Syncplify Developers Blog

Release notes and blog by the developers at Syncplify

Tag bug

Syncplify Devs
April 3, 2024

Syncplify Server! Users: Rest Easy, You’re Safe from the XZ Vulnerability

Heads up, admins! A recently discovered vulnerability in the XZ library has system administrators scrambling to patch their SFTP servers. This vulnerability could grant unauthorized access to affected Linux systems – not a fun situation.

But here’s some good news for Syncplify Server! users: you can breathe easy. Syncplify Server! does not utilize the XZ library, meaning your SFTP (and SSH2) server is completely unaffected by this specific exploit.

At Syncplify, security is paramount. We understand the critical role secure file transfer plays in your organization, and we take every precaution to ensure your data remains protected. This isn’t the first time Syncplify has proven its commitment to security:

  • Our software remained unscathed by the Heartbleed bug in 2014.
  • The Terrapin exploit discovered in 2023 posed no threat to Syncplify users.
  • And now, you can add the XZ library vulnerability to the list of non-issues for Syncplify Server! users.

This focus on security is what makes Syncplify the trusted choice for system administrators worldwide.

Looking for More Info?

For a deeper dive into Syncplify’s security features, check out our documentation: https://www.syncplify.com.

If you have any questions, don’t hesitate to reach out to our team. They’re happy to help!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
January 31, 2024

Syncplify Server! v6.2.23 released 🔥

Importance of this update: HIGHEST (URGENT HOT-FIX!!!)
What’s changed?
  • Fixed a potentially catastrophic bug that could suddenly cause your Syncplify Server! to lose its “initialized” status, de facto rendering it non functional and causing the loss of parts of your configuration (or even all of it)
  • Tiny minor/cosmetic bug-fixes here and there in the web UIs

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
October 14, 2023

Syncplify Server! v6.2.14 released

Importance of this update: IMPORTANT (security)
What’s changed?
  • Fixed a small bug in the way password complexity rules were enforced
  • Fixed a small bug in the SyngoDB backend configuration database
  • Updated Go compiler to the most recent version (which also includes several security-related bug-fixes to its standard library)

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
March 12, 2023

Tackling memory leaks… the Go way

We recently discovered two small memory leaks in our worker process, one that affected only the ARM architecture build, and one that affected all builds regardless of the CPU architecture (but only if you use scripting and event-handling). Although both of them were very small and limited in scope, over long periods of time they could lead to the unwanted allocation of a significant part of your system memory.

As many of you know, Go has a pretty nifty garbage-collector, but that doesn’t mean that all memory issues are magically prevented. Programmers still have to be clever with allocations and references.

Long story short, we spent the last week delving in pprof to hunt down, identify, and resolve these two memory leaks, and here’s the result:

As you can see, after our fixes now the worker process uses a stable amount of memory (~120 MB) and CPU (~0.7%) under constant load (~750 Mbps sustained transfer rate from 3 concurrent clients). The chart above was acquired over an observation period of 24 hours under stress-test conditions.

These fixes will be incorporated into version 6.0.22.

Leave a comment InGeneral Syncplify Server!
Syncplify Devs
December 28, 2022

Syncplify Server! v6.0.2 released

Today we released Syncplify Server! v6.0.2; here’s what’s new and improved in this version.

Fixed
  • Bug in the restore procedure from old version (v4/v5) database backups, which neglected to drop some of the collections prior to restoring them, and consequently produced an unusable restored configuration

Upgrading from v6.0.x is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!