We are announcing the latest release of SFTPPlus version 4.9.0.
New Features
- The SSL Certificate Authority configuration now supports validating partial CA chains. This allows for authenticating remote HTTPS connections through self-signed and self-issued certificates. Using a pinned non-CA certificate is also allowed. [#2198-1]
- The AS2 server can now respond to asynchronous AS2 MDNs. [server-side][as2] [#2198]
- You can now configure an account to receive files over AS2 without requiring a password. Files received over AS2 still need to be validated for signature and encryption. [server-side][as2] [#5490]
- HTTP connection requests to HTTPS services such as the Local Manager web administration interface or the HTTPS file transfer service are now automatically redirected to HTTPS. [server-side] [#5512]
- You can now configure a client-side transfer to operate on files using a temporary prefix. Previous versions only supported a temporary suffix. [client-side] [#5514]
- The SSH (SFTP/SCP) list of secure ciphers no longer contains CBC mode ciphers. They are no longer enabled by default, although still supported. You can still explicitly enable Cipher Block Chaining modes for aes256-cbc, aes192-cbc, and aes128-cbc using the ssh_cipher_list configuration. [sftp][scp] [#5529-1]
- The SFTP/SCP file transfer services and locations now support ECDSA SSH keys. Supported SSH key types are ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, and ecdsa-sha2-nistp521. [sftp][server-side][client-side] [#5529]
- The SFTP/SCP file transfer services and locations now support Ed25519 SSH keys for system using OpenSSL version 1.1.1 or above. Supported SSH key type is ssh-ed25519. [sftp][server-side][client-side] [#5529]
- SSH host keys for SFTP/SCP server-side services are now configured using a single configuration option named ssh_host_keys. [server-side][sftp] [#5533]
Defect Fixes
- When transferring concurrent files through multiple transfers, the transfer queue is no longer stalled after the destination location is reconnected. [client-side] [#5519]
- Components listed on the Local Manager general status page are now sorted in alphabetical order. [manager] [#5537]
Deprecations and Removals
- The following SSH ciphers are no longer supported: cast128-ctr, blowfish-ctr, and 3des-ctr. The CBC mode for these ciphers are still supported. [sftp] [#5529]
- The rsa_private_key and dsa_private_key configuration options were removed, being replaced by a single ssh_host_keys configuration option. For backward compatibility, the old configuration options are still supported. [server-side][sftp] [#5533]
- The SSH (SFTP/SCP) list of secure ciphers no longer contains CBC mode ciphers. Cipher Block Chaining modes aes256-cbc, aes192-cbc, and aes128-cbc were removed for potential security vulnerabilities. [sftp][scp] [#5529-1]
You can check the full release notes here.