Syncplify Developers Blog

Release notes and blog by the developers at Syncplify

All posts by Syncplify Devs

Syncplify Devs
January 15, 2024

Upgrade to v6.2.21 now (and be safe from the Terrapin Attack)

Every once in a while something happens that shakes up an entire industry. This is one such time.

The Terrapin Attack (CVE-2023-48795) affected practically every SSH server from every vendor on the planet. And though the bug wasn’t in our own code, we inherited it from Go’s ssh package, so our server software ended up being affected as well.

Kudos to the Go developers who identified and fixed the issue before the CVE was even made public! We will be forever grateful to them, as their timeliness allowed us to release v6.2.21 before this problem affected any of our customers.

We did our part, now it’s all up to you: to make sure your Syncplify Server! is protected from the Terrapin Attack, please, upgrade to v6.2.21+ with the utmost level of urgency. Thank you!

Leave a comment InRelease Notes Syncplify Server!
Syncplify Devs
December 18, 2023

Syncplify Server! v6.2.21 released 🔥

Importance of this update: VERY HIGH
What’s changed?
  • The Golang standard library was updated to address a yet-to-be-disclosed CVE that could potentially affect SSH/SFTP services, this release incorporates such updates to keep your server safe
  • Importing old V4/V5 backups now works a little better even when such backups contain errors and misconfigurations (some of them are addressed by applying sensible default settings)
  • Parameters (see this KB article) can now be used in all Virtual File Systems, and not only in “Disk” VFSs as it used to be

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
December 7, 2023

Syncplify Server! v6.2.20 released

Importance of this update: MINOR
What’s changed?
  • Special ISO-8859-1 characters in old V4/V5 backups are now correctly converted to UTF8 when restoring (importing) those backup files into a new Syncplify Server! V6

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
November 28, 2023

Syncplify Server! v6.2.19 released

Importance of this update: HIGH
What’s changed?
  • A bug in our implementation of the support for the mget command used by the standard Linux FTP client has been fixed, wildcards are now supported correctly – other protocols (SFTP, SCP, WebClient!, …) were not affected, this bug only affected our implementation of the FTP protocol

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
November 24, 2023

Syncplify Server! v6.2.18 released

Importance of this update: NORMAL
What’s changed?
  • On new installs the setup process does not create an RSA host key anymore, upgrades and restores from backups will not remove your existing RSA keys though
  • The repairhttp command-line verb now uses better defaults for HTTPS/WebClient! configuration
  • Better HTTPS/WebClient! default values are also used now when creating a new Virtual Site
  • Fixed the list of host key algorithms returned to SSH/SFTP clients, now it won’t include algorithms for keys your server doesn’t have
  • Upgraded the compiler to the most recent version to capture several fixes and improvements in its standard library

Read More

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
November 20, 2023

This is why you should use RSA host keys carefully, or just stop using them altogether

An extremely interesting research paper published in 2023 by Keegan Ryan, Kaiwen He, George A. Sullivan, and Nadia Heninger, mathematically proves yet another weakness with RSA keys – often used as host keys by/for SSH/SFTP servers – and this time it has to do with the way they are generated.

Without delving into the math itself, which is not the purpose of this blog, we would like to take this occasion to advise our customers to use stronger keys, like ECDSA or Ed25519, instead of RSA for their host keys.

Read More

Leave a comment InSyncplify Server!
Syncplify Devs
November 17, 2023

Syncplify Server! v6.2.17 released

Importance of this update: MINOR
What’s changed?
  • Fixed small bug in the Admin UI that occasionally prevented the removal of cipher-suites from the HTTPS/WebClient! advanced configuration page (for experts only)

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
November 4, 2023

Syncplify Server! v6.2.16 released

Importance of this update: MINOR
What’s changed?
  • Fixed leftover function that was still looking for auth token in cookies

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
October 14, 2023

Syncplify Server! v6.2.14 released

Importance of this update: IMPORTANT (security)
What’s changed?
  • Fixed a small bug in the way password complexity rules were enforced
  • Fixed a small bug in the SyngoDB backend configuration database
  • Updated Go compiler to the most recent version (which also includes several security-related bug-fixes to its standard library)

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!