In keeping with the season of gift giving, Progress Software have released a 2020 edition of the well-known WS_FTP Server software. Bringing an end to a wait of just over two years since the previous version - the last version released by predecessor Ipswitch Inc.
In this highly anticipated release, focus has been made on the security patching of various vulnerabilities and correcting of customer issues, which have been fed back through support tickets and the Progress Community.
The following is a summary of the more noteworthy of the changes for WS_FTP Server 2020:
Database passwords containing special characters are accepted.
Updated third party components to versions that address known security vulnerabilities.
Log viewer filters are applied to exported log data.
Email addresses of users with a top level domain longer than 5 characters are accepted by WS_FTP Server.
The WS_FTP Server admin log on page renders correctly
Notably, there is a clear lack of new features and capabilities in this version...but worry not! While this version is mostly there to correct and problems and ensure that WS_FTP Server continues to pass your penetration test, we expect there to be much more regular and richer releases in the near future.
For further information about issued which have been corrected, please see below:
The installation documentation was updated to include the following important information: Installing WS_FTP Server on a domain controller is not supported.
There is support for special characters in database passwords during installation and database configuration.
The AngularJS version used for the WTM and AHT modules was upgraded to version 1.8 to prevent vulnerabilities.
WS_FTP Server's cookies now have secure and HTTP only attributes.
The prototype.js version used in WS_FTP Server was upgraded to version 1.7.3 to prevent vulnerabilities.
Fixed a directory traversal vulnerability on WS_FTP Server's WTM interface.
Filters that were applied to the log viewer are now also applied to the .XML export option.
Email addresses of users with a top level domain longer than 5 characters are now accepted by WS_FTP Server.
The WS_FTP Server admin log on and home pages now render correctly.
Updates were applied to the Log Server login page to protect against cross site scripting (XSS).
Error messages were sanitized to prevent the disclosure of potentially sensitive data.
The FTP server (and SSH server) do not reveal the product version to unauthenticated users.
Sessions time out after the specified time, the default is 600 seconds, or when a client disconnects.
How Do I Upgrade?
Upgrading is a relatively painless process using a wizard driven installation file, which can be downloaded from the Progress Community Portal. Note that in order to gain access to newer versions of WS_FTP Server, you must have an active support and maintenance contract.
Should you find yourself without an active support and maintenance contract, you can contact Advanced Cyber Solutions for further information. Book a call today.