C&C Software - Canadian Software Distributor Friday, October 18, 2019

C&C Home | Product Portfolio | Resellers | Contact Us

Version 10.x Release Notes
Version Official Release - 9/4/2019
  • Fixed: HTTP security header for Content-Security-Policy is blocking access to Google reCAPTCHA and Duo Security
Version 10.0.15 Official Release - 9/3/2019
  • In the log, the remote port is now shown in addition to the IP address for incoming connection requests
  • Updated HTTP security header for Content-Security-Policy to include “default-srcâ€� directive as a best practice to prevent XSS attacks
  • Fixed: Email is vulnerable to SMTP header injection in the Subject field
  • Fixed: HTTP/S web client users could alter the shared files of other users
  • Other minor bug fixes and improvements
Version 10.0.14 Official Release — 8/7/2019
  • Fixed: Group settings requiring multifactor authentication are ignored when users login via HTTP/S
  • Fixed: In Server Manager, enabling FIPS 140-2 when using a PKCS#12 certificate for the server key pair causes an error and unusable SSL configuration
  • Fixed: Event Manager does not trigger file transfer event for HTTP/S downloads when file is 0 bytes
  • Fixed: When command-line FTP clients issue list commands, group and owner names are not displayed
  • Fixed: When command-line FTP clients issue list commands, last-modified timestamp is formatted incorrectly
  • Other minor bug fixes and improvements
Version 10.0.13 Official Release — 7/9/2019
  • In the HTTP/S web client, security questions are now only shown on the account page if password resets are enabled
  • Added the Same-Site browser cookie attribute as a security best practice for preventing CSRF attacks
  • In Server Manager, updated the UI for the logging page to make it more clear that the Syslog port is configurable
  • Improved accessibility in the HTTP/S web client for users that require assistive technology (screen reader, keyboard-only navigation, etc.)
  • Fixed: Emails sent from Cerberus are blocked by some spam filters
  • Fixed: Cerberus identifies Windows Server 2019 as Windows Server 2016 in the logs
  • Many minor bug fixes and improvements
Version 10.0.12 Official Release — 6/3/2019
  • Upgraded to OpenSSL 1.0.2s to address OpenSSL security vulnerabilities
  • Fixed: Verification of LDAP configuration uses stale configuration settings
  • Fixed: Cerberus ignores proxy settings during update process
  • Fixed: MFMT FTP command fails to modify the last modification time for directories
  • Other minor bug fixes and improvements
Version 10.0.11 Official Release — 5/13/2019
  • The About dialog now displays the serial number for the license
  • SCP has better support for downloading large files
  • Improved how session IDs are generated to increase entropy
  • Fixed: Server crashes with certain invalid Active Directory configurations
  • Fixed: User Manager saves invalid Active Directory and LDAP configurations
  • Fixed: In Report Manager, connecting to a MySQL 8.0 database returns an authentication error
  • Fixed: Users could reset their password even though they are not allowed to change their password
  • Fixed: In the Desktop GUI, unable to configure Captcha settings for HTTP/S web client interfaces
  • Other minor bug fixes and improvements
Version 10.0.10 Official Release — 4/22/2019
  • Desktop GUI now supports keyboard shortcuts and other keyboard controls in all windows
  • Report Manager now shows a progress dialog when updating the reporting database configuration
  • In Server Manager, the Remote page now shows the SOAP service endpoint URL based on the current server configuration
  • Fixed: In Event Manager, email notifications for file transfer events of FTP uploads and downloads always show file size of 0 bytes
  • Other minor bug fixes and improvements
Version 10.0.9 Official Release — 4/1/2019
  • In Event Manager, a variable for the unique session ID is now available for events generated by logged in users
  • Updated optional HTTP security header for X-XSS-Protection to “1; mode=block” to prevent the web browser from rendering pages if a potential XSS reflection attack is detected
  • Fixed: XSS vulnerability in HTTP/S web client
  • Fixed: In web administration, cannot view or edit description for a group with User Manager
  • Fixed: In Report Manager, exported CSV files display international characters incorrectly
  • Fixed: When uploading via SCP, names of files and folders with international characters do not transfer correctly
  • Fixed: SCP download fails when filenames include a space character
  • Fixed: SCP recursive download fails when empty folders exist in the directory tree
  • Many minor bug fixes and improvements
Version 10.0.8 Official Release — 3/11/2019
  • Upgraded to OpenSSL 1.0.2r to address OpenSSL security vulnerabilities
  • Display password policy requirements in every place in which passwords are changed
  • Fixed: XSS vulnerability in web administration
  • Fixed: When importing users from CSV, settings for users with overrides are lost
  • Fixed: When exporting users to CSV, not all user properties are exported
  • Fixed: In HTTP/S web client, folders with ampersand character in their name are not shown correctly
  • Fixed: Usernames with space character cannot setup 2FA when using an authenticator app on iOS devices
  • Fixed: HTTP/S web client session timesout even though session timeout is disabled
  • Other minor bug fixes and improvements
Version 10.0.7 Official Release — 2/15/2019
  • Added labels for Active Directory domains
  • Updated to the latest version of gSOAP
  • Fixed: Active Directory users cannot change their password when the user must change their password at next login
  • Fixed: User is disabled when their authentication requirement is “Public Key OR Password” and the setting “Disable account if last login exceeds X days” is enabled even though the user had previously successfully logged in (within the specified time frame)
  • Fixed: A user logging in with a public key and “Public Key OR Password” authentication requirement was not restricted by IP or protocol
  • Fixed: When uploading, SCP users without “Create Directory” permissions could create directories
  • Fixed: In web administration, Server Manager allows setting admin passwords that are not compliant with the password policy
  • Fixed: In web administration, when adding a new user, User Manager does not warn when a user with that username already exists
  • Fixed: Added support for ABOR FTP command
  • Other minor bug fixes and improvements
Version 10.0.6 Official Release — 1/30/2019
  • In Server Manager, added a configuration option to allow reading from files being uploaded
  • Fixed: HTTP/S web client does not allow users to change their password when 2FA is enabled
  • Fixed: In some circumstances, the Service Connect dialog of the Desktop GUI displays the admin password in the username field
  • Fixed: In the legacy Server manager, the primary administrator account can be deleted
  • Fixed: In web administration, on the remote tab of Server Manager, you are able to rename an admin account to an existing admin account
  • Fixed: HTTP/S web client does not show folder contents when a user’s virtual directory path ends with a backslash
  • Other minor bug fixes and improvements
Version 10.0.5 Official Release — 1/3/2019
  • Completed Windows Server 2019 certification
  • The summary page shows a warning for weak password policies
  • When using the Desktop GUI, the menu for Server Manager is now static and fixed to the top of the screen
  • Added support for XCRC FTP command with start and end points
  • Added support for ABOR FTP command for IBM AS/400
  • Fixed: Cannot change password when connected to the server using WinSCP over SFTP
  • Fixed: Cannot upload file using SCP
  • Other minor bug fixes and improvements
Version 10.0.4 Official Release — 12/12/2018
  • Upgraded to OpenSSL 1.0.2q to address OpenSSL security vulnerabilities
  • Auto-generate a policy-compliant password for public shares
  • More intuitive status indicators for IP Listeners on the Summary page
  • Added more detailed debug logging for unrecognized FTP commands
  • Fixed: In web administration, Server Manager cannot disable public share settings
  • Other minor bug fixes and improvements
Version 10.0.3 Official Release — 11/19/2018
  • Fixed: When LDAP users are logging into the HTTP/S web client, they are prompted to set security questions
Version 10.0.2 Official Release — 11/14/2018
  • Fixed: UI cannot connect to service after setting remote password during the Getting Started Wizard
Version 10.0.1 Official Release — 11/13/2018
  • Fixed: Sync Manager overwrites the primary admin account on the remote server
Version 10.0.0 Official Release — 11/8/2018
  • Two-factor authentication for web administration
  • Enhancements to Server Manager UI (Desktop GUI and web administration) for a responsive and consistent experience across devices
  • Added initial capability for transferring files over Secure Copy Protocol (SCP), a "remote copy" capability leveraging SSH to provide authentication and secure transfer
  • Numerous improvements to HTTP/S web client including faster and more scalable page rendering and better proxy handling for requests
  • A more consistent UI and easier to use controls for web administration
  • Added separate options for requiring two-factor authentication when users login with FTP or SFTP, in addition to HTTP/S
  • Added new settings for controlling optional HTTP security headers
  • Added an option to toggle HSTS for an HTTPS listener
  • Added an option to require web client users to acknowledge and consent to the welcome message during login
  • After upgrading Cerberus, the summary page shows a warning as a reminder to switch back the account used to run the Cerberus Windows service if it was reset during the upgrade
  • The summary page shows a warning when there are accounts configured to allow anonymous access
  • The summary page shows a warning that recommends disabling old and insecure versions of TLS 1.0 and 1.1 for SSL-based SOAP (Remote) connections
  • HTTPS listeners show when HSTS is enabled
  • Prevent web browsers from autofilling password fields when setting a password for another user
  • Fixed: Server Manager settings are reverted after a service restart because they were not saved to configuration
  • Fixed: Event Manager does not trigger account password expiring event
  • Fixed: In Event Manager, subtasks remain disabled when editing or cloning an existing event action
  • Fixed: Display issues for mobile HTTP/S web client
  • Fixed: Formatting issues for the welcome message when viewed in the HTTP/S web client
  • Fixed: Web browser script error when generating a User and File report on 32-bit Windows Server 2008 with IE 9
  • Fixed: Language translations do not include web client login failure messages
  • Fixed: SOAP API does not allow setting MFA settings on a user account
  • Fixed: Backup and restore does not include log4j XML files
Version 9.x Release Notes
Version 9.0.10 Official Release — 9/12/2018
  • Fixed: Event Manager does not trigger a failed file transfer event when there is an unsuccessful upload from the HTTP/S web client
  • Fixed: Event Manager removes the failure action when editing the event action that the failure action is associated with
  • Fixed: Report Manager throws a SQL error when generating a login report with a date range
Version 9.0.9 Official Release — 8/29/2018
  • Fixed: Desktop GUI Admin is slow to initialize if the server does not have Internet access
  • Fixed: Non-compliant HTTP 1.1 behavior related to closing connections
  • Fixed: Older 1.0 group configuration files do not get upgraded when upgrading to the latest version of Cerberus FTP Server
Version Official Release — 7/11/2018
  • The free IP geolocation service we used is no longer available. We’ve provided a temporary workaround by moving to a new geolocation service.
  • Changed the Report Manager Filename field to File path to better reflect that field’s use
  • Added a public uploads filter to the Report Manager’s search console
  • Other minor bug fixes and improvements
Version 9.0.4 Official Release — 2/28/2018
  • Added options to allow and require 2 factor authentication for users and groups
  • Added 2 factor authentication support for LDAP and Active Directory web client users
  • Added a new IP Manager to manage IP blocking
  • Added an option to show the password when filling out a new account request
  • Added context-menu support for virtual directory management in web administration
  • Added double-click support for editing virtual directories in web administration
  • Added select all/none for virtual directories in the web administration
  • Selecting a directory will now populate a default virtual directory name in the virtual directory dialog in web administration
  • Added options to automatically generate passwords and show passwords when changing or setting a password for the first time in web administration
  • Added an indicator showing whether the password and password confirmation inputs match for web administration password boxes
  • Added an indicator of the current password policy in the change/set password dialogs in web administration
  • Added a password generator for web administration change password dialogs
  • Added SHA256 SSH public key fingerprint generation when validating certificates
  • The Share and Email dialogs for public sharing now indicate whether a password is required in the placeholder text for the share password field
  • Admin password resets of user accounts now ensure password policy enforcement like the desktop admin UI
  • Event Manager event actions can now have no variables selected for an action
  • Added option to select all/none for event variables to be included in individual email actions
  • Added a dedicated download button on files in public directory shares
  • Fixed bug preventing selecting/unselecting a variable in the Event Manager’s variable list when clicking directly on the checkbox
  • Fixed a problem with IE9 and HTTPS web client uploads
  • Fixed truncating uploaded file names with semicolons in the web client
  • Disabling FTPES advertisement now denies TLS upgrade requests
Version Official Release — 12/19/2017
  • Enforce CSRF token on 2F verification and upload forms
  • Add more strict cache control headers to sensitive pages
  • Fixed the address book not appearing for LDAP and AD accounts in the web client
Version Official Release — 12/08/2017
  • Upgraded to OpenSSL 1.0.2n to address OpenSSL security vulnerabilities
  • Enhanced the web IP Manager
  • Fixed a folder monitor UI bug
  • Fixed a user manager UI bug that resulted in no group being displayed for a user
  • Miscellaneous bug fixes
Version Official Release — 11/17/2017
  • We now support very large path lengths when the underlying path is a UNC share
  • Enhanced the web IP Manager
  • Fixed a bug that resulted in public file share folder and file zipping returning zero-length zip archives
  • Fixed a bug in the IP Manager
  • Added country logging for IP geolocation
  • IP geolocation optimizations
Version Official Release — 11/06/2017
  • Upgraded to OpenSSL 1.0.2m to address OpenSSL security vulnerabilities
  • New zip and unzip library with support for archives greater than 2GB
  • New global option to disable displaying file sharing tabs and button in the web client
  • Improved pagination in the web client and web administration
  • Fixed a bug that reversed the current and latest version labels on the summary page
  • Fixed an HTTPS web client file upload bug
  • Added an “overwriting existing file” label for when web client uploads are overwriting an existing file
  • Fixed a bug that resulted in AD accounts that use directory attributes for SSH public key authentication being unable to retrieve the SSH key from AD
  • Fixed a bug that caused an FTP rename that overwrites an existing file to fail even when the “allow rename to overwrite existing files” FTP option is selected
  • Fixed support for IPv6 addresses
  • FIxed IP address note wasn’t getting added in web administration for CIDR ranges
  • Fixed a bug in web administration that prevented administrators from changing their passwords
Version Official Release — 9/21/2017
  • Added an Add Folder button to the HTTPS client upload control for browsers that support it
  • Fixed pre-upload existence and resume checking for files uploaded through folder drag and drop
  • Added displaying of full relative file path for files when uploading folders in the web client
  • Fixed various UI issues in the web client
  • Shared file or folder notification emails now properly reflect whether the file is uploaded or downloaded
  • Event Manager admin changes are better logged for auditing purposes
  • Fixed s
    Version Official Release — 8/30/2017
    • Fixed a potential web administration crash
    • Updated the SOAP library
    • Fixed the WSDL link from the web administrator page
    • Miscellaneous minor bug fixes and performance improvements
    • Included additional web client translations for German, Danish, Norwegian, Polish, Hungarian, Arabic, French, Chinese, Russian, and Finnish
    • Removed SEED and CAMELLIA ciphers from our default cipher lists
    Version Official Release — 8/25/2017
    • Improved geolocation of IP addresses and error reporting
    • Fixed a bug where the Summary and Interfaces couldn’t be displayed for some configurations
    • Performance improvements
    Version Official Release — 8/21/2017
    • Bug fixes for web clients viewing the using a default language other than English
    • Bug fixes and a fallback summary and interfaces page for Server Core installations that do not support the IE browser control
    • Other bug fixes
    Version 9.0 Official Release — 8/15/2017
    • HTTP/S web client two-factor authentication with any HOTP client
    • Updated HTTP/S web client user interface
    • Multiple language support for the HTTP/S web client
    • Updated web administration, events, and reporting dialogs
    • New server administrator auditing reporting
    • Resizable User Manager, Server Manager, and IP Manager dialogs
    • Complete rewrite of web administration code for better performance and security
    • Web administration now uses session-based authentication instead of basic authentication to allow sign in and sign out capability
    • New scalable summary page
    • Better DPI handling for embedded web page controls
    • Significant performance improvements through code rewrites and a move to the Visual Studio 2017 compiler and CRT libraries
    • Added an option to allow replacing a file on rename with FTP
    • Added an option to allow disabling FTP TLS upgrade advertisement for plain FTP connections
    • Added an option to enforce the system password policy on public file shares
    • Enhanced Share settings page on the web client
    • Added support for locking and unlocking specific regions of files for the SSH SFTP commands BLOCK and UNBLOCK
    • Reduced log verbosity for initial connection messages (without any loss of information)
    • Compatibility with Azure SQL Server and encrypted database connections for the auditing and reporting database
    • The downloader’s IP address is now recorded and included on file access reports for public file uploads and downloads
Version 8.x Release Notes
Version Official Release — 5/4/2017
  • Updated the reCaptcha signup link in the reCaptcha dialog
  • Authentication will no longer strip whitespace from the front and back of usernames during authentication
  • The Folder Monitor can now handle directory names with ampersands
  • Improvements to CSV import from third party SFTP servers
  • Minor bug fixes
Version 8.0.10 Official Release — 1/31/2017
  • Updated to OpenSSL 1.0.2k from OpenSSL 1.0.2k to address security vulnerabilities in OpenSSL
  • Minor bug fixes
Version 8.0.9 Official Release — 1/4/2017
  • Public uploads now trigger a public file transfer event, and you can differentiate a public download from a public upload using rule conditions
  • Executable target event actions now properly report error codes and wait for process execution to complete
  • Administrators can configure a max wait time for executable event actions to complete before processing the next action
Version 8.0.8 Official Release — 11/14/2016
  • Updated to OpenSSL 1.0.2j from OpenSSL 1.0.1u
  • Fixed a bug where zero length file uploads didn’t trigger a file transfer event
  • Enhanced file policy result logging
  • Added an FTP passive mode option to always use the internal IP for plain FTP passive mode responses
  • FTP AUTH commands will now send an “Unavailable” response when FTPES is requested but TLS is disabled on the server
  • Added an option during a server backup restore operation to not import the license key from the backup
  • Improvements to AD and LDAP password changing
Version 8.0.6 Official Release -- 8/16/2016
  • Bug fixes and usability improvements in the User Manager
  • Tab support for moving through user fields in the User Manager
  • Support for the X-FORWARDED-FOR header for HTTP/S traffic for logging and IP management
  • Improved proxy support for upgrade checking
  • AD and LDAP mapping dialogs are now resizable
  • Fixed the "Do Not Send Session Report if Empty" flag always being set to false when editing an email session report action
  • Password generator now generates passwords that are at least 6 characters, even if password policy has no minimum length
  • Fixed bug that could cause password generator to crash
Version Official Release -- 8/03/2016
  • Fixed a bug that could result in a CPU spike in the Enterprise edition until the service is restarted
Version 8.0.5 Official Release -- 8/02/2016
  • New random, policy compliant password generation option for native accounts in the desktop UI
  • Added an option to set a native account to require password change on next login without having to reset password
  • Added the LDAP server label field to the desktop UI
  • Added additional user icons to differentiate user states in the User Manager
  • Added a Legend dialog to display what the different user icons mean
  • Added URL redirect support to the web client for selecting authenticated links when the user isn't authenticated
  • HTTP/S session timeouts now properly trigger a logout event and session end time in the statistics database
  • Minor UI improvements and bug fixes
Version 8.0.4 Official Release -- 7/23/2016
  • Added options to control requiring account request settings on the account request signup form
  • Added an option to set a custom denial message for email notification when requested accounts are denied
  • Redesigned Shares web client page
  • Removed the default selection of TCP/IP as the network protocol for SQL Server ODBC drivers
  • Usuability enhancements and bug fixes for the New User Dialog in the User Manager
  • AD authentication optimizations to speed up and remove unnecessary domain queries
  • Numerous minor bug fixes and usuability enhancements with the UI
Version 8.0.2 Official Release -- 5/25/2016
  • Fixed a bug that sometimes resulted in being unable to send session report logoff emails
  • Fixed several minor Event Manager UI bugs
  • Added workarond for SSH clients that don't pad signatures RSA signatures in public key authentication
  • New, high-DPI icons for nearly every part of the desktop admin GUI
  • Improved User and Group pages in the User Manager
  • Lots of UI bug fixes in the User Manager
Version 8.0.1 Official Release -- 5/04/2016
  • Upgraded to OpenSSL 1.0.1t
  • Added an option to allow unauthenticated users to upload files to publicly shared folder links
  • Added options to delete empty folders and to filer files using regular expressions for folder monitoring
  • Added restricted upload file extension blocking in the User Manager for Professional end Enterprise editions
  • Added a regular expression testing dialog to the Event Manager for regular expression event conditions and folder monitor file filters
  • Added SSH SFTP copy-file extension command for performing remote file copies on the server
  • UI enhancements to the Event Manager
  • Fixed a bug that could result in losing AD and LDAP settings when upgrading old settings files
  • Fixed a bug that prevented the %USER% variable from working in public key certificate paths for Cerberus groups
Version Official Release -- 3/07/2016
  • Fixed a bug with certain international operating systems configurations that resulted in a failure to retrieve summary information, and errors opening the desktop Event Manager and Report Manager.
Version Official Release -- 3/03/2016
  • Fixed a bug introduced in that resulted in AD group to Cerberus group mappings being converted to AD user to Cerberus group mappings after saving
  • Fixed unzipping on the HTTPS web client
Version Official Release -- 3/01/2016
  • Upgraded to OpenSSL 1.0.1s
  • Stability and performance improvements
  • Changes to HTTPS web client configurations now take effect immediately
Version Official Release -- 2/05/2016
  • Added option for administrators to control what key exchange protocols are allowed with SSH2
  • The ChangePassword SOAP API now has an option for email notification of password changes to the end user, and for administrator resets without the prior knowledge of the user's password
  • Only send one event notification for HTTPS file uploads greater than 256 MB
  • Improved error reporting for CSV input
Version Official Release -- 1/29/2016
  • Upgraded to OpenSSL 1.0.1r
  • Improved FTP MDTM comand handling to better differentiate between getting and setting the time on a file
  • Improved error reporting on the desktop UI managers for when values are out of range for fields
  • Session report emails can not be sent to multiple recipients for a session report event action
  • Fixed a bug with the IP Manager's username auto-banning feature that resulted in a failure to block usernames on the ban list
  • Updated HTTPS web client and web admin web framework foundation classes
  • Added ability to set a default theme for the HTTPS web client by IP address
  • Fixed issue preventing users without delete permission from uploading more than 256MB of a file through the HTTP/S web client
  • Fixed issue with being unable to add zip and unzip actions in the Event Manager
  • Fixed issue with custom email body in events being stripped of newlines
Version Official Release -- 12/04/2015
  • Upgraded to OpenSSL 1.0.1q to address OpenSSL bugs and security vulnerabilities
  • SSL and SSH ephemeral DH keys now default to minimum 2048 bit strength
  • Fixed a problem with verifying ECDSA signatured for client SSH public keys
  • Default web administration cipher string strengthened to exclude several weaker ciphers
  • Web administration SSL cipher string and protocol support can now be customized by administrators
  • Enhanced error checking to prevent a client from attempting to upload a file through the HTTPS web client with an invalid name
  • Event Manager email event actions can now send emails to multiple email addresses with a single email action
  • Added a label field for LDAP server configurations to help admins differentiate between multiple LDAP configurations
Version Official Release -- 11/17/2015
  • Fixed an LDAP and AD public key authentication bug that resulted in the server being unable to find the public key file for mapped AD or LDAP users
  • Fixed the HTTPS web client allowing authenticated users to replace existing files on upload without delete permissions
  • Fixed SMTP server response handling to improve compatibility with SMTP servers
  • HTTPS web client will now prevent an upload from starting if the user doesn't have permission to replace an existing file
  • Added context menu support to several web administration tables
  • Added basic public download statistics collection for reporting
  • Minor bug fixes and improvements
Version Official Release -- 10/27/2015
  • Fixed an LDAP and AD authentication bug that could result in a crash in some situations
  • Fixed an restore users and settings from backup bug
  • More consistent and region-specific date formats for reports
Version Official Release -- 10/24/2015
  • Numerous minor bug fixed and Event Manager UI improvements
  • Added right-click menu support to Event Targets and Folder Monitor tables
  • Added clone rule option to event rules and sheduled tasks
  • Added clone action option to event rules and schedules tasks
  • Editing actions now modified edited action, instead of adding a new action
  • Fixed SSH SFTP file transfers always generating an upload notification
  • Added option to select AD or LDAP attribute for SSH public key location for groups in web administration
  • Fixed AD and LDAP authentication bugs when using public key authentication with AD or LDAP attributes
  • Cerberus desktop UI log link now opens up log directory, instead of UI-only log file
Version 8.0 Official Release -- 10/14/2015
  • Support uploading resume through the HTTPS web client
  • New option to always prompt for administrator password when launching the desktop admin UI
  • Active Directory and LDAP authentication now support default directories linked to AD and LDAP directory attributes
  • The Global Home\%USER and home directory default AD and LDAP mapping modes now have an option to configure home directory permissions
  • Active Directory and LDAP users can now pull SSH client public keys from AD or LDAP using a directory attribute instead of a file path for the default or mapped Cerberus group's public key path field
  • New, completely re-written Event Manager for both desktop and web administration
  • New Event Manager scheduled tasks
  • New Event Manager action to revoke a public link given a unique public file ID
  • New Event Manager action to wait for a specified number of seconds before executing next action
  • New Event Manager action to execute a server backup and save it to a file
  • New event trigger for account passwords expiring
  • New option to specify to stop executing event actions for a rule when an action fails
  • New option for emailing session reports action to not send report when session has no file activity
  • New option to specify what event rule variables are included in an email event notification
  • New option to specify addition body text in event emails
  • Back button added to file/session reports to return to original report when selecting a session
  • New option to export reports to CSV files
  • New IP username auto-banning
  • Detailed statistics now records directory creation
  • HTTP/S web client users are now prompted to set security questions on login if they haven't set them yet
  • New HTTP/S web client context menu with cut and paste file and directory support
  • You will now be prompted to automatically start the Windows Service if it is not running when you first launch the UI
  • The Cerberus desktop admin application now uses a separate log configuration file to prevent any conflict when writing to the same log as the service
  • Only the primary server administrator can now change remote admin settings
  • Administrators can now use the %USER% variable for public key file paths in Cerberus groups for SSH authentication
  • Enable or disable TLS 1.0, 1.1, and 1.2
Version 7.x Release Notes
Version 7.0.10 Official Release -- 7/10/2015
  • Upgraded to OpenSSL 1.0.1p to address an OpenSSL security vulnerability
  • Fixed a bug that would result in incomplete directory reads for SSH SFTP version 6 clients and directories with large numbers of files
  • Added an option to disable TLSv1.0 to the Advanced Security dialog
  • Added an option to perform an alternate method of checking the AD groups an AD user belongs to for domains that don't return group information for a user through ADSI
  • Moved the XML parser for the UI settings file to the same XML framework used for the service settings file
Version 7.0.9 Official Release -- 6/12/2015
  • Upgraded to OpenSSL 1.0.1m to address OpenSSL bugs and security vulnerabilities
Version Official Release -- 5/08/2015
  • Fixed a bug related to public IP auto-detection that could result in a server crash under certain unusual circumstances
  • Fixed a bug related to user Cerberus accounts that are part of a group ignoring the group's is anonymous setting and using the original account setting
Version Official Release -- 3/19/2015
  • Upgraded to OpenSSL 1.0.1m to address OpenSSL bugs and security vulnerabilities
  • Completed transition of web administration virtual directory, AD, LDAP, event, and license dialogs to new mobile-friendly framework
  • CSV importer can now understand different line encodings
  • Added option to exclude passive port range from syncing
  • You can now customize the email subject for session reports
  • Fixed synchronization and timer bugs that could result in server crashes
Version Official Release -- 2/25/2015
  • Fixed socket send bug that could result in being unable to terminate a connection when a buggy client didn't signal it was ok to send data
  • Fixed a bug in FTP download resumes that could result in corrupt resumed downloads
  • Added SOAP API calls to set and retrieve the IP block list
  • More robust CIDR list import support
  • Added check to make sure an account request cannot be approved if there is already a user with that account name (web administration)
  • Added HTTPS range header support (HTTP/s file download resume and better web video playback)
Version Official Release -- 1/12/2015
  • Updated to OpenSSL 1.0.1k to address security vulnerabilities in OpenSSL
  • New public file sharing SOAP API call to generate a public link to an existing file
Version Official Release -- 11/11/2014
  • Properly advertise integrity checking command support for SSH SFTP to clients
  • Added CRC32 checksum as SSH SFTP integrity checking option
  • Do not send ".." as part of a directory listing when at a user's root for FTP and SFTP
  • Fix web administration and SOAP DLL exception
Version Official Release -- 10/31/2014
  • Web client Address books are now sortable by email or name
  • Auto-suggest from address book when emailing public links now returns matching names in addition to email addresses
  • External event processes no longer need their paths quoted when there are spaces in the path
  • The working folder now correctly resets for external event process actions when changing the path of an exiting process
  • Removed emtpy log statement for HTTPS uploads
  • Updated HTTPS web client and web administration core libraries
  • Fix web administration and SOAP DLL exception
Version Official Release -- 10/16/2014
  • Disable SSLv3.0 by default
  • Add an option to enable SSLv3.0 on the Advanced Security page
Version 7.0.5 Official Release -- 10/15/2014
  • Updated to OpenSSL 1.0.1j to address security vulnerabilities in OpenSSL
Version 7.0.4 Official Release -- 09/17/2014
  • Major re-design of web administration. Switched to a more modern, responsive web framework that scales on different devices
  • Added options to manage remote settings and secondary web administrators through web administration
  • Added clone user and clone group functions to web administration
  • Added option to test cipher strings to web administration
  • Added ability to override group properties on users to web administration
  • Added additional local directory and file selection controls to web administration
  • Added public share editing to web administration
  • Added same report generation controls present on the desktop to web administration
  • Added additional advanced options to web administration
  • Fixed CSV export and import for PBKDF2 HMAC SHA256 and PBKDF2 HMAC SHA512 hashed passwords by adding iteration count
  • HTTP/S web client uploads now show up in the active transfers list and are tracked in the upload speed meter control
  • Minor bug fixes and improvements
Version 7.0.3 Official Release -- 08/07/2014
  • Updated to OpenSSL 1.0.1i to address security vulnerabilities in OpenSSL
  • Fixed HTTP/S web client password strength meter bug in IE8
  • Disabled accounts and accounts configured to allow only SFTP access with public key authentication will no longer receive password expiring emails
  • 3DES encryption cipher is now considered at 112 bit symetric strength to better reflect effective strength
Version 7.0.2 Official Release -- 07/30/2014
  • Disabled users will also register with the "stop authentication if user exists" Policy settings
  • Added PBKDF2 HMAC SHA256 and PBKDF2 HMAC SHA256 stretched password hashing algorithms as password storage hash options
  • Added ability to select active SSH2 ciphers and HMAC algorithms
  • Added SSH2 cipher minimum bit strength display to Summary page
  • HTTP/S web client now allows zero-length file uploads
  • Fixed a problem with the web client data/time control for IE 8 users
  • Added support for generating the correct share link path when connections come in from an HTTPS proxy to a Cerberus HTTP listener
  • Reports now track whether a file operation succeeded or failed
  • Fixed web client bug for displaying local time that only used the user setting for displaying local time
Version 7.0.1 Official Release -- 07/04/2014
  • Fixed a bug in web client folder uploads for Chrome
  • Fixed a bug on web client email selection and address book auto-complete
  • Added an option to force all publicly shared files and folders be password protected
  • Added more account options for CSV import (unlimited directories, password hashes, additional account parameters)
  • Added capability to export user accounts as CSV files
  • Added dedicated require password change option for native accounts
  • Enhanced the default cipher list for HTTPS web administration to require minimum 128-bit, strong ciphers
  • Added option to initiate automatic download of zip file without storing the resulting file on the server for web client zip operations
  • Clients can now modify the share until date on their own publicly shared files
  • Added web client in-browser editing of simple text-based files
Version Official Release -- 06/05/2014
  • Updated to OpenSSL 1.0.1h to address security vulnerabilities in OpenSSL
  • Added new MAC SSH algorithms hmac-ripemd160 and hmac-ripemd160@openssh.com
  • Added DeleteDirectoryFromGroup, AddDirectoryToGroup SOAP API calls
  • Renamed AddRoot, DeleteRoot to AddDirectoryToUser, DeleteDirectoryFromUser SOAP API calls
  • Added create directory option to AddDirectoryToUser and AddDirectoryToGroup API calls
Version Official Release -- 05/27/2014
  • Fixed an information disclosure for SSH logins vulnerability. Analysis of failed login result could allow attacker to determine if an account exists or not. Thanks to Steve Embling, a Pentura Security Researcher, for discovering and reporting this vulnerability.
  • Fixed ability to update to a different theme in the web client for LDAP and AD accounts
  • Fixed web client file list sorting
  • Hide the security question list for AD and LDAP accounts since they can't currently use the password reset feature
  • Added password strength/entropy meter to HTTP/S web client account request and change password pages
Version Official Release -- 05/22/2014
  • Added 3DES back to the list of available SSH ciphers
  • Added a cipher list test button and a cipher list box to the Advanced Security dialog
  • Changed the ephemeral EC generated to be compatible with IE
  • IE8 HTTP/S web client improvements
Version 7.0 Official release notes --
  • New 7.0 Release
  • Redesigned HTTP/S web client that's been optimized for both desktop and mobile browsers
  • Folder upload through HTTP/S web client with Chrome
  • Enhanced web client address book for users
  • Web client custom theme support
  • Web client search support
  • Web client image and video thumbnail viewing
  • Redesigned Report Manager
  • Added report sorting
  • Added multiple web administrators with fine grained access controls
  • Publicly shared file links are now included in user statistics reporting
  • Added max share duration limit for publicly shared links
  • User manager UI improvements
  • Event manager UI improvements
  • Performance improvements
  • Enhanced login reports
  • New session file access email report event action
  • Email notification of important events like user password expiration and password changes
Version Official release notes --
  • Fixed "Disable after X failed login attempts" not working for accounts that were part of a group
  • UI will properly reflect password change permissions for a user when that user is a member of a group
  • HTTP/S web client will no longer prompt users with the expired password change dialog if they don't have permission to change their password
  • Modified HTTP/S cache-control mechanism for user file downloads to ensure no user file caching
  • Added sort-by-group to the User Manager's users list
  • Do not attempt to shutdown a client-disconnected socket if the connection terminates abnormally
  • Updated OpenSSL library to address the recent OpenSSL TLS heartbeat vulnerability referenced by CVE-2014-0160
Version 6.0.7 Official release notes --
  • Fixed a non-public security vulnerability for authenticated users
  • Fixed an HTTP/S web client session timeout during long file uploads
  • Fixed a bug that could result in a server crash when FTPS connections timed-out
  • Closed user accounts no longer copy last login times from cloned account
  • Significantly increased the HTTP/S buffer size for sending files
  • Increased the default socket send/receive size and made it configurable
Version Official release notes --
  • Updated to OpenSSL 1.0.1f
  • Workaround for mobile Safari video upload bug in web client
Version Official release notes --
  • Added a Public Share page to the User Manager to allow revoking and monitoring user public shares
  • Added an option to specify which SMTP server public file sharing should use
  • Added an option to always use the SMTP server authentication email address for all public sharing emails
  • Automatically reset max connections and re-enable listeners when an expired trial is licensed
  • Report Manager can now handle queries on just a date from or date to. Previously could only handle date range, or no date.
  • Added password last changed date to the Login report in the Report Manager
  • Fixed a problem with filenames with spaces getting truncated in Firefox when using the download button in the web client
  • Statistics reports and public file sharing emails now report byte sizes in more human readable formats
Version Official release notes --
  • Added AES CTR ciphers for SSH2
  • Added an option to change the root system logger level from the UI
  • Added an option on the policy page to force always using the UPN name for AD user home directory names
  • Event system performance improvements
  • Fixed an event variable email substitution bug that resulted in email to names and emails not being scanned for variables
Version Official release notes --
  • Added a new backup server synchronization manager
  • Added auto-complete for AD user and Cerberus group selection in the web admin AD and LDAP pages
  • Added ability to create AD group to Cerberus group mappings in the web admin AD page
  • Updated the event manager with a dedicated button and dialog for adding new rules
  • Added a backup server synchronized event rule
  • Added "does not contain" as an operation for rule filters
  • Updated web administration with limited event rule editing
  • Added online help links to almost all dialogs
  • New fault tolerance features for ensuring XML configuration files will never be left in a partially written state because of an application failure
  • Fixed a bug that resulted in failed public key authentication in some instances when a user was a member of a group that used public key authentication
  • Minor UI bug fixes and improvements
Version Official release notes --
  • Added address book for HTTP/S web client users
  • Added public folder sharing through the HTTP/S web client
  • Public file sharing emails can now have multiple recipients
  • Optimzed HTTP/s web client by reducing script and image files
  • Fixed zip archives do not properly handle file names with non-ASCII characters
  • Added log threshold to Syslog logger
  • Enhancements to MDTM path checking to more accurately detect getting or setting mode
  • Enhancements to email notification
  • Event manager usability improvements
  • Changed the default SOAP/HTTP web administration port to 10001 for new installations
  • Ensure most recent settings are saved to disk before a backup
  • Additional database setup error detection
  • Enhancements to SFTP rename/move to allow renames/moves across volumes, handle very large file paths, and to support overwrite renames
Version Official release notes --
  • Added full UPN support for AD authentication
  • Added password changing for LDAP users
  • Added an account disable option for users that haven't logged in within a certain number of days
  • Added a %USER% variable that can be used in virtual directory names and paths for users and groups
  • Added an option to automatically create directories when approving a new account request
  • Improved logic for detecting whether the data connection was gracefully closed at the end of an FTP STOR command
  • Added a timer to ensure HTTP/S sessions are cleaned up and closed when they timeout
  • Added support for the X-Frame-Options DENY header for HTTP/S web client page responses
  • Added an advanced option to allow setting the temporary folder used for HTTP/S web client uploads
  • Added an advanced option to specify the default share time (in hours) for publicly shared files
  • Added an option to allow user to specify a password for publicly shared files
  • Added two events for when a public file is shared, and when a public file is downloaded
  • Added bytes transferred information to the log for files uploaded and downloaded
  • Added tracking information to see when a public file is downloaded
  • Fixed a bug that could result in an error for valid LDAP search filters
  • Fixed an HTTP/S web client upload bug for uploading to non-ASCII directory paths
  • Newly created Microsoft databases will now store Unicode text properly for statistics and reporting
Version Official release notes --
  • Added a note field for IP access items in the IP Manager
  • Added username to all FTP/S and SSH SFTP client command log messages to match HTTP/S auditing
  • Improved CSV importing, including support for CSVs exported from third party servers
  • Improved auto-updater to allow more selective auto-updating
  • Cleaner web administration pages and additional error checking
  • Added ability to change several new settings through web administration
  • Added a local file and directory selector for file path settings in web administration
  • Fixed an issue where the FTP MLST command would fail on files on a network share
  • Fixed a bug related to how auto-blocking works with whitelist mode
Version Official release notes --
  • Fixed telephone number wasn't included with account request notification
  • Fixed email server selection for account approval in the web client was ignored
  • Fixed setting for modifying hidden directory attribute on virtual directories would not save
  • Added HTTP POST event target configuration capability to web admin
  • Added public sharing as a permission option for virtual directories in the web admin
  • Fixed inconsistent virtual directory permission selection behavior in the web admin
  • Improvements to adding and removing LDAP and AD configurations in the web admin
  • Fixed "Password Never Expires" setting ignored when adding new accounts
  • CSV import now supports setting max logins, max upload filesize, and initial directory for a new user account
Version 6.0 Official release notes --
  • Upgraded FIPS OpenSSL to 1.0.1 with TLS 1.1 and TLS 1.2 support
  • Added advanced statistics collection and a new Report Manager
  • Added public file sharing to the web client
  • Updated web client upload control
  • Users and groups can now have whitelist IP ranges
  • AD groups can now be mapped to Cerberus groups for assigning virtual directories
  • Configurable timeout support for HTTP/S web client sessions
  • Zip and unzip file operation actions for event actions
  • HTTP POST operation event action to allow posting event information to a URL
  • More variables for events
  • Added variable substitution to event email recipient name and email address fields
  • Added ability to customize email subjects on event emails, including variable substitution in subjects
  • Added ability to set disable after time for users and groups through web administration
  • Updated, easier to use AD and LDAP admin pages
  • Access to advanced security settings from the Settings page
  • Access AD and LDAP user attributes like name and email address for events

Key Features

Download | Support | Contact Us | Terms And Conditions | Privacy Policy