Release Notes for Version 1¶

Update Unix initialization scripts.

Add support for FTP APPE command. For more details consult the IETF RFC 959.

Implement globbing for FTP NLST and LIST commands. Globbing support is limited to Unix Shell wildchars * , ? , [ and ].

Add more details to audit trail when reporting failures for SFTP service.

Add more details to audit trail when reporting failures for FTP/FTPS service.

Add details for FTP active and passive data connection failures.

Add support for authentication legacy SFTPPlus WebAdmin accounts based on SSH keys. This requires SFTPPlus WebAdmin version 1.7.0 or higher.

Use persistent HTTP connections when sending logs to legacy SFTPPlus WebAdmin.

Fix initialization of SFTPPlus server configuration using server-commands --initialize.

[security][sftp] Fix checking public key signature when authenticating SFTP sessions using public key authentication method.

Allow application account to work together with SFTPPlus WebAdmin. In SFTPPlus Webadmin, "application" and "os" account are configured as "Local users".

When the FTP/FTPS data channel connection is closed abruptly (connection lost), the server will ignore these kinds of errors.

Display more details about a failed SSH authentication, instead of an internal server error.

[security] When writing into existing files, truncate file size to the new uploaded file. Previously, when uploading a file smaller than the existing one, the file content was overwritten only with the new data, leaving the remaining data unchanged.

Close FTPS control channel when the remote client does not close the connection in a clear way.

Close idle FTP/FTPS data connections. For more details, check documentation for FTP/FTPS service configuration.

Send an error to the client when failing to start an FTP/FTPS session due to an internal server error.

Log an error when FTP/FTPS data connection has not been closed correctly.

Log the amount of data received and sent over FTP/FTPS data channel.

Add support for user groups.

[win] Add limited support for OS accounts on Windows XP and 2003. Accounts are locked inside their home folders and an explicit home folder is required to be defined for each user or the group associated with these accounts.

Add support for Implicit FTPS service. Protocol type "ftpsi" is used for configuring Implicit FTPS services.

Allow external / 3rd party mechanism for authentication and retrieving account configuration.

Document event's data properties.

Add a command for generating encrypted passwords.

Add support for using encrypted password for application accounts. Passwords are salt-based SHA-256 hash values.

Add 'allow_certificate_authentication' option to user's configuration. This allows per user enable / disable the authentication based on SSL certificates.

Fix data channel connections closing in passive mode. The connection is cleared as soon as it is closed.

Service configuration was changed to allow starting an arbitrary number of services for each supported protocol. Each service has its own configuration file.

[technology preview] Add initial support for transferring files over HTTP and HTTPS services. Full support and documentation will be available in the next updates.

Add support for enabling / disabling logs using log groups.

Log file is initialized as services_account (if defined), rather than the account launching the server.

[security][sftp] Fix checking public key signature when authenticating SFTP sessions using public key authentication method.

Fix installation errors introduced by 1.7.19.

Add idle connection timeout configuration for FTP/FTPS service. This is configured by the service_idle_connection_timeout directive from service configuration file.

Add idle connection timeout configuration for SFTP service. This is configured by the service_idle_connection_timeout directive from service configuration file.

Add maximum number of concurrent connections for FTP/FTPS service. This is configured by the service_maximum_concurrent_connections directive from service configuration file.

Add maximum number of concurrent connections for SFTP service. This is configured by the service_maximum_concurrent_connections directive from service configuration file.

Allow loading encrypted SSL certificate's key. This is configured by the service_ftps_ssl_key_password from the FTP/FTPS service configuration file.

Allow loading encrypted SSH private keys. This is configured by the service_rsa_private_key_password and service_dsa_private_key_password from the SFTP service configuration file.

Log unknown or unimplemented FTP commands.

Add support for Extending Passive (EPSV) and Extended Port (EPRT) commands.

Add support for FTPS Clear Command Channel (CCC).

When the server starts, list privileges for the account under which server was started. This should help troubleshoot permission related configuration errors.

[Windows] Create home folders for newly created accounts. For this action, the account under which the server is executed will require "SeBackupPrivilege" and "SeRestorePrivilege".

[Unix] Add support for running the server as a simple account. In this case only application accounts will be authenticated by the server.

Refactor the way local user is queried. This should fix some errors on the Windows systems.

Prepare local web administrator to support a dedicated administration username and password.

Add support for internal and external log file rotation.

Fix SFTP service automatically generated config file.

Improve user configuration file to allow configuring local account and add more flexibility to the way accounts are configured.

Create dedicated groups for specifying general behaviour for all application accounts and for all operating systems accounts.

Add a server command for initial configuration that will generate new ssh key files and a self-signed certificate.

Add service_ignore_create_permissions to SFTP service configuration for ignoring SFTP clients to set file and folder permissions at creation time.

Add a log when a file transfer was done in SFTP.

Add IP and port number for SFTP logs after an account was successfully authenticated.

Fix server initialization.

Allow server to execute under the same account used for starting the main server process.

Add support for authenticating Centrify accounts.

[security][sftp] Don't allow application account to authenticate with SSH keys when SSH keys are disabled.

Allow using SFTPPlus Webadmin only for authentication, only for storing audit entries, or for both.

[security][sftp] Don't allow application account to authenticate with SFTP without specifying either a non-empty password or an SSH key.

Fix access to files from supplementary groups.

Add logs for disabled accounts.

Fix closing connection when transferring an empty file over FTPS.

Update OpenSSL library on Windows.

Improve handling SSL connections close procedures before the SSH handshake was finalized.

Improve Unicode handling on POSIX-based locale.

Add support for Solaris 10 on Intel x86.

Add option to specify FTPS SSL/TLS cipher list.

Add option to specify FTPS methods.

Allow FTP FEAT command to be called at any time during an FTP session.

Allow FTP authentication based on SSL certificate and no longer require a password. Certificate's Common Name must match user name.

Fix FTPS Active connections.

Raise an error if a download request is made on FTP for a folder.

[security][unix] Fix user impersonation under Unix.

Update installation documentation.

Add startup execution command.

Fix ssh key generation.

Fix SFTP operations for application users.

GUI installer on Windows.

Add utility for generating RSA/DSA keys.

Check for OpenSSL support.

Add support for application users.

Add server name and version into FTP welcome message and SSH protocol string.

[0.1.11] Add support for ignoring SFTP file/folder mode on creation.

[0.1.10] Add support for username and password PAM authentication.

[0.1.8] Add umask option for uploaded files.

[0.1.7] Fix SFTP set attribute command.

[0.1.5] Add an option for creating home folders for SFTPPlus users.

[0.1.5] Improve unicode support for authentication errors.

[0.1.4] Fix setting initial working folder for SFTPPlus users.

[0.1.4] Add support for Red Hat Enterprise Linux 4 and 5.

[0.1.4] Log an error if service account is not available.

[0.1.4] Log an error if RSA/DSA keys could not be found.

[0.1.3] Add FTP passive port range.

Add support for ignoring SFTP requested mode on file and folder creation.

• Ignore mode on creation is enabled by default.

• Ignore mode can be changed from constants.py via IGNORE_CREATE_PERMISSIONS

Add support for username and password PAM authentication.

Use 0666 as default mode for files and 0777 for folders.

Add umask option for uploded files.

Fix file transfers using WinSCP.

Allow SFTPPlus WebAdmin users to authenticate based on RSA/DSA keys.

Add an option for creating home folders for SFTPPlus users.

Improve unicode support for authentication errors.

Fix setting initial working directory for SFTPPlus users.

Add support for Red Hat Enterprise Linux 4 and 5.

Log an error if service account is not available.

Log an error if RSA/DSA keys could not be found.

Add FTP passive port range.

Use default port numbers for services.

[Windows] Fix Windows service install for SFTP service.

[Windows] Fix Windows service uninstall for services.

[Windows] Log service startup errors in Windows Event logger.

[Windows] Use Windows end of line for log file on Windows.

[Windows] Add error number when failing to get user home folder on Windows

Add more FTP and SFTP logs.

Send logs to SFTPPlus Webadmin

[Unix] SFTPPlus users will always run under a single local account defined by 'service_account' configuration key.

[Windows] SFTPPlus users will run under the account configured for the specific windows service.

Operating system users can use the default OS home folders, or a custom home folder specified by 'os_users_custom_home_folder_path' configuration key.

SFTPPlus users are always locked into their home folder