Syncplify

11/20/2023

An extremely interesting research paper published in 2023 by Keegan Ryan, Kaiwen He, George A. Sullivan, and Nadia Heninger, mathematically proves yet another weakness with RSA keys - often used as host keys by/for SSH/SFTP servers - and this time it has to do with the way they are generated. Without delving into the math itself, which is not the purpose of this blog, we would like to take this occasion to advise our customers to use stronger keys, like ECDSA or Ed25519, instead of RSA for their host keys....

11/17/2023

Importance of this update: MINOR What’s changed? Fixed small bug in the Admin UI that occasionally prevented the removal of cipher-suites from the HTTPS/WebClient! advanced configuration page (for experts only) IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

11/04/2023

Importance of this update: MINOR What’s changed? Fixed leftover function that was still looking for auth token in cookies IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

10/26/2023

Importance of this update: NORMAL What’s changed? Updated back-end SyngoDB to version 4.10.2 Improved stability of the process that allows a node to join an existing high-availability (HA) set SuperAdmin and Admin UI no longer store the JWT in a cookie, instead they now return it in the response to the login APIs IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

10/14/2023

Importance of this update: IMPORTANT (security) What’s changed? Fixed a small bug in the way password complexity rules were enforced Fixed a small bug in the SyngoDB backend configuration database Updated Go compiler to the most recent version (which also includes several security-related bug-fixes to its standard library) IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

10/10/2023

Importance of this update: HOT-FIX (for HA) What’s changed? Fixed a small bug in the update function (only present in high-availability deployments composed of 3 or more nodes) IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

10/08/2023

Importance of this update: SECURITY HOT-FIX What’s changed? Fixed a vulnerability in one of the libraries used by the web UIs (SuperAdmin, Admin, and WebClient); for the record, this vulnerability was only exploitable in npm (node.js) so within the context of our software was non-exploitable, but we figured it would be better to update that 3rd-party library to its newer and bug-free version anyway....

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

10/05/2023

Many of our customers don't realize that the WebClient! login page can be customized with a high degree of flexibility. In fact you can upload a custom logo, and you can configure a custom title and disclaimer. The disclaimer in particular supports markdown and even variables! By applying the above configuration, here's the resulting WebClient! login page:

Many of our customers don't realize that the WebClient! login page can be customized with a high degree of flexibility. In fact you can upload a custom logo,

09/29/2023

Importance of this update: MINOR What’s changed? Fixed a problem that prevented logging into the SuperAdmin UI of a newly added node to an HA (high-availability) deployment - this bug only and exclusively affected secondary HA nodes, those running Syncplify Server! v6 as a standalone single-node server were never affected by it IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

09/27/2023

Importance of this update: MINOR What’s changed? Several cosmetic improvements to WebClient! Improved sanitization and validation of bindings when saving/editing a virtual site Improved sanitization of the configuration for SFTP-type VFSs IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

09/20/2023

Importance of this update: VERY IMPORTANT What’s changed? The ghost session bug that affected the FTP/FTPS/FTPES protocols (WebClient! and SFTP were not affected) has now been completely fixed A weird and somewhat semi-random directory disappearance bug when using cloud (S3, Azure, GCP) VFSs has been identified and resolved IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service

09/15/2023

Importance of this update: HOT-FIX What’s changed? A bug was accidentally introduced in v6.2.7 release which prevented it from saving changes to the "globalconf" page in the SuperAdmin UI: such bug has now been fixed IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service