SFTPPlus Release 3.31.0

Tue 20 February 2018 | security release

We are pleased to announce the latest release of SFTPPlus version 3.31.0.

New Features

  • The option to enforce unique names for uploaded files is now available for the HTTP and HTTPS file transfer services. [server-side] [#4465]
  • A SOCKS version 5 (SOCKS5) proxy without authentication can now be used to connect to remote SFTP and SCP servers. [client-side][sftp][scp] [#4546]
  • A new event handler option is added in order to send filtered events to standard output. This can be used when running SFTPPlus in Docker or with other process supervisors. [#4645]
  • The option to enforce unique names for uploaded files is now available for the FTP, Implicit FTPS and Explicit FTPS protocols. [server-side] [#4650]
  • The file-dispatcher event handler can now be configured to automatically create destination folders. [#4652]
  • The close event description for SFTP and SCP client-side and server-side connection now contains the encryption used to protect connection. [client-side][server-side][sftp][scp] [#4668]
  • The HTTP and HTTPS file transfer services now allow uploading multiple files and adding files via drag and drop. [server-side][http][https] [#4673]
  • Support for Red Hat Enterprise Linux versions 7.0 to 7.3 with OpenSSL 1.0.1 was readded alongside support for RHEL 7.4 and newer using OpenSSL 1.0.2. [#4691]
  • A new secure configuration value is available for the ssl_cipher_list and ssh_cipher_list as part of the FTPS, SFTP, SCP, and HTTPS file transfer services. [security][client-side][server-side] [#4727]

Defect fixes

  • The transfer for SFTP and SCP locations is no longer interrupted when the remote server is requesting a SSH re-key exchange. This was affecting client-side transfers of files bigger than 1GB, as this is the point where some servers are re-keying. This is when either side forces the other to run the key-exchange phase which changes the encryption and integrity keys for the session. [client-side] [#4302]
  • It is now possible to stop the client shell at any time by pressing the Ctrl+C key combination. In previous versions this was not available while an operation was in progress. [#4626]
  • The AIX 7.1 build of SFTPPlus was updated to work with older OpenSSL versions. Previous versions of SFTPPlus (from 3.27.0 to 3.30.0) on AIX 7.1 required OpenSSL 1.0.2k or newer. [#4696]
  • SFTP and SCP client and server side can now handle key exchange process even for peers which advertise their SSH version string with trailing spaces. This can happen for Bitvise SSHD Server when configured to omit its version. [client-side][server-side][sftp][scp] [#4718]
  • The documentation for expression matching was updated to explain that regular expression matching is done as a search operation. For an exact match, use the start and end regex anchors. [#4724]

Deprecations and Removals

  • Events with ID 40015 and 40016 were replaced by already existing event with ID 40022. Event 40022 is now the only one emitted when there are errors during an upload operation. [server-side][http] [#4465]
  • The default configuration for SFTP, SCP, FTPS, and HTTPS connections was updated to exclude the 3DES cipher in order to prevent SWEET32 attacks. To not break backward compatibility for existing installations, this change affects only new installations. Existing installations will need to be manually updated to exclude the 3DES based ciphers. [#4727]

You can check the full release notes.