GlobalSCAPE EFT Server Product Version History

Changes in 6.5

2/15/2013

EFT Platform (Standard and Enterprise):
Added comprehensive support for Unicode UTF-8 encoding (see help file for exceptions and special cases)
Added 128 and 256 bit AES CTR (counter mode) ciphers for SFTP (both as server and as client)
Added status viewer controls for stopping in-progress inbound and outbound transfers
Added a progress percent completion indicator for transfers displayed in the status viewer (where applicable)
Added the ability to override the limit on the number of entries in the auto-ban IP list. (KB Article)
Added the ability to override the limit on the number of entries in the IP access rules list. (KB Article)
Updated OpenSSL library to version 0.9.8t
Administrator Interface (AI):
Added an override for controlling the administrator interface timeout
Added checks for administrator inactivity timeout values that exceed the 15 minutes maximum mandated by PCI DSS 8.5.15
Improved administrator interface performance when managing large user bases (up to 150K users)
Improved the administrator interface to make it clear when a setting is inherited from its parent and what the actual value of the setting is
Advanced Workflow Engine (AWE):
Added support for the "Call Function" action
Auditing and Reporting Module (ARM):
Note: This release of the ARM module includes a significant database upgrade that will migrate existing ARM database to support storage of Unicode data
Note: Prior to upgrading the ARM database please refer to the "Upgrading the EFT Server Database" online help topic
Modified reporting to limit the report size to 1000 pages due to inherent limitations in the rendering system
Modified auditing of folder monitor event rules so that the "tbl_EventRules" table "ConditionValues" column now contains additional information
Client (Outbound):
Added support for renaming after offload for the SFTP, HTTP, and local protocols. Was previously only available for the FTP protocol
COM Interface:
Added support for specifying alternate credentials for Folder Monitors
Added support for specifying polling settings for Folder Monitors
Added additional methods to support management of existing AWE tasks
Added additional methods that map to new administrator interface controls, such as setting the administrator interface inactivity timeout values
Event Rules:
Added support for use of Virtual Path, Virtual Folder Name, Virtual Destination Path variables and conditions for Folder Monitor events
Installer:
Added persistent installer log file, located in \Installer.log
Added check of initial EFT Server administrator account password against configured Windows password policy
Added a database upgrader utility to facilitate auditing and reporting module (ARM) upgrades
Improved cleanup of deprecated files during upgrade process
Improved logging of installer operations
Secure Ad-hoc Transfer (SAT):
Updated the SAT applet jar files so that they have been signed with the latest Globalscape digital signing certificate
Mail Express:
Bundled Mail Express alongside EFT Server as an alternative to SAT for ad hoc file transfers
Added the ability to obtain (one way synch) various settings from EFT Server
Added event rule triggering in EFT Server for Mail Express initiated transfers
Added auditing and reporting to EFT Server for Mail Express initiated transfers
Added a number of Mail Express specific features as documented in the Mail Express version 3.3 release notes
Web Interfaces - General:
Account management page now uses standard login page rather than basic authentication
Web Interfaces - Web Transfer Client (WTC):
Updated the WTC applet jar files so that they have been signed with the latest Globalscape digital signing certificate
Fixes:
General:
Included fix made in 6.4.13 private patch: Added support for 128 and 256 bit AES CTR mode to the SFTP protocol
Included fix made in 6.4.12 private patch: DMZ Gateway to use port 20 instead of port 65300 for outgoing PORT mode FTP traffic
Included fix made in 6.4.12 private patch: Event Rule MOVE Action to delete source file on resumed transfer
Included fix made in 6.4.11 private patch: UserDatabaseSynchronizationMode registry key to properly ignore user deletions during synchronization when in LoggingModeOnly
Fixed an issue where the "Authority Key Identifier" and "Subject Key Identifier" fields were not included for SSL Certificates generated or signed by the application
Fixed minor stability issues within the applications
Fixed a minor memory leak in SSL certificate management routines
Fixed various performance issues related to working with a large number of user accounts
Fixed various performance issues related to working with a large number of VFS entries
Fixed various inconsistencies in logging configuration file (logging.cfg)
Administration Interface (AI):
Fixed an issue that could result in a hang if an admin logged in while a backup is in progress
Fixed an issue where all admins would be locked out if a user with a home folder specified as a physical path was deleted
Fixed an issue where some VFS folder rename failures were not reported in the user interface
Fixed minor user interface inconsistencies and formatting issues
Fixed an issue where the Status Viewer failed to open the client log file if the configured EFT Log File path contained a trailing backslash
Fixed an issue that would cause the interface to handle if selecting or hovering over an event rule whose repeat rate was greater than or equal to 24 hours
Fixed an issue where the QuickSearch functionality was not searching Cleanup or Backup action paths
Fixed a potential crash that could occur when clicking Success/Fail links in the Status Viewer
Advanced Workflow Engine (AWE):
Fixed an issue where the verbose logging setting was not affecting the log verbosity
Fixed an issue where the TextReplace function did not properly handle regex replacement
Fixed an issue where the %FS_FILE_SIZE% event rule variable was not set for AWE tasks run from a folder monitor event rule
Fixed an issue that prevented deletion of sample AWE tasks
Fixed an issue where the following variables were not available to AWE tasks: Folder Monitor Failure Reason, Precise Event Time Stamp, Base File Name, Install Folder
AS2:
Fixed "No MIME-boundary found" error when operating with Templar server. This issue occurred when the MDN response does did contain the "Content-length" header
Fixed a potential server crash due to failure to handle non-null terminated MDN strings properly
Fixed an failure that would occur if the username+password were longer than 78 characters
Fixed an issue where the configured HTTP Domain setting was not being used for the AS2 asynchronous MDN delivery address
Fixed an issue where the configured AS2 proxy settings were not being used
Auditing and Reporting Module (ARM):
Fixed an issue where the report filtering configuration was not updated in the interface when switching between reports
Fixed an issue where a stray CR/LF could cause a disconnection from an Oracle database
Fixed an issue that prevented the creation of 5 indexes for Oracle databases
Fixed an issue that caused erroneous error messages when running Oracle database creation scripts manually
Fixed an issue where a null character in an HTTP GET request could cause a disconnection from the database
Fixed an issue where files without an extension were being included in the Folder path column of the "Activity - All Transfers" report
Fixed an issue where transfers though the PTC/WTC were not appearing in the "Activity - By Group (Detailed)" report
Fixed an issue that could prevent reporting on AS2 transactions when running against an Oracle database
Fixed various discrepancies in reporting of paths and filenames in report between different protocols
Fixed an issue where the application would not reconnect to Oracle databases when receiving an ORA-03113 error
Fixed an issue where the application would not reconnect to Oracle databases when receiving an ORA-03135 error
Fixed an issue where the Admin Activity (Summary) report was showing successful admin connections as Denied
Fixed an issue where the Admin Activity (Summary) report was showing the incorrect local IP when connecting via IPv6
Fixed an issue where the custom command name was not included when auditing to the "tbl_ProtocolCommands" table
Fixed an issue where custom commands triggered by a connected client were not auditing to the "tbl_CustomCommands" table
Fixed an issue where the AS2 - Transactions Detailed reports were not order. They are now ordered by the transaction start time
Fixed an issue where the Admin Activity (Summary) report was not included in the set of SQL Server reports
Fixed inconsistencies in auditing of "PhysicalFolderName" and "FileSize" in "tbl_ProtocolCommands" table
Fixed an issue that would prevent import of SQL log files due to failure to properly obtain the identity value of a newly inserted row
Fixed an issue where an unused table "tbl_ResultCodes" was included in the database schema
Fixed an issue where the default size of the internal queue used to process audit events was too small and could result in performance issues on some systems. The default size has been increased
Authentication - General:
Fixed a performance issue where the "Refresh User Database" functionality was operational for stopped sites
Authentication - Active Directory:
Fixed an issue where a successful password change in the account management page was inaccurately reported as an error
Fixed an issue where the incorrect file path was used to locate custom change password error message files
Authentication - LDAP:
Fixed an issue where password change requests would fail with "ERROR [0x80640022] Invalid DN Syntax" error. This was due to referencing the "unicodePwd" field rather than the "userPassword" field
Authentication - ODBC:
Fixed a memory leak that could occur when an ODBC user had an empty home folder
Client (Outbound):
Fixed an issue that prevented outbound PWD command from working with z/OS
Fixed a memory leak in SSL handling for FTPS and HTTPS protocols
Fixed an issue where Copy/Move could fail for filenames containing extended ASCII characters
Fixed an issue where the rename feature of Copy/Move could fail for local LAN
Fixed an issue where a connection failure due to invalid credentials would use the credentials from a valid session and proceed
Fixed an issue where files did not retain the original date modified value for LAN copies or moves
Fixed an issue where filenames containing "[" would fail to transfer
Fixed an issue where downloads would fail when using a wildcard when connecting to a Microsoft IIS FTP server that does UNIX Directory style listing
Fixed an issue where move and download actions did not preserve the file creation time
Fixed an issue where the preferred local IP setting was not being used when using the DMZ Gateway/SOCKS proxy
Fixed minor memory leaks that could occur for SFTP offloads
Fixed an issue where the connection retry limit was not being honored for data channel connections
Fixed an issue where long client operations could prevent the server from stopping in a reasonable amount of time
Fixed an issue where the application was not following RFC 3659. It was using the MDTM command to set the modified time when it should be using the MFMT command
COM Interface:
Fixed an issue where out of range values were misinterpreted for the Folder Monitor configuration
Fixed an issue where the Site.DoesUsernameExist always returned false
Fixed an issue where the CITimerEventRuleParams.DateTimeStart was not using the date provided
DMZ Gateway (version 3.3.0):
Fixed an issue where communication failures for the peer notification channel were not being logged
Added support for IPv6 addressing when operating with Mail Express Server version 3.3 and later
Added support for Unicode strings in the log files and xml-based configuration files
Added support for Unicode strings in communications with EFT Server 6.5 and later
Changed installer so that it now ensures the DMZ Gateway Administration Interface is not running prior to making modifications
Fixed an issue that prevented binding to interfaces if IPv4 or IPv6 support was disabled in the operating system
Fixed an issue that would cause large delays in connection processing if a port mode connection was attempted through the DMZ Gateway and outbound connections were blocked by a firewall
Fixed minor user interface issues in the DMZ Gateway Administration Interface
Upgraded the embedded Java Runtime Environment to Version 1.7.0_09
Event Rules:
Fixed an issue where AWE variables were not populated when the event rule is called from Web Services
Fixed an issue where the %USER.LAST_LOGIN% was not returning the expected value when used with the "On User Disabled" event rule type
Fixed an issue where extended ASCII characters were not supported in event rule email notifications
Fixed an issue where %FS.PATH% variable was being allowed as the source file for an AS2 Timer Event rule. Use of this variable is now forbidden as it is not available for Timer Event rules
Fixed a rare issue where the presence of a large number of folder monitors with the health check option enabled could crash the server
Fixed an issue where some event rule variables would not retain their values after a "Move" step
Fixed an issue where the Reason, FileName, VirtualPath variables were not being properly set for "On Upload Failed" events
Fixed an issue where the thread pool used for monitoring folders would not shrink back to the default size over time
Fixed an issue where the application installation directory was used if no working directory was specified for a custom command. Now the directory of the specified executable will be used in this case
Fixed an issue that prevented passing event rule variables with inner spaces to compound custom command parameter
High Security Module (HSM):
Fixed various PCI reporting issues that were resulting in compensating controls being reported for each user. This could lead to excessively sized reports
Fixed various minor PCI report inconsistencies and text issues
Fixed an issue where the PCI admin interface inactivity timer would incorrectly trigger while a user was working in the AWE task editor
Installation:
Fixed an issue that prevented proper upgrade of files when the installer was run in silent mode
Fixed an issue that prevented the SQL Server Express database from being installer when the installer was run in silent mode
Fixed an issue where ARM would become enabled when running the installer in Repair mode
Fixed an issue where the "Allow Log on Locally" Windows privilege was required on accounts to log in to the Admin UI when providing an explicit Windows account during the login
Fixed an issue where the cluster installation path in the installer would not ask the user if they were installing the first node for some cases
Fixed an issue where the initial administration user was not created within the server if a node other than the first node was started first in a cluster environment
Fixed an issue where the ARM upgrade option was not provided when upgrading a cluster environment
OpenPGP Module:
Fixed an issue that prevented proper operation on files and folders containing percent signs
Fixed an issue that caused some successful decryptions to be reported as errors in the application log file
Protocols - General:
Security: Fixed an issue where the SSL protocol in the FTPS and HTTPS implementations was susceptible to a client initiated SSL renegotiation denial of service attack
Fixed an issue where the Site level data sanitization setting was not being honored for deletion of files for POST commands
Fixed an issue where accounts whose username or password contained extended ASCII characters could not log in to the application
Fixed an issue where communications threads were reserving more memory than required which could limit the maximum number of concurrent communications threads
Fixed an issue where the application fails to abide by RFC 959 for conversion to NVT-STANDARD of ASCII files
Fixed an issue where an incorrect "Reason" was determined for some disconnection events in the SFTP and HTTP/S protocols
Protocols - HTTP/S:
Security: Fixed an issue where insufficient randomness was present in the generated session tokens
Fixed an issue where SSL sessions ids were not being tracked properly which led to inefficient SSL handling
Fixed an issue that caused excessive CPU utilization when downloading from the server while rate limited to a small transfer rate
Fixed a rare crash that could occur when the IP Access policy is set to deny by default and a user who has the "Change password at next login" flag enables attempts to log in
Fixed a memory leak that could occur when using the PFX SSL certificate/key format
Fixed an issue where HEAD and GET requests returned the wrong content length when a range was included in the request
Fixed an issue where the range header was being incorrectly interpreted as being non-inclusive
Fixed an issue where directory listings were incorrect in the presence of a file containing a # character
Fixed an issue where the "Uploads per session" and "Downloads per session" transfer limits were being ignored
Fixed an issue where a 404 error was returned for deletions if a file was currently locked. A more appropriate 503 "service unavailable" error code is now returned
Protocols - FTP/S:
Security: Fixed an issue that allowed Active Directory users to traverse directories for which they did not have permission to access
Security: Fixed an issue where the PASV port was not randomized if a PASV port range was not specified
Fixed an issue where filenames with extended ASCII characters were not handled properly in listings
Fixed an issue that prevented listing the contents of folders with special characters in the folder name
Fixed an issue that prevented folder renames
Fixed an issue where the STOU command failed to work correctly when user account's "Treat home folder as the users' default root folder" setting was enabled
Fixed an issue that caused the auto-ban (DoS/Flood) detection to be too sensitive when applied to invalid FTP login attempts
Fixed an issue where the server may send a "226 Transfer complete" message before the data connection is closed
Protocols - SFTP:
Fixed an issue where sending FSETSTAT or SETSTAT to the application multiple times would cause a file not found error
Secure Ad-hoc Transfer (SAT):
Fixed an issue where the user was not being notified when no files had been attached
Fixed an issue where SAT would fail to upload folders if the "Enable WTC" checkbox was disabled
Fixed an issue that prevented the java applet from loading in FireFox or Chrome when using Java 7 on the client machine
Fixed an issue where the unsigned applet jar files were erroneously located in a directory called "Signed". They are now located in a directory called "Unsigned"
SMTP:
Fixed an issue where email delivery failed when operating with FirstClass ESMTP server
Web Interfaces - General:
Security: Fixed a minor issue where some debug and test comments were included in web application JavaScript and HTML
Security: Fixed an issue where the web applications could be susceptible to reflected Cross Site Scripting (XSS) attacks
Security: Fixed an issue where the machine name was included in the "Location" header for MOVE and COPY responses
Security: Fixed a false positive issue that was causing some security scanners to report that user credentials could be changed using GET. They are in fact only changed using a POST
Security: Fixed cache control directives for various resources to further mitigate potential security concerns
Fixed various minor issues that could result in unexpected messages in browser debugging windows
Fixed an issue that prevented loading of the account management page if the user account had a low transfer rate set
Fixed an issue where users were forced to change their password again after having already changed their password using the "Lost Password" work flow
Fixed an issue where the OpenFolder JSON response did not conform to the JSON specification
Fixed an issue where the "Forgot Password" feature was included for unsupported authentication types: Active Directory, LDAP
Fixed an issue where the Windows "Allow Log on Locally" privilege was required for login when explicitly supplying credentials
Web Interfaces - Web Transfer Client (WTC):
Fixed minor user interface inconsistencies and formatting issues
Fixed a file/path name rendering issue when certain special characters were present
Fixed an issue where users were unable to clear the filter after filtering by size
Fixed an issue that prevented files with "%" in the filename from being opened from the remote pane
Fixed an issue where "C:\" drive was included in "My Files and Folders" for Mac operating systems
Fixed an issue that prevented upload of 0-byte files
Fixed an issue where the interface would default to the root folder rather than the user's home folder for initial login
Fixed an issue where the user would be logged out when using the Open File button on a remote file
Fixed an issue where use of the delete key in the Change Password functionality would attempt to delete a file or folder
Fixed an issue where the timeout handling was not functioning for downloads when using the JSE client
Fixed an issue where the retry attempts did not include a sufficient delay and would thus quickly exhaust the number of attempts
Fixed an issue where filtering by date resulted in the user being logged out
Fixed an issue where a transfer could not be stopped using the "Kick User" functionality
Fixed an issue where the user was not taken to a remote folder when it is specified in the url
Web Interfaces - Plain Text Client (PTC):
Security: Fixed an issue where accounts in different Sites with identical user names could potentially access each other's resources
Fixed an issue where sorting by modified date was non-functional
Fixed an issue that prevented deletion or rename of files whose name contained certain special characters
Fixed a memory consumption issue that could occur when an invalid content length was provided by the client. Note that some clients incorrectly overflow the content length for files over 2GB in size.

Changes in 6.4.10

7/31/2012

EFT Server (standard) and Enterprise:
Fixed minor formatting issue in generation of JSON, which is used internally between EFT Server and WTC
Fixed memory and handle leak in Event Rule client SFTP
Security: Fixed a minor security issue that allowed user accounts with force password change specified to perform some actions such as file upload without first changing their password. This issue applies only to non-browser clients connecting over HTTP/HTTPS.
AS2 module:
Fixed AS2 outbound asynchronous MDN receipt URL, which did not contain the proper domain
Secure Ad Hoc Transfer (SAT) module:
Security: Fixed thread safety issue in SAT that caused incorrect home folders in EFT Server accounts

Changes in 6.4.7

6/6/2012

EFT Server Enterprise only:
Fixed performance issues when synchronizing users or applying changes to group permissions when operating against an LDAP source with a large (>80k) number of users
EFT Server (standard) and Enterprise:
Security: Fixed a medium-high security vulnerability that allowed users to access the Virtual File System with elevated privileges. This only applied to Active Directory authenticated users after being forced to reset their password via the Web Transfer Client or Plain Text Client. (Note that the ability for Active Directory authenticated users to reset their passwords is off by default and can only be enabled via a registry setting).
Security: Fixed a medium level security vulnerability consisting of a memory leak caused by SSL negotiation under certain conditions (affected versions: 6.4.3 - 6.4.5(private))
Added a "User Account Enabled" event trigger
Added a "User Account Deleted" event trigger
Fixed an issue where "User Account Disabled" event trigger was not firing for all cases
Fixed issue where some user-related event conditions and event properties were not included for use with the "New User Created" event trigger
Fixed capitalization of the names of the "User Logged In" and "User Logged Out" event triggers
Fixed an issue where the internal IP address of the remote server was being used for outbound FTP/S PASV connections rather than the external IP address
Changed "New User Created" event trigger label to "User Account Created" for consistency

Changes in 6.4.3

3/28/2012

EFT Server Enterprise only:
Added support for Common Access Card (CAC) authentication
Fixed a slow memory leak that occurred when using LDAP authentication
Help and Documentation:
Fixed an issue where the application help incorrectly displayed additional scroll bars
Fixed an inconsistency in the documentation concerning behavior of the "Require Active Directory domain trust relationship" Folder Monitor configuration item for upgrades
Auditing and Reporting Module (ARM):
Fixed a misspelling in the Oracle schema scripts that caused failures when auditing PCI DSS violations
Web Interfaces:
Fixed an issue that caused misalignment of icons in the Plain Text Client and Web Transfer Client interfaces when using Mozilla Firefox version 10 or later
Fixed an issue in the Web Transfer Client interface that prevented the browser from refreshing when clicking "OK" on the session expiration dialog
Fixed an issue that prevented proper operation of the Web Transfer Client interface for Sites using non-standard HTTP or HTTPS ports
Fixed an issue where the Web Transfer Client interface would display the help for an earlier version of the product
Fixed an issue where the Web Transfer Client interface would display an invalid status for timeouts during file downloads
Updated the user experience for Web Transfer Client interface Java Applet load failures
Fixed an issue that prevented download of files from the Plain Text Client interface when using Google Chrome version 16.0.912.63 or later
Fixed an issue that prevented the proper launch of the Legacy Transfer Client interface
Fixed an issue that prevented the use of the change password feature in the Legacy Transfer Client interface
Fixed an issue that prevented the use of the file/folder rename feature in the Legacy Transfer Client interface
Fixed an issue where the Legacy Transfer Client interface would display the Plain Text Client interface after a file upload
Updated the Legacy Transfer Client interface to display the login page on log out rather than offer to close the browser

Changes in 6.4.1

1/13/2012

EFT Server (standard) and Enterprise:
Added a registry key (ReportsConnectionString) to allow specification of an alternate database connection string for use by the reporting functionality. This allows for the use of a reduced privilege account for reporting.
Removed unused, default security credentials from default report definition XML files
Fixed an issue that caused IP addresses in the FTP/S configuration and PASV settings for the DMZ Gateway configuration to be reversed when upgrading from releases earlier than 6.4.
Fixed an issue that prevented the proper operation of the LS command when used with a mask over the FTP and FTPS protocols

Changes in 6.3.16

1/12/2012

EFT Server Enterprise only:
Fixed offload COPY of a non-existent file to default to ERROR instead of SUCCESS. Added a toggle to Offload Wizard to allow the selection of ERROR or SUCCESS.
Fixed event rule Copy/Move to support Danish high characters: "æøå"
Fixed event rule Copy/Move to not inherit credentials from a previous Copy/Move Action
Fixed issue locating user in LDAP during Change Password
Fixed event rule variables (%FS.FILE_NAME%) to contain the correct filename after a MOVE Action
Fixed issue that could cause duplicate execution of Timer rule under certain circumstances
EFT Server (standard) and Enterprise:
Added a registry key (ReportsConnectionString) to allow specification of an alternate database connection string for use by the reporting functionality. This allows for the use of a reduced privilege account for reporting.
Fixed crash when MLSD performed in a folder containing a VFS alias > 14 characters in length
Fixed issue which resulted in a locked file when an SFTP upload was abruptly terminated
Web Transfer Client (WTC):
Fixed HTTP to properly redirect to a specified folder after entering credentials on login page
COM API:
Added COM method to get/set Folder Monitor Event Rule alternate credentials
Added COM method to get/set Site's SFTP protocol state
Added COM method to get/set Site's default PGP key
Added COM method to get/set Offload/Download Action's "Rename After Transfer"
Added COM method to get/set Site->Security->Invalid logins "Count incorrect username" settings
Fixed a memory leak in COM CServer::Close and CSite::Close
Fixed COM Allow FXP, Allow COMB, and Allow XCRC getters and setters when using inheritance
Fixed COM FTP "Allow ZLIB compression" toggle
Fixed COM setting of Upload/Download proxy type
OpenPGP module:
Added registry key to control timeout for long running PGP operations
AS2 module:
Fixed inbound AS2 transfers from being redirected to login page when the HTTP User Agent appears to be a browser
Secure Ad Hoc Transfer (SAT) module:
Fixed SAT to properly populate the FROM email address in multi-domain environments

Changes in 6.4

12/7/2011

EFT Server Enterprise only:
Added polling option to Folder Monitor, including ability to sweep the monitored folder on rule startup
Added archive option to Folder Monitor to avoid duplicate processing when polling option is enabled
Added ability to specify Event ID for Write to Windows Event Log action
Added UTF-8 option for Copy/Move and Download Event Rule actions
Added new column (optional) to EFT Server's CL log (Event Rule client log) that returns a success/failure code after the actual result (error) code. To enable: HKLM\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0 value=Enable10ColumnInClientLog DWORD=1 (not present or 0 means disabled)
Added registry override to disable use of LAST SFTP command used to detect for existence of destination folder prior to transfer
Added registry override to aid in connecting to slower SFTP servers
Added registry override that sets the timer thread stack size for cases where lots (300-400) of timers are launching AWE tasks (For information regarding registry settings, refer to the GlobalSCAPE Knowledgebase, keyword: windows registry)
Enhanced SFTP client (Copy/Move and Download) performance significantly
Updated AS2 library component to 8.1.4276.0
Fixed FTP trace logging that was accidently removed in EFT 6.3
Fixed AS2 redirection bug introduced in EFT 6.3 that affected AS2 clients that identified themselves as a generic browser
Fixed crash caused by AS2 connections under certain conditions (specifics withheld to prevents DoS attacks on older servers)
Fixed issue where EFT Server's SMTP settings weren't being propagated to the registry for use by the AWE module
Fixed issue connecting to MVS systems. Now if EFT detects MVS using FTP SYST command it avoids use of PWD and CWD commands for overwrite logic
Fixed issue where EFT Server failed to retry offloads when the file was locked by another process and a ERROR_ACCESS_DENIED or ERROR_SHARING_VIOLATION was received
Fixed issue where LAN transfers with credentials override was failing because the Folder Monitor override credentials were being used instead
Fixed issue where LDAP change password attempts failed depending on how the username was constructed
Fixed issue where timer event could trigger twice under certain conditions
Fixed issue where client downloads would fail when downloading from a GXS server
Fixed issue where certain EFT Server context variables were not being passed to AWE
Fixed issue where files with a prefix of "as2" could not be downloaded
Fixed issue where FTP/S client (Copy/Move and Download action) wasn't respecting the ReceiveBufferSize registry override (HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE\TED6\Settings\Transfer\ReceiveBufferSize)
EFT Server (standard) and Enterprise:
Added comprehensive IPv6 support including support for dual stacks (both IPv4 and IPv6)
Added support for multiple discrete listening IPs per site
Added support for CIDR masking (in addition to current wildcard masking) for IP Access/Ban rule IP definitions
Added option to treat missing source file(s) as success (rather than failure) for Copy/Move action (any protocol) and for Download action (LAN transfers only)
Added support for multiple emails assigned to user account (semicolon delimited)
Added support for using %USER.EMAIL% in the To, CC, and Bcc fields of the Email Notification action
Added toggle to certificate signing manager to automatically add newly signed certificate to certificate store trusted list
Added ability to create Site-specific templates for password reset reminder and required messages, and for login credentials message.
Added registry override for the default (10 minute) PGP timeout
Added registry override for the PGP log file name created by EFT Server
Updated PCI DSS coverage to account for PCI DSS 2.0 changes
Updated SSL library to 0.9.8r
Included all bug fixes made in EFT Server 6.3 private patch versions
Fixed issue with MODE command where certain parameters would cause EFT to return errors
Fixed issue in email notification where URLs exceeding certain length mangled in the HTML
Fixed hang that occurred when in FIPS mode, a certificate with non-FIPS approved algorithms was used for a client offload
Fixed issue where user was placed in root folder if user's home folder exceeded Windows' max_path
Fixed PGP decrypt performance issue introduced in EFT 6.3
Fixed issue where Event Rule comments were truncated if too long
Fixed crash caused in SFTP write operations under certain conditions (specifics withheld to prevents DoS attacks on older servers)
Fixed issue where the registry override to require delete permission for uploads that result in overwritten files wasn't being honored. (Reference)
Fixed issue where EFT Server failed to create a users' home folder if it did not already exist but "create home folder for new users" was enabled (after .AUD import)
Fixed crash that would occur during a trial extension request under certain conditions
Fixed issue where prompt would appear for PGP key that would prevent the user from further navigation, even though PGP was not being used
Fixed issue where file does not exist was returning incorrect FTP error code ("550 Permission denied" instead of "550 File does not exist")
Fixed issue where a failure and error was returned by PGP encryption logic under certain conditions
Fixed issue where duplicate users were reported in the .AUD file
Fixed issue where an On File Upload rule would fail to trigger if a Settings Template was specified as a conditional value
Fixed issue where EFT failed to log when PGP delete operation failed due to file being locked
Fixed issue where upgrade failed to import the entire list of banned IPs; increased threshold from 1,000 to 5,000
Administration Interface (AI):
Added "Deep Search" to the quick search feature (search in rules)
Added prompt to apply, discard, or cancel (revert) changes when switching to a different page in the administration interface without having first saved one's changes
Auditing and Reporting Module (ARM):
Switched to SQL Native Client 2008 R2 API
Fixed inconsistency between documentation and how ResultID was actually being audited to the ARM database
Secure Ad Hoc Transfer (SAT) module:
Added link to SAT send page from SAT admin page
Added numerous minor usability enhancements
Enhanced SAT's various templates, including the notification template
Enhanced SAT's transfer engine to use Java SE Runtime v6u26 and JFileUpload version 2.9C
Fixed issue where SAT module throws an MX Error 45 when changing settings template location
Fixed issue where SAT would incorrectly state that some content was delivered unsecured (only under certain conditions)
DMZ Gateway:
Added full IPv6 support including dual stack (both IP 4 and 6)
Added support for 6to4 and 4to6 translation
Web Transfer Client (WTC):
Added HttpOnly attribute to cookies (where supported) as a security precaution
Added Secure attribute to all cookies presented over HTTPS (except for special case when an HTTP session is temporarily redirected to HTTPS for the login portion, and then back to HTTP post login)
Added attribute to prevent auto-complete of FORM fill for login and password reset pages as a security precaution
Added X-Frame-Options: "sameorigin" to prevent clickjacking. To override that setting: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\EFTClient DWORD value=disable_xframeoptions; DWORD=00000001 (to disable)
Added X-Content-Type-Options: "nosniff" header as a security precaution
Added X-XSS-Protection: "1; mode=block" header as a security precaution (For explanation of various headers)
Added date/time formatter to control how the Plain Text Client (PTC) shows dates, between US and European style date formats (Reference)
Removed certain GET requests from WTC and PTC definitions to eliminate false positives in security scanners
Fixed issue where subdirectory could no longer be accessed over HTTP/S directly using a URL
Fixed issue where the WTC would not load if AdBlockPlus was enabled on FireFox
Fixed issue where it was impossible to delete files in the PTC with certain characters in the filename
COM API:
Added several new methods and properties to support new functionality (Reference)
Fixed memory leak when using COM to query EFT Server repeatedly
Fixed issue where a COM exception would occur if GetVirtualFolderList() was invoked and no virtual folders existed
Fixed issue where GetPhysicalPath returned an error when the bstrFolderAlias passed to the function pointed to a virtual folder with a missing target (physical) path
Fixed issue where CreateVirtualFolder returns an error if bstrTarget doesn't exist on the server
Fixed issue where a small number COM properties worked incorrectly if those values were set to inherit from the Server

Changes in 6.3.8

7/21/2011

EFT Server Enterprise only:
Fixed security vulnerability related to EFT Server's LDAP authentication provider. Refer to the security bulletin emailed to all EFT Server Enterprise customers for more information
Added post-transfer RENAME to event rule Offload for ftp/ftps
Added multi-threaded (simultaneously transfer multiple files) transfers to event rule offloads
Added ability to rename a downloaded file upon completion when the target destination for the file is a local/LAN folder
Added registry value to enable event rule client to send "CWD folder" instead of "CWD /folder"
Fixed credential handling when using Offload action to move a file to a remote folder/share
Fixed long delay when Event Rule client was transferring files to a remote folder that contains a large number of files (>150,000)
Fixed delays creating log files when Event Rule client was transferring a large number of files (>30,000 files)
Fixed an inconsistency in the result code when downloading a mask of files from a subfolder that did not contain any matching files
Fixed protocol and port values in client logs for LAN transfers
Fixed Event Rule client so in the Advanced options extensions list will now match a file even if that file doesn't have an extension
Fixed a crash that occurred for a specific type of LDAP query error
Added %SOURCE.FILE_NAME% and %SOURCE.BASE_FILE_NAME% variables to the Offload Wizard to facilitate control of the destination filename
Fixed Event Rule Offload Action alternate credentials to use a Windows logon type that does not require the remote share to be in the same Active Directory domain
Fixed %FS.VIRTUAL_PATH% variable for On File Deleted rules to match the pathnames depth reported by On File Upload rules
Fixed On Timer event rules so they stop when the site is stopped
Fixed On Timer event rules so they only fire once during daylight savings transition
Fixed On Timer event rule to properly run "today" ARM reports when using Oracle
Fixed CL log to accurately log transfer results for local file copies
Fixed folder monitor to properly delete source file when the resultant Offload action used alternate credentials to copy the file to a remote folder/share
EFT Server (standard) and Enterprise:
Added registry key to disable HTTP-to-HTTPS redirection
Added support for Unix style -lrt sorted listing to NLST
Added registry value to enable RENAME to overwrite an existing file
Added registry value to enable Clear Command Channel to expect an encrypted response to CCC request. This provides CCC interoperability with Sterling CONNECT Enterprise
Added 2 step save process used by ftp.cfg to AUD files to prevent corruption during save. "*.bak" and "*.corrupted" files are now created as necessary.
Fixed installer to properly create the EFT Server administrator account during cluster installs
Fixed Plain Text Client handling of paths that included a space during RENAME and DELETE
Fixed WGET file transfers over HTTP
Fixed invalid data in customer configuration files that could slow down file transfers
Fixed upgrades from EFT Server 5.x to maintain DMZ Gateway as the outbound proxy
Fixed uploads of small files (<100 bytes) from Rebex/Ultimate FTP libraries
Fixed issue in SFTP that would not allow a new Active Directory user to connect until an AD database synchronization or an FTP login occurred
Fixed NLST to once again support listings of filenames that contain special characters > 128
Fixed Site Administrator accounts to control the "Treat Home Folder as Root" setting
Fixed Event Rule LAN operations when paths contained multiple or incorrect slashes ("/", "\")
Fixed upgrades to EFT 6.3 from GSFTPS FIPS
Fixed server restore so all user home folders are restored when backup contains a large number of sites (14)
Fixed FireFox 4 issues in the Plain Text Client
Fixed Plain Text Client 403 and 404 errors when attempting to rename or delete a file from a subfolder if specific permissions were set
Fixed VFS to prevent orphan VFS permissions nodes hidden in ftp.cfg
COM API:
Added CreateUserEx2() COM call that includes the user's email address so the account creation email can be sent at the time the user is created; all of the user/client details can now be set
Added support for hashed passwords to COM CreateUserEx to facilitate user migration from another EFT
Added 2 new COM methods to facilitate retrieval of VFS virtual folders and folder permissions
Fixed a crash that occurred with calling GetFolderPermissions via COM
Fixed COM DisableInheritPermissions method to set child folders to their parents' permissions instead of the root folder permissions
Fixed COM Event Rule enums to include "Greater than" and "Greater than equal to" conditional operators
Fixed COM new 6.3 method names that were inconsistent with the existing API
Secure Ad Hoc Transfer (SAT) module:
Fixed SAT for proper handling of non-US date formats
Fixed SAT to not authenticate against NTLM when "no auth" is selected
Fixed SAT Installer to identify 32 vs. 64 bit on same host installs
Fixed SAT Installer to use PCI compliant password complexity rules for admin accounts
Fixed SAT errors which prevent Admin page from loading
Fixed SAT web.config errors when a non-standard HTTPS port was used
Fixed SAT upgrade issues when SAT was not installed on C:
Fixed SAT Installer to not de-register COM
AS2 module:
Fixed AS2 to support multiple SSL public key certs in a single .crt file
Fixed a crash that occurred when formatting an AS2 synchronous MDN message
Web Transfer Client (WTC):
Fixed Web Transfer Client logout to not affect other open tabs in Internet Explorer (IE)
Fixed Web Transfer Client jars to be signed with a newer cert that doesn't expire until 2015
Fixed Web Transfer Client and Plain Text Client to initially place users in their home folder instead of the site root folder when "Treat Home Folder as Root" is turned off
Fixed IE9 and Chrome drag-n-drop issues in Web Transfer Client
Advanced Workflow Engine (AWE):
Fixed AWE "Stop Task" action to properly return SUCCESS or ERROR to the EFT Server Event Rule
Fixed AWE to support semicolons as a separator in "On Error" tab variables
Fixed AWE to properly display the "Send Email" action when editing the "On Error" tab
Fixed AWE GetTaskName to properly return the name of the task
Fixed AWE crash when a nesting of sub-tasks would ultimately delete the file that triggered an EFT Server folder monitor
Fixed some broken help hooks in the AWE Help
OpenPGP module:
Fixed "8000ffff: Catastrophic Failure" Errors when PGP encrypts multiple or single files

Changes in 6.3

3/30/2011

Added RSA SecurID and RADIUS 2-factor authentication
Added Status Viewer to monitor in progress and recent file transfers
Added IP Access/IP Ban user interface that supports white listing
Added Event Rule Calendar supports custom calendars and import/export
Added "Write to Windows Event Log" Event Rule Action
EFT Server Enterprise only
Added RSA SecurID and RADIUS 2-factor authentication
Added Event Rule Calendar supports custom calendars and import/export
Added "Write to Windows Event Log" Event Rule Action
Added ability for multi-part transfers to be available in the Event Rule Copy/Move via a registry key
Added Copy/Move Event Rule Action support for alternate set of credentials for remote UNC shares
Added Copy/Move and Event Rule Action support for several overwrite and enumerate options
Added Folder Monitor support for two modes of operation: high throughput or high number of folder monitors
Added "Cleanup logs" action to the "Backup and Cleanup" Timer rule in new installs
Added HTTP and SFTP keyboard interactive login support for RSA and RADIUS pin creation
Added SIZE as a fallback for transfer verification when XCRC is not supported by remote server
Added registry option to use LOGON_NEW_CREDENTIALS instead of LOGON_INTERACTIVE for folder monitor
Added support for SFTP client Copy/Move and Download transfers of files greater than 4 GB
Added ability for user-level admins to unlock user accounts, in addition to enable/disable and change password
Added the AML task name to AWE debug logging
Added UTF-8 filenames support in AWE tasks
Added a warning message if a duplicate folder monitor is created for the same folder
Added TRACE level logging of AS2 HTTP headers
EFT Server (standard) and Enterprise
Added Status Viewer to monitor in progress and recent file transfers (requires ARM for historical transactions)
Added IP Access/IP Ban user interface that supports white listing
Added "IP Banned" Event Rule Condition and "Too many invalid commands" Event Reason
Added PGP Event Rule signature verification options
Added Event Rule "precise time stamp" context variable
Added multi-threaded PGP architecture
Added Denial of Service detection to all protocols
Added UTF-8 filenames support over HTTP and SFTP
Added EBCDIC "TYPE E" support
Added SYST value support
Added SFTP support for public key or password authentication
Added support for non-FIPS version of the OpenSSL library to version 0.9.8o
Added detailed logging of SFTP connections to connection log in Status Viewer
Added disable of auto import of ARM text files via a registry key
Added ability to sort objects in the AI left tree pane alphabetically
Added trigger of the "User Disabled" event rule when Users expire
Added ability to apply PGP Event Rule Actions to "On File Download" events
Administration Interface (AI):
Added left pane tree support for up to 100,000 EFT Server users; multi-select enable, unlock, delete, and reset password; and visual identification of EFT Server user accounts without an email address
Added Active Directory sites' ability to not show the domain name
Added PGP keys management from remote AIs
Added AI/EFT Server SSL certificates checks to validate connections
Added DER, PFX, and P7B output formats in addition to PEM for SSL cert export
Added AI upgrades and command line silent install support
Added summary list of folders to be deleted when a user is deleted
Added support to protect key folders (/usr) from deletion when a user is deleted
Advanced Workflow Engine (AWE):
Added sample tasks for demonstrating Expectations, IP black lists, etc.
Added Sharepoint Action
Added Compression Action: Added 7zip compress/uncompress
Added FTP Actions: FXP; synchronize method; FIPS 140 mode; FTPS clear command channel (CCC) mode
Added FTP advanced action file exist; folder exist; get crc; FTP tuning options (UseLargeBuffers)
Added FTP ability to get long list dataset shows file attributes
Added SFTP validation of server host key; SFTP provide protoversion prior to connection
Added Get File Info Action: Added ability to retrieve folder information
Added Send/Get email and Exchange Actions: Support for Exchange 2010 and ability to send custom headers
Added Send/Get email and Exchange Actions: Improved filter engine based on query for Imap and Webdav
Added Service Management: Added remote service install, start, stop, pause, resume
Added Web Service Action: Added support for SOAP 1.2 protocol
Added Full Unicode support across all Actions
Added Start Task and Stop Task Actions
Auditing and Reporting Module (ARM):
Replaced the integrated SQL Server Express 2005 installer with SQL Server Express 2008 R2
Added logging to the installer during creation or modification of the SQL schema
DMZ Gateway:
Added synchronization of messages with EFT Server to implement enhanced IP Access/IP Ban capabilities
Secure Ad Hoc Transfer (SAT) module:
Added new architecture that uses Java applet to transfer file directly to EFT Server bypassing IIS
Added new web-based administration and configuration
Added ability to transfer files larger than 2 GB
Added ability to transfer folders
Added installer support of upgrades; does not require uninstall
Added default SAT Event Rules in EFT Server to automatically send upload notifications, delete expired temporary users, and notify senders of upload(s) received from temporary users.
Web Transfer Client (WTC):
Added form-based login that supports branding and true login/logout sessions, and password reset
Added selection of WTC (Java) or Plain Text Client (PTC) from the login page
Added new "look" with improved buttons and use of CSS to support branding
Added Single Sign On (SSO) support in NTLM environments
Added branding process that doesn't require registry overrides
Added branding that can be EFT Server site specific
Added capabilities and status provided in the WTC transfer queue pane
Added requeue counter to the Settings panel for error-prone connections/servers
Added option to select Java JSE HTTP client for NTLM v2 proxy authentication
COM API:
Added numerous methods and properties to mirror the capabilities available in the AI:
Administrators and administrator privileges
LDAP, AD, and ODBC site creation and options
Event Rule Offload/Download Advanced tab
Write To Windows Event Log
Backup and Restore
IP Ban
AS2
FTP options: FXP, Noop, COMB, XCRC
AWE custom variables
Multiple SSH client keys and key export
Fixes:
Fixed Email notification file size for Copy/Move events
Fixed Web Services WSDL page accessibility
Fixed "User must change password on first login" with LDAP
Fixed ARM SQL connection details in GUI notifications to lesser privileged admins
Fixed LDAP "change password" implementation via LDAP calls instead of Active Directory
Fixed "Uploads per session" and "Downloads per session" limits for HTTP
Fixed Offload/Download wizard handling of forward and backward slashes
Fixed PGP passwords masking in DEBUG logging
Fixed "Stop Processing" and "If failed Action" listing in the Event Rule preview pane even when inactive
Fixed rejected SSL client cert trigger of the Event Rule "Connect Failed" Condition
Fixed "On User Created" Event Rule is trigger for first login of an AD or LDAP user
Fixed Event Rule client downloads of file with a % in the filename
Fixed Event Rule client traversal of directories with a # or % in the folder name
Fixed Administrator warning regarding outbound PORT mode support through DMZ Gateway
Fixed inconsistency of file paths in CREATE and DELETE lines of ARM reports
Fixed resuming of interrupted WTC transfers
Fixed ARM auditing of SFTP file offset to properly report transferred bytes
Fixed renaming of a group so that all members of the group are not removed from the group
Fixed crashes reported in Microsoft WinQual
Fixed parsing of multi-line HTTP headers
Fixed PGP temporary files creation
Fixed ability to "kick" and delete connected users
Fixed auditing of failed HTTP logins in ARM
Fixed (removed) "EFT Server" identifiable strings where possible to address security audit recommendation
Fixed WTC local pane display of system or hidden files or folders
Fixed 2048 bit SSL signed certs in AS2
Fixed HTTP login support of usernames with embedded spaces (Active Directory Display Name accounts)
Fixed error in ARM report templates that allowed non-admin user account to edit the template
Fixed error in WTC file rename in Safari browser
Fixed/eliminated long delay when uploading files via SFTP to a remote folder containing 100,000+ files

Changes in 6.2.31

1/26/2011

Added the ability to rename virtual folders
Added ERROR logging to Active Directory calls during AD user synchronization
Added a timeout at the SFTP layer to detect hung connections from third-party servers
Added updating of Active Directory user home folders during AD synchronization
Added support for SSL cert settings for Event Rule downloads
Improved import time when migrating large numbers of users into EFT via COM
Added a registry value to control the Health Check Timeout for slow file servers
ARM now only audits "On File Upload" rules that perform an Event Rule Action
Active Directory user home folders are now updated during synchronization
Enhanced the COM API methods for specifying EFT Server Administrator privileges
Added registry setting to control the ARM report generation timeout
Added the new EULA for EFT Server
Added ability for Template Settings administrators to delete a user's home folder
Added/improved user password and account settings in the COM interface
Added/improved folder permissions inheritance and Encrypting File System (EFS) settings in the COM interface
Added/improved proxy, overwrite, COMB, and FXP transfer options in the COM interface
Added/improved Event Rule PGP options in the COM interface
Corrected the amount of time EFT Server logins were blocked when updating user quotas
Corrected issue that caused "home folder not deleted" error message when deleting a user
Corrected issue in Event Rule SFTP client when sending files larger than 4 GB
Corrected crash that could occur when an SFTP connection failed before a channel was established and EFT Server attempted to clean up the channel
Corrected crash in the EFT Server administration interface that occurred while an external VBS COM script was backing up the VFS
Corrected auditing of invalid transfer data by the Event Rule client for rare cases of failed transfers
Corrected Active Directory and LDAP sites to use standard password change page instead of a hard-coded, AD/LDAP-specific page
Corrected connection error in FTPS when remote folder contained 800+ files
Corrected crash that would result in a user's home folder being set to NULL
Fixed single-click URL construction to resolve file rename issue in the Plain Text Client
Fixed SFTP Event Rule client to honor connection retry settings
Fixed SFTP so 0-byte downloads do not trigger "On File Upload" rules
Fixed SFTP so users with a home folder at the site root do not trigger On File Upload rules upon login
Fixed handling of empty client SSL certificates for FTPS Explicit tranfers
Fixed crash that resulted from corrupt data in VFS permissions
Fixed error in the Event Rule client that would cause the creation of too many session-level debug log files when using a "*" mask
Fixed memory increases that prevented users from connecting to EFT site
Fixed single click download with URL containing .exe or .dll
Corrected crash when the Event Rule client attempts to download 400,000+ files
Corrected crash in remote AI GUI when changing user permissions in the VFS tab
Corrected issue that caused loss of PGP subkeys when upgrading from EFT 5.1 to 5.2 or later
Corrected issue so SFTP transfer limits are now honored
Corrected some timestamp errors in ARM reports generated using Oracle
Corrected error in tracking of Event Rule client transfers that caused EFT Server service to crash
Corrected slowdown that occured when an EFT site has a large number of VFS folders pointing to missing or non-accesible locations
Corrected and issue where auditing and reporting module didn't render certain parameters in a report
Corrected issue where trial extension requests did not behave as expected.
Corrected crash in SFTP occasionally caused by read errors
Corrected issue where OpenSSH client would require private key passphrase when using password authentication
Corrected issue rendering some Windows-1252 extended characters in the Plain Text Client (PTC)
Corrected crash in FTP when consecutive PASV commands were issued
Corrected issue so invalid username attempts will add the IP address to the ban list
Corrected crash when the mail template was less than 7 characters in total size and contained one of the following characters: f, i, l, e, :, /
Corrected issue in SFTP client that caused 0 length files to be created when downloading using a *.* file mask
Corrected crash in the Admin Interface (AI) when expanding site folders and navigating back to the Server tab
Restored ability to blind upload files without requiring LIST privilege
Corrected issue in SFTP upload MDTM that caused incorrect file date stamps
Corrected crash in SFTP caused by far side closing connection during or immediately after connection
Corrected hang in Scheduled Event Rule caused by AWE task crashed
Corrected issue in selected COM methods on Windows 2008
Corrected issue that prevented the custom Manage Account HTTP page from working on Firefox
Corrected two ARM reports that were not displaying the timestamp properly when the EFT Server database was running on Oracle
Corrected issue that caused the Web Transfer Client to stop working if the Site was configured to not allow the download of JavaScript (js) files
Corrected issue that prevented the Trial Extension Request from working on a 64 bit OS if the trial had expired
Corrected issue that caused "425" errors when making 10 or more concurrent FTPS PASV port connections through DMZ Gateway to a defined PASV port range
DMZ Gateway:
Added DMZ Gateway support of compressed messages sent from EFT Server
Corrected DMZ Gateway to correctly return ports to pool on PASV connection attempts
Corrected ERROR logs to display as DEBUG, as they are not Application Errors
Corrected PASV Ports to be assigned randomly instead of sequentially
Corrected connection issues when significant configuration data is passed between the interface and the Server
Corrected issues caused by bad message processing logic for certain network environments

Changes in 6.2.18

9/9/2010

Added toggle for HTTP 100-CONTINUE message for interoperability with older AS2 systems that do not support HTTP 1.1
Added Quick Search (Control+F) feature to locate Users, Event Rules, Groups, etc. in the tree
Enhanced the Administrator user interface to support Trial Extension requests without requiring an administrator to login
Added optional directory listing method for customers with large numbers of files in a NAS folder (40,000). This method does not request the associated folder/file permissions during the directory listing. HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\LegacyDirListBehavior DWORD: any non-zero value activates the legacy (no permissions) directory listings
Added several VFS and Administrator methods to COM interface
Added more logging to SFTP and AS2 to provide greater visibility into transfer problems (enable in logging.cfg)
Corrected issue in quota calculation that was sometimes inconsistent for folders on a UNC share
Corrected crash in the administrator interface caused by copying an "if action FAILED" Event Rule statement
Corrected timing related crash if data socket was closed while trying to compute transfer speed
Corrected issue in AWE that caused AWE task that called a subtask to sometimes not complete
Corrected memory leak in LDAP user synchronization
Corrected issue that caused SFTP uploads to time out if a sizable number of On File Upload rules were enabled with email notifications
Corrected issue that caused filter options to be unavailable in Timer Event Rule Report Actions
Corrected issue where some user folders were not being restored from a backup
Corrected issue where the SFTP client’s automatic resume was not working properly
Corrected ASCII conversion issues that would occur during the RESUME once the network error was resolved
Corrected issue where the Cleanup Action was not deleting BAK files. Also added deletion of READONLY and HIDDEN files. The file path no longer has to end in a backslash \
Corrected issue where the EFT Server service/admin interface would hang during the changing of the priority of Event Rules
Corrected issue with memory leaks when adding a user to a permission group and other user-management tasks
Corrected issue where SFTP client keys would not work when upgrading from Secure FTP Server to EFT Server 6.x
Corrected issue where EFT Server created the default permission groups "Administrative" and "Guest" that are not appropriate for an ODBC Site
Corrected issue where the "Allow FXP" (site-to-site transfers) toggle was not being honored
Corrected issue where the Event Rule offload client retry setting was not being honored
Corrected issue that would halt future transfers of files by the Event Rule client for specific types of transfer errors
Corrected crash in the administrator interface that resulted from monitoring a user from other than the first Site
Corrected crash in the administrator interface that resulted from a speed calculation error
Corrected issue caused by improper processing of FTP MKDIR command
Corrected issue when connecting over SFTP using Transmit 3.5.4 client
Corrected issue in FTP directory listing - date sorting was sometimes out of order
Corrected delay that could occur to an FTP authentication while EFT admin was loading folders in the VFS tab
Corrected SFTP and HTTP login issue in Active Directory environments with multiple domains
Corrected issue where AS2 no longer requires the AS2-Version HTTP header for interoperability with older AS2 implementations
Corrected problem related to cleanup of OpenPGP temporary files
Corrected problem where OpenPGP would lockup if destination file already exists
Corrected issue where AWE module would hang related to the improper termination of AWE tasks
Corrected interoperability issue with WS_FTP Server related to large file transfers - other vendors have had to do the same
Corrected MDTM to always return values in GMT, even if EFT Server listings are configured for local time
Corrected parent folder permissions to no longer require SHOW and LIST
Corrected interoperability issue with OpenSSH
Corrected an issue where Event Rule comments were being lost
Corrected XCOPY custom commands errors
Corrected an issue where Event Rule Timer events would trigger 1 second early
Corrected issue with unnecessary SSH_DISCONNECT timeout messages
Web Transfer Client:
Added an option to the Web Transfer Client to select local time or GMT for the modified time for files in the local pane
Enhanced Web Transfer Client text to use "Current Password" instead of "Old Password" to reduce user confusion
Enhanced Web Transfer Client (WTC) to allow selection of GMT or local time for file timestamps in the remote pane
Corrected a CRC error that prevented Web Transfer Client from being able to successfully resume a download
Corrected issue where resume did not work on filenames > 35 characters when transferring files with the WTC
Secure Ad Hoc Transfer module:
Corrected issue in SAT that could cause the temporary accounts to not be created on EFT Server
Corrected issue in SAT that caused the previous value of the FROM email address to be used instead of the one supplied by the user

Changes in 6.2.7

5/14/2010

Added new registry override for FTP SYST response. Default is "UNIX Type: L8"; common request is for "Windows_NT"
Corrected issue where home folders were being lost for AD users after an upgrade
Corrected crash that would occur under rare condition when corrupted configuration file was present
Corrected problem where EFT Server failed to notify user if site root physical folder was missing
Corrected problem where network errors would cause e-mail notifications to fail
Corrected problem where LDAP authentication would fail when a user was moved to a different OU or CN
Corrected memory leak resulting from COM API operations involving quota checker and folder monitor
Corrected crash that occurred upon manually refreshing user database for LDAP auth types
Corrected issue where user would not appear in EFT Server’s user list if the user connected prior to an AD synchronization event
Enhanced SFTP connection mechanism to work with non-RFC compliant SFTP servers

Changes in 6.2.3

4/5/2010

Multiple administrators can now add objects of the same type (users, event rules, custom commands, and AWE tasks) at the same time
Fixed issue when editing an event rule email action when another administrator had modified the user list in a separate AI GUI
Removed EFT software version number from HTTP headers to address security concern
Modified buffer size on HTTP downloads to achieve comparable file transfer speeds with uploads
Updated SAT tables in ARM to provide better performance and robustness
Fixed SAT to log the proper filename, instead of the temporary filename, in ARM when SAT is installed on a server remote from EFT
Corrected issue in SQL files that could inhibit the creation of the ARM indices on MSDE
DMZ Gateway:
Fixed a problem where EFT Server Denial of Service updates could block legitimate client connection attempts.
Fixed a resource leak that appears under some environments leading to resource exhaustion.

Changes in 6.2.1

3/9/2010

EFT Server and EFT Server Enterprise:
Corrected issue where (on new installations) PGP keys could not be created without a service restart
Changed default behavior for PGP signature verification to OFF by default (registry enabled). Search help for "signature verification" for instructions.
DMZ Gateway:
Corrected a problem with how DMZ Gateway handled certain error conditions that could affect the peer communication channel

Changes in 6.2

3/1/2010

New – Active Directory accounts for EFT Server administration
Updated – Advanced Workflow module updated with many new actions
Updated – SSL certificate support for outbound transfers
Enhanced – Secure Ad Hoc module faster performance and new configuration options
Fixed – Consolidation of all bug fixes done in 6.1.x patches
EFT Server and EFT Server Enterprise:
Added Windows Authentication (Active Directory and local Windows accounts) to EFT Server’s administration authentication sub-system. Requires the High Security Module (HSM).
Added ability for EFT Server administrators to login via a desktop shortcut and Windows authentication without supplying credentials
Added ability to query the LDAP server to obtain a listing of all base DNs on the domain specified or the default domain.
Added ability to right-click a user account on the Server tab to open the user's VFS home folder on the VFS tab. You can also launch Windows Explorer from the VFS tree on the VFS tab.
Added ability to see virtual folders when using the FTP MLSD command.
Added Microsoft Encrypting File System (EFS) to EFT Server basic edition. Requires the High Security Module (HSM).
Added requirement for EFT Server administrator credentials when attempting to delete a Site or Server object in the administration interface.
Added SSL certificate options for EFT Server's client offload/download FTPS and HTTPS event rule actions.
Added support for the PFX format in the EFT Server SSL Certification Manager
Updated to version 0.9.8l the non-FIPS SSL libraries used by EFT Server for inbound and outbound SSL-based protocols.
Improved SSH key tool; when you rename an SSH key, EFT Server verifies that the name is unique and prompts you to change it if it is not unique.
Improved the remote administration interface installation process; the SFTPCOMInterface.dll and SSL.dll are automatically installed and registered.
Added Windows Event Log entries if long running custom commands or AWE tasks are terminated due to a timeout
Added signature verification to event rule OpenPGP decryption
Improved the folder monitor and event rule timers; EFT Server will "reset" only the affected (modified) folder monitor/timer when serializing to the configuration file, rather than all folder monitors and timers.
Improved text file auditing of Folder Monitor actions to aid Customer Support when assisting customers with Folder Monitors.
Added ODBC Authentication Manager SQL scripts for MS SQL and Oracle
Added a default logging.cfg file to EFT Server.
Plain HTML format can now be selected by appending ?html to the URL
DMZ Gateway:
Added ability to install DMZ Gateway on Unix, Linux, and Solaris operating systems (in addition to Windows). Available on both 32-bit and 64-bit operating systems.
Added more functionality to DMZ Gateway's interface to accommodate multiple profiles and extended communication information.
Centralized DMZ licensing to EFT Server to simplify DMZ installation and licensing.
Added ability to connect up to 15 EFT Server Sites simultaneously.
Added automatic propagation of IP address access policy changes to DMZ Gateway when the policy is modified in EFT Server, whether in the interface or by the auto-ban logic.
DMZ and EFT Server have been hardened to withstand attack from several Denial of Service (DoS) attack tools
Improved and expanded DMZ Gateway logging.
Auditing and Reporting Module (ARM):
Upgraded the SQL Server Express 2005 installer to SQL Server Express Edition, service pack 3.
Added three new intervals to the Generate Report Action: Today, Yesterday, and Last 24 hours.
Advanced Workflow Engine (AWE):
Added new EFT Server variables SERVER_PUBLIC_KEYRING_PATH and SERVER_PRIVATE_KEYRING_PATH to pass the location of the public and private key ring to the AWE module.
Added ability to send user-defined (custom) variables from EFT Server to the AWE module.
Added several new AWE actions in these categories: Internet, File, Network, Variable and Cryptography
COM API
The following methods, properties, parameters, and enumerators were added or modified:
Server Interface (ICIServer) methods: ConnectEx, RemoveServerAdminAccount
Single-Site Interface (ICISite) properties: AllowChangePassword, ForcePasswordResetOnInitialLogin
Client Settings Interface (ICIClientSettings) methods: GetForcePasswordResetOnInitialLogin, SetForcePasswordResetOnInitialLogin
Enumerators and Constants: LoginType, ServerModule, PredefinedReportPeriod, AdminAccountType enumeration, AdminLoginType enumeration
Added more unique error descriptions
Secure Ad Hoc Transfer module:
Added ability to configure ad hoc permissions in the web.config file.
Added ability to define the default permissions used for the temporary user's home folder in the web.config file.
Added ability for SAT users to create subfolders in their home folder.
Added a variable in the web.config file to add a specified time delay before sending the password email.
Improved the speed of SAT upload transactions and when SAT is configured for File Copy to EFT Server.
Web Transfer Client:
Added ability for WTC users to control whether preemptive proxy BASIC authentication credentials are sent.
Fixes:
Fixed Oracle ODBC Authentication Manager character case problems: user login checks are no longer case sensitive and SQL commands are case consistent.
Updated tab sequences in various dialogs for Section 508 compliance.
Event Rule "if using WTC" condition now works properly in all scenarios.
Event Rule "On Server Startup" actions are now performed.
Email notifications are now sent for On Scheduled Timer events.
Access to the Web Services WSDL has been restored.
Fixed layout errors in some PCI Reports.
Fixed the SSH version number displayed in the Admin User Interface to reflect the update to SSH protocol version 4.
Fixed WTC to ensure user's AD credentials are used to access files and folders and not the EFT Server service credentials.
Fixed WTC so uploads are now as fast as downloads
Fixed a vulnerability to tampering in the messaging between the Admin GUI and the EFT Server
Fixed several instances where standard file deletion was being used instead of file sanitization
Fixed a timeout issue that would lead to a blank page being displayed by the plain text HTTP client during extremely large file uploads
Restored the ability to turn on detailed outbound client logging (controlled by registry key)

Changes in 6.1.10

3/1/2010

Improved network error handling and added retry logic to the Web Transfer Client (WTC)
Improved ability to distinguish between SQL connection and non-connection related errors
Improved Installer to ensure SQL stored procedures are upgraded
Improvements to WTC’s proxy authentication capabilities
Improved EFT Server compatibility with WebDrive
Improved CreateUserEx COM method performance
Improved folder deletion performance
Improved configuration file read/write performance
Enhanced WTC so that its help contents are linked to version specific online help pages
Enhanced Auditing and Reporting Module (ARM) reconnection logic by using additional SQL timeout error codes
Corrected issue where EFT Server would attempt to send ARM status updates to Admin connections that was disconnecting
Corrected issue where WTC upload speeds wasn’t on par with download speeds
Corrected issue where Multi-site DMZ Gateway used the wrong interface when attempting to connect using PASV mode.
Corrected issue where Multisite DMZ used the wrong interface when performing outbound transfers
Corrected issue where WTC sessions would not retain and honor the user's Active Directory credentials
Corrected server crash in error handling in EFT Server’s authentication sub-system
Corrected issue triggered when ftp command socket was closed as data socket connected
Corrected issue on FTP connection when using NLST
Corrected issue where disabling an event in the "Event Rules" pane would cause the server to crash
Corrected cross site scripting vulnerability reported by QUALSGuard scanner when HTTP to HTTPS redirection was enabled
Corrected intermittent issue when deleting physical or virtual folders
Corrected discrepancy between the timezone used for the FS.FILE_CREATE and FS.FILE_CREATE_TIME event rule variables
Corrected COM script memory leak triggered by the processing of deleted or invalid folders
Corrected issue with %FILE.*% related Event Rule variables
Corrected issues interoperating with servers using SFTP protocol version 4 or greater
Corrected issue where internal SQL commands had inconsistent casing
Corrected issue where some login clients account dates were showing up as Dec 31, 1969
Corrected issue where upgrades could cause system service instability in rare instances
Corrected issue that prevented OpenPGP encryption from signing ASCII armored files
Corrected issue that made user names case sensitive when using Oracle as an authentication source
Corrected issue where UPN style logins didn't find their AD Profile home directory
Corrected issue where Event ACTIONS and GROUPS would trigger errors on SQL text file import
Corrected issue where virtual folders not pointing to the C:\ drive were not visible
Corrected issue during client authentication in SSL
Corrected issue where folder names did not display a '&' properly
Corrected minor GUI layout issue related to Advanced Workflow Engine (AWE) "Create Date" label

Changes in 6.1

11/9/2009

Improved Active Directory user authentication and synchronization to provide better support for foreign domain users and groups
Added SSH.com or OpenSSH formatted keys selection to SFTP key creation wizard
Added Message Level Security (MLS) to the AS2 module
Added support for Folder Monitor Event Rule to operate across network shares/forests in Active Directory
Added Windows authentication in addition to SQL authentication for EFT Server ARM connections to SQL Server
Added extensive and configurable text file logging to aid Customer Support in identifying customer environment unique behaviors
Added support for user principal and common name formats for the AD/LDAP user Change Password function
Moved the AD/LDAP test connection from the Administrator Interface to the Server
Updated Move Action context variables %FS.PATH%, %FS.FILE_NAME%, and %FS.FOLDER_NAME% to match the new file location
Added support for Powershell to Event Rule commands
Improved support for UNC paths to hold the resulting backup file for Event Rule Backup Action
Added support for Event Rule client transfers function through ISA and SQUID proxies
Added support for multi-part POST uploads for Event Rule client for compatibility with Tumbleweed Secure Transport Server
Added Advanced Workflow task names to Event Rule reports
Improved OpenPGP support of the ASCII-armored file format for data files
Added support in the installer wizard to install EFT Server and DMZ Server in a cluster
Improved installer wizard for the setup and upgrade of ARM and the associated SQL database
Added support for installing EFT Server from a command line/with a batch file
Added ability to extend the initial 30-day trial
Added new methods and properties to the COM API and removed deprecated ones
Added support in the Web Transfer Client (WTC) to provide wider character support
Upgraded WTC libraries to provide better proxy, cookie, and HTTP compatibility
Upgraded Plain Text Client (PTC) libraries to provide better performance when listing folders with thousands of files and folders
Removed (hid) Change Password button in the WTC when the user account does not have permission to change the password
Added ability to email user login credentials from EFT Server
Added Clear Command Channel (CCC) and Clear Data Channel for FTPS
Added ability to import and export Advanced Workflow tasks in the Administrator Interface
Added ability to configure Secure Ad Hoc Transfer (SAT) to prevent "spoofing" by forcing FROM address to match AD before sending the message
Added logging to SAT, which now logs the IP address of the sender to ARM and displays the address in new reports
Added verification of prerequisites in the SAT installer to verify IIS and .NET are installed and have the correct versions
Added IIS role setting to the SAT installer
Updated SFTP client to provide higher performance, compatibility, and FIPS-certified encryption
Added ability for the SFTP SSH_FXP_SETSTAT command to modify the file's accessed, modified, and created timestamps
Added upload and download speed for SFTP connections to the Server's Status tab
Included headers from transactions to the AS2 Transaction Detail report
Added ability to configure inbound only or outbound only AS2 partners (no longer need to configure both)
Increased administrator password length from 20 to 99 characters
Increased Group and Settings Template name length to 255 characters
Provided new controls, notifications, and events regarding users that are locked out due to invalid login attempts
Fixed WTC properly supports the Euro symbol in folder and file names
Fixed WTC supports configuration of retries for users transferring large file sets over networks with intermittent errors
Fixed WTC properly throttles bandwidth per the specified limits for both uploads and downloads
Fixed WTC transfer percentages are displayed and updated correctly for resumed transfers
Fixed WTC properly notifies user if a remote folder cannot be created because it already exists on the remote server
Fixed WTC displays a single error dialog if the connection to the remote server is lost while transferring multiple files
Fixed WTC and PTC users are returned to their previous page instead of an error page when selecting CANCEL during login
Fixed PTC properly sorts file listings based on the Modified Date and Size columns
Fixed SAT detects if IIS 7 is installed and extends the maxAllowedContentLength value in the IIS ApplicationHost.config file to 2 GB
Fixed SAT supports semicolon delimiter for multiple email send addresses
Fixed DMZ Single Site now accepts the queued EFT Server connection when the active connection ends
Fixed Turning off SSL FIPS reenables Auto Negotiate
Fixed SSL cert creation wizard ensures a valid ISO country code is selected
Fixed NTLM user authentication renamed to "Local System Accounts"
Fixed Copy/move Action now honors the retry counter instead of trying indefinitely
Fixed On Timer rule supports specifying *.* or *.ext to download files from a remote folder
Fixed Restore places the AUD file in the correct folder
Fixed PCI DSS report is available in the Generate Report selection dropdown
Fixed XCRC now works on files greater than 2GB
Fixed A value in the Description column is not necessary for ODBC user entriesq
Fixed OpenPGP will not create a separate signature file if "Output to target file" is selected
Fixed Removed the Advanced FTP settings that were not relevant to SFTP
Fixed Users reenabled in Active Directory will be reenabled in EFT Server
Fixed AWE and AS2 "not registered" Windows Event Log entries are now INFO instead of ERROR
Added many additional stability, usability, and user interface improvements and fixes

Changes in 6.0.17

9/3/2009

Fixed SFTP protocol command validation
Fixed DMZ issue that occurred when two EFT Servers used same IP/port
Fixed WTC to notify user if local folder creation failed due to invalid characters
Improved several prompts and messages in the WTC
Improved various error messages.
Added the ability to transfer folders containing subfolders.
Set status to "INTEGRITY CHECK FAILURE" only for CRC failures. CRC check failure caused by reasons other than CRC value difference are assigned the "UNABLE TO VALIDATE INTEGRITY" state.
Fixed the occasional missing icon problem.
Changed client SFTP key generation to use ssh.com style keys by default.
Removed spaces from LDAP query strings so comparisons match properly.
Enhanced WTC to provide a <%=client_ip%> token replacement in htm files.
Corrected a problem with binary to ASCII conversion over SFTP.
Fixed a crashing issue that could occur when user list was not in sync with authentication provider.
Made permissions checks when switching into a UNC directory consistent with that of switching into a local directory.
Fixed a crashing that occured when a PCI DSS report was generated on an LDAP site.
Fixed issue where files uploaded over HTTP using the PUT method were visibile while being transferred.
Fixed issue where webservices invocation failed because of random data being appended to parameters.
Fixed issue where server inactivity led to ADO errors being recorded to the system application log.
Fixed issue where AS2 would fail MDN verification.
Fixed issue where AS2 hot folder would fire early and send a 0 byte file.
Fixed hang that could occur when deleting a user while system quotas were enabled.
Fixed a crash that could happen when the system bans a user for disconnects.
Increased allowed length of administrator passwords.
Fixed issue that could lead to crash when using COM.
HTTP 401 page now redirects you to previous page in browser history.
Fixed hang that could occur when deleting a user while system quotas were enabled.
Fixed a crash that could happen when the system auto-bans a user.
Increased allowed length of administrator passwords.
Fixed issue that could lead to crash when using COM.
HTTP 401 page now redirects you to previous page in browser history.
COM ClientSettings Get/Set HTTPS/FTPS methods now work.

Changes in 5.2.21

9/3/2009

Fixed SFTP protocol command validation
Fixed WTC FireFox issue that was introduced when new signing cert was used for jars
Merged 6.0/6.1 LDAP fix for base DN's that contain spaces
Added registry entry that will allow wildcard transfers of local files to fail if no files. Are found (legacy behavior is all wildcard operations succeed even if no files are found)
Update to authentication manager to correctly pull domain name in certain instances where it previously failed.
Fixed problem with random session expiration/timeouts over HTTP.
Automatic re-queue of file transfers when they fail.
Bug fixes to Web Transfer Client.
Fixed crash upon login caused by use of a special registry key.
Improved AD support for retrieving a user's domain.
Improved BlueCoat proxy support.
Fixed issue with Web Transfer Client only reporting 10 licenses even if more were registered.

Changes in 6.0.6

6/15/2009

0KB files uploaded via SFTP now trigger events and are reported in logs.
LIST permission is no longer required for a WTC upload.
Plain text web transfers now correctly handle sending files with an octothorpe (#) in the file name.
Opening a Microsoft Office document via the HTML Listing and Upload form in Internet Explorer no longer triggers a reauthentication prompt.
AD accounts in WTC can no longer rename and delete virtual folders.
WTC now allows signing certificate to be accepted.

Changes in 6.0.4

5/20/2009

Enhanced ARM performance under load
Enhanced the layout of the User Templates, Groups, and Custom Command dialogs to support longer names
Corrected SQL connection timeout handling to ensure ARM auditing of all transactions
Corrected SQL error handling to eliminate repeated email notifications
Corrected issue that occurred if APPEND was disabled and a WTC user attempted to resume a transfer
Corrected database error triggered by AS2 configuration Test button
Updated SAT installer to grant permission to EFT /adhoc folder for Vista and Win2K8
Updated SAT installer to properly list/select the IIS web sites

Changes in 6.0.1

4/8/2009

Enhanced WTC proxy support for JREs after 1.6.7
Enhanced EFT Server Enterprise installer to provide both the Single Site and Multi-Site DMZ Gateway sub-installers
Enhanced the logic used to complete the removal of a previous version of EFT Server or Secure FTP Server
Enhanced the SAT-related ARM reports to display multiple files if more than one file was sent per transaction
Enhanced the Administrator GUI to support User Setting Templates and Permission Groups with names greater than 20 characters (max of 255)
Enhanced EFT Server (core) with support for operation on 64 bit
Corrected issue with WTC Active Directory change password
Corrected issue in plain-text HTTP that required DELETE permission to download files
Corrected issue caused when uploading a file to a folder with a path exceeding 255 characters
Corrected issue with WTC not showing download prompt with Firefox
Corrected issue caused when Web Services interface was disabled but Event Rule invocation was attempted
Corrected logos and formatting issues in SAT and AS2 ARM reports
Corrected issue related to generation of output in Custom Command log files
Corrected EFT Server crash that occurred for Copy/Move Event Rule Actions that did not have a leading “\\”
Replaced HTTP Java update link with HTTPS link to eliminate warnings about "insecure content

Changes in 5.2.15

3/18/2009

Fixed Java errors on the change password page
Fixed crash that occurred when there was a high number of user-to-group assignments
HTTPS clients without Java installed are now prompted to install it
Improved EFT Server stability by identifying and removing thread unsafe code
Fixed crash that occurred when logging in via SFTP and connection limit is already reached.
Fixed memory leak when uploading files via HTTP
Resolved issue wherein certain COM scripts would never time out
Resolved issue where custom command parameters would not appear in cmdout.log
Resolved issue where plain text client would not reload when a non-standard port was used
Fixed memory leak in the authentication managers
Fixed EFT Server hang issue caused by administrative users timing out
Fixed memory leak caused under certain circusmtances by NLST command

Changes in 6.0

3/2/2009

Added - compatibility with x64 Windows including Server 2008
Added - Oracle database support added for Auditing & Reporting
Added - Backup and restore wizard for disaster recovery and migration between servers
Added - New Server Administrator role: "Create User" - has ability to create users within designated templates
Added - Optional Advanced Workflow Engine module - extends EFT Server event rules by over 200 additional actions, including send to mainframe, send SNMP traps, query SQL database, parse an XML or Excel file, and hundreds more
Added - New wizards for the Download (Pull) and Copy/Move (Push) Event Rules
Added - DMZ Gateway Enterprise - allows multiple EFT Servers to connect to the gateway.
Added - FIPS certified SSL and SSH libraries as part of High Security Module (HSM).
Added - Comprehensive auditing and reporting of all administrator changes made to the server (requires HSM)
Added - Ability to modify the default messages sent upon account creation and password expiration reminders
Added - Ability to switch between UTC/GMT and server local time for timestamps returned in directory listings
Enhanced - Setup (installation program) can configure EFT Server’s auditing database on an existing SQL or Oracle server
Enhanced - complete revamp of EFT Server’s Administrator Interface including dozens of small usability fixes
Enhanced - Support for designating EFT Server's configuration file path
Enhanced - New User setup wizard can now designate a home folder including variable names
Enhanced - Replaced MSDE with SQL Server Express for the bundled database
Enhanced - Updated PCI compliance to match the latest PCI DSS 1.2 specification (requires High Security Module)
Enhanced - Ability to create Custom Commands "on the fly" from within Event Rules
Enhanced - Various visual and usability improvements to the Event Rule builder
Enhanced - Send E-mail Event Rule action now allows multiple "To:" values
Enhanced - Send E-mail Event Rule action now includes an Address Browser to search and insert addresses with ease
Enhanced - Replaced OpenPGP library - provides many more options, including signing options, cipher/hash options, self-decryption archive creation, compression levels, and debug logging
Enhanced - Updated SFTP library - provides import/creation of OpenSSH keys and public key select/export
Enhanced - Ban IP address on invalid account now counts invalid login attempts when a non-existing username is provided.
Enhanced - Plain HTTP interface has been updated and exposed so that it can be completely customized
Enhanced - Web Transfer Client (WTC) interface updated and various minor bugs fixed
Enhanced - Dozens of minor usability and bug fixes in AS2
Added - Complete backwards compatibility with Secure FTP Server 3 and EFT Server 5
Enhanced - Password reset and complexity are now part of the core feature set
Fixed - Various defects of varying level of severity

Changes in 5.2.12

11/5/2008

Corrected an issue with WTC logout on Firefox.
Added registry setting that allows OS-selected IP address assignment for outbound client connections (pre-5.2.11 behavior).
Internet Explorer Enhanced Security Window no longer interferes with the Administrator interface.
Added expiring session cookie for WTC on Chrome browser for logout (fixes the repeated logon issue in Chrome).
The Event Rule MailAction::FROM parameter is now exposed so that it can be overridden with an event rule specific value. If the FROM email address is not overridden in the rule, the Server level default value is used for the FROM address.
Now deploying PCI report files to PCI subfolder rather than Reports subfolder.
Provided option (via registry key) to redirect cl*.log output to the Windows Event Log.
OpenPGP keyrings can now be in a location other than the EFT Server installation folder.
OpenPGP updated to support selection of hashing algorithm.
EFT Server outbound client now uses site IP address instead of defaulting to OS-selected IP address.
(SAT) Fixed problem with send upload notification not functioning due to URL format supplied in user description field.
(SAT) Increased logging in send upload notification script.
(SAT) Fixed problem with uploading popup opacity and animated gif not moving in IE7.
(SAT) Fixed problem with “From” cookie storing more than one email address.
(SAT) Updated COM for compatibility with EFT 5.2.12.

GlobalSCAPE EFT Server Product Version History

Changes in 6.5

EFT Platform (Standard and Enterprise):

Administrator Interface (AI):

Advanced Workflow Engine (AWE):

Auditing and Reporting Module (ARM):

Client (Outbound):

COM Interface:

Event Rules:

Installer:

Secure Ad-hoc Transfer (SAT):

Mail Express:

Web Interfaces - General:

Web Interfaces - Web Transfer Client (WTC):

Fixes:

General:

Administration Interface (AI):

Advanced Workflow Engine (AWE):

AS2:

Auditing and Reporting Module (ARM):

Authentication - General:

Authentication - Active Directory:

Authentication - LDAP:

Authentication - ODBC:

Client (Outbound):

COM Interface:

DMZ Gateway (version 3.3.0):

Event Rules:

High Security Module (HSM):

Installation:

OpenPGP Module:

Protocols - General:

Protocols - HTTP/S:

Protocols - FTP/S:

Protocols - SFTP:

Secure Ad-hoc Transfer (SAT):

SMTP:

Web Interfaces - General:

Web Interfaces - Web Transfer Client (WTC):

Web Interfaces - Plain Text Client (PTC):

Changes in 6.4.10

EFT Server (standard) and Enterprise:

AS2 module:

Secure Ad Hoc Transfer (SAT) module:

Changes in 6.4.7

EFT Server Enterprise only:

EFT Server (standard) and Enterprise:

Changes in 6.4.3

EFT Server Enterprise only:

Help and Documentation:

Auditing and Reporting Module (ARM):

Web Interfaces:

Changes in 6.4.1

EFT Server (standard) and Enterprise:

Changes in 6.3.16

EFT Server Enterprise only:

EFT Server (standard) and Enterprise:

Web Transfer Client (WTC):

COM API:

OpenPGP module:

AS2 module:

Secure Ad Hoc Transfer (SAT) module:

Changes in 6.4

EFT Server Enterprise only:

EFT Server (standard) and Enterprise:

Administration Interface (AI):

Auditing and Reporting Module (ARM):

Secure Ad Hoc Transfer (SAT) module:

DMZ Gateway:

Web Transfer Client (WTC):

COM API:

Changes in 6.3.8

EFT Server Enterprise only:

EFT Server (standard) and Enterprise:

COM API:

Secure Ad Hoc Transfer (SAT) module:

AS2 module:

Web Transfer Client (WTC):

Advanced Workflow Engine (AWE):

OpenPGP module: