- Addresses SSH protocol terrapin-attack vulnerability (Terrapin Attack) by providing strict key exchange countermeasure through maverick synergy 3.0.22.
- Addresses bouncycastle-fips CVE-2022-45146 by upgrading library to 126.96.36.199.
- Only send “prompt=select_account” extra parameter during identity provider login when identity provider starts with https://accounts.google.com to address compatibility with parameter on other OIDC providers.
- Updated Maverick to 3.0.21 to address Passive SSH Key Compromise
- Address Deserialization vulnerability in Admin api for OIDC that affects versions 3.004.01-3.004.03.
- Address snakeyaml CVE-2022-1471 by updating snakeyaml to 2.x.
- Address cve-2023-34034 by updating Spring Security.
- Handle disconnect during file upload by deleting the partial file from cloud storage.
- Improve performance when many folders are defined for a user.
- Remove “Flagging IP Address” message when default IP Ban feature is disabled.
- Update azure-storage-blob sdk to 12.23.1.
- Update google-cloud-storage sdk to 2.26.0.
- Update aws sdks to 2.20.127 and 1.12.530.
- On Azure, the swap partition did not persist on reboot. It is now persisted across reboot.
- List all files (even if more than 1,000) in Google Cloud Storage Buckets.
- Support file and folder names with backslash characters.
- Include Banner Text in exported backup file.
- Allow lack of “s3:ListAllMyBuckets” permission.
- Update Spring Security to address CVE-2023-20862.
- Show admin option to change password in admin ui.
- Show import errors when there are conflicts during import of Identity Providers.
- Resolve issue with newer ssh clients where RSA keys are rejected with message: sign_and_send_pubkey: no mutual signature supported.
- Allow access to logs and other diagnostic information via the new Diagnostics tab.
- Enable all SFTP host keys regardless of security level.
- Admin can configure additional OpenID Connect (oidc) scopes on the Identity Provider forms.
- Fixed bug that prevented synchronization between HA servers on AWS in v3.4.0.
- Fixed compatibility issue with Azure Monitor Agent.
- Admins can now change the storage account/container on the Azure Cloud Connection form.
- Refreshes Identity providers list on settings screen after backup import.
- Other UI Improvements.
- Adds OIDC login for Web Admin UI.
- Allows configuration of multiple External Identity Providers to allow OIDC login to Web Admin UI.
- Display cloud connection resolved path for a user’s home directory when creating or editing a user.
- Fixed bug that prevented deletion of user with multiple SSH Keys or IPs Allowed.
- Fixed bug that prevented deletion of a directory on Azure when Hierarchical Namespace is enabled on the Storage Account.
- Updated Spring Framework version to 5.3.20 to avoid CVEs from previous versions.
- Updated Cloud Storage SDKs
- Updated AWS SDK to 2.18.28
- Updated Google cloud storage library to 2.15.1
- Updated Azure storage blob library to 12.20.1
- Fixes issue when uploading files over 250 MB to AWS or Azure that pause at 100% and then report a failure. The problem was a timeout between the SFTP Gateway server and the cloud storage locations.
- Normalizes headers in the Admin UI for consistency.
- Improves performance of listing many files in Google Cloud Storage.
- Improves performance of uploading files in AWS S3.
- Adds a user-friendly Admin Landing Page on the http port.
- Adds warning message when Host Keys are not in imported backup file.
- Adds configuration and overrides of UID and GID for a user.
- Fixed a file creation bug that caused problems when using SSHFS.
- Fixed issue where the # symbol in filename cuts off the rest of the filename on Azure.
- Fixed issue where the pound sign # in the IP allow list label breaks the export/import process.
- Adds Integrated help system.
- Adds PROXY protocol support to receive client IP address behind a load-balancer.
- Migrate from Ubuntu 20 to Ubuntu 22 on Azure.
- Add Configuration of SFTP banner text to Admin UI.
- SFTP Users will not see existing files when viewing a folder with write-only permission. In previous versions, the users could list, but not download, files in write-only folders.
- SFTP Support for ed448 public and private keys.
- SFTP Support for PuTTY Version 3 Private Key format.
- Fixed disconnect issue when having multiple AWS regions configured for a user’s folders.
- Fix the configuration of password policy so requirements can be disabled The following application properties will disable each requirement:
- Fixed VM Password support in Azure.
- Fixed issue with renaming folders on AWS where nested folders were not moved to the new name.
- Fixed SFTP v5 attribute flags being sent when using SFTP v4, which was breaking the listing of files in WinSCP in v3.3.2.
- Solved bug where a user logging in at the same time as another user could result in the first user seeing the second user’s folders and files.
- Solved bug on Google Cloud Connection where empty files failed to write.
- Corrected the test of a Google Cloud Connection so it considers access to a bucket's metadata.
- Fixed issue with passwords imported from SFTPGWv2 not working after initial login.
- Correct bug where disabling automatic IP ban behavior did not work.
- Update local postgres service on Amazon Linux to use postgresql13 from official repository.
- Add support for version 3 of the PuTTY Private Key File Format.
- Add support for ED448 public/private keys.
- Enables SCP support.
- Syncs server SSH host keys across HA instances, similar to the website key and SFTP host keys.
- Updates Spring and other dependencies to resolve possible CVEs.
- Displays the creation date (instead of 0) for folders created by the web admin portal.
- Improves Backup import service when merging Cloud Connection information.
- Fixes WinSCP issue with subdirectories backed by Folder objects (WinSCP: error decoding sftp packet).
- Fixes issues with S3 encryption types.
- Fixes issues with Metadata Content-Type.
- Fixes CloudWatch log streams, which were not showing up.
- Fixes compatibility with SFTP client software Panic Transmit.
- Shows whether an SSH public key was generated or was user-provided.
- Shows that the IP filter is disabled when the IP Allow List is empty.
- Shows Folder search results as paths.
- Configures S3 buckets (created by SFTP Gateway) with S3 Block Public Access.
- Adds a Test Connection button to the Cloud Connection creation process.
- Adds configuration option to disable automatic IP banning
- Updated SFTP Subsystem Maverick Library from 3.0.5 to 3.0.7
- Fixed bug that did not allow updating Azure Connection String to a new storage account
- Updated log4j api dependency to 2.17.1
- Resolved minor UI issues for Cloud Connection settings screens
- Fixed bug preventing write on an unencrypted S3 Cloud Connection to an encrypted s3 bucket
- Includes cis-test.sh tool on the image to support CIS scans
- Adds Google Cloud Connection
- UI improvements to the Cloud Connection settings page
- Refreshes status immediately when clicking the Test Connection button
- Displays loading screen when Java is not ready
- Fixes a bug with migration
clear-admin-users.shscript to reset (remove) web admin users
log4jyum package that wasn't in use
- Fixes a bug where the web page prompts you with basic authentication
- Fixes a bug where SFTP users cannot log in via WinSCP
- Fixes a bug where logs were not going to CloudWatch
- Fixes a bug where passwords were not working after migrating from version 2
- Fixes a bug where the Cloud Connection region was not getting imported from the backup artifact
- Fixes a bug with the Test Connection feature for Cloud Connections
- Fixes a bug with the password constraint validator
- Various other bug fixes
- Prevents a web admin from disabling all web admins
- Adds Admin UI protection from brute force attacks
- Various UI improvements
- Fixes a bug in the AWS SDK library that caused exceptions with concurrent executions
- Fixes a bug when displaying file last modified date
- Improves performance when setting file attributes on S3 objects by using an in-place copy instead of streaming the bits through the server
- Improves backup and restore support
- Adds SFTP subsystem log messages to the
- Adds username to Nginx access logs
- Various other bug fixes
SFTP files and folders
- Read and write files directly to S3, using the SFTP protocol
- Configure folder permissions with read-only, read/write, or write-only
- Map an SFTP user's chroot directory to an S3 bucket and path
- Folder mapping lets you configure a common scenario where an internal SFTP user has read/write access to external SFTP users' data, while external users cannot see each other's data
- Authenticate SFTP users with passwords or SSH keys
- Supports multiple SSH keys per SFTP user
- Adds password complexity requirements
- Adds disabled flag for SFTP users
- Configures IP whitelisting at the user level
- Supports multiple web admin accounts
- Simplifies first-time setup, which can be done entirely from the web admin UI (no command line required)
- Imports users and settings from SFTP Gateway 2.x via a migration process
- Has undergone an independent third-party security audit
- Separates SSH and SFTP onto different ports by default
- Enables audit logging to track SFTP actions
- Mirrors log files into CloudWatch
- CloudFormation template encrypts EBS volumes by default, for encryption at rest
- Use EC2 instance profile IAM permissions to access S3, or configure IAM user credentials for each S3 bucket cloud connection
Performance and maintenance
- Improves performance and scalability through the use of the AWS SDK for Java
- Uses Postgres instead of LDAP, for easier maintenance
- Same pricing as SFTP Gateway 2.x, which is a software charge of 6 cents USD per EC2 instance hour
- 30-day free trial