Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Serv-U Release Notes

Serv-U Release Notes

 

Last updated: 12/7/17

These release notes describe the new features, improvements, and fixed issues in Serv-U 15.1.6. They also provide information about upgrades and describe workarounds for known issues.

Important:

  • NPAPI is now deprecated in Google Chrome. This means Web Client Pro will not function in Google Chrome. As a workaround, access Web Client Pro using another browser.

New features and improvements

Serv-U 15.1.6 includes the following new features and updates:

  • Support for Explicit SSL when connected to SMTP server
  • Support for HTTP Strict Transport Security
  • Support for Elliptic-curve Diffie-Hellman (ECDH) key exchange
  • Forward secrecy is enabled by default (new installations only)
  • TLS 1.0 is disabled by default (new installations only)
  • Disabled SSL/TLS ciphers based on 64-bit block size (new installations only)
  • Support for Secure LDAP protocol (Windows installation only)
  • Various bug and security fixes described below.

Previous 15.1 releases

Serv-U 15.1.5 was a service release containing security fixes, described in the Fixed Issues section.

Serv-U 15.1.4 was a service release containing two hotfixes, described in the Fixed Issues section.

Serv-U 15.1.3 was a service release containing two hotfixes, described in the Fixed Issues section.

Serv-U 15.1.2 included the following new features and improvements:

  • Improved SMTP configuration experience
    When setting up an SMTP server, it is now possible to send test emails to verify the SMTP configuration.
  • Security improvements
    Serv-UServ-U now supports TLS 1.1 and 1.2, and also supports 15 new cipher suites.
  • Redesigned Mobile Web Client and other design enhancements
    The Mobile Web Client now comes in enhanced design, matching the general look and feel of Serv-U.Serv-U.
  • Updated default web client settings
    It is now possible to set up Web Client Pro as the default web client.
  • Enhanced event management
    New Serv-U event providing the option to get a notification when a file is moved automatically by the server.Serv-U event providing the option to get a notification when a file is moved automatically by the server.

Fixed Issues

Serv-U 15.1.6 includes the following resolved issues:

 

Issue Case Number

Fixed an issue with limited top level domain.

961565, 1183341, 887731, 1123968, 1125053, 901145, 1091444, 1131439, 1080928, 796814, 799615, 787936,  1036534

Fixed an issue with long timeout where LDAP server was unavailable

1050275

Fixed an issue with SSH Ciphers description. 166489, 1126605, 914000
Fixed an impersonation issue during downloads. 1186645, 979487
Fixed an issue with password stale event. 1039205
Fixed an issue with special characters in File Sharing notification template. 1086638, 1209329
Fixed a possible crash of Gateway. 1129144, 1115351
Fixed an issue with user creation wizard. 1163543
Fixed a memory leak issue related to SFTP sessions. 1123779
Fixed broken links to support site. 1231876, 1233371, 1209874
Fixed an issue with bare line feed character. 1124857, 1181653, 1215831, 1223871, 1230986, 1241567, 1326419

 

Serv-U 15.1.5 included the following fixes:

Issue Case Number
Fixed potential vulnerability with unauthenticated privilege escalation
Reported by – Trustwave SpiderLabs
Contact - Leopold von Niebelschuetz-Godlewski
1110916
Fixed an issue with possibility of unauthorized access to the files in installation folder on web server.
Reported by – www.netspi.com
Contact - Cody Wass (Cody.Wass@netspi.com)
904433, 804380
 
Fixed an issue where domain users were not able to login when ldap suffix was used.
 
1065565, 1061848,  1056263, 1054225,  1090081, 1045088
Fixed a memory leak issue that occurred during LDAP authentication.
 
741595
Fixed a memory leak issue that occurred during SFTP session.
 
951099, 1065736, 1022993
Fixed an issue with "Automatic idle connection timeout" limit. 882524, 909979, 871563,  867742, 867834,  981751, 877933

 

Serv-U 15.1.4 included the following fixes:

Issue Case Number
ECDHE-RSA-AES256* ciphers shown as enabled or disabled correctly

991668

Long (encrypted) passwords issue fixed. 954294
OpenSSL vulnerabilities - updated to 1.0.2h

984664, 1003106, 993854

SHA-1 Cert deprecation

(Previous cert was due to expire in January 2017)

932381
LDAP suffix issue fixed 984485, 887910, 741595
Web client Favorites fixed. 844572, 894400, 953313, 910253, 881308, 914055, 990080
Serv-U no longer freezes in FIPS mode during SFTP connections.

1005791, 1005383,
990956, 984664,
982577, 966856,
948270, 963296,
941118, 934566,
927375, 917616,
900288, 883047,
885033, 884883,
876306, 876820,
874853, 872968,
857502, 862922,
853433

   

 

Serv-U 15.1.3 included the following fixes:

Issue Case Number
Case sensitivity issues occurred when configuring Directory Access rules. 872782, 864631
An issue with LDAP public key authentication. n/a
Memory leak occurs during LDAP authentication. n/a
An issue with the expired password change functionality. 853136
An issue with multi-line FTP responses for the FEAT command. 868638
An issue with the possibility of SQL injection in the invitation link used by secure file sharing. n/a
An issue with the possibility of persistent cross-site scripting in file sharing. 625348
An issue with the possibility of the injection of additional email headers using a crafter subject in an upload or download request. n/a

 

Serv-U 15.1.2 included the following fixes:

Issue Case Number
Issue where it was not possible to upload files on Firefox version 36 through HTTPS. 763731, 765938, 768311, 768259, 768486, 768508, 769372, 771679, 772752, 773216, 774310, 774439, 774937, 777095, 778641, 778805, 783276, 786698
If a domain name contained an apostrophe, script errors occurred and it was not possible to administer the domain. 691471
Issue with quota limits not being respected in the File Sharing module. 707591
Issue with message prioritization in Serv-U could impair Management Console performance.Serv-U could impair Management Console performance. 723594, 755477
The "Allow users to use Web Client" limit was not respected on mobile devices. 727248, 745675, 786920
The event action message text could not be longer than 256 characters. The contents of the "To" field still cannot exceed 256 characters. 734922, 768363
Issue with partially uploaded files not being deleted over SFTP protocol. 736619
Issue with uploading multiple files to Serv-U in Internet Explorer.Serv-U in Internet Explorer. -
When multiple LDAP servers were configured, only the first one in the list was used to authenticate users. 739414
When a user collection name had a leading or trailing space in its name, data loss could occur when users were moved to this collection. 746987
Email addresses which contained an apostrophe were not handled correctly by Serv-U.Serv-U. 766122
Database issues occurred after upgrading Serv-U to version 15.1.1.Serv-U to version 15.1.1. 785828, 791382
Timeout issues occurred when listing directories which had a large number of subdirectories and files. 797651

Legal notices

© 2017 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds and other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies.

 

 

Last modified

Tags

Classifications

Public