDAP user was not able to change password when LDAP configuration has SSL enabled
- Fixed: Memory leak in Cerberus Desktop GUI
- Fixed: In Event Manager, Session Report email did not render correctly in MS Outlook
- In web administration, tables did not remember settings for number of rows per page
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.2.6 (Aug 11, 2020)
- Fixed: Even when logging in via SFTP and the SSH Authentication Method is “Public Key,” Cerberus unnecessarily prompted for a password change
New in Cerberus FTP Server 11.2.5 (Jul 15, 2020)
- New: Report Manager now supports the PostgreSQL database
- Fixed: Extension blocking did not reject prohibited file extensions from being uploaded with SCP
- Fixed: Log Manager did not show the time in the local time format
- Fixed: In Event Manager, Logoff Event rules with Email Session Report action could only select Default Email Server even though there are multiple SMTP servers
- Fixed: In Report Manager, Cerberus failed to generate a File Report when using SQL Server 2008 R2 as the database
New in Cerberus FTP Server 11.2.4 (Jun 29, 2020)
- Fixed: Cerberus crashed when an FTP client uploads a file using MODE Z compression
- Fixed: When running as an application (as opposed to running as a Windows Service), Cerberus did not verify remote host certificates
- Fixed: Cerberus could not verify valid remote host certificates because of expired certificates in the OS trust store
- Fixed: Event Manager did not trigger a Directory Created Event when a dragging and dropping a folder in the HTTP/S web client
- Fixed: Event Manager did not trigger a File Transfer Event when uploading a file to a virtual directory with a trailing slash
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.2.3 (Jun 15, 2020)
- New: Log files can now be filtered by IP or username
- New: In Server Manager, changing admin passwords is now separate from editing admin accounts
- Fixed: In Event Manager, the HTTP Post event action stopped including variables
- Fixed: In Event Manager, the error “An address incompatible with the requested protocol was used” occurred when connecting to an SMTP server
- Fixed: Cerberus service would not start on Windows Server 2008
- Fixed: When responding to an FTP STOR command, Cerberus sent a 426 reply instead of a 500 reply when the parent folder does not exist
- Fixed: In User Manager, CSV import of users allowed users in groups that did not exist
- Fixed: Images and videos cannot be previewed in the HTTP/S web client
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.2.2 (May 28, 2020)
- Fixed: Upgraded to jQuery 3.5.1 to address jQuery security vulnerabilities
- Fixed: Closing Cerberus Desktop GUI minimized to system tray instead of closing application
- Fixed: Cerberus installer did not shutdown running Cerberus GUI process
- Fixed: HTTP/S web client cannot download files with pound sign in the filename
- Fixed: In User Manager, virtual directories with paths created with %USER% variable cannot be edited
- Fixed: In User Manager, virtual directories with names created with %USER% variable cannot be deleted
- Fixed: In User Manager, the %USER% variable did not expand correctly in nested paths
- Fixed: In Server Manager, when creating or editing an admin account, it was possible to check “Require 2 Factor” without also checking “Allow 2 Factor”
- Many minor bug fixes and improvements
New in Cerberus FTP Server 11.2.1 (May 5, 2020)
- Fixed: Cerberus crashed when HTTP/S web client received a malformed URL
- Fixed: HTTP/S web client and Folder Monitor did not handle folders ending with a period
- Fixed: In Event Manager, a regular expression worked in the Regular Expression Tester but not in actual use
- Fixed: In Server Manager, when creating a new administrator, you could not set the permissions for the administrator
- Many minor bug fixes and improvements
New in Cerberus FTP Server 11.2.0 (Apr 22, 2020)
- Cerberus customers that block outgoing connections with their firewall should only have to allow connections to the domain www.cerberusftpserver.com with IP address 216.92.201.26 for Cerberus to auto-update
- New: Cerberus now performs certificate and host name verification for all outgoing SSL/TLS connections by default
- New: Event Manager now has a Transfer File Target that allows transferring files to another server via SFTP, FTP, FTPS, HTTP PUT, and HTTPS PUT
- New: Event Manager now has labels for Event Targets so that administrators can assign unique names to differentiate between them
- Removed unnecessary newlines from the log
- Fixed: When Cerberus checks for updates, those outgoing SSL/TLS connections did not verify the certificate or host name
- Fixed: In User Manager, requiring a user to change their password does not actually force the user to change their password after logging in
- Fixed: Log Manager displays a “parseerror” message when the log contains binary data
- Fixed: In Event Manager, modifying a cloned event applies changes to the original event
- Fixed: In Server Manager, changes to SSH Security Defaults are automatically saved without confirmation
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.1.0 (Mar 19, 2020)
- User Manager guided workflows for creating users and groups, including enhanced data validation and error checking
- Upgraded admin password change controls for setting and changing user and administrator passwords
- Easily adjust generated password lengths beyond the minimum at the time of password generation
- Multiple enhancements to the Log Manager including a continuous log view with no paging, a configurable refresh rate, visual indications to indicate when the log will next refresh, as well as a dedicated context menu item and toolbar button to immediately refresh the log
- Added support for additional SSH2 key exchange methods to include diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512
- Upgraded to gSOAP 2.8.99 to address gSOAP security vulnerabilities
- FTP commands for setting file date/time provide better error messages on failure
- Fixed: Filter/Find for HTTP/S web client allows bypassing of virtual directory permissions
- Fixed: In User Manager, new users and groups no longer need an initial save before you can add new virtual directories
- Fixed: In User Manager, the disable date constraint for users and groups ignores PM times
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.10 (Feb 21, 2020)
- Fixed: Memory leak when querying which groups a user is a member of in Active Directory
New in Cerberus FTP Server 11.0.9 (Feb 18, 2020)
- Fixed: Memory leak when statistics file cannot be opened at startup
- Fixed: Cerberus crashes when there are multiple HTTP/S web client requests for a new localization language file
- Fixed: Log Manager displays a “parseerror” message when the log contains binary data
- Fixed: SCP does not handle using single quotes around filenames
- Allow administrators to view queue sizes for diagnostic purposes
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.8 (Jan 27, 2020)
- Fixed: Memory leaks when transferring files via SFTP
- Fixed: Cerberus crashes when HTTP/S web client receives a malformed URL
- In Active Directory administration, searching for users and groups when creating mappings will now use the Binding Options credentials instead of the credentials for the account running the Cerberus FTP Server Windows service
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.7 (Jan 22, 2020)
- Fixed: In Log Manager, scripts errors occur when using the right-click menu options
- Fixed: In User Manager, updating a user shows an error message when using group overrides
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.6 (Jan 13, 2020)
- Upgraded to OpenSSL 1.0.2u to address OpenSSL security vulnerabilities
- Cerberus now shows a warning that legacy managers are deprecated and will be removed in a future version
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.5 (Jan 6, 2020)
- Fixed: Unzip for HTTP/S web client allows bypassing of blocked file extensions
- Fixed: Folder Monitor status is never updated
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.3 (Dec 9, 2019)
- Fixed: Permission bypass through the zip and/or unzip permission
- Fixed: Removed the video tutorial for the Client Domain Allow List upgrade message as it was causing errors on some older operating systems
- We now show a warning during installation that Cerberus 11 is not officially supported on Windows Server 2008
New in Cerberus FTP Server 11.0.2 (Dec 2, 2019)
- Fixed: In Event Manager, Scheduled Tasks drift later after each run
- Fixed: In Event Manager, Scheduled Tasks do not run as scheduled for weekdays
- Fixed: Long message notifications are not formatted correctly
- Fixed: Cerberus displays an error message for missing MF.dll on Windows Server 2008 R2
- Fixed: Cerberus install fails even though Internet Explorer 9+ has been installed
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.1 (Nov 18, 2019)
- Fixed: Cerberus does not lock out a user’s account after numerous failed 2FA attempts allowing brute force attacks
- Fixed: HTTP/S web client public shares are vulnerable to a XSS attack that can execute arbitrary JavaScript
- Other minor bug fixes and improvements
New in Cerberus FTP Server 11.0.0 (Nov 6, 2019)
- Significantly faster performance (upto 10x) when writing files across the network using the Server Message Block (SMB) protocol
- Enhancements to User Manager UI (Desktop GUI and web administration) for a responsive and consistent experience across devices
- In web administration, User Manager now allows managing blocked file extensions and CSV export/import of users
- User Manager provides richer visual feedback when previewing the import of users from a CSV file
- User Manager shows all of the members of a group including Cerberus Native users, LDAP users, AD users, and AD groups
- Web administration now shows connections, transfers, and logging
- Log Manager logs IP addresses and usernames when logging connection-related events
- Log Manager allows administrators to download log files
- Log Manager provides features such as searching, row grouping, column sorting, and showing/hiding columns
- New notification system displays small pop-up notifications about events that are important to the user
- New notification system allow administrators to view a history of changes made during their session
- Redesigned Server Manager for better segmentation and grouping of server configuration options
- In Server Manager, administrators can require uppercase and lowercase letters in their password complexity policy
- Cerberus supports nested group membership for the AD “Require Security Group Membership” option
- HTTP/S web client localization can now be accessed and modified directly from the Desktop GUI
- Fixed: Password reset is vulnerable to HTTP host header attack allowing malicious password reset emails
New in Cerberus FTP Server 10.0.14 (Aug 7, 2019)
- Fixed: Group settings requiring multifactor authentication are ignored when users login via HTTP/S
- Fixed: In Server Manager, enabling FIPS 140-2 when using a PKCS#12 certificate for the server key pair causes an error and unusable SSL configuration
- Fixed: Event Manager does not trigger file transfer event for HTTP/S downloads when file is 0 bytes
- Fixed: When command-line FTP clients issue list commands, group and owner names are not displayed
- Fixed: When command-line FTP clients issue list commands, last-modified timestamp is formatted incorrectly
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.13 (Jul 9, 2019)
- In the HTTP/S web client, security questions are now only shown on the account page if password resets are enabled
- Added the Same-Site browser cookie attribute as a security best practice for preventing CSRF attacks
- In Server Manager, updated the UI for the logging page to make it more clear that the Syslog port is configurable
- Improved accessibility in the HTTP/S web client for users that require assistive technology (screen reader, keyboard-only navigation, etc.)
- Fixed: Emails sent from Cerberus are blocked by some spam filters
- Fixed: Cerberus identifies Windows Server 2019 as Windows Server 2016 in the logs
- Many minor bug fixes and improvements
New in Cerberus FTP Server 10.0.12 (Jun 5, 2019)
- Upgraded to OpenSSL 1.0.2s to address OpenSSL security vulnerabilities
- Fixed: Verification of LDAP configuration uses stale configuration settings
- Fixed: Cerberus ignores proxy settings during update process
- Fixed: MFMT FTP command fails to modify the last modification time for directories
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.11 (May 14, 2019)
- The About dialog now displays the serial number for the license
- SCP has better support for downloading large files
- Improved how session IDs are generated to increase entropy
- Fixed: Server crashes with certain invalid Active Directory configurations
- Fixed: User Manager saves invalid Active Directory and LDAP configurations
- Fixed: In Report Manager, connecting to a MySQL 8.0 database returns an authentication error
- Fixed: Users could reset their password even though they are not allowed to change their password
- Fixed: In the Desktop GUI, unable to configure Captcha settings for HTTP/S web client interfaces
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.10 (Apr 22, 2019)
- Desktop GUI now supports keyboard shortcuts and other keyboard controls in all windows
- Report Manager now shows a progress dialog when updating the reporting database configuration
- In Server Manager, the Remote page now shows the SOAP service endpoint URL based on the current server configuration
- Fixed: In Event Manager, email notifications for file transfer events of FTP uploads and downloads always show file size of 0 bytes
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.9 (Apr 1, 2019)
- In Event Manager, a variable for the unique session ID is now available for events generated by logged in users
- Updated optional HTTP security header for X-XSS-Protection to “1; mode=block” to prevent the web browser from rendering pages if a potential XSS reflection attack is detected
- Fixed: XSS vulnerability in HTTP/S web client
- Fixed: In web administration, cannot view or edit description for a group with User Manager
- Fixed: In Report Manager, exported CSV files display international characters incorrectly
- Fixed: When uploading via SCP, names of files and folders with international characters do not transfer correctly
- Fixed: SCP download fails when filenames include a space character
- Fixed: SCP recursive download fails when empty folders exist in the directory tree
- Many minor bug fixes and improvements
New in Cerberus FTP Server 10.0.8 (Mar 11, 2019)
- Upgraded to OpenSSL 1.0.2r to address OpenSSL security vulnerabilities
- Display password policy requirements in every place in which passwords are changed
- Fixed: XSS vulnerability in web administration
- Fixed: When importing users from CSV, settings for users with overrides are lost
- Fixed: When exporting users to CSV, not all user properties are exported
- Fixed: In HTTP/S web client, folders with ampersand character in their name are not shown correctly
- Fixed: Usernames with space character cannot setup 2FA when using an authenticator app on iOS devices
- Fixed: HTTP/S web client session timesout even though session timeout is disabled
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.7 (Feb 15, 2019)
- Added labels for Active Directory domains
- Updated to the latest version of gSOAP
- Fixed: Active Directory users cannot change their password when the user must change their password at next login
- Fixed: User is disabled when their authentication requirement is “Public Key OR Password” and the setting “Disable account if last login exceeds X days” is enabled even though the user had previously successfully logged in (within the specified time frame)
- Fixed: A user logging in with a public key and “Public Key OR Password” authentication requirement was not restricted by IP or protocol
- Fixed: When uploading, SCP users without “Create Directory” permissions could create directories
- Fixed: In web administration, Server Manager allows setting admin passwords that are not compliant with the password policy
- Fixed: In web administration, when adding a new user, User Manager does not warn when a user with that username already exists
- Fixed: Added support for ABOR FTP command
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.6 (Jan 31, 2019)
- In Server Manager, added a configuration option to allow reading from files being uploaded
- Fixed: HTTP/S web client does not allow users to change their password when 2FA is enabled
- Fixed: In some circumstances, the Service Connect dialog of the Desktop GUI displays the admin password in the username field
- Fixed: In the legacy Server manager, the primary administrator account can be deleted
- Fixed: In web administration, on the remote tab of User Manager, you are able to rename an admin account to an existing admin account
- Fixed: HTTP/S web client does not show folder contents when a user’s virtual directory path ends with a backslash
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.5 (Jan 31, 2019)
- Completed Windows Server 2019 certification
- The summary page shows a warning for weak password policies
- When using the Desktop GUI, the menu for Server Manager is now static and fixed to the top of the screen
- Added support for XCRC FTP command with start and end points
- Added support for ABOR FTP command for IBM AS/400
- Fixed: Cannot change password when connected to the server using WinSCP over SFTP
- Fixed: Cannot upload file using SCP
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.4 (Jan 31, 2019)
- Upgraded to OpenSSL 1.0.2q to address OpenSSL security vulnerabilities
- Auto-generate a policy-compliant password for public shares
- More intuitive status indicators for IP Listeners on the Summary page
- Added more detailed debug logging for unrecognized FTP commands
- Fixed: In web administration, Server Manager cannot disable public share settings
- Other minor bug fixes and improvements
New in Cerberus FTP Server 10.0.3 (Jan 31, 2019)
- Fixed: When LDAP users are logging into the HTTP/S web client, they are prompted to set security questions
New in Cerberus FTP Server 10.0.2 (Nov 15, 2018)
- Fixed: UI cannot connect to service after setting remote password during the Getting Started Wizard
New in Cerberus FTP Server 9.0.12.0 (Oct 16, 2018)
- The free IP geolocation service we used is no longer available. We’ve provided a workaround by moving to a new geolocation service.
- Fixed: Cannot disable 2FA from web administration.
New in Cerberus FTP Server 9.0.11.0 (Sep 27, 2018)
- Fixed: Settings configuration changes and interface listener changes are lost after a server restart
- Fixed: IP Manager incorrectly blocks a new IP range forever when adding the IP range (in CIDR format) with “Never Block this IP” enabled
- Fixed: After a service restart, “Send public emails from SMTP server account instead of user email address” setting is not being honored
- Fixed: The “Password Change Policy” settings are not saved correctly through the User Manager in web administration
- Fixed: When setting the database configuration for Reporting, configuration options do not update based on ODBC driver selection
New in Cerberus FTP Server 9.0.10.0 (Sep 13, 2018)
- Fixed: Event Manager does not trigger a failed file transfer event when there is an unsuccessful upload from the HTTP/S web client
- Fixed: Event Manager removes the failure action when editing the event action that the failure action is associated with
- Fixed: Report Manager throws a SQL error when generating a login report with a date range
New in Cerberus FTP Server 9.0.9.0 (Aug 30, 2018)
- Fixed: Desktop GUI Admin is slow to initialize if the server does not have Internet access
- Fixed: Non-compliant HTTP 1.1 behavior related to closing connections
- Fixed: Older 1.0 group configuration files do not get upgraded when upgrading to the latest version of Cerberus FTP Server
New in Cerberus FTP Server 9.0.8.0 (Aug 17, 2018)
- Upgraded to OpenSSL 1.0.2p to address OpenSSL security vulnerabilities
- SFTP file transfer performance improvements
- Fixed: Non-English folder names are not displaying correctly in the HTTP/S web client
- Fixed: Empty folders are not included in zip files created in the HTTP/S web client
- Fixed: Report Manager searches are slow when querying with no limit. Report Manager now requires a limit and warns when queries may take longer.
New in Cerberus FTP Server 9.0.7.1 (Aug 1, 2018)
- Fixed: The contents of folders with an ampersand in the name are always empty in the HTTP/S web client
New in Cerberus FTP Server 9.0.7.0 (Jul 27, 2018)
- Enhanced the “Deny FXP Transfer” option to also reject passive mode data connections for FTP when the data connection originates from a connection different than the control connection
- Added a passive port randomization option (disabled by default) on the Advanced page for FTP data connections to prevent possible passive mode data connection hijacking attempts
- Fixed: File Statistic Report Error when running a basic report from the Tools menu
- Fixed: You can open the Sync Manager (even though it’s non-functional) in editions that don’t support the Sync Manager
- Fixed: The IP Listener Status box does not reflect listener initialization failures
- Fixed: The Sync Manager sidebar link is always displayed in web administration, regardless of edition
- Fixed: Can’t delete/edit addresses added via CIDR in the IP Manager
- Fixed: Adding a new IP range using CIDR in new IP Manager will expire immediately
New in Cerberus FTP Server 9.0.6.1 (Jul 12, 2018)
- The free IP geolocation service we used is no longer available. We’ve provided a temporary workaround by moving to a new geolocation service.
- Changed the Report Manager Filename field to File path to better reflect that field’s use
- Added a public uploads filter to the Report Manager’s search console
- Other minor bug fixes and improvements
New in Cerberus FTP Server 9.0.6.0 (Jul 1, 2018)
- New localization page to allow web administrators to easily change and update language translations for the HTTPS web client
- The password policy is now displayed on the Account Requests page for new users requesting accounts
- Added a comprehensive log report to detail exactly where the mismatch was when a client/server SSH key exchange failed because of no common key exchange protocols, encryption, mac, or compression parameters
- Removed the Restart, Start, and Stop menu items from the File menu in the Cerberus GUI to avoid admin confusion
- Changes to SSH key exchange protocols, ciphers, or mac settings no longer require a service restart and now become active as soon as the changes are saved
- Fixed a bug where downloading a publicly shared file containing special international characters will display the incorrect name when using Internet Explorer
- Fixed a bug where modifying existing IP addresses in the IP Manager wasn’t working correctly
- Fixed a bug where Log Manager in Web Administration cuts off filter value in the select box
- Fixed a bug where AD and LDAP attribute searches were case sensitive, but should not have been
- Fixed a bug where Last Download status was always Never for shares displayed on the user’s Shares page
New in Cerberus FTP Server 9.0.5.3 (May 5, 2018)
- Fixed a bug with web client password resets that prevented reset emails from being sent
- Added a section to show the current password policy for creating a password on account requests
- The settings.xml file is now serialized to a temporary file first before replacing the settings.xml file for added safety
- Updated jQuery to version 3.0.3.1 in both the web client and web administration
New in Cerberus FTP Server 9.0.5.2 (May 5, 2018)
- Fixed a bug that prevented Diffie-Hellman key exchange from working for SFTP when in FIPS mode
- Fixed a bug that could crash a remote server when syncing shared files using the Sync Manager
- Fixed a bug that required setting the password a second time for remote admin users when they are created through web administration
- File and directory names now expand to take up as much width as available in the web client
New in Cerberus FTP Server 9.0.5.1 (May 5, 2018)
- Fixed a bug that prevented users from revoking public shares
- Added an option to specify domain server binding credentials for AD authentication
- Fixed a bug that prevented web client security questions and answers from saving
- Added options to enable Kerberos sealing or SSL encryption for domain communications
New in Cerberus FTP Server 9.0.5.0 (Apr 9, 2018)
- Added support for DUO Security for 2 factor authentication
- Added a new Sync Manager for the desktop UI
- Added a new Overviews pace to the Sync Manager
- Added a new Overviews page to the Report Manager
- Added a page to configure database connections in the Report Manager
- Upgraded OpenSSL to version 1.0.2o to address vulnerabilities in OpenSSL
- Fixed a bug that resulted in a server crash when HTTPS web client users logged out in the middle of uploading a file
New in Cerberus FTP Server 9.0.4.0 (Feb 28, 2018)
- Added options to allow and require 2 factor authentication for users and groups
- Added 2 factor authentication support for LDAP and Active Directory web client users
- Added a new IP Manager to manage IP blocking
- Added an option to show the password when filling out a new account request
- Added context-menu support for virtual directory management in web administration
- Added double-click support for editing virtual directories in web administration
- Added select all/none for virtual directories in the web administration
- Selecting a directory will now populate a default virtual directory name in the virtual directory dialog in web administration
- Added options to automatically generate passwords and show passwords when changing or setting a password for the first time in web administration
- Added an indicator showing whether the password and password confirmation inputs match for web administration password boxes
- Added an indicator of the current password policy in the change/set password dialogs in web administration
- Added a password generator for web administration change password dialogs
- Added SHA256 SSH public key fingerprint generation when validating certificates
- The Share and Email dialogs for public sharing now indicate whether a password is required in the placeholder text for the share password field
- Admin password resets of user accounts now ensure password policy enforcement like the desktop admin UI
- Event Manager event actions can now have no variables selected for an action
- Added option to select all/none for event variables to be included in individual email actions
- Added a dedicated download button on files in public directory shares
- Fixed bug preventing selecting/unselecting a variable in the Event Manager’s variable list when clicking directly on the checkbox
- Fixed a problem with IE9 and HTTPS web client uploads
- Fixed truncating uploaded file names with semicolons in the web client
- Disabling FTPES advertisement now denies TLS upgrade requests
New in Cerberus FTP Server 9.0.3.1 (Dec 19, 2017)
- Enforce CSRF token on 2F verification and upload forms
- Add more strict cache control headers to sensitive pages
- Fixed the address book not appearing for LDAP and AD accounts in the web client
New in Cerberus FTP Server 9.0.3.0 (Dec 9, 2017)
- Upgraded to OpenSSL 1.0.2n to address OpenSSL security vulnerabilities
- Enhanced the web IP Manager
- Fixed a folder monitor UI bug
- Fixed a user manager UI bug that resulted in no group being displayed for a user
- Miscellaneous bug fixes
New in Cerberus FTP Server 9.0.2.0 (Nov 17, 2017)
- We now support very large path lengths when the underlying path is a UNC share
- Enhanced the web IP Manager
- Fixed a bug that resulted in public file share folder and file zipping returning zero-length zip archives
- Fixed a bug in the IP Manager
- Added country logging for IP geolocation
- IP geolocation optimizations
New in Cerberus FTP Server 9.0.1.0 (Nov 7, 2017)
- Upgraded to OpenSSL 1.0.2m to address OpenSSL security vulnerabilities
- New zip and unzip library with support for archives greater than 2GB
- New global option to disable displaying file sharing tabs and button in the web client
- Improved pagination in the web client and web administration
- Fixed a bug that reversed the current and latest version labels on the summary page
- Fixed an HTTPS web client file upload bug
- Added an “overwriting existing file” label for when web client uploads are overwriting an existing file
- Fixed a bug that resulted in AD accounts that use directory attributes for SSH public key authentication being unable to retrieve the SSH key from AD
- Fixed a bug that caused an FTP rename that overwrites an existing file to fail even when the “allow rename to overwrite existing files” FTP option is selected
- Fixed support for IPv6 addresses
- FIxed IP address note wasn’t getting added in web administration for CIDR ranges
- Fixed a bug in web administration that prevented administrators from changing their passwords
New in Cerberus FTP Server 9.0.0.5 (Sep 22, 2017)
- Added an Add Folder button to the HTTPS client upload control for browsers that support it
- Fixed pre-upload existence and resume checking for files uploaded through folder drag and drop
- Added displaying of full relative file path for files when uploading folders in the web client
- Fixed various UI issues in the web client
- Shared file or folder notification emails now properly reflect whether the file is uploaded or downloaded
- Event Manager admin changes are better logged for auditing purposes
- Fixed several possible crashing bugs related to public file share uploads and public file share access
New in Cerberus FTP Server 9.0.0.4 (Sep 12, 2017)
- HTTPS web client UI cleanup
- Miscellaneous minor bug fixes and performance improvements
New in Cerberus FTP Server 9.0.0.3 (Aug 31, 2017)
- Fixed a potential web administration crash
- Updated the SOAP library
- Fixed the WSDL link from the web administrator page
- Miscellaneous minor bug fixes and performance improvements
- Included additional web client translations for German, Danish, Norwegian, Polish, Hungarian, Arabic, French, Chinese, Russian, and Finnish
- Removed SEED and CAMELLIA ciphers from our default cipher lists
New in Cerberus FTP Server 9.0.0.2 (Aug 31, 2017)
- Improved geolocation of IP addresses and error reporting
- Fixed a bug where the Summary and Interfaces couldn’t be displayed for some configurations
- Performance improvements
New in Cerberus FTP Server 9.0.0.1 (Aug 31, 2017)
- Bug fixes for web clients viewing the using a default language other than English
- Bug fixes and a fallback summary and interfaces page for Server Core installations that do not support the IE browser control
- Other bug fixes
New in Cerberus FTP Server 9.0.0.0 (Aug 17, 2017)
- HTTP/S web client two-factor authentication with any HOTP client
- Updated HTTP/S web client user interface
- Multiple language support for the HTTP/S web client
- Updated web administration, events, and reporting dialogs
- New server administrator auditing reporting
- Resizable User Manager, Server Manager, and IP Manager dialogs
- Complete rewrite of web administration code for better performance and security
- Web administration now uses session-based authentication instead of basic authentication to allow sign in and sign out capability
- New scalable summary page
- Better DPI handling for embedded web page controls
- Significant performance improvements through code rewrites and a move to the Visual Studio 2017 compiler and CRT libraries
- Added an option to allow replacing a file on rename with FTP
- Added an option to allow disabling FTP TLS upgrade advertisement for plain FTP connections
- Added an option to enforce the system password policy on public file shares
- Enhanced Share settings page on the web client
- Added support for locking and unlocking specific regions of files for the SSH SFTP commands BLOCK and UNBLOCK
- Reduced log verbosity for initial connection messages (without any loss of information)
- Compatibility with Azure SQL Server and encrypted database connections for the auditing and reporting database
- The downloader’s IP address is now recorded and included on file access reports for public file uploads and downloads
New in Cerberus FTP Server 8.0.12.1 (Aug 2, 2017)
New in Cerberus FTP Server 8.0.12.0 (Jun 2, 2017)
- Fixed an issue where HTTP/S session timeouts sometimes didn’t trigger a logout event
- Fixed a concurrency issue that could lead to a crash in rare instances
- Fixed an issue with basic server statistics collection that could lead to a crash or stats file corruption
- Fixed a Microsoft Edge upload error
- Rearranged the Advanced Security Dialog to group SSH2 and SSL options, and added a few more security profiles
New in Cerberus FTP Server 8.0.11.2 (May 21, 2017)
- Fixed an issue where responses to SSH2 global requests messages weren’t sent properly
- Modified HTTPS session cookie identifiers to no longer potentially include the equals sign as a character value
New in Cerberus FTP Server 8.0.11.1 (May 4, 2017)
- Updated the reCaptcha signup link in the reCaptcha dialog
- Authentication will no longer strip whitespace from the front and back of usernames during authentication
- The Folder Monitor can now handle directory names with ampersands
- Improvements to CSV import from third party SFTP servers
- Minor bug fixes
New in Cerberus FTP Server 8.0.11.0 (Mar 17, 2017)
- Fixed a DoS vulnerability related to the FTP MLST command for authenticated user in certain user configurations
- Improved FTP error checking and reporting
New in Cerberus FTP Server 8.0.10.3 (Mar 6, 2017)
- Fixed an issue where HTTP/S connections would block forever when a client connection was severed during a file upload, and the uploaded file would remain locked
- Enhanced support for logging client IP addresses via the X-FORWARDED-FOR header
New in Cerberus FTP Server 8.0.10.2 (Mar 6, 2017)
- Fixed a DoS vulnerability in a third party library related to SOAP and web administration
- Added saveToDisk and createNonExistentDirectories options to the AddUser SOAP API call
New in Cerberus FTP Server 8.0.10.1 (Feb 10, 2017)
- Better compatibility with some HTTP/S proxy servers for update checking and other GET operations
- Added a failed PASV mode bind retry attempt that will automatically retry binding to a new passive port up to 3 times if a port is already in use
- Fixed an issue with the “exclude passive port range” option not getting saved for Sync Manager settings
- Fixed bug that prevented folder uploads to public shares
- Setting the “Require Password change every X Days” option is no longer necessary for enforcing the “Require Password Change” setting on an account
New in Cerberus FTP Server 8.0.10.0 (Feb 1, 2017)
- Updated to OpenSSL 1.0.2k from OpenSSL 1.0.2k to address security vulnerabilities in OpenSSL
- Minor bug fixes
New in Cerberus FTP Server 8.0.9.0 (Feb 1, 2017)
- Public uploads now trigger a public file transfer event, and you can differentiate a public download from a public upload using rule conditions
- Executable target event actions now properly report error codes and wait for process execution to complete
- Administrators can configure a max wait time for executable event actions to complete before processing the next action
New in Cerberus FTP Server 8.0.8.4 (Dec 19, 2016)
- Fixed a bug with adding conditions in the Event Manager.
- Fixed a bug where a logout event won’t be generated for specific situations where an HTTP/S session times.
New in Cerberus FTP Server 8.0.8.3 (Dec 13, 2016)
- Fixed a Firefox bug causing uploads to fail for public file uploads through the HTTPS web client in some instances
- SSH SFTP bug fix for the FSTAT command
- SSH SFTP requests for global requests not get a proper error response
New in Cerberus FTP Server 8.0.8.2 (Dec 6, 2016)
- Fixed a Firefox bug causing uploads to fail through the HTTPS web client in some instances
- Added support for folder uploads through Firefox with the HTTPS web client
- Fixed a bug where zero length file uploads didn’t trigger a file transfer event
- Added a “Follow referrals” option for Active Directory user searches
- Minor UI changes to show disabled authentication sources on the Policy page
New in Cerberus FTP Server 8.0.8.1 (Nov 18, 2016)
- Fixed a Firefox bug causing uploads to fail through the HTTPS web client in some instances
- Added support for folder uploads through Firefox with the HTTPS web client
- Fixed a bug where zero length file uploads didn’t trigger a file transfer event
- Added a “Follow referrals” option for Active Directory user searches
- Minor UI changes to show disabled authentication sources on the Policy page
New in Cerberus FTP Server 8.0.8.0 (Nov 15, 2016)
- Updated to OpenSSL 1.0.2j from OpenSSL 1.0.1u
- Fixed a bug where zero length file uploads didn’t trigger a file transfer event
- Enhanced file policy result logging
- Added an FTP passive mode option to always use the internal IP for plain FTP passive mode responses
- FTP AUTH commands will now send an “Unavailable” response when FTPES is requested but TLS is disabled on the server
- Added an option during a server backup restore operation to not import the license key from the backup
- Improvements to AD and LDAP password changing
New in Cerberus FTP Server 8.0.7.1 (Oct 12, 2016)
- Fixed an HTTPS web client bug that could result in a crash when downloading files in chunks
- Added an SSH SFTP legacy file handles mode for dealing with buggy clients that relay on SSH SFTP file handles being the actual file path
- Changes to some SSH settings no longer require a service restart
New in Cerberus FTP Server 8.0.7.0 (Sep 22, 2016)
- Updated to OpenSSL 1.0.1u to address bug fixes and security vulnerabilties in OpenSSL
- Server no longer locks a file in SSH SFTP for both read and write access if only one of read or write locking is requested by the client
- The server can now properly keep track of SSH SFTP sessions that open multiple simultaneous handles to the same file or directory
- Better logging and handling of HTTPS client commands and uploads
- Removed Triple DES from the default cipher list for SSL client connections and web administration
- The Summary page now warns if 3DES or RC4 are enabled for SSL connections
- Fixed a bug that resulted in the groups field being omitted from native account reports in the Report Manager
- Fixed a UI bug on the desktop Account Requests page that resulted in fields getting reset when selecting a group for the appoved account
New in Cerberus FTP Server 8.0.6.1 (Sep 12, 2016)
- Public shares can now just have upload only permission (no download)
- Fixed several bugs for LDAP and AD authentication that used a directory attribute for the default virtual directories for users
- Enhanced SMTP authentication error logging
New in Cerberus FTP Server 8.0.6.0 (Aug 17, 2016)
- Bug fixes and usability improvements in the User Manager
- Tab support for moving through user fields in the User Manager
- Support for the X-FORWARDED-FOR header for HTTP/S traffic for logging and IP management
- Improved proxy support for upgrade checking
- AD and LDAP mapping dialogs are now resizable
- Fixed the "Do Not Send Session Report if Empty" flag always being set to false when editing an email session report action
- Password generator now generates passwords that are at least 6 characters, even if password policy has no minimum length
- Fixed bug that could cause password generator to crash
New in Cerberus FTP Server 8.0.5.1 (Aug 3, 2016)
- Fixed a bug that could result in a CPU spike in the Enterprise edition until the service is restarted
New in Cerberus FTP Server 8.0.5.0 (Aug 2, 2016)
- New random, policy compliant password generation option for native accounts in the desktop UI
- Added an option to set a native account to require password change on next login without having to reset password
- Added the LDAP server label field to the desktop UI
- Added additional user icons to differentiate user states in the User Manager
- Added a Legend dialog to display what the different user icons mean
- Added URL redirect support to the web client for selecting authenticated links when the user isn't authenticated
- HTTP/S session timeouts now properly trigger a logout event and session end time in the statistics database
- Minor UI improvements and bug fixes
New in Cerberus FTP Server 8.0.4.0 (Aug 2, 2016)
- Added options to control requiring account request settings on the account request signup form
- Added an option to set a custom denial message for email notification when requested accounts are denied
- Redesigned Shares web client page
- Removed the default selection of TCP/IP as the network protocol for SQL Server ODBC drivers
- Usuability enhancements and bug fixes for the New User Dialog in the User Manager
- AD authentication optimizations to speed up and remove unnecessary domain queries
- Numerous minor bug fixes and usuability enhancements with the UI
New in Cerberus FTP Server 8.0.3.0 (Jun 23, 2016)
- Fixed a statistics bug that recorded the wrong value for the filename of a publicly shared file for reports
- Fixed a UI bug that always deleted the first secondary web admin account in the list regardless of which account was selected for deletion
- Added an Add New User dialog to the User Manager to streamline adding new users
- Added the SSH authentication method Password OR Public Key to the available authentication options list
- Added a dialog to allow adding or updating SMTP servers on the Public Shares page of the User Manager
- Added additional quick configuration options to the Summary page
- Added limited support for authenticated redirects
- Added manual proxy support to the General page of the Server Manager
- Fixed some refresh and drawing inconsistencies on the main admin UI
New in Cerberus FTP Server 8.0.2.0 (May 25, 2016)
- Fixed a bug that sometimes resulted in being unable to send session report logoff emails
- Fixed several minor Event Manager UI bugs
- Added workarond for SSH clients that don't pad signatures RSA signatures in public key authentication
- New, high-DPI icons for nearly every part of the desktop admin GUI
- Improved User and Group pages in the User Manager
- Lots of UI bug fixes in the User Manager
New in Cerberus FTP Server 8.0.1.0 (May 5, 2016)
- Upgraded to OpenSSL 1.0.1t
- Added an option to allow unauthenticated users to upload files to publicly shared folder links
- Added options to delete empty folders and to filer files using regular expressions for folder monitoring
- Added restricted upload file extension blocking in the User Manager for Professional end Enterprise editions
- Added a regular expression testing dialog to the Event Manager for regular expression event conditions and folder monitor file filters
- Added SSH SFTP copy-file extension command for performing remote file copies on the server
- UI enhancements to the Event Manager
- Fixed a bug that could result in losing AD and LDAP settings when upgrading old settings files
- Fixed a bug that prevented the %USER% variable from working in public key certificate paths for Cerberus groups
New in Cerberus FTP Server 8.0.0.8 (Mar 3, 2016)
- Fixed a bug introduced in 8.0.0.6 that resulted in AD group to Cerberus group mappings being converted to AD user to Cerberus group mappings after saving
- Fixed unzipping on the HTTPS web client
New in Cerberus FTP Server 8.0.0.7 (Mar 1, 2016)
- Upgraded to OpenSSL 1.0.1s
- Stability and performance improvements
- Changes to HTTPS web client configurations now take effect immediately
New in Cerberus FTP Server 8.0.0.6 (Feb 5, 2016)
- Added option for administrators to control what key exchange protocols are allowed with SSH2
- The ChangePassword SOAP API now has an option for email notification of password changes to the end user, and for administrator resets without the prior knowledge of the user's password
- Only send one event notification for HTTPS file uploads greater than 256 MB
- Improved error reporting for CSV input
New in Cerberus FTP Server 8.0.0.5 (Jan 31, 2016)
- Upgraded to OpenSSL 1.0.1r
- Improved FTP MDTM comand handling to better differentiate between getting and setting the time on a file
- Improved error reporting on the desktop UI managers for when values are out of range for fields
- Session report emails can not be sent to multiple recipients for a session report event action
- Fixed a bug with the IP Manager's username auto-banning feature that resulted in a failure to block usernames on the ban list
- Updated HTTPS web client and web admin web framework foundation classes
- Added ability to set a default theme for the HTTPS web client by IP address
- Fixed issue preventing users without delete permission from uploading more than 256MB of a file through the HTTP/S web client
- Fixed issue with being unable to add zip and unzip actions in the Event Manager
- Fixed issue with custom email body in events being stripped of newlines
New in Cerberus FTP Server 8.0.0.4 (Dec 4, 2015)
- Upgraded to OpenSSL 1.0.1q to address OpenSSL bugs and security vulnerabilities
- SSL and SSH ephemeral DH keys now default to minimum 2048 bit strength
- Fixed a problem with verifying ECDSA signatured for client SSH public keys
- Default web administration cipher string strengthened to exclude several weaker ciphers
- Web administration SSL cipher string and protocol support can now be customized by administrators
- Enhanced error checking to prevent a client from attempting to upload a file through the HTTPS web client with an invalid name
- Event Manager email event actions can now send emails to multiple email addresses with a single email action
- Added a label field for LDAP server configurations to help admins differentiate between multiple LDAP configurations
New in Cerberus FTP Server 8.0.0.3 (Nov 17, 2015)
- Fixed an LDAP and AD public key authentication bug that resulted in the server being unable to find the public key file for mapped AD or LDAP users
- Fixed the HTTPS web client allowing authenticated users to replace existing files on upload without delete permissions
- Fixed SMTP server response handling to improve compatibility with SMTP servers
- HTTPS web client will now prevent an upload from starting if the user doesn't have permission to replace an existing file
- Added context menu support to several web administration tables
- Added basic public download statistics collection for reporting
- Minor bug fixes and improvements
New in Cerberus FTP Server 8.0.0.2 (Oct 28, 2015)
- Fixed an LDAP and AD authentication bug that could result in a crash in some situations
- Fixed an restore users and settings from backup bug
- More consistent and region-specific date formats for reports
New in Cerberus FTP Server 8.0.0.1 (Oct 25, 2015)
- Numerous minor bug fixed and Event Manager UI improvements
- Added right-click menu support to Event Targets and Folder Monitor tables
- Added clone rule option to event rules and sheduled tasks
- Added clone action option to event rules and schedules tasks
- Editing actions now modified edited action, instead of adding a new action
- Fixed SSH SFTP file transfers always generating an upload notification
- Added option to select AD or LDAP attribute for SSH public key location for groups in web administration
- Fixed AD and LDAP authentication bugs when using public key authentication with AD or LDAP attributes
- Cerberus desktop UI log link now opens up log directory, instead of UI-only log file
New in Cerberus FTP Server 8.0 (Oct 25, 2015)
- Support uploading resume through the HTTPS web client
- New option to always prompt for administrator password when launching the desktop admin UI
- Active Directory and LDAP authentication now support default directories linked to AD and LDAP directory attributes
- The Global Home\%USER and home directory default AD and LDAP mapping modes now have an option to configure home directory permissions
- Active Directory and LDAP users can now pull SSH client public keys from AD or LDAP using a directory attribute instead of a file path for the default or mapped Cerberus group's public key path field
- New, completely re-written Event Manager for both desktop and web administration
- New Event Manager scheduled tasks
- New Event Manager action to revoke a public link given a unique public file ID
- New Event Manager action to wait for a specified number of seconds before executing next action
- New Event Manager action to execute a server backup and save it to a file
- New event trigger for account passwords expiring
- New option to specify to stop executing event actions for a rule when an action fails
- New option for emailing session reports action to not send report when session has no file activity
- New option to specify what event rule variables are included in an email event notification
- New option to specify addition body text in event emails
- Back button added to file/session reports to return to original report when selecting a session
- New option to export reports to CSV files
- New IP username auto-banning
- Detailed statistics now records directory creation
- HTTP/S web client users are now prompted to set security questions on login if they haven't set them yet
- New HTTP/S web client context menu with cut and paste file and directory support
- You will now be prompted to automatically start the Windows Service if it is not running when you first launch the UI
- The Cerberus desktop admin application now uses a separate log configuration file to prevent any conflict when writing to the same log as the service
- Only the primary server administrator can now change remote admin settings
- Administrators can now use the %USER% variable for public key file paths in Cerberus groups for SSH authentication
- Enable or disable TLS 1.0, 1.1, and 1.2
New in Cerberus FTP Server 7.0.10.1 (Jul 29, 2015)
- Fixed an issue where SMTP email server tests would fail
- Fixed a potential access violation in the server
- The UI will now warn the user when a connection to the underlying Cerberus FTP Server service has been lost
- Added a wait server operation to cause an event rule to pause for a specified number of seconds before executing the next action
- Numerous minor bug fixes
New in Cerberus FTP Server 7.0.10.0 (Jul 11, 2015)
- Upgraded to OpenSSL 1.0.1p to address an OpenSSL security vulnerability
- Fixed a bug that would result in incomplete directory reads for SSH SFTP version 6 clients and directories with large numbers of files
- Added an option to disable TLSv1.0 to the Advanced Security dialog
- Added an option to perform an alternate method of checking the AD groups an AD user belongs to for domains that don't return group information for a user through ADSI
- Moved the XML parser for the UI settings file to the same XML framework used for the service settings file
New in Cerberus FTP Server 7.0.9.0 (Jun 12, 2015)
- Upgraded to OpenSSL 1.0.1m to address OpenSSL bugs and security vulnerabilities
New in Cerberus FTP Server 7.0.8.2 (Jun 12, 2015)
- Changed IP auto-detection to point to more reliable service
New in Cerberus FTP Server 7.0.8.1 (Jun 10, 2015)
- Fixed a bug related to public IP auto-detection that could result in a server crash under certain unusual circumstances
- Fixed a bug related to user Cerberus accounts that are part of a group ignoring the group's is anonymous setting and using the original account setting
New in Cerberus FTP Server 7.0.8.0 (Mar 20, 2015)
- Upgraded to OpenSSL 1.0.1m to address OpenSSL bugs and security vulnerabilities
- Completed transition of web administration virtual directory, AD, LDAP, event, and license dialogs to new mobile-friendly framework
- CSV importer can now understand different line encodings
- Added option to exclude passive port range from syncing
- You can now customize the email subject for session reports
- Fixed synchronization and timer bugs that could result in server crashes
New in Cerberus FTP Server 7.0.7.0 (Feb 25, 2015)
- Fixed socket send bug that could result in being unable to terminate a connection when a buggy client didn't signal it was ok to send data
- Fixed a bug in FTP download resumes that could result in corrupt resumed downloads
- Added SOAP API calls to set and retrieve the IP block list
- More robust CIDR list import support
- Added check to make sure an account request cannot be approved if there is already a user with that account name (web administration)
- Added HTTPS range header support (HTTP/s file download resume and better web video playback)
New in Cerberus FTP Server 7.0.6.0 (Jan 12, 2015)
- Updated to OpenSSL 1.0.1k to address security vulnerabilities in OpenSSL
- New public file sharing SOAP API call to generate a public link to an existing file
New in Cerberus FTP Server 7.0.5.5 (Dec 15, 2014)
- Fixed a bug that would not allow new user or group accounts to be created through web administration
- Renaming a group through web administration now renames the group in any user accounts or AD or LDAP mappings
- Enhanced rename and add group error checking
- New RenameGroup web services API call that renames a group and all associated mappings
- Groups can no longer be deleted through web administration if there is a user that is a member of the group
- Web client public file link emailing now disallows including the password in the email subject line
New in Cerberus FTP Server 7.0.5.4 (Dec 8, 2014)
- Fixed renaming users and groups in web administration
- Fixed incorrect date/time display in SFTP and HTTPS for root folders
- Fixed Send a Session Report action not being available for Logoff events when event first created
- Fixed several bugs that could result in a service crash if the log file can't be written to (space full, UNC path can't be reached)
- Other minor bug fixes to UI and web administration
New in Cerberus FTP Server 7.0.5.3 (Nov 12, 2014)
- Properly advertise integrity checking command support for SSH SFTP to clients
- Added CRC32 checksum as SSH SFTP integrity checking option
- Do not send ".." as part of a directory listing when at a user's root for FTP and SFTP
- Fix web administration and SOAP DLL exception
New in Cerberus FTP Server 7.0.5.2 (Oct 31, 2014)
- Web client Address books are now sortable by email or name
- Auto-suggest from address book when emailing public links now returns matching names in addition to email addresses
- External event processes no longer need their paths quoted when there are spaces in the path
- The working folder now correctly resets for external event process actions when changing the path of an exiting process
- Removed emtpy log statement for HTTPS uploads
- Updated HTTPS web client and web administration core libraries
- Fix web administration and SOAP DLL exception
New in Cerberus FTP Server 7.0.5.1 (Oct 22, 2014)
- Disable SSLv3.0 by default
- Add an option to enable SSLv3.0 on the Advanced Security page
New in Cerberus FTP Server 7.0.5.0 (Oct 16, 2014)
- Updated to OpenSSL 1.0.1j to address security vulnerabilities in OpenSSL
New in Cerberus FTP Server 7.0.4.2 (Oct 16, 2014)
- Added ability to set additional public file sharing options through web administration
- Added ability to customize email options for account request approvals through web administration
- Added button for testing SMTP server target configurations through web administration
- Account request email template improvements
- Minor web administration bug fixes and layout improvements
- Fixed error reporting for failed database operations - errors were previously being reported as "Invalid cursor state" instead of actual error description
New in Cerberus FTP Server 7.0.4.1 (Sep 30, 2014)
- Backup and restore now includes SSH client public keys in the backup set
- Server synchronization through the sync manager now syncs SSH client public keys
- Added the sync manager to web administration
- Added database configuration to web administration
- Web administration refinements and additions
- Optimized several images to use font glyphs for web administration to reduce resource page downloads
- Added a workaround for an IE9 directory display bug for the HTTP/S web client
- Fixed several rare thread contention isues that oculd lead to server exceptions
New in Cerberus FTP Server 7.0.4.0 (Sep 18, 2014)
- Major re-design of web administration. Switched to a more modern, responsive web framework that scales on different devices
- Added options to manage remote settings and secondary web administrators through web administration
- Added clone user and clone group functions to web administration
- Added option to test cipher strings to web administration
- Added ability to override group properties on users to web administration
- Added additional local directory and file selection controls to web administration
- Added public share editing to web administration
- Added same report generation controls present on the desktop to web administration
- Added additional advanced options to web administration
- Fixed CSV export and import for PBKDF2 HMAC SHA256 and PBKDF2 HMAC SHA512 hashed passwords by adding iteration count
- HTTP/S web client uploads now show up in the active transfers list and are tracked in the upload speed meter control
- Minor bug fixes and improvements
New in Cerberus FTP Server 7.0.3.0 (Aug 8, 2014)
- Updated to OpenSSL 1.0.1i to address security vulnerabilities in OpenSSL
- Fixed HTTP/S web client password strength meter bug in IE8
- Disabled accounts and accounts configured to allow only SFTP access with public key authentication will no longer receive password expiring emails
- 3DES encryption cipher is now considered at 112 bit symetric strength to better reflect effective strength
New in Cerberus FTP Server 7.0.2.0 (Jul 30, 2014)
- Disabled users will also register with the "stop authentication if user exists" Policy settings
- Added PBKDF2 HMAC SHA256 and PBKDF2 HMAC SHA256 stretched password hashing algorithms as password storage hash options
- Added ability to select active SSH2 ciphers and HMAC algorithms
- Added SSH2 cipher minimum bit strength display to Summary page
- HTTP/S web client now allows zero-length file uploads
- Fixed a problem with the web client data/time control for IE 8 users
- Added support for generating the correct share link path when connections come in from an HTTPS proxy to a Cerberus HTTP listener
- Reports now track whether a file operation succeeded or failed
- Fixed web client bug for displaying local time that only used the user setting for displaying local time
New in Cerberus FTP Server 7.0.1.0 (Jul 4, 2014)
- Fixed a bug in web client folder uploads for Chrome
- Fixed a bug on web client email selection and address book auto-complete
- Added an option to force all publicly shared files and folders be password protected
- Added more account options for CSV import (unlimited directories, password hashes, additional account parameters)
- Added capability to export user accounts as CSV files
- Added dedicated require password change option for native accounts
- Enhanced the default cipher list for HTTPS web administration to require minimum 128-bit, strong ciphers
- Added option to initiate automatic download of zip file without storing the resulting file on the server for web client zip operations
- Clients can now modify the share until date on their own publicly shared files
- Added web client in-browser editing of simple text-based files
New in Cerberus FTP Server 7.0.0.3 (Jun 6, 2014)
- Updated to OpenSSL 1.0.1h to address security vulnerabilities in OpenSSL
- Added new MAC SSH algorithms hmac-ripemd160 and [email protected]
- Added DeleteDirectoryFromGroup, AddDirectoryToGroup SOAP API calls
- Renamed AddRoot, DeleteRoot to AddDirectoryToUser, DeleteDirectoryFromUser SOAP API calls
- Added create directory option to AddDirectoryToUser and AddDirectoryToGroup API calls
New in Cerberus FTP Server 7.0.0.2 (May 29, 2014)
- Fixed an information disclosure for SSH logins vulnerability. Analysis of failed login result could allow attacker to determine if an account exists or not. Thanks to Steve Embling, a Pentura Security Researcher, for discovering and reporting this vulnerability.
- Fixed ability to update to a different theme in the web client for LDAP and AD accounts
- Fixed web client file list sorting
- Hide the security question list for AD and LDAP accounts since they can't currently use the password reset feature
- Added password strength/entropy meter to HTTP/S web client account request and change password pages
New in Cerberus FTP Server 7.0.0.1 (May 29, 2014)
- Added 3DES back to the list of available SSH ciphers
- Added a cipher list test button and a cipher list box to the Advanced Security dialog
- Changed the ephemeral EC generated to be compatible with IE
- IE8 HTTP/S web client improvements
New in Cerberus FTP Server 7.0.0.0 (May 19, 2014)
- Redesigned HTTP/S web client that's been optimized for both desktop and mobile browsers
- Folder upload through HTTP/S web client with Chrome
- Enhanced web client address book for users
- Web client custom theme support
- Web client search support
- Web client image and video thumbnail viewing
- Redesigned Report Manager
- Added report sorting
- Added multiple web administrators with fine grained access controls
- Publicly shared file links are now included in user statistics reporting
- Added max share duration limit for publicly shared links
- User manager UI improvements
- Event manager UI improvements
- Performance improvements
- Enhanced login reports
- New session file access email report event action
- Email notification of important events like user password expiration and password changes
New in Cerberus FTP Server 6.0.0.2 (Mar 14, 2013)
- Fixed telephone number wasn't included with account request notification
- Fixed email server selection for account approval in the web client was ignored
- Fixed setting for modifying hidden directory attribute on virtual directories would not save
- Added HTTP POST event target configuration capability to web admin
- Added public sharing as a permission option for virtual directories in the web admin
- Fixed inconsistent virtual directory permission selection behavior in the web admin
- Improvements to adding and removing LDAP and AD configurations in the web admin
- Fixed "Password Never Expires" setting ignored when adding new accounts
- CSV import now supports setting max logins, max upload filesize, and initial directory for a new user account
New in Cerberus FTP Server 6.0.0.1 (Mar 14, 2013)
- Numerous bug fixes
- Update the SOAP API
New in Cerberus FTP Server 6.0.0.0 (Feb 22, 2013)
- Upgraded FIPS OpenSSL to 1.0.1 with TLS 1.1 and TLS 1.2 support
- Added advanced statistics collection and a new Report Manager
- Added public file sharing to the web client
- Updated web client upload control
- Users and groups can now have whitelist IP ranges
- AD groups can now be mapped to Cerberus groups for assigning virtual directories
- Configurable timeout support for HTTP/S web client sessions
- Zip and unzip file operation actions for event actions
- HTTP POST operation event action to allow posting event information to a URL
- More variables for events
- Added variable substitution to event email recipient name and email address fields
- Added ability to customize email subjects on event emails, including variable substitution in subjects
- Added ability to set disable after time for users and groups through web administration
- Updated, easier to use AD and LDAP admin pages
- Access to advanced security settings from the Settings page
- Access AD and LDAP user attributes like name and email address for events
New in Cerberus FTP Server 5.0.7.0 (Feb 6, 2013)
- Updated OpenSSL to 0.9.8y
New in Cerberus FTP Server 5.0.6.1 (Jan 26, 2013)
- Fixed an AD and LDAP virtual directory bug introduced in 5.0.6
New in Cerberus FTP Server 5.0.6.0 (Dec 12, 2012)
- Fixed a web admin XSS vulnerability
- Minor updates and improvements
New in Cerberus FTP Server 5.0.5.1 (Nov 16, 2012)
- Improved auto-blocking for HTTP/S web client bots
- Optimized temporary file creation for file uploads ensures cancelled upload temporary files are deleted
- Various system-wide performance improvements
- Added email approve/disaprove notification to the we admin account request manager
- Fixed a minor bug that would not let an admin add a directory to a newly created account through the web admin
New in Cerberus FTP Server 5.0.5.0 (Sep 26, 2012)
- Fixed a CSRF vulnerability (US-CERT VU#989684) in the web admin
- Web client users can now replace existing files on upload if they have the correct permissions
- High DPI display improvements for the GUI
- No longer allow multiple logged in users to run the Cerberus Console at the same time
New in Cerberus FTP Server 5.0.4.3 (Sep 7, 2012)
- Fixed a problem with Office documents not opening directly from the web client in some versions of IE
- Minor changes and updates to the web client
- Optimization for authenticating against very large LDAP databases
New in Cerberus FTP Server 5.0.4.2 (Aug 13, 2012)
- Added LDAP authentication configuration to web administration
- Added option to require password change on next login
- Updated HTTP/S web client
- Fixed the CSR generator to accept wildcard common names
New in Cerberus FTP Server 5.0.4.1 (Jul 12, 2012)
- Simultaneous login count was not getting decremented on logout for AD accounts
- Added ability to change passwords for AD accounts
- Improvements to the Getting Started Wizard
- Improved the LDAP account listing in the LDAP page of the User Manager
New in Cerberus FTP Server 5.0.4.0 (Jun 16, 2012)
- DES cipher availability is now disabled by default for all SSH connections
- Added a MIME mapping dialog to change HTTP/S file MIME mappings
- Added reCAPTCHA option to the HTTP/S login page
- Modified the CSR generator to work with Verisign
- Made comparison on file extension caseless to determine MIME type
- Added support for the check-file-name SSH2 SFTP integrity/hash extension command
- Added support for the vendor-id SSH2 SFTP extension command
- Improvements to web administration (AJAX interface selection)
- Whenever a default listener is changed you will have the option of applying the defaults to all existing listeners of that type
New in Cerberus FTP Server 5.0.3.1 (May 14, 2012)
- Minor UI bug fixes and improvements
- Added email notification option for approving or declining account requests
- UI updates to better support Windows 8 and Server 2012
- Added a MIME type mappings file to allow user customization of MIME types for the web client
- Updated OpenSSL to latest version
- Can now use a DNS-style domain name for AD authentication on Windows 2003 server and lower OS
- More flexible domain controller auto-selection for Windows 2003 server and lower
- Group IP whitelists are now applied to AD and LDAP users
New in Cerberus FTP Server 5.0.3.0 (Apr 21, 2012)
- Added an option to create impersonated AD user before creating the intial home directory to ensure the AD user has owner rights on the home directory
- HTTP/S range support for partial content retrieval and file resume
- Updated the web client
- Updated controls for Users page of the User Manager
- Added ability to restrict IPs by user account or group
- Added maximum upload file size quota for user accounts
- Added event rule for disable-after-date events
- Fixed a bug where some symbols in URLs were not properly escaped
- Fixed events bug where server operations actions were not saved properly to file
- Fixed a bug where SSH clients attempting to open unsupported channels are not told of the failure
New in Cerberus FTP Server 5.0.2.0 (Mar 19, 2012)
- Web client directory browser re-write for major performance improvements by performing paging, sorting, and filtering on the server
- Removed file and directory display limits from the web client directory browser
- New, dynamic user and group updates through the web client
- Enable or disable allowing user updating through the web client
- Enhanced certificate conversion now separates and includes CA certificates when converting a binary certificate bundle to PEM format
- Rolled back a change to FTP PORT socket binding introduced in 5.0.1.1
New in Cerberus FTP Server 5.0.1.2 (Mar 8, 2012)
- Fixed a bug that prevented changing the default SOAP port
- Fixed a bug that prevented creating new users through the web admin if a password policy was set
- Added the ability to customize the web client login image, page title, default directory list count, and file date local time and timezone display from the UI
- Added a file preview feature to the web client
- Added an event time variable and the ability to filter by time
- Added server event targets delete and disable user or group
New in Cerberus FTP Server 5.0.1.1 (Mar 8, 2012)
- Fixed an SFTP bug that resulted in an SFTP client timeout while establishing a session
- Added additional fault tolerance if the SOAP port is in use by another process
- Usability improvements to the Event Manager
- Smarter detection of SOAP port and protocol changes by the Cerberus UI
- Enhancements to port binding to require exclusive access to the port
- Improved error messaging for in-use ports in the log
New in Cerberus FTP Server 5.0.1.0 (Feb 9, 2012)
- Added ability to enter a license key via web administration
- Cleanup and enhancement of the HTTP/S web client
- HTTP/S web client can now delete directories that are not empty
- HTTP/S web client file zip and unzip support added
- Added confirmation dialog before deleting files of directories in the web client
- Web administration enhancements and bug fixes
- The server no longer waits for a client SSH NEWKEYS before sending its own new keys message
- Fixed a bug in the Event Manager that would not allow deletion of an event sink
- Fixed a bug that could result in the group variable not getting set for some HTTP/S
- file transfer events
- Fixed a User Manager rename bug that resulted in user settings not getting when a user was
- changed right after getting renamed
- Fixed a group save bug that resulted list permission changes not getting saved
- Fixed an exception bug if TLS/SSL was disabled and an FTPS or HTTPS connection was attempted
New in Cerberus FTP Server 5.0.0.7 (Jan 13, 2012)
- Fixed a bug when adding virtual directories in the User Manager
- Added icons for common file types to HTTP web client
New in Cerberus FTP Server 5.0.0.6 (Jan 13, 2012)
- Added option to redirect HTTP to HTTPS for HTTP interfaces
- Added support for larger ephemeral keys during SSH key exchange
- ECDH SSH key exchange is now supported regardless of server host key type
- Updated cryptographic library
- Added event variable selection option to the event manager
New in Cerberus FTP Server 5.0.0.5 (Jan 13, 2012)
- Improved HTTP/1.0 support
- Content-Disposition with filename now set for downloaded files
- Automatic conversion of certificates to PEM format for FIPS mode
- FTPS protocol checking bug fix
- Added option to turn on/off welcome message for HTTP/S connections
- Added option to turn on/off welcome message for SSH SFTP connections
- Added option to disable web account requests for HTTP/S connections
- Added option to stop checking authentication sources if user exists
- in a source but password was incorrect
- Performance improvements
New in Cerberus FTP Server 5.0.0.4 (Jan 13, 2012)
- Fixed an HTTP protocol bug for x64
New in Cerberus FTP Server 5.0.0.3 (Jan 13, 2012)
- Improved HTTP caching headers for better web client performance
- Improved HTTP error handling
- Added STARTTLS and TLS/SSL SMTP server support for email notification
- Added ability to permanently whitelist an IP address
- Added event manager support to web administration
- Added DoS protection for HTTP connections
- Fixed a problem with IE sending multiple cookies with the same name
- Fixed an SFTP append bug
- Fixed an HTTP bug that prevented some uploads with AD accounts
New in Cerberus FTP Server 5.0.0.2 (Nov 16, 2011)
- Fixed bug with AD authentication and HTTP
- Fixed HTTP cookie not always getting set
- Fixed an AD directory mapping bug
- Fixed an HTTP upload bug in some version of IE
- Improved HTTP redirection
- Improved web client error reporting
New in Cerberus FTP Server 5.0.0.1 (Nov 16, 2011)
- Added web administrator account request approval
- Added web administrator security page
- Added web administrator add/delete listener capability
- Several web administration bug fixes and usability improvements
- IP manager UI bug fix
- Minor bug fixes
New in Cerberus FTP Server 5.0.0.0 (Oct 25, 2011)
- HTTP and HTTPS client access
- Event support (SMTP notification, launch an external process)
- New Summary page provides health, security and compliance status at a glance
- New password change policy requirement options
- New password expiration policies
- New password storage options: Cryptographically salted MD5, SHA1, SHA256, SHA512
- SSH SFTP password change support
- Added file and directory listing permissions to virtual directories
- Added FTP MODE Z compression support
- SFTP now sends the welcome message as an SSH banner message
- New account request via web HTTP/HTTPS
- Added option to add additional account information like name, email, telephone
- Added support for new FTP HASH command
- Added ability to restrict login by protocol login on a per user and group basis
- Added SSH MAC algorithms hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96
- Improved web administration performance and web administration options
- New CSR generation tool
New in Cerberus FTP Server 4.0.9.8 (Oct 5, 2011)
- Server no longer creates the Global Home/%username% directory for AD users if it does not exist and the user fails login
- Added a file open fix for a buggy SFTP client
- Improved GUI/service communication
New in Cerberus FTP Server 4.0.9.7 (Jun 28, 2011)
- Added support for SFTP text and append mode
New in Cerberus FTP Server 4.0.9.6 (May 19, 2011)
- Fixed an FTPS bug that could prevent the server from accepting connections
New in Cerberus FTP Server 4.0.9.5 (May 17, 2011)
- Enhanced logging
- Virtual directory roots are no longer deletable through FTP or SFTP commands
- Notification of support agreement ending for licensed users
- UI internal cleanup and optimizations
- Entering a license key now prompts to restart the server
- Allow DSA with SSH in FIPS mode
New in Cerberus FTP Server 4.0.9.4 (Apr 22, 2011)
- Fixed a problem with interface settings not always saving
New in Cerberus FTP Server 4.0.9.3 (Apr 19, 2011)
- Recompiled with Visual Studio 2010 SP1 and latest SDK
- Improved error checking
New in Cerberus FTP Server 4.0.9.2 (Apr 7, 2011)
- Removed an SSL shutdown check that could prevent certain buggy clients from disconnecting
- Improved system performance
New in Cerberus FTP Server 4.0.9.1 (Mar 28, 2011)
- Allow zero length file transfers for FTPS connections
- Ignore permission change requests with SITE CHMOD (meaningless on Windows)
- SFTP permission rules now identical to FTP for deleting existing files
- Better consistency with file operation logging and auditing between different protocols
- Turn on and off specific screen log messages
New in Cerberus FTP Server 4.0.9.0 (Mar 11, 2011)
- Added elliptic curve key exchange for SSH SFTP as specified in RFC 5656
- Added support for elliptic curve SSH client keys
- FTPS performance improvements
- No longer sets file size on file creation when SFTP clients request it
- Fixed a bug in the STOU command introduced in version 4.0.8.3
New in Cerberus FTP Server 4.0.8.3 (Feb 23, 2011)
- Enhanced FTP and FTPS file and directory operation auditing and error reporting
- Added basic FTP STAT command support
- Improved FTP HELP command support
- Fixed self-signed certificate wizard would fail if no email address was specified
- Additional error checking during initial setup wizard
New in Cerberus FTP Server 4.0.8.1 (Feb 18, 2011)
- Fixed interface status pane was sometimes hidden
- Fixed a remote settings save bug
- New certificate verify dialog
- New Cerberus logo and icon
New in Cerberus FTP Server 4.0.8.0 (Jan 21, 2011)
- Require verifying security settings before saving and applying new settings
- Fixed a bug that could result in failure to decode file-based OpenSSH public keys
- RFC conformance for active mode data connections established from non-standard
- FTP ports (L-1 instead of always from port 20)
- RFC comformance for default data port when no PORT or PASV command is issued
- Fixed a bug that could result in service shutdown when terminal services connections are terminated
New in Cerberus FTP Server 4.0.7.7 (Dec 28, 2010)
- Added an option to export the public key in 2 popular SSH formats
- Added a configuration option to only require an exclusive write lock when writing uploaded files instead of the default exclusive lock
- Changing remote admin username and password no longer requires a service restart to take effect
- Installers now download and install MSXML 6 if it isn't detected on the machine
New in Cerberus FTP Server 4.0.7.6 (Dec 1, 2010)
- Fixed rare bug that could cause failure to accept connections
- Minor logging improvements
- Added right-click log window copy to clipboard
- Enabling or disabling remote web access not longer requires a service restart
- Updated auto-updater for Windows 2000 machines
New in Cerberus FTP Server 4.0.7.4 (Nov 21, 2010)
- Improved SFTP channel window size handling
New in Cerberus FTP Server 4.0.7.3 (Nov 15, 2010)
- Added feature to allow manually specifying interfaces when an interface isn't detected
- Fixed UI to allow user mapping through the GUI when multiple LDAP servers have the same IP
- Fixed a possible memory leak with LDAP authentication
- Fixed a virtual directory bug for overlapping paths
- Numerout UI improvements
- Performance improvements
New in Cerberus FTP Server 4.0.7.2 (Nov 2, 2010)
- Added a statistics file error detection and automatic repair feature
- Added logging output, statistics generation, and several several IP manager options to web administration
- Added ability to add/modify/delete groups to web administration
- Significant improvements to web administration performance and layout
- Significantly increased the SSH maximum packet size to accomodate clients that use large packets
- Fixed a bug in WAN IP autodetection that could result in excessive processor utilitization
New in Cerberus FTP Server 4.0.7.1 (Oct 30, 2010)
- Added logging output to the web administration interface
- Added several IP manager options to the web administration
- Added ability to add/modify/delete groups to web administration
- Significant improvements to web administration performance and layout
- Significantly increased the SSH maximum packet size to accomodate clients that use large packets
- Fixed a bug in WAN IP autodetection that could result in excessive processor utilitization
New in Cerberus FTP Server 4.0.7.0 (Oct 20, 2010)
- Added a DoS option to IP autoblocking to allow blocking connection attempts that do not attempt to login
- LDAP and AD user to group mappings are no longer case sensitive
- LDAP users now honor the disabled flag if it is set on a mapped Cerberus group when authenticating with PK
- LDAP users no longer require the "Use Cerberus Groups and Directories" flag set when mapping LDAP users to groups
- All binaries are now compiled with VS2010 and linked with the v10 CRT
New in Cerberus FTP Server 4.0.6.0 (Oct 9, 2010)
- New smaller, smarter and more reliable installer
- New complete server configuration backup and restore feature
- Statistics page generation can now be done while running as a service
- Larger list boxes on the Users and Groups page of the User Manager
New in Cerberus FTP Server 4.0.5.5 (Oct 2, 2010)
- Added web service block address method
- Fixed an SFTP bug that could result in corrupt file transfers for some Unix SFTP clients
- Updated logging library
New in Cerberus FTP Server 4.0.5.4 (Sep 27, 2010)
- Added quotes around the path string when installing as a service
New in Cerberus FTP Server 4.0.5.3 (Sep 27, 2010)
- Additional LDAP error logging
- Disable offering MAC MD5 algorithm for selection in FIPS 140-2 mode for SFTP
- FTP connection denied messages were not being encoded correctly
New in Cerberus FTP Server 4.0.5.2 (Sep 23, 2010)
- Faster startup time
- Improved public key authentication compatibility for SFTP clients based on OpenSSH
- Support for SFTP real path compose and compatibility improvements with some SFTP clients
New in Cerberus FTP Server 4.0.5 (Sep 3, 2010)
- Condensed authentication logging
- AD authentication will use the nearest domain controller for AD authentication instead of always using the PDC
- Fixed unable to select "Password" authentication without selecting a public key bug
- Fixed log file color of warning messages and added several suggest fix log file messages for common problems
- SFTP real path command improvements
New in Cerberus FTP Server 4.0.4.3 (Sep 3, 2010)
- Fixed a bug with Active Directory and LDAP authentication of SFTP users
New in Cerberus FTP Server 4.0.4.2 (Aug 18, 2010)
- Lowered the SSH initial window size for a channel to work-around buggy SFTP clients
- Better SSH windows size negotiation support for large file transfers
New in Cerberus FTP Server 4.0.4.1 (Aug 18, 2010)
- Added support for OpenSSH public key format
New in Cerberus FTP Server 4.0.4.0 (Aug 18, 2010)
- Added Public Key authenticaton for SFTP
- Cleaned up the Interfaces tab to prevent duplicate ip/port changes and to warn about inconsistent interface/port combinations
New in Cerberus FTP Server 4.0.3.3 (Jul 21, 2010)
- Fixed a bug with SFTP listings not allowing UNC virtual directories
- Improved compatibility with SFTP clients and very large directory listings
- Improved compatibility with SFTP clients that STAT the root directory
New in Cerberus FTP Server 4.0.3.2 (Jul 20, 2010)
- Fixed a that could result in the passive port range being reset to the default when upgrading to version 4.0.3
- Fixed a minor bug that would result in directory listings failing when given the path "./"
New in Cerberus FTP Server 4.0.3.0 (Jul 1, 2010)
- Default interface settings can now be set for all types of interfaces
- Newly detected IP addresses can now be configured to auto-bind to multiple types of listeners
- All lists can now be sorted on the LDAP and AD mapping tabs
- Fixed a bug in the web administration GUI that prevented changing download permission on a virtual directory
- Fixed a bug in the SITE PSWD command that would reject passwords with captial letters
- Fixed a bug in the MLSD and MLST commands that caused directory listings to always show hidden files
- Fixed a bug in client certificate authentication
- CA certs are now loaded when present in PKCS12 files
- Added support for Certificate Revocation Lists (CRLS)
- Added support for DSA and Elliptical curve certificates
- Added support for ephemeral RSA and Diffie-Hellman key exchange
- Added DSS key exchange support for SSH SFTP
- The self-signed certificate creation dialog now offers the choice of RSA, DSA, or Elliptical Curve certificates
- Added support for SSH2 public key authentication
- SSL settings can now be changed and applied without restarting the server
New in Cerberus FTP Server 4.0.2.2 (Jun 14, 2010)
- Display bug fix for SSH connection ID always being zero for the first log message for that connection
- Fixed a bug with temporary IP blocks being released too early
- Whitelist IP mode now honors temporary auto-blocking (if set) instead of permanently removing an IP address
- User interface improvements for the IP Manager (context menu options and header sorting for the IP list)
- Added context menu options for filtering the onscreen log view
- Fixed a bug where max simultaneous connections wasn't tracked correctly for a user
- Fixed an AD user impersonation bug
New in Cerberus FTP Server 4.0.2 (Jun 7, 2010)
- Disabled status is now taken into consideration for LDAP and AD groups
- Disabled groups now show up faded on LDAP and AD mapping tabs
- Autoblocking now works properly for SFTP connections
- Fixed a handle leak with SFTP connections
- Increased the size of the IP Manager
- Added ability to search for an IP address in the IP Manager
- Added Classless Inter-Domain Routing (CIDR) support for adding IP ranges to the IP Manager
- Added option to change virtual directory paths in the User Manager
New in Cerberus FTP Server 4.0.1 (May 24, 2010)
- Improved support for SFTP key re-exchange
- Several improvements to the web administration interface
- Added an option to ignore SFTP channel window size violations
- Added an option to disallow setting SFTP encryption to 'none'
- More forgiving directory parsing code for paths with multiple consecutive slashes in non-virtual directory mode
New in Cerberus FTP Server 4.0.0.9 (May 18, 2010)
- Improved the web administration interface and added new features
- Fixed a bug with using SFTP in FIPS 140-2 mode
- Fixed a bug with failing to recognize IP ranges during IP blocking
- Updated SOAP support
New in Cerberus FTP Server 4.0.0.8 (May 10, 2010)
- Fixed a simple directories bug for SFTP
- Fixed a passive connection bug
- Fixed a bug that could result in problems changing interface ports
- Updated the OpenSSL libraries to the latest version
New in Cerberus FTP Server 4.0.0.6 (May 7, 2010)
- Fixed a bug that could result in problems changing interface ports
- Updated the OpenSSL libraries to the latest version
New in Cerberus FTP Server 4.0.0.5 (May 6, 2010)
- Added File transfer over SSH (SFTP)
- Added Implicit TLS/SSL FTP (FTPS)
- Added ability Listen for connections on multiple ports for a single IP
- Allow simultaneous FTP, SFTP, and FTPS for a single interface
- Allow Active Directory domain authentication against multiple domains
- Allow LDAP authentication against multiple LDAP servers
- Associate Active Directory users and LDAP users with Cerberus Groups to allow customization for individual Active Directory or LDAP users
- New policy page to allow configuring password length and complexity requirements
- Auto-disable native accounts after too many failed password attempts
- New Authentication chaining control to allow configuring the order that users are checked against authentication services
- Temporary user and group accounts
New in Cerberus FTP Server 3.1.4.1 (Apr 30, 2010)
- Updated configuration files to encrypt some settings
- Added a Verify button to the Security dialog to test certificates and keys
- Service and GUI now sync up immediately when the GUI changes the username or password of the service
New in Cerberus FTP Server 3.1.3 (Feb 10, 2010)
- This release fixes a few bugs and is the first release to be tested and pass the Microsoft "Compatible with Windows 7" test suite.
New in Cerberus FTP Server 3.1.2 (Feb 6, 2010)
- Adjustments to screen drawing code to better deal with screen DPI scaling
- Added additional SSL connection auditing information (cipher used) to the log
- Added capability to select the ciphers used and not used for secure connections
- Fixed a bug where interfaces configured for passive mode DNS or manual IP could switch modes when running as a service
New in Cerberus FTP Server 3.1.1 (Feb 3, 2010)
- Added a limiter to the user manager when enumerating Active Directory accounts
- Improved error checking for some commands
- Added support for SITE UTIME command (both formats)
- Made sure to properly shutdown TLS/SSL connections for idle connection time outs
- Added support for client command OPTS UTF8 OFF to turn off default UTF8 mode
New in Cerberus FTP Server 3.1.0.5 (Jan 27, 2010)
- Added an alternate IP address detection method for rare cases where an IP interface can't be detected
- Fixed a problem with the service always using the default passive port range
New in Cerberus FTP Server 3.1.0.4 (Dec 18, 2009)
- Fixed a bug that could cause connections to disconnect immediately after making a connection
- Enhanced the listing commands with more UNIX-style options
- Fixed listing commands with wildcards for network shares
New in Cerberus FTP Server 3.1.0.3 (Dec 16, 2009)
- Reorganized the Active Directory and LDAP authentication configuration pages
- Added the option to pick a group to associate with an Active Directory user
- Active Directory user home directories can now be located on non-anonymous shares
- Added the option to select a "Global Home Directory" for LDAP users or a "Global Home Directory/%username%" just like for Active Directory users
- Better error checking and reporting for when there are problems accessing virtual directories
- Miscellaneous performance improvements
New in Cerberus FTP Server 3.1.0.0 (Nov 23, 2009)
- Renaming a group now updates users that include that group
- The GUI can now be accessed when running as a service
- Large performance improvements when running in service mode
New in Cerberus FTP Server 3.0.8.1 (Oct 26, 2009)
- Fixed GUI resizing issues when running as a service running as a service
- Fixed a recurring handle leak
New in Cerberus FTP Server 3.0.8 (Oct 15, 2009)
- Fixed a bug could cause the server to crash
- Made all SOAP calls require login credentials
- System-wide performance improvements
New in Cerberus FTP Server 3.0.7.1 (Oct 7, 2009)
- Fixed a bug that could allow an attacker to crash the server
New in Cerberus FTP Server 3.0.7 (Oct 5, 2009)
- Fixed a bug that could allow multiple instances of Cerberus to run when running as a service
- Vista and higher will no longer get interactive service messages when running as a service
- Performance improvements
New in Cerberus FTP Server 3.0.6 (Sep 28, 2009)
- Added loopback address detection for IPv6 addresses
- Added support for clients that quote the filename passed for XCRC, XSHA1, XSHA256, XSHA512, and XMD5 commands
New in Cerberus FTP Server 3.0.5 (Sep 21, 2009)
- Minor bug fixes and performance improvements
New in Cerberus FTP Server 3.0.4 (Sep 12, 2009)
- Miscellaneous system-wide performance improvements
- Additional system logging and error checking
- Added a log filter to the logging tab
- Added a the capability to require secure control and data connections on a per user and per group basis
- Minor UI improvements
- Fixed a bug that resulted in not being able to select network shares or mapped drives from the dialog box for user directories
- Made the SOAP API version 1.2 compliant
New in Cerberus FTP Server 3.0.3 (Aug 25, 2009)
- Fixed a bug that refused anonymous logins with empty passwords
- Fixed a bug that sometimes prevented interface settings from being applied at startup
- Fixed a crash bug
- APPE can now append to files greater than 4GB in size
- Added over a dozen new web service calls
- Updated the help file
New in Cerberus FTP Server 3.0.1 (Jul 31, 2009)
- Fixed General tab of IP Manager not displaying on Windows 2000 Server
- Fixed IP block time not getting updated for connections
- Fixed authentication so that the group setting for "Is Anonymous" and "Is Disabled" was
- considered for a user that was part of the group
- Updated the help file
New in Cerberus FTP Server 3.0.0 (Jul 22, 2009)
- Added LDAP authentication support
- Minor bug fixes
New in Cerberus FTP Server 3.0.0 Beta 15 (Jul 22, 2009)
- Fixed a bug that prevented default interface settings from being applied to new interfaces
New in Cerberus FTP Server 3.0.0 Beta 14 (Jul 22, 2009)
- Fixed a bug that prevented authenticating FTP accounts against NT domain users
New in Cerberus FTP Server 3.0.0 Beta 13 (Jun 18, 2009)
- Features present or being worked on in this beta
- International character set and FTP UTF-8 support
- FIPS 140-2 Validated Cryptography
- Groups support
- Added an auto-update system to detect and automatically upgrade to newer versions of Cerberus
- Added support for several new commands, including CLNT command (client name),XCRC,XSHA1,SITE ZONE, CCC, MFMT, and MFCT
- Converted the users and settings files to XML - No more dependency on the Windows Registry
- Complete rewrite of the underlying GUI framework
- Changed library linking to dynamically link to CRT libraries instead of static linking
- Updated the look and feel of the GUI controls, new toolbar buttons, converted many icons to Vista quality
- Added a moving chart to the statistics pane to show upload and download bandwidth used over time
- Certificate Authority and Client Certificate Verification support
- Certificate Revocation List support
- Native 64 bit version of Cerberus FTP Server
- Improved SOAP support
New in Cerberus FTP Server 2.50 (May 6, 2009)
- Updated the OpenSSL packages to the latest versions
- Fixed a bug with the SIZE command
New in Cerberus FTP Server 2.49 (Oct 2, 2008)
- Added an option to disable shutting down the server when the operating system is shutting down
- Updated the log4cxx and OpenSSL packages to the latest versions
- Fixed an incompatibility with some FTP clients when using secure connections
- Fixed a bug that sometimes resulted in the server service shutting down when a user logged out
- Updated the log4cxx and OpenSSL packages to the latest versions
- Cerberus now binds to the C-Runtime libraries dynamically
New in Cerberus FTP Server 2.48 (Jun 27, 2008)
- The RETR command now correctly returns an error code when a path is a directory instead of a file. This will improve Firefox compatibility.
- Updated the log4cxx and OpenSSL packages to the latest versions
New in Cerberus FTP Server 2.47 (Feb 11, 2008)
- Fixed a bug that resulted in no response being sent back for an unsupported MODE
- Added an option to disable/enable detection of IPv6 addresses
- Fixed a toolbar display issue
- The columns in the main tab window now auto-resize when the applications size changes
New in Cerberus FTP Server 2.46 (Nov 8, 2007)
- Fixed a bug that prevented blocking a connected user from the GUI
- Fixed a bug that caused the MDTM command to fail when setting a date/time and the file path contains spaces
- Fixed a bug that resulted in a failure code being returned when a directory LIST or NLST filter returned no matching files
- Fixed an XSS vulnerability in the web interface
New in Cerberus FTP Server 2.45 (Apr 27, 2007)
- Fixed a bug that prevented blocking a connected user from the GUI
- Fixed a dynamic DNS bug that resulted in the wrong external IP being used when multiple interfaces are resolving from different DNS addresses
- Fixed a bug in the IP blocker dialog that sometimes failed to properly delete an IP address
New in Cerberus FTP Server 2.44 (Mar 28, 2007)
- Fixed a display bug in the generate statistics function
- Fixed a dynamic DNS bug
- Fixed a bug in the IP block list that prevented IP addresses from being deleted
- Fixed a bug in the IP block manager that resulted in corrupt block list upgrades from verison 2.42 and below
- Fixed a bug in that sometimes resulted in failed active data connections
New in Cerberus FTP Server 2.4.3 (Mar 20, 2007)
- Preliminary IPv6 Support
- Resolved installation issues on Windows 2000
- Added an option to always use the local address for passive commands when the connection is on the same LAN
New in Cerberus FTP Server 2.4.2 (Feb 28, 2007)
- Resolved a bug that could result in a crash when generating a statistics file
- Resolved a bug resulting in a connection never terminating when a remote client's connection is broken during an upload to the server
- Compiled against the most recent version of OpenSSL (0.9.8e)
New in Cerberus FTP Server 2.4.1 (Feb 22, 2007)
- Updated the logging system to use the latest version of log4cxx
- Fixed a bug that resulted in the log file failing to be updated when running as a service
- Updated the gSOAP support and fixed a realm authentication bug
- Added support for the EPRT and EPSV commands
- Compiled against the most recent version of OpenSSL (0.9.8d)