Syncplify Developers Blog

Release notes and blog by the developers at Syncplify

Tag sftp

Syncplify Devs
December 18, 2023

Syncplify Server! v6.2.21 released 🔥

Importance of this update: VERY HIGH
What’s changed?
  • The Golang standard library was updated to address a yet-to-be-disclosed CVE that could potentially affect SSH/SFTP services, this release incorporates such updates to keep your server safe
  • Importing old V4/V5 backups now works a little better even when such backups contain errors and misconfigurations (some of them are addressed by applying sensible default settings)
  • Parameters (see this KB article) can now be used in all Virtual File Systems, and not only in “Disk” VFSs as it used to be

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
November 24, 2023

Syncplify Server! v6.2.18 released

Importance of this update: NORMAL
What’s changed?
  • On new installs the setup process does not create an RSA host key anymore, upgrades and restores from backups will not remove your existing RSA keys though
  • The repairhttp command-line verb now uses better defaults for HTTPS/WebClient! configuration
  • Better HTTPS/WebClient! default values are also used now when creating a new Virtual Site
  • Fixed the list of host key algorithms returned to SSH/SFTP clients, now it won’t include algorithms for keys your server doesn’t have
  • Upgraded the compiler to the most recent version to capture several fixes and improvements in its standard library

Read More

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
September 27, 2023

Syncplify Server! v6.2.10 released

Importance of this update: MINOR
What’s changed?
  • Several cosmetic improvements to WebClient!
  • Improved sanitization and validation of bindings when saving/editing a virtual site
  • Improved sanitization of the configuration for SFTP-type VFSs

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
March 21, 2023

Syncplify Server! v6.0.24 released 🚨

Importance of this update: CRITICAL HOT-FIX
Fixed
  • Fixed vulnerability in the SSH2/SFTP protocol handler that could cause memory leaks and, under certain circumstances, even a DoS situation
  • Fixed several minor/cosmetic bugs in the HTTPS protocol handler (WebClient! UI)

Upgrading from v6.0.x is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
August 16, 2021

Syncplify.me AFT! v3.1.4 released

We have released version 3.1.4 of our automated file transfer client, Syncplify.me AFT!
This update features the following improvements:

  • Workaround: uploads now can be completed even when the SFTP server doesn’t accept certain standard file-open flags, this allows to use AFT!, for example, to upload files to S3 via AWS’s quirky S3-SFTP protocol handler.

Thank you.

Leave a comment InSyncplify AFT!
Syncplify Devs
July 17, 2021

First “seriously serious” stress-test for V6

As the time to release Syncplify Server! V6 approaches rapidly, we now have the pleasure to begin performing real serious stress-tests on our SFTP engine.

The idea is to “throw everything we’ve got at it”, and try our hardest to make it crash… or at least leak some memory, or misbehave in any way. The underlying concept is: if we can find a way to hack/damage/crash our server, someone else may be able to do the same; so we don’t want that.

Well, enough chit-chat, here’s the raw data, followed by a plain English explanation:

{
    "sessSshSftp":       689841,
    "fileUp":            16552,
    "fileDn":            16433,
    "fileUpFail":        0,
    "fileDnFail":        0,
    "transferUpMb":      "3.156491 TB",
    "transferDnMb":      "3.152610 TB",
    "scriptsRun":        33127,
    "crashOrPanic":      0,
    "successfulAttacks": 0
}

The test ran for 2 hours, with 56 concurrent attackers designed to introduce the highest possible level of fuzziness in their behavior. This is to ensure that neither the server nor our development team knows ahead of time exactly how the attackers will perform their attacks.

Attacks may include any mix of the following:

  • protocol violations
  • abrupt connection interruptions
  • flooding of concurrent rapid-fire connection/disconnection cycles
  • authentication tampering or bypass
  • permission escalations
  • directory traversals
  • command injections
  • random data packets with wrong size, MAC, or some other wrong syntax/structure/payload

In total, 689,841 client sessions were gracefully handled (~96 sessions per second). The sustained file transfer speed over the course of the 2-hour test was on average 876.26 MB/sec.

Nevertheless, no attack was successful. And, at the end of the test, Syncplify Server! V6’s worker process was still using only ~44.6 MB of RAM.

We feel pretty good about this.

Leave a comment InSyncplify Server!