SFTPPlus Release 3.39.0

Fri 05 October 2018 | release security

We are announcing the latest release of SFTPPlus version 3.39.0.

Customers using the SCP protocol are urged to upgrade to this version. Any previous version contains a security issue when overwriting files over SCP.

New Features

  • In the event handler configuration, it is now possible to filter the events based on their groups. [#2483]
  • When the remote FTP/FTPS server supports the MLST command, SFTPPlus will use it to determine the existence of remote paths. [client-side][ftp][ftps] [#3885]
  • The events emitted at the start or at the end of a client-side file transfer now contain the size of the file, duration and transfer speed. [client-side] [#5067]

Defect Fixes

  • When overwriting files using the SCP file transfer, the content of the existing file is completely erased. In previous versions, when overwriting an existing file with a new file which was smaller in size, the resulting file would still have the file size of the previous file, with the extra data kept from the previous file. [security][server-side][scp] [#5087]
  • When using execute_on_destination_before in a transfer for which the destination location is stopped, the transfer will automatically start the location. In previous versions, the transfer would failed as the location was stopped, requiring a manual start of the location. [client-side] [#3511]
  • When checking the existence of a remote FTP file, the operation now fails when the server returns an error other than 'Path not found'. In previous versions, the error was ignored and the path was considered as non-existing. [client-side][ftp][ftps] [#3576]
  • FTP/FTPS client operation can now successfully detect the absence of a file on a remote server. [client-side][ftp][ftps] [#3885]
  • You can now disable the timeout for the FTP data connection by setting its value to 0. In previous versions, when set to 0, the connection was disconnected right away due to the timeout. [server-side][ftp][ftps] [#5049]
  • When changing the extra_data configuration for the HTTP event handler, the Local Manager UI now shows that a restart is required for the event handler. [#5079]
  • You can now change from the Local Manager the list of SSH ciphers available to the SFTP and SCP file transfer services. This was a regression introduced in 3.37.0. [server-side][sftp][scp] [#5085]

Deprecations and Removals

  • When a FTP server-side operation fails due to a permission error, the error code is now 553. In previous versions, it was 550, which was the same error code for Path not found or the generic error code for other error cases. [server-side][ftp] [#3576]

You can check the full release notes here.