Syncplify Developers Blog

Release notes and blog by the developers at Syncplify

Tag dos

Syncplify Devs
July 9, 2024

Syncplify Server! is also *NOT* vulnerable to CVE-2024-6409

Following up to our previous post in which we informed our user-base that Syncplify Server! is not affected by CVE-2028-6387, today we have the pleasure to share with you that Syncplify Server! is also completely unaffected by the newly discovered CVE-2024-6409.

CVE-2024-6409 is a signal handler race condition vulnerability in the OpenSSH server (sshd) that occurs when a client fails to authenticate within the LoginGraceTime, potentially leading to information disclosure, denial of service, or unauthorized access.

Syncplify Server!, by virtue of not being based on OpenSSH, does not have such vulnerability.

Leave a comment InGeneral Syncplify Server!
Syncplify Devs
July 16, 2023

Syncplify Server! v6.2.4 released 🚨

Importance of this update: HIGHEST
Fixed
  • A deeply nested bug in the FTP(E/S) protocol handler could have allowed a cleverly crafted attack to cause a DoS in this particular protocol subsystem; all other protocol handlers (Shell, SCP, SFTP, HTTPS, …) would still be functioning just fine – now this risk has been averted

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
March 21, 2023

Syncplify Server! v6.0.24 released 🚨

Importance of this update: CRITICAL HOT-FIX
Fixed
  • Fixed vulnerability in the SSH2/SFTP protocol handler that could cause memory leaks and, under certain circumstances, even a DoS situation
  • Fixed several minor/cosmetic bugs in the HTTPS protocol handler (WebClient! UI)

Upgrading from v6.0.x is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!