Syncplify Server! v6.2.23 released 🔥

Importance of this update: HIGHEST (URGENT HOT-FIX!!!)
What’s changed?
  • Fixed a potentially catastrophic bug that could suddenly cause your Syncplify Server! to lose its “initialized” status, de facto rendering it non functional and causing the loss of parts of your configuration (or even all of it)
  • Tiny minor/cosmetic bug-fixes here and there in the web UIs

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!


Upgrade to v6.2.21 now (and be safe from the Terrapin Attack)

Every once in a while something happens that shakes up an entire industry. This is one such time.

The Terrapin Attack (CVE-2023-48795) affected practically every SSH server from every vendor on the planet. And though the bug wasn’t in our own code, we inherited it from Go’s ssh package, so our server software ended up being affected as well.

Kudos to the Go developers who identified and fixed the issue before the CVE was even made public! We will be forever grateful to them, as their timeliness allowed us to release v6.2.21 before this problem affected any of our customers.

We did our part, now it’s all up to you: to make sure your Syncplify Server! is protected from the Terrapin Attack, please, upgrade to v6.2.21+ with the utmost level of urgency. Thank you!


Syncplify Server! v6.2.21 released 🔥

Importance of this update: VERY HIGH
What’s changed?
  • The Golang standard library was updated to address a yet-to-be-disclosed CVE that could potentially affect SSH/SFTP services, this release incorporates such updates to keep your server safe
  • Importing old V4/V5 backups now works a little better even when such backups contain errors and misconfigurations (some of them are addressed by applying sensible default settings)
  • Parameters (see this KB article) can now be used in all Virtual File Systems, and not only in “Disk” VFSs as it used to be

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!


Syncplify Server! v6.2.14 released

Importance of this update: IMPORTANT (security)
What’s changed?
  • Fixed a small bug in the way password complexity rules were enforced
  • Fixed a small bug in the SyngoDB backend configuration database
  • Updated Go compiler to the most recent version (which also includes several security-related bug-fixes to its standard library)

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!


Syncplify Server! v6.0.24 released 🚨

Importance of this update: CRITICAL HOT-FIX
Fixed
  • Fixed vulnerability in the SSH2/SFTP protocol handler that could cause memory leaks and, under certain circumstances, even a DoS situation
  • Fixed several minor/cosmetic bugs in the HTTPS protocol handler (WebClient! UI)

Upgrading from v6.0.x is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!


Syncplify Server! v6.0.22 released 🔔

Today we released Syncplify Server! v6.0.22; here’s what’s new and improved in this version.

Importance of this update: IMPORTANT
Fixed
  • PUT/GET operations are now logged correctly, even when the client issues a STAT command on the open file handle before the file-transfer is finished
  • Fixed a memory leak in the session manager that only affected the ARM build of the software (x86-64 Windows and Linux versions were not affected)
  • Fixed a small memory leak in the scripting and event-handling subsystem that affected all builds on all platforms and could cause memory exhaustion over time if this subsystem was actively used
  • Fixed importing LDAP server profiles from old V5 backups
Improved
  • Optimized global server configuration loads/reloads for speed and reduced memory footprint
  • General code cleanup, removed unused/old libraries and all references to MongoDB (even in the comments)
  • Usernames are no longer treated as case-sensitive, as POSIX compliance does not require case-sensitivity for usernames (only for passwords)
Added

Upgrading from v6.0.x is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!


Tackling memory leaks… the Go way

We recently discovered two small memory leaks in our worker process, one that affected only the ARM architecture build, and one that affected all builds regardless of the CPU architecture (but only if you use scripting and event-handling). Although both of them were very small and limited in scope, over long periods of time they could lead to the unwanted allocation of a significant part of your system memory.

As many of you know, Go has a pretty nifty garbage-collector, but that doesn’t mean that all memory issues are magically prevented. Programmers still have to be clever with allocations and references.

Long story short, we spent the last week delving in pprof to hunt down, identify, and resolve these two memory leaks, and here’s the result:

As you can see, after our fixes now the worker process uses a stable amount of memory (~120 MB) and CPU (~0.7%) under constant load (~750 Mbps sustained transfer rate from 3 concurrent clients). The chart above was acquired over an observation period of 24 hours under stress-test conditions.

These fixes will be incorporated into version 6.0.22.