This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Serv-U FTP Server and Serv-U MFT Server version 15.3.2 are now available!

We would like to announce the general availability of Serv-U FTP & MFT Server version 15.3.2 This release contains following new features and improvements

Server Identity introduced to enhance security
Serv-U 15.3.2 introduces the concept of Server Identity. This attribute enable increased security by assigning each MFT server a unique server identity comprising the Server UID with a secret key. This Server Identity is used to provide enhanced encryption of third party passwords, and can be shared among multiple instances of the same server (for example, in the case of load balancing where a master Serv-U instance with the same server definition is replicated across multiple hosts). See Creating, exporting, and importing the Server Identity in the Installation and Upgrade Guide for information.

  • If installing Serv-U 15.3.2 on a machine that has never had Serv-U installed, the Server Identity is automatically created.
  • If upgrading to Serv-U 15.3.2 from an earlier version, a pop-up message is displayed.
    • For a single instance of Serv-U, or if you are creating the first of multiple instances in a multi-tier Serv-U Server, you should create a server identity.
    • For a subsequent installations in a multi-tier Serv-U set-up, you need to import the server identity from the original instance

See Creating, exporting, and importing the Server Identity in the Installation and Upgrade Guide for information.

Transition to Network Service from Local System
Prior to 15.3.2, the default account used by the Serv-U service was SYSTEM (also referred to as Local System). From the 15.3.2 release, the default account is NETWORK SERVICE for improved security. For further information, see the knowledge base article, Running Serv-U under NETWORK SERVICE. (SolarWinds would like to thank security researcher Ken Pyle of CYBIR for reporting on this issue in a responsible manner and working with out security, product, and engineering teams to fix the vulnerability.)

Multi-language support for new Serv-U client and file sharing
The new Serv-U Web Client and File Sharing now support language select from English, German, French, Spanish, Portuguese, Serbian, Finnish, Norwegian, Russian, Danish, Simplified Chinese, Traditional Chinese, and Japanese.

Enhanced password encryption algorithm
All encryption types other than "one way encryption" are now defined as vulnerable, and have been removed from the Domain Wizard and the Domain Limits and Settings - Passwords option. All new users are created to use "one way encryption" and any previous domain or database users will be automatically re-encrypted to "one way encryption".

jQuery library updated
OpenSSL library updated (vulnerabilities CVE-2022-3786, CVE-2022-3602 addressed)
Improved security and stability

You can view the full set of release notes.

Download Serv-U 15.3.2 now from your customer portal.

Parents Reply
  • Yes it is.

    My reason(s) are that both that SW Dev should not have made this change undocumented, and their citing of RFC 4.2, with a strict interpretation as w/CrLf (13,10), the very same 4.2 paragraph includes reference to 5x that outlines support for legacy clients w/a single char(10) line feed Lf, So, again Yes Hot Fix

Children
No Data