AfterDawn | News | Guides | Software downloads | Tech Support | Forums | HIGH.FI
AfterDawn

Version history for Cerberus FTP Server

<<Back to software description

Changes for v7.0.2 - v7.0.3

  • Updated to OpenSSL 1.0.1i to address security vulnerabilities in OpenSSL
  • Fixed HTTP/S web client password strength meter bug in IE8
  • Disabled accounts and accounts configured to allow only SFTP access with public key authentication will no longer receive password expiring emails
  • 3DES encryption cipher is now considered at 112 bit symetric strength to better reflect effective strength



Changes for v7.0.1 - v7.0.2

  • Disabled users will also register with the "stop authentication if user exists" Policy settings
  • Added PBKDF2 HMAC SHA256 and PBKDF2 HMAC SHA256 stretched password hashing algorithms as password storage hash options
  • Added ability to select active SSH2 ciphers and HMAC algorithms
  • Added SSH2 cipher minimum bit strength display to Summary page
  • HTTP/S web client now allows zero-length file uploads
  • Fixed a problem with the web client data/time control for IE 8 users
  • Added support for generating the correct share link path when connections come in from an HTTPS proxy to a Cerberus HTTP listener
  • Reports now track whether a file operation succeeded or failed
  • Fixed web client bug for displaying local time that only used the user setting for displaying local time



Changes for v7.0.0.2 - v7.0.1

  • Fixed a bug in web client folder uploads for Chrome
  • Fixed a bug on web client email selection and address book auto-complete
  • Added an option to force all publicly shared files and folders be password protected
  • Added more account options for CSV import (unlimited directories, password hashes, additional account parameters)
  • Added capability to export user accounts as CSV files
  • Added dedicated require password change option for native accounts
  • Enhanced the default cipher list for HTTPS web administration to require minimum 128-bit, strong ciphers
  • Added option to initiate automatic download of zip file without storing the resulting file on the server for web client zip operations
  • Clients can now modify the share until date on their own publicly shared files
  • Added web client in-browser editing of simple text-based files
  • Updated to OpenSSL 1.0.1h to address security vulnerabilities in OpenSSL
  • Added new MAC SSH algorithms hmac-ripemd160 and hmac-ripemd160@openssh.com
  • Added DeleteDirectoryFromGroup, AddDirectoryToGroup SOAP API calls
  • Renamed AddRoot, DeleteRoot to AddDirectoryToUser, DeleteDirectoryFromUser SOAP API calls
  • Added create directory option to AddDirectoryToUser and AddDirectoryToGroup API calls



Changes for v7.0 - v7.0.0.2

  • Fixed an information disclosure for SSH logins vulnerability. Analysis of failed login result could allow attacker to determine if an account exists or not. Thanks to Steve Embling, a Pentura Security Researcher, for discovering and reporting this vulnerability.
  • Fixed ability to update to a different theme in the web client for LDAP and AD accounts
  • Fixed web client file list sorting
  • Hide the security question list for AD and LDAP accounts since they can't currently use the password reset feature
  • Added password strength/entropy meter to HTTP/S web client account request and change password pages



Changes for v6.0.7.2 - v7.0

  • New 7.0 Release
  • Redesigned HTTP/S web client that's been optimized for both desktop and mobile browsers
  • Folder upload through HTTP/S web client with Chrome
  • Enhanced web client address book for users
  • Web client custom theme support
  • Web client search support
  • Web client image and video thumbnail viewing
  • Redesigned Report Manager
  • Added report sorting
  • Added multiple web administrators with fine grained access controls
  • Publicly shared file links are now included in user statistics reporting
  • Added max share duration limit for publicly shared links
  • User manager UI improvements
  • Event manager UI improvements
  • Performance improvements
  • Enhanced login reports
  • New session file access email report event action
  • Email notification of important events like user password expiration and password changes



Changes for v6.0.7.1 - v6.0.7.2

  • Added cache-control exception for IE 7,8 to the no-store, no-cache change introduced in 6.0.7.1 (It breaks downloads in IE 7,8 revert to previous behavior)
  • Updated HTTPS web client JS libraries



Changes for v6.0.7 - v6.0.7.1

  • Fixed "Disable after X failed login attempts" not working for accounts that were part of a group
  • UI will properly reflect password change permissions for a user when that user is a member of a group
  • HTTP/S web client will no longer prompt users with the expired password change dialog if they don't have permission to change their password
  • Modified HTTP/S cache-control mechanism for user file downloads to ensure no user file caching
  • Added sort-by-group to the User Manager's users list
  • Do not attempt to shutdown a client-disconnected socket if the connection terminates abnormally
  • Updated OpenSSL library



Changes for v6.0.6.1 - v6.0.7

  • Fixed a non-public security vulnerability for authenticated users
  • Fixed an HTTP/S web client session timeout during long file uploads
  • Fixed a bug that could result in a server crash when FTPS connections timed-out
  • Closed user accounts no longer copy last login times from cloned account



Changes for v6.0.6 - v6.0.6.1

  • Fixed several memory leaks



Changes for v6.0.5 - v6.0.6

  • Updated to OpenSSL 1.0.1f
  • Workaround for mobile Safari video upload bug in web client



Changes for v6.0.4.3 - v6.0.5

  • Added a parent directory event variable for file transfer events
  • Event Manager rules sorting added to Rules page
  • Event Manager condition selection now populates the editing boxes
  • Event Manager Add/Edit event button on the Rules page now selects the highlighted event on the Edit page
  • Logging package update
  • Minor bug fixes



Changes for v6.0.4.1 - v6.0.4.3

  • Fixed a bug that could allow an SFTP file transfer ended event to be sent before the file handle closed
  • SMTP STARTTLS fix for some servers that require a new EHLO after the connection is upgraded to encryption
  • Account requests now include the request date
  • Fixed a bug that could result in the synchronization manager not recognizing unique license keys on other machines



Changes for v6.0.4.1 - v6.0.4.2

  • Fixed a bug that could allow an SFTP file transfer ended event to be sent before the file handle closed
  • SMTP STARTTLS fix for some servers that require a new EHLO after the connection is upgraded to encryption
  • Account requests now include the request date



Changes for v6.0.4.0 - v6.0.4.1

  • Added a Public Share page to the User Manager to allow revoking and monitoring user public shares
  • Added an option to specify which SMTP server public file sharing should use
  • Added an option to always use the SMTP server authentication email address for all public sharing emails
  • Automatically reset max connections and re-enable listeners when an expired trial is licensed
  • Report Manager can now handle queries on just a date from or date to. Previously could only handle date range, or no date.
  • Added password last changed date to the Login report in the Report Manager
  • Fixed a problem with filenames with spaces getting truncated in Firefox when using the download button in the web client
  • Statistics reports and public file sharing emails now report byte sizes in more human readable formats



Changes for v6.0.3.2 - v6.0.4.0

  • Added a Public Share page to the User Manager to allow revoking and monitoring user public shares
  • Added an option to specify which SMTP server public file sharing should use
  • Added an option to always use the SMTP server authentication email address for all public sharing emails
  • Automatically reset max connections and re-enable listeners when an expired trial is licensed
  • Report Manager can now handle queries on just a date from or date to. Previously could only handle date range, or no date.
  • Added password last changed date to the Login report in the Report Manager
  • Fixed a problem with filenames with spaces getting truncated in Firefox when using the download button in the web client
  • Statistics reports and public file sharing emails now report byte sizes in more human readable formats



Changes for v6.0.3.1 - v6.0.3.2

  • Added AES CTR ciphers for SSH2
  • Added an option to change the root system logger level from the UI
  • Added an option on the policy page to force always using the UPN name for AD user home directory names
  • Event system performance improvements
  • Fixed an event variable email substitution bug that resulted in email to names and emails not being scanned for variables



Changes for v6.0.3.0 - v6.0.3.1

  • Added a new backup server synchronization manager
  • Added auto-complete for AD user and Cerberus group selection in the web admin AD and LDAP pages
  • Added ability to create AD group to Cerberus group mappings in the web admin AD page
  • Updated the event manager with a dedicated button and dialog for adding new rules
  • Added a backup server synchronized event rule
  • Added "does not contain" as an operation for rule filters
  • Updated web administration with limited event rule editing
  • Added online help links to almost all dialogs
  • New fault tolerance features for ensuring XML configuration files will never be left in a partially written state because of an application failure
  • Fixed a bug that resulted in failed public key authentication in some instances when a user was a member of a group that used public key authentication
  • Minor UI bug fixes and improvements



Changes for v6.0.1.0 - v6.0.3.0

  • Added a new backup server synchronization manager
  • Added auto-complete for AD user and Cerberus group selection in the web admin AD and LDAP pages
  • Added ability to create AD group to Cerberus group mappings in the web admin AD page
  • Updated the event manager with a dedicated button and dialog for adding new rules
  • Added a backup server synchronized event rule
  • Added "does not contain" as an operation for rule filters
  • Updated web administration with limited event rule editing
  • Added online help links to almost all dialogs
  • New fault tolerance features for ensuring XML configuration files will never be left in a partially written state because of an application failure
  • Fixed a bug that resulted in failed public key authentication in some instances when a user was a member of a group that used public key authentication
  • Minor UI bug fixes and improvements



Changes for v6.0.0.3 - v6.0.1.0

  • Added full UPN support for AD authentication
  • Added password changing for LDAP users
  • Added an account disable option for users that haven't logged in within a certain number of days
  • Added a %USER% variable that can be used in virtual directory names and paths for users and groups
  • Added an option to automatically create directories when approving a new account request
  • Improved logic for detecting whether the data connection was gracefully closed at the end of an FTP STOR command
  • Added a timer to ensure HTTP/S sessions are cleaned up and closed when they timeout
  • Added support for the X-Frame-Options DENY header for HTTP/S web client page responses
  • Added an advanced option to allow setting the temporary folder used for HTTP/S web client uploads
  • Added an advanced option to specify the default share time (in hours) for publicly shared files
  • Added an option to allow user to specify a password for publicly shared files
  • Added two events for when a public file is shared, and when a public file is downloaded
  • Added bytes transferred information to the log for files uploaded and downloaded
  • Added tracking information to see when a public file is downloaded
  • Fixed a bug that could result in an error for valid LDAP search filters
  • Fixed an HTTP/S web client upload bug for uploading to non-ASCII directory paths
  • Newly created Microsoft databases will now store Unicode text properly for statistics and reporting



Changes for v6.0.0.2 - v6.0.0.3

  • Added a note field for IP access items in the IP Manager
  • Added username to all FTP/S and SSH SFTP client command log messages to match HTTP/S auditing
  • Improved CSV importing, including support for CSVs exported from third party servers
  • Improved auto-updater to allow more selective auto-updating
  • Cleaner web administration pages and additional error checking
  • Added ability to change several new settings through web administration
  • Added a local file and directory selector for file path settings in web administration
  • Fixed an issue where the FTP MLST command would fail on files on a network share
  • Fixed a bug related to how auto-blocking works with whitelist mode



Changes for v6.0 - v6.0.0.2

  • Numerous bug fixes
  • Update the SOAP API
  • Fixed telephone number wasn't included with account request notification
  • Fixed email server selection for account approval in the web client was ignored
  • Fixed setting for modifying hidden directory attribute on virtual directories would not save
  • Added HTTP POST event target configuration capability to web admin
  • Added public sharing as a permission option for virtual directories in the web admin
  • Fixed inconsistent virtual directory permission selection behavior in the web admin
  • Improvements to adding and removing LDAP and AD configurations in the web admin
  • Fixed "Password Never Expires" setting ignored when adding new accounts
  • CSV import now supports setting max logins, max upload filesize, and initial directory for a new user account



Changes for v5.0.7 - v6.0

  • Upgraded FIPS OpenSSL to 1.0.1 with TLS 1.1 and TLS 1.2 support
  • Added advanced statistics collection and a new Report Manager
  • Added public file sharing to the web client
  • Updated web client upload control
  • Users and groups can now have whitelist IP ranges
  • AD groups can now be mapped to Cerberus groups for assigning virtual directories
  • Configurable timeout support for HTTP/S web client sessions
  • Zip and unzip file operation actions for event actions
  • HTTP POST operation event action to allow posting event information to a URL
  • More variables for events
  • Added variable substitution to event email recipient name and email address fields
  • Added ability to customize email subjects on event emails, including variable substitution in subjects
  • Added ability to set disable after time for users and groups through web administration
  • Updated, easier to use AD and LDAP admin pages
  • Access to advanced security settings from the Settings page
  • Access AD and LDAP user attributes like name and email address for events



Changes for v5.0.6.0 - v5.0.7

  • Fixed an AD and LDAP virtual directory bug introduced in 5.0.6



Changes for v5.0.6.0 - v5.0.6.1

  • Fixed an AD and LDAP virtual directory bug introduced in 5.0.6



Changes for v5.0.5.1 - v5.0.6.0

  • Fixed a web admin XSS vulnerability
  • Minor updates and improvements



Changes for v5.0.5 - v5.0.5.1

  • Improved auto-blocking for HTTP/S web client bots
  • Optimized temporary file creation for file uploads ensures cancelled upload temporary files are deleted
  • Various system-wide performance improvements
  • Added email approve/disaprove notification to the we admin account request manager
  • Fixed a minor bug that would not let an admin add a directory to a newly created account through the web admin



Changes for v5.0.4.3 - v5.0.5

  • Fixed a CSRF vulnerability (US-CERT VU#989684) in the web admin
  • Web client users can now replace existing files on upload if they have the correct permissions
  • High DPI display improvements for the GUI
  • No longer allow multiple logged in users to run the Cerberus Console at the same time



Changes for v5.0.4.1 - v5.0.4.3

  • Added LDAP authentication configuration to web administration
  • Added option to require password change on next login
  • Updated HTTP/S web client
  • Fixed the CSR generator to accept wildcard common names
  • Fixed a problem with Office documents not opening directly from the web client in some versions of IE
  • Minor changes and updates to the web client
  • Optimization for authenticating against very large LDAP databases



Changes for v5.0.4 - v5.0.4.1

  • Simultaneous login count was not getting decremented on logout for AD accounts
  • Added ability to change passwords for AD accounts
  • Improvements to the Getting Started Wizard
  • Improved the LDAP account listing in the LDAP page of the User Manager



Changes for v5.0.3.1 - v5.0.4

  • New MIME mapping editor, CAPTCHA support for web logins and account requests, and numerous other improvements.



Changes for v5.0.3 - v5.0.3.1

  • Minor UI bug fixes and improvements
  • Added email notification option for approving or declining account requests
  • UI updates to better support Windows 8 and Server 2012
  • Added a MIME type mappings file to allow user customization of MIME types for the web client
  • Updated OpenSSL to latest version
  • Can now use a DNS-style domain name for AD authentication on Windows 2003 server and lower OS
  • More flexible domain controller auto-selection for Windows 2003 server and lower
  • Group IP whitelists are now applied to AD and LDAP users



Changes for v5.0.2 - v5.0.3

  • Added an option to create impersonated AD user before creating the intial home directory to ensure the AD user has owner rights on the home directory
  • HTTP/S range support for partial content retrieval and file resume
  • Updated the web client
  • Updated controls for Users page of the User Manager
  • Added ability to restrict IPs by user account or group
  • Added maximum upload file size quota for user accounts
  • Added event rule for disable-after-date events
  • Fixed a bug where some symbols in URLs were not properly escaped
  • Fixed events bug where server operations actions were not saved properly to file
  • Fixed a bug where SSH clients attempting to open unsupported channels are not told of the failure



Changes for v5.0.1.2 - v5.0.2

  • Web client directory browser re-write for major performance improvements by performing paging, sorting, and filtering on the server
  • Removed file and directory display limits from the web client directory browser
  • New, dynamic user and group updates through the web client
  • Enable or disable allowing user updating through the web client
  • Enhanced certificate conversion now separates and includes CA certificates when converting a binary certificate bundle to PEM format
  • Rolled back a change to FTP PORT socket binding introduced in 5.0.1.1



Changes for v5.0.1.1 - v5.0.1.2

  • Fixed a bug that prevented changing the default SOAP port
  • Fixed a bug that prevented creating new users through the web admin if a password policy was set
  • Added the ability to customize the web client login image, page title, default directory list count, and file date local time and timezone display from the UI
  • Added a file preview feature to the web client
  • Added an event time variable and the ability to filter by time
  • Added server event targets delete and disable user or group



Changes for v5.0.1 - v5.0.1.1

  • Added additional fault tolerance if the SOAP port is in use by another process
  • Usability improvements to the Event Manager
  • Smarter detection of SOAP port and protocol changes by the Cerberus UI
  • Enhancements to port binding to require exclusive access to the port
  • Improved error messaging for in-use ports in the log



Changes for v5.0 - v5.0.1

  • Fixed a virtual directory bug when adding virtual directories in the User Manager
  • Added icons for common file types to HTTP web client
  • Added option to redirect HTTP to HTTPS for HTTP interfaces
  • Added support for larger ephemeral keys during SSH key exchange
  • ECDH SSH key exchange is now supported regardless of server host key type
  • Updated cryptographic library
  • Added event variable selection option to the event manager
  • Improved HTTP/1.0 support
  • Content-Disposition with filename now set for downloaded files
  • Automatic conversion of certificates to PEM format for FIPS mode
  • FTPS protocol checking bug fix
  • Added option to turn on/off welcome message for HTTP/S connections
  • Added option to turn on/off welcome message for SSH SFTP connections
  • Added option to disable web account requests for HTTP/S connections
  • Added option to stop checking authentication sources if user exists in a source but password was incorrect
  • Performance improvements
  • Fixed HTTP protocol bug on x64
  • Improved HTTP caching headers for better web client performance
  • Improved HTTP error handling
  • Added STARTTLS and TLS/SSL SMTP server support for email notification
  • Added ability to permanently whitelist an IP address
  • Added event manager support to web administration
  • Added DoS protection for HTTP connections
  • Fixed a problem with IE sending multiple cookies with the same name
  • Fixed an SFTP append bug
  • Fixed an HTTP bug that prevented some uploads with AD accounts
  • Fixed bug with AD authentication and HTTP
  • Fixed HTTP cookie not always getting set
  • Fixed an AD directory mapping bug
  • Fixed an HTTP upload bug in some version of IE
  • Improved HTTP redirection
  • Improved web client error reporting
  • Added web administrator account request approval
  • Added web administrator security page
  • Added web administrator add/delete listener capability
  • Several web administration bug fixes and usability improvements
  • IP manager UI bug fix
  • Minor bug fixes



Changes for v4.0.10 - v5.0

  • HTTP and HTTPS client access
  • Event support (SMTP notification, launch an external process)
  • New Summary page provides health, security and compliance status at a glance
  • New password change policy requirement options
  • New password expiration policies
  • New password storage options: Cryptographically salted MD5, SHA1, SHA256, SHA512
  • SSH SFTP password change support
  • Added file and directory listing permissions to virtual directories
  • Added FTP MODE Z compression support
  • SFTP now sends the welcome message as an SSH banner message
  • New account request via web HTTP/HTTPS
  • Added option to add additional account information like name, email, telephone
  • Added support for new FTP HASH command
  • Added ability to restrict login by protocol login on a per user and group basis
  • Added SSH MAC algorithms hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96
  • Improved web administration performance and web administration options
  • New CSR generation tool



Changes for v4.0.8.0 - v4.0.9.0

  • Added elliptic curve key exchange for SSH SFTP as specified in RFC 5656
  • Added support for elliptic curve SSH client keys
  • FTPS performance improvements
  • No longer sets file size on file creation when SFTP clients request it
  • Fixed a bug in the STOU command introduced in version 4.0.8.3



Changes for v4.0.7.7 - v4.0.8.0

  • Require verifying security settings before saving and applying new settings
  • Fixed a bug that could result in failure to decode file-based OpenSSH public keys
  • RFC conformance for active mode data connections established from non-standard FTP ports (L-1 instead of always from port 20)
  • RFC comformance for default data port when no PORT or PASV command is issued
  • Fixed a bug that could result in service shutdown when terminal services connections are terminated



Changes for v4.0.7.5 - v4.0.7.7

  • Fixed rare bug that could cause failure to accept connections
  • Minor logging improvements
  • Added right-click log window copy to clipboard
  • Enabling or disabling remote web access not longer requires a service restart
  • Updated auto-updater for Windows 2000 machines



Changes for v4.0.7.5 - v4.0.7.6

  • Fixed rare bug that could cause failure to accept connections
  • Minor logging improvements
  • Added right-click log window copy to clipboard
  • Enabling or disabling remote web access not longer requires a service restart
  • Updated auto-updater for Windows 2000 machines



Changes for v4.0.7.4 - v4.0.7.5

  • Improved SFTP channel window size handling



Changes for v4.0.7.2 - v4.0.7.4

  • Added feature to allow manually specifying interfaces when an interface isn't detected
  • Fixed UI to allow user mapping through the GUI when multiple LDAP servers have the same IP
  • Fixed a possible memory leak with LDAP authentication
  • Fixed a virtual directory bug for overlapping paths
  • Numerout UI improvements
  • Performance improvements



Changes for v4.0.7.2 - v4.0.7.3

  • Added feature to allow manually specifying interfaces when an interface isn't detected
  • Fixed UI to allow user mapping through the GUI when multiple LDAP servers have the same IP
  • Fixed a possible memory leak with LDAP authentication
  • Fixed a virtual directory bug for overlapping paths
  • Numerout UI improvements
  • Performance improvements



Changes for v4.0.7.1 - v4.0.7.2

  • Added a statistics file error detection and automatic repair feature
  • Added logging output, statistics generation, and several several IP manager options to web administration
  • Added ability to add/modify/delete groups to web administration
  • Significant improvements to web administration performance and layout
  • Significantly increased the SSH maximum packet size to accomodate clients that use large packets
  • Fixed a bug in WAN IP autodetection that could result in excessive processor utilitization



Changes for v4.0.7 - v4.0.7.1

  • Added logging output to the web administration interface
  • Added several IP manager options to the web administration
  • Added ability to add/modify/delete groups to web administration
  • Significant improvements to web administration performance and layout
  • Significantly increased the SSH maximum packet size to accomodate clients that use large packets
  • Fixed a bug in WAN IP autodetection that could result in excessive processor utilitization



Changes for v4.0.6 - v4.0.7

  • Added a DoS option to IP autoblocking to allow blocking connection attempts that do not attempt to login
  • LDAP and AD user to group mappings are no longer case sensitive
  • LDAP users now honor the disabled flag if it is set on a mapped Cerberus group when authenticating with PK
  • LDAP users no longer require the "Use Cerberus Groups and Directories" flag set when mapping LDAP users to groups
  • All binaries are now compiled with VS2010 and linked with the v10 CRT



Changes for v4.0.5 - v4.0.6

  • New smaller, smarter and more reliable installer
  • New complete server configuration backup and restore feature
  • Larger list boxes on the Users and Groups page of the User Manager
  • Statistics page generation can now be done while running as a service



Changes for v4.0.4.3 - v4.0.5

  • Condensed authentication logging
  • AD authentication will use the nearest domain controller for AD authentication instead of always using the PDC
  • Fixed unable to select "Password" authentication without selecting a public key bug
  • Fixed log file color of warning messages and added several suggest fix log file messages for common problems
  • SFTP real path command improvements



Changes for v4.0.2.2 - v4.0.4.1

  • Fixed a bug with SFTP listings not allowing UNC virtual directories
  • Improved compatibility with SFTP clients and very large directory listings
  • Improved compatibility with SFTP clients that STAT the root directory



Changes for v4.0.1.1 - v4.0.2.2

  • Display bug fix for SSH connection ID always being zero for the first log message for that connection
  • Fixed a bug with temporary IP blocks being released too early
  • Whitelist IP mode now honors temporary auto-blocking (if set) instead of permanently removing an IP address
  • User interface improvements for the IP Manager (context menu options and header sorting for the IP list)
  • Added context menu options for filtering the onscreen log view
  • Fixed a bug where max simultaneous connections wasn't tracked correctly for a user
  • Fixed an AD user impersonation bug



<<Back to software description