Version history for Cerberus FTP Server (64-bit)
<<Back to software description
Changes for v7.0.2 - v7.0.3
- Updated to OpenSSL 1.0.1i to address security vulnerabilities in OpenSSL
- Fixed HTTP/S web client password strength meter bug in IE8
- Disabled accounts and accounts configured to allow only SFTP access with public key authentication will no longer receive password expiring emails
- 3DES encryption cipher is now considered at 112 bit symetric strength to better reflect effective strength
Changes for v7.0.1 - v7.0.2
- Disabled users will also register with the "stop authentication if user exists" Policy settings
- Added PBKDF2 HMAC SHA256 and PBKDF2 HMAC SHA256 stretched password hashing algorithms as password storage hash options
- Added ability to select active SSH2 ciphers and HMAC algorithms
- Added SSH2 cipher minimum bit strength display to Summary page
- HTTP/S web client now allows zero-length file uploads
- Fixed a problem with the web client data/time control for IE 8 users
- Added support for generating the correct share link path when connections come in from an HTTPS proxy to a Cerberus HTTP listener
- Reports now track whether a file operation succeeded or failed
- Fixed web client bug for displaying local time that only used the user setting for displaying local time
Changes for v7.0.0.2 - v7.0.1
- Fixed a bug in web client folder uploads for Chrome
- Fixed a bug on web client email selection and address book auto-complete
- Added an option to force all publicly shared files and folders be password protected
- Added more account options for CSV import (unlimited directories, password hashes, additional account parameters)
- Added capability to export user accounts as CSV files
- Added dedicated require password change option for native accounts
- Enhanced the default cipher list for HTTPS web administration to require minimum 128-bit, strong ciphers
- Added option to initiate automatic download of zip file without storing the resulting file on the server for web client zip operations
- Clients can now modify the share until date on their own publicly shared files
- Added web client in-browser editing of simple text-based files
- Updated to OpenSSL 1.0.1h to address security vulnerabilities in OpenSSL
- Added new MAC SSH algorithms hmac-ripemd160 and hmac-ripemd160@openssh.com
- Added DeleteDirectoryFromGroup, AddDirectoryToGroup SOAP API calls
- Renamed AddRoot, DeleteRoot to AddDirectoryToUser, DeleteDirectoryFromUser SOAP API calls
- Added create directory option to AddDirectoryToUser and AddDirectoryToGroup API calls
Changes for v7.0 - v7.0.0.2
- Fixed an information disclosure for SSH logins vulnerability. Analysis of failed login result could allow attacker to determine if an account exists or not. Thanks to Steve Embling, a Pentura Security Researcher, for discovering and reporting this vulnerability.
- Fixed ability to update to a different theme in the web client for LDAP and AD accounts
- Fixed web client file list sorting
- Hide the security question list for AD and LDAP accounts since they can't currently use the password reset feature
- Added password strength/entropy meter to HTTP/S web client account request and change password pages
Changes for v6.0.7.2 - v7.0
- New 7.0 Release
- Redesigned HTTP/S web client that's been optimized for both desktop and mobile browsers
- Folder upload through HTTP/S web client with Chrome
- Enhanced web client address book for users
- Web client custom theme support
- Web client search support
- Web client image and video thumbnail viewing
- Redesigned Report Manager
- Added report sorting
- Added multiple web administrators with fine grained access controls
- Publicly shared file links are now included in user statistics reporting
- Added max share duration limit for publicly shared links
- User manager UI improvements
- Event manager UI improvements
- Performance improvements
- Enhanced login reports
- New session file access email report event action
- Email notification of important events like user password expiration and password changes
Changes for v6.0.7.1 - v6.0.7.2
- Added cache-control exception for IE 7,8 to the no-store, no-cache change introduced in 6.0.7.1 (It breaks downloads in IE 7,8 revert to previous behavior)
- Updated HTTPS web client JS libraries
Changes for v6.0.7 - v6.0.7.1
- Fixed "Disable after X failed login attempts" not working for accounts that were part of a group
- UI will properly reflect password change permissions for a user when that user is a member of a group
- HTTP/S web client will no longer prompt users with the expired password change dialog if they don't have permission to change their password
- Modified HTTP/S cache-control mechanism for user file downloads to ensure no user file caching
- Added sort-by-group to the User Manager's users list
- Do not attempt to shutdown a client-disconnected socket if the connection terminates abnormally
- Updated OpenSSL library
Changes for v6.0.6.1 - v6.0.7
- Fixed a non-public security vulnerability for authenticated users
- Fixed an HTTP/S web client session timeout during long file uploads
- Fixed a bug that could result in a server crash when FTPS connections timed-out
- Closed user accounts no longer copy last login times from cloned account
Changes for v6.0.6 - v6.0.6.1
- Fixed several memory leaks
Changes for v6.0.5 - v6.0.6
- Updated to OpenSSL 1.0.1f
- Workaround for mobile Safari video upload bug in web client
Changes for v6.0.4.3 - v6.0.5
- Added a parent directory event variable for file transfer events
- Event Manager rules sorting added to Rules page
- Event Manager condition selection now populates the editing boxes
- Event Manager Add/Edit event button on the Rules page now selects the highlighted event on the Edit page
- Logging package update
- Minor bug fixes
Changes for v6.0.4.1 - v6.0.4.3
- Fixed a bug that could allow an SFTP file transfer ended event to be sent before the file handle closed
- SMTP STARTTLS fix for some servers that require a new EHLO after the connection is upgraded to encryption
- Account requests now include the request date
- Fixed a bug that could result in the synchronization manager not recognizing unique license keys on other machines
Changes for v6.0.4.1 - v6.0.4.2
- Fixed a bug that could allow an SFTP file transfer ended event to be sent before the file handle closed
- SMTP STARTTLS fix for some servers that require a new EHLO after the connection is upgraded to encryption
- Account requests now include the request date
Changes for v6.0.4.0 - v6.0.4.1
- Added a Public Share page to the User Manager to allow revoking and monitoring user public shares
- Added an option to specify which SMTP server public file sharing should use
- Added an option to always use the SMTP server authentication email address for all public sharing emails
- Automatically reset max connections and re-enable listeners when an expired trial is licensed
- Report Manager can now handle queries on just a date from or date to. Previously could only handle date range, or no date.
- Added password last changed date to the Login report in the Report Manager
- Fixed a problem with filenames with spaces getting truncated in Firefox when using the download button in the web client
- Statistics reports and public file sharing emails now report byte sizes in more human readable formats
Changes for v6.0.3.2 - v6.0.4.0
- Added a Public Share page to the User Manager to allow revoking and monitoring user public shares
- Added an option to specify which SMTP server public file sharing should use
- Added an option to always use the SMTP server authentication email address for all public sharing emails
- Automatically reset max connections and re-enable listeners when an expired trial is licensed
- Report Manager can now handle queries on just a date from or date to. Previously could only handle date range, or no date.
- Added password last changed date to the Login report in the Report Manager
- Fixed a problem with filenames with spaces getting truncated in Firefox when using the download button in the web client
- Statistics reports and public file sharing emails now report byte sizes in more human readable formats
Changes for v6.0.3.1 - v6.0.3.2
- Added AES CTR ciphers for SSH2
- Added an option to change the root system logger level from the UI
- Added an option on the policy page to force always using the UPN name for AD user home directory names
- Event system performance improvements
- Fixed an event variable email substitution bug that resulted in email to names and emails not being scanned for variables
Changes for v6.0.3.0 - v6.0.3.1
- Added a new backup server synchronization manager
- Added auto-complete for AD user and Cerberus group selection in the web admin AD and LDAP pages
- Added ability to create AD group to Cerberus group mappings in the web admin AD page
- Updated the event manager with a dedicated button and dialog for adding new rules
- Added a backup server synchronized event rule
- Added "does not contain" as an operation for rule filters
- Updated web administration with limited event rule editing
- Added online help links to almost all dialogs
- New fault tolerance features for ensuring XML configuration files will never be left in a partially written state because of an application failure
- Fixed a bug that resulted in failed public key authentication in some instances when a user was a member of a group that used public key authentication
- Minor UI bug fixes and improvements
Changes for v6.0.1.0 - v6.0.3.0
- Added a new backup server synchronization manager
- Added auto-complete for AD user and Cerberus group selection in the web admin AD and LDAP pages
- Added ability to create AD group to Cerberus group mappings in the web admin AD page
- Updated the event manager with a dedicated button and dialog for adding new rules
- Added a backup server synchronized event rule
- Added "does not contain" as an operation for rule filters
- Updated web administration with limited event rule editing
- Added online help links to almost all dialogs
- New fault tolerance features for ensuring XML configuration files will never be left in a partially written state because of an application failure
- Fixed a bug that resulted in failed public key authentication in some instances when a user was a member of a group that used public key authentication
- Minor UI bug fixes and improvements
Changes for v6.0.0.3 - v6.0.1.0
- Added full UPN support for AD authentication
- Added password changing for LDAP users
- Added an account disable option for users that haven't logged in within a certain number of days
- Added a %USER% variable that can be used in virtual directory names and paths for users and groups
- Added an option to automatically create directories when approving a new account request
- Improved logic for detecting whether the data connection was gracefully closed at the end of an FTP STOR command
- Added a timer to ensure HTTP/S sessions are cleaned up and closed when they timeout
- Added support for the X-Frame-Options DENY header for HTTP/S web client page responses
- Added an advanced option to allow setting the temporary folder used for HTTP/S web client uploads
- Added an advanced option to specify the default share time (in hours) for publicly shared files
- Added an option to allow user to specify a password for publicly shared files
- Added two events for when a public file is shared, and when a public file is downloaded
- Added bytes transferred information to the log for files uploaded and downloaded
- Added tracking information to see when a public file is downloaded
- Fixed a bug that could result in an error for valid LDAP search filters
- Fixed an HTTP/S web client upload bug for uploading to non-ASCII directory paths
- Newly created Microsoft databases will now store Unicode text properly for statistics and reporting
Changes for v6.0.0.2 - v6.0.0.3
- Added a note field for IP access items in the IP Manager
- Added username to all FTP/S and SSH SFTP client command log messages to match HTTP/S auditing
- Improved CSV importing, including support for CSVs exported from third party servers
- Improved auto-updater to allow more selective auto-updating
- Cleaner web administration pages and additional error checking
- Added ability to change several new settings through web administration
- Added a local file and directory selector for file path settings in web administration
- Fixed an issue where the FTP MLST command would fail on files on a network share
- Fixed a bug related to how auto-blocking works with whitelist mode
Changes for v6.0 - v6.0.0.2
- Numerous bug fixes
- Update the SOAP API
- Fixed telephone number wasn't included with account request notification
- Fixed email server selection for account approval in the web client was ignored
- Fixed setting for modifying hidden directory attribute on virtual directories would not save
- Added HTTP POST event target configuration capability to web admin
- Added public sharing as a permission option for virtual directories in the web admin
- Fixed inconsistent virtual directory permission selection behavior in the web admin
- Improvements to adding and removing LDAP and AD configurations in the web admin
- Fixed "Password Never Expires" setting ignored when adding new accounts
- CSV import now supports setting max logins, max upload filesize, and initial directory for a new user account
Changes for v5.0.7 - v6.0
- Upgraded FIPS OpenSSL to 1.0.1 with TLS 1.1 and TLS 1.2 support
- Added advanced statistics collection and a new Report Manager
- Added public file sharing to the web client
- Updated web client upload control
- Users and groups can now have whitelist IP ranges
- AD groups can now be mapped to Cerberus groups for assigning virtual directories
- Configurable timeout support for HTTP/S web client sessions
- Zip and unzip file operation actions for event actions
- HTTP POST operation event action to allow posting event information to a URL
- More variables for events
- Added variable substitution to event email recipient name and email address fields
- Added ability to customize email subjects on event emails, including variable substitution in subjects
- Added ability to set disable after time for users and groups through web administration
- Updated, easier to use AD and LDAP admin pages
- Access to advanced security settings from the Settings page
- Access AD and LDAP user attributes like name and email address for events
Changes for v5.0.6.0 - v5.0.7
- Fixed an AD and LDAP virtual directory bug introduced in 5.0.6
Changes for v5.0.6.0 - v5.0.6.1
- Fixed an AD and LDAP virtual directory bug introduced in 5.0.6
Changes for v5.0.5.1 - v5.0.6.0
- Fixed a web admin XSS vulnerability
- Minor updates and improvements
Changes for v5.0.5 - v5.0.5.1
- Improved auto-blocking for HTTP/S web client bots
- Optimized temporary file creation for file uploads ensures cancelled upload temporary files are deleted
- Various system-wide performance improvements
- Added email approve/disaprove notification to the we admin account request manager
- Fixed a minor bug that would not let an admin add a directory to a newly created account through the web admin
Changes for v5.0.4.3 - v5.0.5
- Fixed a CSRF vulnerability (US-CERT VU#989684) in the web admin
- Web client users can now replace existing files on upload if they have the correct permissions
- High DPI display improvements for the GUI
- No longer allow multiple logged in users to run the Cerberus Console at the same time
Changes for v5.0.4.1 - v5.0.4.3
- Added LDAP authentication configuration to web administration
- Added option to require password change on next login
- Updated HTTP/S web client
- Fixed the CSR generator to accept wildcard common names
- Fixed a problem with Office documents not opening directly from the web client in some versions of IE
- Minor changes and updates to the web client
- Optimization for authenticating against very large LDAP databases
Changes for v5.0.4 - v5.0.4.1
- Simultaneous login count was not getting decremented on logout for AD accounts
- Added ability to change passwords for AD accounts
- Improvements to the Getting Started Wizard
- Improved the LDAP account listing in the LDAP page of the User Manager
Changes for v5.0.3.1 - v5.0.4
- New MIME mapping editor, CAPTCHA support for web logins and account requests, and numerous other improvements.
Changes for v5.0.3 - v5.0.3.1
- Minor UI bug fixes and improvements
- Added email notification option for approving or declining account requests
- UI updates to better support Windows 8 and Server 2012
- Added a MIME type mappings file to allow user customization of MIME types for the web client
- Updated OpenSSL to latest version
- Can now use a DNS-style domain name for AD authentication on Windows 2003 server and lower OS
- More flexible domain controller auto-selection for Windows 2003 server and lower
- Group IP whitelists are now applied to AD and LDAP users
Changes for v5.0.2 - v5.0.3
- Added an option to create impersonated AD user before creating the intial home directory to ensure the AD user has owner rights on the home directory
- HTTP/S range support for partial content retrieval and file resume
- Updated the web client
- Updated controls for Users page of the User Manager
- Added ability to restrict IPs by user account or group
- Added maximum upload file size quota for user accounts
- Added event rule for disable-after-date events
- Fixed a bug where some symbols in URLs were not properly escaped
- Fixed events bug where server operations actions were not saved properly to file
- Fixed a bug where SSH clients attempting to open unsupported channels are not told of the failure
Changes for v5.0.1.2 - v5.0.2
- Web client directory browser re-write for major performance improvements by performing paging, sorting, and filtering on the server
- Removed file and directory display limits from the web client directory browser
- New, dynamic user and group updates through the web client
- Enable or disable allowing user updating through the web client
- Enhanced certificate conversion now separates and includes CA certificates when converting a binary certificate bundle to PEM format
- Rolled back a change to FTP PORT socket binding introduced in 5.0.1.1
Changes for v5.0.1.1 - v5.0.1.2
- Fixed a bug that prevented changing the default SOAP port
- Fixed a bug that prevented creating new users through the web admin if a password policy was set
- Added the ability to customize the web client login image, page title, default directory list count, and file date local time and timezone display from the UI
- Added a file preview feature to the web client
- Added an event time variable and the ability to filter by time
- Added server event targets delete and disable user or group
Changes for v5.0.1 - v5.0.1.1
- Added additional fault tolerance if the SOAP port is in use by another process
- Usability improvements to the Event Manager
- Smarter detection of SOAP port and protocol changes by the Cerberus UI
- Enhancements to port binding to require exclusive access to the port
- Improved error messaging for in-use ports in the log
Changes for v5.0 - v5.0.1
- Fixed a virtual directory bug when adding virtual directories in the User Manager
- Added icons for common file types to HTTP web client
- Added option to redirect HTTP to HTTPS for HTTP interfaces
- Added support for larger ephemeral keys during SSH key exchange
- ECDH SSH key exchange is now supported regardless of server host key type
- Updated cryptographic library
- Added event variable selection option to the event manager
- Improved HTTP/1.0 support
- Content-Disposition with filename now set for downloaded files
- Automatic conversion of certificates to PEM format for FIPS mode
- FTPS protocol checking bug fix
- Added option to turn on/off welcome message for HTTP/S connections
- Added option to turn on/off welcome message for SSH SFTP connections
- Added option to disable web account requests for HTTP/S connections
- Added option to stop checking authentication sources if user exists in a source but password was incorrect
- Performance improvements
- Fixed HTTP protocol bug on x64
- Improved HTTP caching headers for better web client performance
- Improved HTTP error handling
- Added STARTTLS and TLS/SSL SMTP server support for email notification
- Added ability to permanently whitelist an IP address
- Added event manager support to web administration
- Added DoS protection for HTTP connections
- Fixed a problem with IE sending multiple cookies with the same name
- Fixed an SFTP append bug
- Fixed an HTTP bug that prevented some uploads with AD accounts
- Fixed bug with AD authentication and HTTP
- Fixed HTTP cookie not always getting set
- Fixed an AD directory mapping bug
- Fixed an HTTP upload bug in some version of IE
- Improved HTTP redirection
- Improved web client error reporting
- Added web administrator account request approval
- Added web administrator security page
- Added web administrator add/delete listener capability
- Several web administration bug fixes and usability improvements
- IP manager UI bug fix
- Minor bug fixes
Changes for v4.0.10 - v5.0
- HTTP and HTTPS client access
- Event support (SMTP notification, launch an external process)
- New Summary page provides health, security and compliance status at a glance
- New password change policy requirement options
- New password expiration policies
- New password storage options: Cryptographically salted MD5, SHA1, SHA256, SHA512
- SSH SFTP password change support
- Added file and directory listing permissions to virtual directories
- Added FTP MODE Z compression support
- SFTP now sends the welcome message as an SSH banner message
- New account request via web HTTP/HTTPS
- Added option to add additional account information like name, email, telephone
- Added support for new FTP HASH command
- Added ability to restrict login by protocol login on a per user and group basis
- Added SSH MAC algorithms hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, and hmac-sha2-512-96
- Improved web administration performance and web administration options
- New CSR generation tool
Changes for v4.0.8.0 - v4.0.9.0
- Added elliptic curve key exchange for SSH SFTP as specified in RFC 5656
- Added support for elliptic curve SSH client keys
- FTPS performance improvements
- No longer sets file size on file creation when SFTP clients request it
- Fixed a bug in the STOU command introduced in version 4.0.8.3
Changes for v4.0.7.7 - v4.0.8.0
- Require verifying security settings before saving and applying new settings
- Fixed a bug that could result in failure to decode file-based OpenSSH public keys
- RFC conformance for active mode data connections established from non-standard FTP ports (L-1 instead of always from port 20)
- RFC comformance for default data port when no PORT or PASV command is issued
- Fixed a bug that could result in service shutdown when terminal services connections are terminated
Changes for v4.0.7.5 - v4.0.7.7
- Fixed rare bug that could cause failure to accept connections
- Minor logging improvements
- Added right-click log window copy to clipboard
- Enabling or disabling remote web access not longer requires a service restart
- Updated auto-updater for Windows 2000 machines
Changes for v4.0.7.5 - v4.0.7.6
- Fixed rare bug that could cause failure to accept connections
- Minor logging improvements
- Added right-click log window copy to clipboard
- Enabling or disabling remote web access not longer requires a service restart
- Updated auto-updater for Windows 2000 machines
Changes for v4.0.7.4 - v4.0.7.5
- Improved SFTP channel window size handling
Changes for v4.0.7.2 - v4.0.7.4
- Added feature to allow manually specifying interfaces when an interface isn't detected
- Fixed UI to allow user mapping through the GUI when multiple LDAP servers have the same IP
- Fixed a possible memory leak with LDAP authentication
- Fixed a virtual directory bug for overlapping paths
- Numerout UI improvements
- Performance improvements
Changes for v4.0.7.2 - v4.0.7.3
- Added feature to allow manually specifying interfaces when an interface isn't detected
- Fixed UI to allow user mapping through the GUI when multiple LDAP servers have the same IP
- Fixed a possible memory leak with LDAP authentication
- Fixed a virtual directory bug for overlapping paths
- Numerout UI improvements
- Performance improvements
Changes for v4.0.7.1 - v4.0.7.2
- Added a statistics file error detection and automatic repair feature
- Added logging output, statistics generation, and several several IP manager options to web administration
- Added ability to add/modify/delete groups to web administration
- Significant improvements to web administration performance and layout
- Significantly increased the SSH maximum packet size to accomodate clients that use large packets
- Fixed a bug in WAN IP autodetection that could result in excessive processor utilitization
Changes for v4.0.7 - v4.0.7.1
- Added logging output to the web administration interface
- Added several IP manager options to the web administration
- Added ability to add/modify/delete groups to web administration
- Significant improvements to web administration performance and layout
- Significantly increased the SSH maximum packet size to accomodate clients that use large packets
- Fixed a bug in WAN IP autodetection that could result in excessive processor utilitization
Changes for v4.0.6 - v4.0.7
- Added a DoS option to IP autoblocking to allow blocking connection attempts that do not attempt to login
- LDAP and AD user to group mappings are no longer case sensitive
- LDAP users now honor the disabled flag if it is set on a mapped Cerberus group when authenticating with PK
- LDAP users no longer require the "Use Cerberus Groups and Directories" flag set when mapping LDAP users to groups
- All binaries are now compiled with VS2010 and linked with the v10 CRT
Changes for v4.0.5 - v4.0.6
- New smaller, smarter and more reliable installer
- New complete server configuration backup and restore feature
- Larger list boxes on the Users and Groups page of the User Manager
- Statistics page generation can now be done while running as a service
Changes for v4.0.4.3 - v4.0.5
- Condensed authentication logging
- AD authentication will use the nearest domain controller for AD authentication instead of always using the PDC
- Fixed unable to select "Password" authentication without selecting a public key bug
- Fixed log file color of warning messages and added several suggest fix log file messages for common problems
- SFTP real path command improvements
Changes for v4.0.2.2 - v4.0.4.1
- Fixed a bug with SFTP listings not allowing UNC virtual directories
- Improved compatibility with SFTP clients and very large directory listings
- Improved compatibility with SFTP clients that STAT the root directory
Changes for v4.0.1.1 - v4.0.2.2
- Display bug fix for SSH connection ID always being zero for the first log message for that connection
- Fixed a bug with temporary IP blocks being released too early
- Whitelist IP mode now honors temporary auto-blocking (if set) instead of permanently removing an IP address
- User interface improvements for the IP Manager (context menu options and header sorting for the IP list)
- Added context menu options for filtering the onscreen log view
- Fixed a bug where max simultaneous connections wasn't tracked correctly for a user
- Fixed an AD user impersonation bug