Syncplify Server! Users: Rest Easy, You’re Safe from the XZ Vulnerability

Heads up, admins! A recently discovered vulnerability in the XZ library has system administrators scrambling to patch their SFTP servers. This vulnerability could grant unauthorized access to affected Linux systems – not a fun situation.

But here’s some good news for Syncplify Server! users: you can breathe easy. Syncplify Server! does not utilize the XZ library, meaning your SFTP (and SSH2) server is completely unaffected by this specific exploit.

At Syncplify, security is paramount. We understand the critical role secure file transfer plays in your organization, and we take every precaution to ensure your data remains protected. This isn’t the first time Syncplify has proven its commitment to security:

  • Our software remained unscathed by the Heartbleed bug in 2014.
  • The Terrapin exploit discovered in 2023 posed no threat to Syncplify users.
  • And now, you can add the XZ library vulnerability to the list of non-issues for Syncplify Server! users.

This focus on security is what makes Syncplify the trusted choice for system administrators worldwide.

Looking for More Info?

For a deeper dive into Syncplify’s security features, check out our documentation:

If you have any questions, don’t hesitate to reach out to our team. They’re happy to help!

Syncplify Server! v6.2.14 released

Importance of this update: IMPORTANT (security)
What’s changed?
  • Fixed a small bug in the way password complexity rules were enforced
  • Fixed a small bug in the SyngoDB backend configuration database
  • Updated Go compiler to the most recent version (which also includes several security-related bug-fixes to its standard library)

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

V6 is safer than ever

We just ran the full suite of updated metasploit tests against the latest Syncplify Server! V6 alpha, and we’re happy to announce that our new version withstood all attacks without even breaking a sweat.

The new and improved ProtectorTM was able to identify all known and unknown attacks, add all attacking IP addresses to the block-list, without ever using more than 0.28% of the VM’s combined vCPU core capacity.