SecureTransport 5.3.0 Release Notes

New features and enhancements

Advanced Routing

The main function of the Advanced Routing feature is to act as an intelligent routing engine and allow SecureTransport users to flexibly provision new data flows and to create diverse patterns for data movement between different participants, partner systems, and applications. The Advanced Routing will also function as a placeholder for implementation of routing mechanisms beyond those already developed in SecureTransport 5.3.0.

Advanced Routing provides advanced transformation and routing capabilities for SecureTransport Server. On a high level, when specific conditions are met, particular steps are performed. Conditions and steps are wrapped in routes as part of a Route Package Template or Route Package.

Advanced Routing has the following main features:

  • Conditioning
    • Transformation and routing steps execution is based on file path/name patterns or other environment variables
  • Transformations
    • PGP Encryption, PGP Decryption, Compress, Decompress, Line Ending, and External Script transformations
    • Multiple transformation execution (for example, Decompress > PGP Decryption > Compress)
    • Renaming
  • Routings
    • File routing to transfer sites and accounts (including virtual and LDAP ones) through Publish To Account and Send To Partner
    • Renaming and deleting
    • Overwrite upload folder - optional setting which allows the upload folder to be dynamically defined for each transfer
  • Tracking and notifications
    • File Tracking integration
    • Sentinel integration
    • Email notifications on routing and transformation successes and failures
  • Extensive Expression Language support
  • Post routing, post transformation, and post processing actions
  • Ability to specify and override transformation and routing steps on an account basis
  • Distributed execution of the routes in a cluster mode

ICAP Scanning

The Internet Content Adaptation Protocol (ICAP) settings allow the administrator to configure ICAP engines to be used as part of the SecureTransport file transfer processes so that data loss prevention (DLP) is achieved and anti-virus (AV) scans are completed. SecureTransport allows the administrator to use the ICAP connector to set up a SecureTransport server to scan (with external DLP engine) files when delivering them to the recipient folder. The ICAP server scan is be executed when a file is going to be (therefore before it is) delivered.

Up to two ICAP servers can be configured. If two ICAP servers are enabled transfers will be scanned by both servers.

Shared Folders

The Shared Folders feature allows the on-demand sharing of folders from the SecureTransport Web Client interface versus having to be administered from the SecureTransport Administrator interface. Web Client users can now create, own, and share folders. The folder access level is controlled by the folder owner. The owner of the folder can not only share but unshare folders as well. The folder owner can also view and change the correspondents list dynamically and enable and disable the notifications for new content and content changes in the folder for the correspondents.

Web Access Plus

Beginning with SecureTransport 5.3.0 Web Access Plus (WAP) is based on HTML5 technology. The HTML5 version of Web Access Plus replaces the Java Applet version as the default option for Web Access Plus.

Fixed issues

Case ID Internal 
ID
Description
SecureTransport 5.0.0 Patches
Patch 73
739127
130083 Issue: Previously, there used to be the possibility that two httpd children would simultaneously perform stale sessions cleanup leading to duplicate logout events sent to the transaction manager.
Resolution: Now, this is fixed and only one child can perform stale sessions cleanup at a time.
Issue: Previously SIGHUP was sent to httpd and Administration Tool when performing nightly log rotation. This caused ongoing transfers to be aborted.
Resolution: Now, this is fixed and SIGUSR1 is sent instead and the ongoing transfer finish successfully.
Patch 75
726812
132565 SecureTransport 5.0 SP3 Patch 75 upgrades the embedded JRE and JDK to the Java 6 Update 45.
Patch 76
(none)
133202 SecureTransport now offers a feature to configure the type of the local transfer when performing a Connect:Direct push. The available options are Ascii, Binary, or Auto detect. Auto detect option refers to the mime.types file, located under FILEDRIVEHOME/conf/.
SecureTransport 5.1 SP3 Patches
Patch 9
(none)
131844 Issue: Previously, when network communication between nodes in a large enterprise cluster was interrupted and restored, the cluster state was not restored correctly. As a result, the Administration Tool failed to update certificates, configuration parameters, and other changes.
Resolution: Now, the cluster state is restored correctly and the Administration Tool is fully functional on all nodes.

Issue: Previously, when a node was removed from a large enterprise cluster, other nodes in the cluster might still assign it events for some time. This behavior could cause transfers to stay in progress on the Administration Tool File Tracking page and cause problems with server-initiated transfers.
Resolution: Now, before assigning an event to a node in a large enterprise cluster, SecureTransport checks that the node is active in the cluster.

Issue: Previously, SecureTransport process in a large enterprise cluster could stop processing when the database did not accept log messages and a queue filled up.
Resolution: Now, when the database does not accept the log messages, they arestored in a file until the database responds.

Issue: Previously, when a SecureTransport server was removed from a large enterprise cluster, the Transaction Manager would not terminate and other nodes in the cluster would continue to assign work to it.
Resolution: Now, when a server was removed from a large enterprise cluster, the Transaction Manager is stopped.

Issue: Previously, when the TM service on a server in a large enterprise cluster was restarted while one of certain items such as an account or a subscription was being modified, the Administration Tool would occasionally display an unexpected error and stop responding until the admin service was restarted.
Resolution: Now, the admin service handles this case so the Administration Tool continues to work.

Issue: Previously, the STDBAppender thread sometimes terminated silently and caused the server to stop responding.
Resolution: Now, SecureTransport restarts the thread automatically if it terminates.

Issue: Previously, when the Transaction Manager terminated in error or stopped responding, SecureTransport did not save information for Axway Global Support.
Resolution: Now, SecureTransport can save the information in the <filedrivehome>/support directory.

Issue: Previously, when the Transaction Manager terminated in error or stopped responding on one server in a large enterprise cluster, all servers in the cluster stopped responding for five minutes.
Resolution: Now, you can control using the following system configuration parameters the time until the servers in the large enterprise cluster start responding when this occurs and the frequency that the servers send heartbeats:
  • Cluster.Status.heartbeatTimeout is the time in seconds until the servers start responding. The default value is 20 seconds.
  • Cluster.Status.heartbeatInterval is the interval at which the servers send a heartbeat message. The default value is 5 seconds.
Patch 24
734818
128715 Issue: Previously, when SecureTransport performed a server initiated upload over FTP or FTPS in ASCII mode, it transcoded the underlying OS line terminator character sequence to CRLF as dictated by RFC 959.
Resolution: Now, an additional transfer site property is added - Transcode any line terminators in ASCII mode. When checked it forces SecureTransport to transcode any sequence of line terminators.
Patch 25
751550
136003 Issue: Previously, dynamic synchronization in SecureTransport Standard Cluster was hardcoded to use SSL Protocol SSLv3.
Resolution: Now, SecureTransport provides a configuration option for the SSL Protocol to be used when performing dynamic synchronization.
The configuration is named Cluster.DynamicSync.SSLProtocol and the accepted values are: TLSv1| SSLv3
Note: Protocols TLSv1.1 and TLSv1.2 are not supported.
SecureTransport 5.2.0 Patches
Patch 37
725584
126514 Issue: Previously, the Administration Tool export account function and the xml_export utility sometimes did not export some accounts.
Resolution: Now, SecureTransport exports all accounts.
Patch 38
738933
130284 Issue: Previously, when the user uploaded a zip file containing a large number of compressed files into a subscription folder of the ExtendedRouter application, the decompression transformation failed to execute properly.
Resolution: Now, the decompression transformation of the ExtendedRouter application works properly regardless of the number of the files in the zip file.
SecureTransport 5.2.1 SP2
144781 66909 Issue: Previously, setting a password of 48 or more characters in a transfer site produced an "Unexpected Exception during decryption" error message during a server-initiated transfer.
Resolution: Now, long passwords work as expected.
144818 66701 Issue: Previously, the Administration Tool Admin Access Control page had a security vulnerability because it displayed a full system file path in some error messages.
Resolution: Now, the page does not expose such information.
152579 72774 Issue: Previously, the SecureTransport 5.1 Edge Administration Tool server log did not include the log output from the SOCKS5 proxy server.
Resolution: Now, the Administration Tool displays this log output.
601415 79286 Issue: Previously, the rc.stransport script was not executed when a Unix-based operating system was shut down or rebooted. The SecureTransport processes were not stopped gracefully. The operating system killed them.
Resolution: Now, the rc.stransport script is executed during shutdown and reboot.
659106 97544 Issue: Previously, when the ad hoc Delivery Method for a user was Account Without Enrollment and the user sent a file to an email address that was not associated with a SecureTransport user, the messages that SecureTransport displayed in the Administration Tool and in Web Access Plus were not clear.
Resolution: Now, the messages that SecureTransport adds to the File Tracking and Server Log pages include the reason for the failure, and the delivery status in Web Access Plus is "Delivery Failed."
662471
664717
682941
98941
99759
108317
Issue: Previously, when network communication between nodes in a large enterprise cluster was interrupted and restored, the cluster state was not restored correctly. As a result, the Administration Tool failed to update certificates, configuration parameters, and other changes.
Resolution: Now, the cluster state is restored correctly and the Administration Tool is fully functional on all nodes.

Issue: Previously, when a node was removed from a large enterprise cluster, other nodes in the cluster might still assign events to it for some time. This behavior could cause transfers to stay in progress on the Administration Tool File Tracking page and cause problems with server-initiated transfers.
Resolution: Now, before assigning an event to a node in a large enterprise cluster, SecureTransport checks that the node is active in the cluster.

Issue: Previously, SecureTransport process in a large enterprise cluster could stop processing when the database did not accept log messages and a queue filled up.
Resolution: Now, when the database does not accept the log messages, they are stored in a file until the database responds.

The behavior for each server is controlled by parameters in the following files in the <FILEDRIVEHOME>/conf/ directory:
  • Administration Tool: admin-log4j.xml
  • SSHD: sshd-log4j.xml
  • AS2D: as2d-log4j.xml
  • Tools: tools-log4j.xml
  • Transaction Manager: tm-log4j.xml

The parameters are:
  • queueAwaitDefaultTimeout: Time in milliseconds to wait for the queue to free up when full (default 5000 milliseconds)
  • queueAwaitMinTimeout: Minimum time in milliseconds of the queue wait period (default 50 milliseconds)
  • queueAwaitFactor: Factor used to adjust queue wait time (default 1000). This value is divided by the number of events that have not been saved in the database, and the result is subtracted from the current timeout to get the time to wait until the next event is sent to database. If the result is less than the queueAwaitMinTimeout value, queueAwaitMinTimeout is used instead.

With a larger value of queueAwaitFactor, future events do not wait as long and the system is more responsive. With a smaller value, future events wait longer before they are sent to the database so the load on the database is reduced and the system's responsiveness might be reduced.

next-event-await-period = maximum( queueAwaitMinTimeout, last-event-await-period - queueAwaitFactor / number-of-events)

With the default values for the parameters, the initial value of next-event-await-period is 5000 milliseconds. When there are 2 events that have not been saved to the database, the time to wait is reduced by 1000/2 = 500 milliseconds until it reaches 50 milliseconds. When database communication returns to normal and the database starts to accept log messages again, next-event-await-period is reset to queueAwaitDefaultTimeout and number-of-events is reset to zero.

The hibernate.connection.oracle.jdbc.
ReadTimeout
attribute of the component for each server in <FILEDRIVEHOME>/conf/configuration.xml controls the read timeout (how long to wait for a response from the database before failing a query) on all TCP sockets to the Database. (default 5 minutes)

The hibernate.c3p0.checkoutTimeout attribute of the component for each server in <FILEDRIVEHOME>/conf/configuration.xml controls the Database connect timeout (how long to wait for a connection to be established). (default 5 minutes)

Issue: Previously, when a SecureTransport server was removed from a large enterprise cluster, the Transaction Manager would not terminate and other nodes in the cluster would continue to assign work to it.
Resolution: Now, when a server is removed from a large enterprise cluster, the Transaction Manager is stopped.

Issue: Previously, when the Transaction Manager service on a server in a large enterprise cluster was restarted when a specific item, such as an account or a subscription was being modified, the Administration Tool would occasionally display an unexpected error and stop responding until the admin service was restarted.
Resolution: Now, the admin service handles this case so the Administration Tool continues to work.

Issue: Previously, the STDBAppender thread sometimes terminated silently and caused the server to stop responding.
Resolution: Now, SecureTransport restarts the thread automatically if it terminates.

Issue: Previously, when the Transaction Manager terminated in error or stopped responding, SecureTransport did not save information for Axway Global Support.
Resolution: Now, SecureTransport saves the information in the <FILEDRIVEHOME>/support/ directory.

Issue: Previously, when the Transaction Manager terminated in error or stopped responding on one server in a large enterprise cluster, all servers in the cluster stopped responding for five minutes.
Resolution: Now, you can use the following system configuration parameters to control the time until the servers in the large enterprise cluster start responding when this occurs and the frequency that the servers send heartbeats:

Cluster.Status.heartbeatTimeout is the time in seconds until the servers start responding. The default value is 20 seconds.

Cluster.Status.heartbeatInterval is the interval at which the servers send a heartbeat message. The default value is 5 seconds.
666850
670582
666652
100553
102581
101232
Issue: Previously, when a user tried to perform an upload or download that was not permitted by an access restriction on the SecureTransport 5.2.1 Server, Web Access Plus displayed an incorrect error message or did not indicate an error.
Resolution: Now, Web Access Plus displays Error 403, Access denied.
666929 101895 Issue: Previously, when either the AxwaySentinel or the AxwayTransferCFT Transaction Manager rule was modified using the SecureTransport 5.2 Administration Tool, the relevant changes were written to a new XML file instead of to the correct corresponding existing XML file.
Resolution: Now, changes to either rule are written to the correct file.
668412 99780 Issue: Previously, after an initial outbound failure and subsequent successful automatic retry, SecureTransport 5.2 did not restart a transfer. The File Tracking page displayed the retry as successful transfer with zero transferred bytes, but SecureTransport did not transfer the file to the user's home directory. When a post transmission action (PTA) failed, SecureTransport did not restart the transfer, but only retried the PTA.
Resolution: Now, if the transfer and PTA fail, SecureTransport restarts the transfer.
670466 101890 Issue: Previously, SecureTransport enabled repository encryption only for users in the EncryptClass user class.
Resolution: Now, you can also enable repository encryption for an account by setting the Encrypt Mode property in the User Account page or in the account template used by the account.

The Encrypt Mode property can be set to Unspecified or Enabled. If a user account is configured with Encrypt Mode set to Enabled, repository encryption is enabled for this user account whether or not the user is in the EncryptClass user class. When the user account is configured with Encrypt Mode set to Unspecified, the previous behavior is preserved and the repository encryption is enabled based on the EncryptClass user class evaluation.
673616 103278 Issue: Previously, SecureTransport 5.2 Web Access Plus transferred files more slowly than previous clients because it calculated the MD5 checksum before each upload and after each download, which required it to read the file twice.
Resolution: Now, Web Access Plus calculates the MD5 sum during the transfer and transfer speed is improved.
674528 104377 Issue: Previously, SecureTransport 5.2 did not use the value of the Users.DefaultUmask server configuration parameter.
Resolution: Now, the SecureTransport applies the value of Users.DefaultUmask to uploaded files as designed.
674683 103884 Issue: Previously, PeSIT parameters PI 99, PI 61, and PI 62 were routed during a server-initiated download (pull) only if it was a routing transfer. For a client-initiated download, PI 99 was always evaluated based on the incoming transfer environment.
Resolution: Now, the behavior is the same for PI 99 for all outbound transfers, both client-initiated downloadsand server-initiated pulls. PI 61 and PI 62 are routed only when SecureTransport acts as a hub.

Note: Fixed in SecureTransport 5.2.1, but not listed in the Release Notes.
675095 104011 Issue: Previously, SecureTransport displayed incorrect messages to an administrator if his password had expired or if he attempted to expire his own password.
Resolution: Now, SecureTransport displays correct messages in these cases.
675210 105195 Issue: Previously the SecureTransport aesenc.exe and aesdec.exe Windows utilities always returned empty output.
Resolution: Now, those utilities correctly encrypt or decrypt the given parameter.
676243 105082 Issue: Previously, in an active/passive cluster, the passive SecureTransport server processed some of the client-initiated transfers.
Resolution: Now, only the active server handles these transfers. The passive server does not process any transfers until a failover occurs.
676465 105415 Issue: Previously, the status_ftpd and status_httpd utilities in <FILEDRIVEHOME>/bin incorrectly returned unknown or down status when the protocol servers were running.
Resolution: Now, these utilities return the state of the servers correctly.
676998 105002 Issue: Previously, SecureTransport Web Access Plus did not include a complete keyboard user interface.
Resolution: Now, a user can operate SecureTransport Web Access Plus without using a mouse but using the keyboard shortcuts instead.
677255 105319 Issue: Previously, the names of some environment variables changed in SecureTransport 5.2 by substituting dot (.) for underscore (_) in some places.
Resolution: Now, both the names with dots and the names with underscores are valid to references these environment variables.
677427 105314 Issue: Previously, when SecureTransport received an EBCDIC-encoded file over PeSIT, the resulting file was corrupted and manual transcoding to ASCII could not be performed.
Resolution: Now, SecureTransport has a new transfer mode, EBCDIC_NATIVE. When a file is received using EBCDIC_NATIVE transfer mode, the resulting file is constructed correctly and all types of manual transcoding are possible.

Issue: Previously, when SecureTransport sent an EBCDIC-encoded file over PeSIT that it did not receive over PeSIT, the number of records read and the number of records in the file were different.
Resolution: Now, such an EBCDIC-encoded file is read correctly and there are no differences in record structure.
677803 105542 Issue: Previously, when the RenameLockedFiles server configuration parameter was enabled and a file had been renamed immediately after upload, the File Tracking page reported that the file had been renamed successfully, but SecureTransport 5.2 did not rename the file.
Resolution: Now, the correct operation of RenameLockedFiles is restored.
678284 106071 Issue: Previously, when there were a lot of entries in the logging tables on SecureTransport Edge the rotate_db script failed to export them to files and hanged.
Resolution: Now, the rotate_db script does not hang and exports the logging tables on SecureTransport Edge successfully. The performance of exporting the logging tables is improved.

Issue: Previously, it was impossible to change the values of the parameters delete chunk size and sleep between chunks for the rotate_db script.
Resolution: Now, the rotate_db script can be tuned by changing the values of the DELETE_CHUNK_SIZE and SLEEP_BETWEEN_CHUNK_MILLIS parameters in it.
680647 109122 Issue: Previously, the Administration Tool took a long time to list the subscriptions for an account when there was a large number.
Resolution: Now, the Administration Tool lists the subscriptions on the Subscriptions page without the previous delay.
680665 107318 Issue: Previously, when the SecureTransport Server using the embedded MySQL database was configured to report to Axway Sentinel, some transfers were not marked as successful due to a database deadlock.
Resolution: Now, the SecureTransport Server prevents the database deadlock and all successful transfers are marked successful.
681297 107175 Issue: Previously, the SecureTransport FTP server had a cross-site scripting (XSS) vulnerability that permitted a script to be injected in a GET command that includes special characters over FTPS.
Resolution: Now, the FTP server filters the special characters to remove the XSS vulnerability.

Note: The update to the HTTP server in SecureTransport 5.2 included a fix for this problem.
681443 107178 Issue: Previously, a Log Entry Maintenance Application failed to execute when there were no entries in the log tables.
Resolution: Now, a Log Entry Maintenance Application executes properly in this case.
681591 107361 Issue: Previously, when running in Firefox 20.0 or later, the SecureTransport 5.2 did not remove the temporary files and directories in <FILEDRIVEHOME>/var/tmp after a manual synchronization of an active/active standard cluster.
Resolution: Now, these temporary files are removed when the manual cluster synchronization completes.
681593 107127 Issue: Previously, when an administrator changed a property of a business unit, SecureTransport did not update the property for existing users in the business unit.
Resolution: Now, SecureTransport applies changes to a business unit to existing users in the business unit. However, SecureTransport does not change home folders or business unit values that administrators are allowed to modify for individual accounts.
682202 111087 Issue: Previously, all servers in a SecureTransport 5.2.1 cluster sent heartbeats with the same CycleID to Axway Sentinel.
Resolution: Now, each server in a cluster uses a different CycleID.
682729 108048 Issue: Previously, in a cluster implementation, the schedule in a subscription to an application was lost when the subscription was opened and saved.
Resolution: Now, the schedule is not lost.

Note:Fixed in SecureTransport 5.2.1, but not listed in the Release Notes.
682438
684662
682438
109283
108483
Issue: Previously, the SecureTransport Server failed to reconnect to SecureTransport Edge when the network connection was lost and restored.
Resolution: Now, SecureTransport reconnects to SecureTransport Edge successfully.
683022
679868
107671
106620
Issue: Previously, for some Folder Monitor transfers, SecureTransport did not set the DXAGENT_APPLICATION_NAME environment variable.
Resolution: Now, SecureTransport sets the DXAGENT_APPLICATION_NAME environment variable correctly.

Issue: Previously, when a Folder Monitor processed a file from a subfolder, SecureTransport did not provide the full path to the file in an environment variable.
Resolution: Now, the new environment variable, DXAGENT_FULLSOURCE, contains the full path to the downloaded file including all subfolders.
683034 109135 Issue: Previously, when logged in to an active/active SecureTransport cluster through SecureTransport Edge, Web Access Plus failed to send some messages.
Resolution: Now, Web Access Plus sends messages successfully when used with this SecureTransport configuration.
683635 107955 Issue: Previously, SecureTransport 5.2 did not create session variables for additional mapped LDAP attributes.
Resolution: Now, SecureTransport creates session variables of the form STSESSION_<attribute name> for mapped attributes where <attribute name> is the name in the ST Attribute Name column on the LDAP Domain page of the Administration Tool.
683665
692182
695182
697014
111093 Issue: Previously, when SecureTransport 5.2.1 used the SOCKS proxy in a streaming configuration, some transfers failed when the connection to an Edge was lost. The server log displayed IndexOutOfBoundsException.
Resolution: Now, when the connection to an Edge is lost, the Edge is removed from the available proxy servers and the transfers use an available SOCKS proxy.
683828 108226 Issue: Previously, SecureTransport users who had a symbolic link in their home folder could not access their home folders.
Resolution: Now, these users can access their home folders and upload files.
683994 108348 Isuue: Previously, SecureTransport 5.2.1 displayed the IP address instead of the FQDN or host name on the HTTP login page for SecureTransport Legacy Client HTML template.
Resolution: Now, if the host name is configured, SecureTransport displays it on the login page.
684119 108084 Issue: Previously, the SecureTransport 5.2.1 uninstaller did not remove the folder /etc/fd and files /etc/init.d/rc.stransport and /etc/rc.d/rc.stransport.
Resolution: Now, the uninstaller removes all SecureTransport components completely.
684174 108328 Issue: Previously, the Administration Tool had three security vulnerabilities: a cross-site scripting (XSS) vulnerability in account export and import, a vulnerability because a client could read an application cookie, and a vulnerability because the login credentials could be stored in the client computer.
Resolution: Now, the Administration Tool no longer has these security vulnerabilities.
684597 108253 Issue: Previously, SecureTransport did not send a value to Axway Sentinel for the attribute GROUPNAME when the business unit of the account was defined in an account template.
Resolution: Now, SecureTransport always sends the business unit of an account to Axway Sentinel as the attribute GROUPNAME.
684972 108394 Issue: Previously, when a user belonged to a specific user class for which there was a passive mode address rule and there was a passive mode address rule for all user classes, SecureTransport used the all user classes passive mode address rule.
Resolution: Now, SecureTransport evaluates the passive mode address rules and uses the rule for the specified user class.
685701
691716
689952
691517
684757
691586
108820
111319
110100
110885
109259
110821
Issue: Previously, in a SecureTransport cluster, Web Access Plus sometimes failed to list files and perform ad hoc transfers when connected through an Edge server.
Resolution: Now, Web Access Plus works consistently when connected to a cluster through an Edge server.

Issue: Previously, after uploading several small files to SecureTransport in one session, the duration of the uploads increased by a very large factor and a warning in the server log reported, "Timing out - AsynchronousCompletionToken[...]."
Resolution: Now, the upload duration is similar for all files in the session and the warning messages are not displayed.

Issue: Previously, with streaming, LDAP authentication and the required account template, and repository encryption configured, SecureTransport did not send a received file to a configured transfer site as specified by a subscription to a Basic application.
Resolution: Now, SecureTransport performs the action configured in the application subscription.

Issue: Previously, the SecureTransport Server failed to reconnect to the SecureTransport Edge when the network connection was lost and restored.
Resolution: Now, SecureTransport reconnects to the SecureTransport Edge successfully.
685862 108837 Issue: Previously, after enabling the Monitor service on a SecureTransport Edge, the FTP server started reporting the message "Unable to get the socket address of the remote peer. Exception caught, closing session" repeatedly to the server log.
Resolution: Now, the FTP server does not report that message.
685879 108659 Issue: Previously, SecureTransport did not evaluate the ad hoc variables $PKG_DELIVERY_TO, $PKG_DELIVERY_CC, $PKG_DELIVERY_BODY, and $PKG_DELIVERY_ATTACHMENTS.
Resolution: Now, SecureTransport evaluates all ad hoc variables correctly.
686157 112902 Issue: Previously, during a login attempt to SecureTransport SSH server, when a user was required to change a password, SecureTransport did not limit the number of attempts.
Resolution: Now, SecureTransport closes the user connection when the number of attempts to change a password exceeds the maximum number of failed login attempts specified in the Miscellaneous Options pane in the Administration Tool. The maximum number of failed login attempts should have the same value on both SecureTransport Edge and SecureTransport Server.

Issue: Previously, when a user logging in to the SSH server was required to change an expired password, SecureTransport displayed the "Password Expired" message again after the user entered the new password. The user had to disconnect and connect again to log in successfully.
Resolution: Now, when a user is required to change a password and enters the new password correctly, the user is logged in.

Issue: Previously, the log entry that SecureTransport created for a login attempt to SecureTransport SSH daemon with a bad user name included the stack trace for com.tumbleweed.st.server.events.
AgentExitNoSuchUserException
.
Resolution: Now, SecureTransport does not include the stack trace for the exception in the log entry.
687130 109013 Issue: Previously, custom Sentinel event states added using the SecureTransport API, were not shown on the Axway Sentinel Events page in the Administration Tool and could not be sent to Sentinel.
Resolution: Now, SecureTransport adds new Sentinel event states correctly and includes them in the Available Event States list on Axway Sentinel Events page.
687375 110354 Issue: Previously, when the Encrypt File As field in a subscription included a file name expression, SecureTransport did not process the file.
Resolution: Now, SecureTransport processes the file as specified by the subscription.
687409 109763 Issue: Previously, communication between SecureTransport Servers in a cluster could block until cluster receive/send credits are replenished. This could cause some events to not be processed and file transfers not marked as completed in the File Tracking page.
Resolution: Now, the SecureTransport cluster has significantly increased credits which allow the flow control to successfully replenish credits before they drop to a point where cluster communication blocks.
687483 112197 Issue: Previously, the password reset link sent in a password reset email did not use the value in the Public URL Prefix field of the Network Zone entry page.
Resolution: Now, the password reset link properly uses the value of the Public URL Prefix field.
687689 108330
109204
Issue: Previously, when the client computer was running Java SE 7 update 21 or Java SE 7 update 25, several Java security warnings and Java console messages were displayed when the user started Web Access Plus.
Resolution: Now, the user sees only a window that asks "Do you want to run this application? Name: webClientApplet, Publisher: Axway." This confirmation is required because Web Access Plus requires the "all-permissions" security level which the user should grant explicitly.
688099 109446 Issue: Previously, when a symbolic link which a SecureTransport user could access referred to a file or directory outside of the user's home directory, the user could not access the linked file or directory.
Resolution: Now, the user can access such linked files and directories.
688102 110999 Issue: Previously, SecureTransport used the value of the Default Package Delivery Method field from the AdHoc Settings page of the Administration Tool when the Delivery Method field on the User Account page specified a non-default value.
Resolution: Now, SecureTransport only uses the value of the Default Package Delivery Method field when the value of the Delivery Method field is Default.
688456 109592 Issue: Previously, the SecureTransport 5.2.1 web services API used values other than the value of the Webservices.EntriesPerPage server configuration parameter to limit the number of items returned when a request did not include a limit parameter.
Resolution: Now, the default value for the limit parameter is the value of Webservices.EntriesPerPage and the web services API uses that value when returning accounts, business units, certificates, certificate requests, server logs, audit logs, transfer sites, subscriptions, and transfer profiles. When returning files though, the behavior is different:
  • if limit and/or offset are specified, they will be considered, but no restriction for max items per page will be applied to limit
  • if neither limit nor offset are specified, then offset will be set to 0 and limit will be set to 'unlimited' (i.e. all items)
Note: The HTTP server reads the value of Webservices.EntriesPerPage when it is changed. It is not necessary to restart the server.
688914 109689 Issue: Previously, SecureTransport did not display the specific "User : Session authentication failed" error message to the user when it is enabled and relevant.
Resolution: Now, SecureTransport displays the message as it did in previous releases.
689919
689920
694111
689530
109982
109983
110098
Issue: Previously, SecureTransport was subject to open redirect and certain reflected cross-site scripting (XSS) attacks.
Resolution: Now, SecureTransport uses Http.RedirectWhiteList server configuration parameter to protect against the open redirect attack and also protects against the reflected XSS attacks.
If SecureTransport receives an open redirect request that is not allowed by the whitelist, it returns an HTTP 403 Forbidden status code with the message, "Attempt to redirect to untrusted location".

Issue: Previously, Web Access Plus displayed only 100 items in a user's home folder.
Resolution: Now, Web Access Plus displays all the files and folders in a user's home folder.
690338 110591 Issue: Previously, when the login name of a user was the same as the email address of another user, the first user could not log in to SecureTransport 5.2.1 whether or not the Allow this account to login by email option was enabled for the second user.
Resolution: Now, when a user logs in with an email address, SecureTransport searches for an account with login name that matches the given email address or an account with login by email enabled and an email address that matches the given email.
691166 111681 Issue: Previously, SecureTransport sent text files using binary mode when the Transfer Mode field of an SSH transfer site was set to Auto detect.
Resolution: Now, SecureTransport sends a file using ASCII mode if the extension of the file is specified as a text type in the <FILEDRIVEHOME>/conf/mime.types file.
691328 111090 Issue: Previously, the Administration Tool did not display an error message in the Status Detail window when the user clicked the status icon or the file name of a failed transfer in the File Tracking window. The server log included the message, "Error status is true, but no error message defined."
Resolution: Now, The Status Detail window includes an error message for every failed transfer and the server log does not display the error message.
691611 110760 Issue: Previously, for SecureTransport 5.2.1, ServerTransferNotify agent ignored the subject invocation parameter.
Resolution: Now, the ServerTransferNotify agent uses the value of the subject parameter if it is specified. If it is not, the agent uses the value from the email template.
691886 110997 Issue: Previously, SecureTransport did not remove the <FILEDRIVEHOME>/var/run/httpd.pid file when the HTTP server stopped.
Resolution: Now, SecureTransport removes the file.
692033 112654
111126
Issue: Previously, Administration Tool customization methods were not applicable to the Account Template page.
Resolution: Now, the Account Template page can be customized with the same methods used for the User Account page customization.
692395 111088 Issue: Previously, the number of retries for temporary failed transfers reported in an email sent by the ServerTransferNotify rules package was always zero.
Resolution: Now, the email reports the correct value.
692655 112126 Issue: Previously, after a number of client-initiated transfers, the streaming connection between SecureTransport 5.2.1 Edge and Server failed. Occasionally, the server log displayed an Out of Memory error, all transfers stopped, and the users could not log in.
Resolution: Now, when the streaming connection fails, SecureTransport reconnects and client-initiated uploads and downloads continue to work.
693165 111431 Issue: Previously, delegated administrators could not access the Network Zones page of the Administration Tool.
Resolution: Now, delegated administrators can access that page.
693175 111326 Issue: Previously, SecureTransport could become unresponsive when LogEntryMaintApp was exporting many rows at once.
Resolution: Now, LogEntryMaintApp can process many rows without affecting SecureTransport responsiveness.
693198 111565 Issue: Previously, a SecureTransport Web Access Plus user could not download a directory by dragging it to a local drive of the client workstation.
Resolution: Now, the user can drag a directory to download it recursively using the Web Access Plus.
693509 112048 Issue: Previously, SecureTransport sent an incorrect value for PI_51 (Creation Date) during server-initiated PeSIT uploads and client-initiated PeSIT downloads.
Resolution: Now, SecureTransport sends the correct value for PI_51 equal to the start date of the transfer.

Issue: Previously, during server-initiated PeSIT uploads where SecureTransport is the sender and client-initiated PESIT downloads where SecureTransport is the server, the values of the Sentinel attributes CycleID and InternalCycleID generated by the SecureTransport were different from the values generated by the remote system.
Resolution: Now, the values of CycleID and InternalCycleID are the same for both systems.

Issue: Previously, SecureTransport could produce incorrect CycleID and InternalCycleID values due to a concurrency issue.
Resolution: Now, the concurrency issue is fixed so that the values are correct.
693999 112110 Issue: Previously, the Administration Tool File Tracking page did not display inbound server-initiated transfers to delegated administrators.
Resolution: Now, delegated administrators can see these transfers.
694071 111787 Issue: Previously, when Web Access Plus displayed a dialog box, the user could navigate to another page and the focus of the dialog box was lost.
Resolution: Now, only the keyboard shortcuts that are valid for the open dialog box are active, so no keyboard shortcut can cause the dialog box to lose focus.
694740 112406 Issue: Previously, the SecureTransport 5.2.1 Administration Tool had a cross-site scripting (XSS) vulnerability because it did not properly validate some URL parameters that include characters such as quotation mark ("), apostrophe ('), less than (<), greater than (>), and slash (/).
Resolution: Now, the Administration Tool correctly validates these URL parameters.
694773 111979 Issue: Previously, SecureTransport ignored Admin Access Control rules when the Address field was "*".
Resolution: Now, SecureTransport handles such rules correctly.
694890 112469 Issue: Previously, SecureTransport sent SNMP traps even if there were no failures or failed transfers.
Resolution: Now, SecureTransport sends SNMP traps only on failures and failed transfers.
695336 112679 Issue: Previously, SecureTransport sometimes entered into a deadlock condition while shutting down the Transaction Manager JVM in an attempt to recover a cluster member that appeared to be in a hung or unresponsive state for a given period of time.
Resolution: Now, SecureTransport does not enter into a deadlocked state and the unresponsive node is successfully recovered.
695545
696791
700378
112410
113960
114208
Issue: Previously, Folder Monitor transfer sites incorrectly processed files starting with .m_inproc and ignored the locking mechanism.
Resolution: Now, Folder Monitor transfer sites do not process neither these files, nor the locked files.

Issue: Previously, post-transmission actions (PTAs) processed the .m_inproc files together with the original files.
Resolution: Now, PTAs processes only the original files.
695547 112775 Issue: Previously, there was no keyboard shortcut to switch to the list view of the Manage Folders and Files page in the Light Web Access Plus.
Resolution: Now, the keyboard shortcut "g then r" displays the list view.

Issue: Previously, in the SecureTransport Web Access Plus keyboard shortcuts help there was no information about the shortcut to be used for accessing File and Folder properties.
Resolution: Now, the SecureTransport Web Access Plus keyboard shortcuts help is updated.

Issue: Previously, the word "Mailbox" was misspelled in the help for SecureTransport Web Access Plus keyboard shortcuts.
Resolution: Now, the spelling of the word is correct.

Issue: Previously, there was no keyboard method to access the Save Now button in the Web Access Plus Compose mail page.
Resolution: Now, you can use the Tab key to access this button.
695634 112525 Issue: Previously, when SecureTransport sent a file over SSH in an ASCII transfer mode the received text file contained an extra carriage return (CR or \r) character at end of each line.
Resolution: Now, SecureTransport correctly converts the end-of-line characters of text files transferred over SSH.
695770 112471 Issue: Previously, the SecureTransport AS2 server failed to decrypt AES256-encrypted data. The server log displayed the warning, "failed to decrypt message: iaik.security.smime.SMimeException: Unable to decrypt symmetric key."
Resolution: Now, the AS2 server decrypts the data successfully, and the warning does not appear in the server log.
695989 112470 Issue: When an administrator authenticated in a browser to execute a call on the SecureTransport web services API, the administrator can connect to the Administration Tool without entering credentials. Previously, if such an administrator logged out from the Administration Tool, that administrator could execute later calls to the web services API from the browser without entering credentials.
Resolution: Now, when the administrator logs out of the Administration Tool, the session is terminated correctly and, if the administrator executes a web services API call from the browser, the browser requests credentials.

Issue: When a user authenticates in a browser to execute a call on the SecureTransport web services API, the user can connect to a web client without entering credentials. Previously, if such a user logged out from the web client, that user could execute later calls to the web services API from the browser without entering credentials.
Resolution: Now, when the user logs out of the web client, the session is terminated correctly and, if the user executes a web services API call from the browser, the browser requests credentials.
696017 112472 Issue: Previously, SecureTransport Web Access Plus did not support proxies with authentication.
Resolution: Now, Web Access Plus works with proxies with basic or NTLM authentication.
Note: Web Access Plus displays a dialog asking for credentials to authenticate the user with the proxy.
697354 113158 Issue: Previously, when there was an authentication failure during a server-initiated upload (push), the value for the RETURNMESSAGE attribute in the tracked object event sent to Axway Sentinel was empty.
Resolution: Now, SecureTransport correctly populates the value of this attribute for both pushes and pulls.
698338 113201
113501
Issue: Previously, if the value of the Download Folder field of a Folder Monitor transfer site was UNC path name, the Folder Monitor did not process the files in the folder.
Resolution: Now, a Folder Monitor processes files when the download folder is specified using a UNC path name.
698935 113742 Issue: Previously, the SecureTransport 5.1 SP3 FTP server sent the same response for the LIST -1 command as the LIST command.
Resolution: Now, the FTP server sends a single-column list of files and subdirectories in response to the LIST -1 command. This behavior is consistent with SecureTransport 5.1 SP2.

Issue: Previously, the SecureTransport 5.1 SP2 FTP server sent reply code 550 in response to a request to list non-existing files.
Resolution: Now, the FTP server sends reply code 226 as required by RFC 959.
689917 110064 Issue: Previously, the SecureTransport web services API calls were not protected against cross-site request forgery (CSRF) attacks.
Resolution: Now, the web services API calls are protected by matching the referer HTTP header against a whitelist.

Known issue: When a user logs in using the full version of Web Access Plus (with the Java applet enabled), SecureTransport adds a warning message to the server log with the form, "Referer header value = /api/v1.0/myself doesn't pass white list check." This warning is normal, but in order to avoid it, add /api/v1.0/myself to the Webservices.Public.Referer.Whitelist server configuration parameter.

For example:
(^https?://(.*\.axway\.com|.*\.example\.net)|^/api/v1.[0-9]/myself)
700444 114318 Issue: Previously, Web Access Plus users could not upload, download, or delete files whose names contained number sign (#) or semicolon (;) characters.
Resolution: Now, Web Access Plus users can successfully upload, download, or delete such files.
700575 114552 Issue: Previously, when a call to the REST API created a subscription to a Shared Folder type application, SecureTransport did not delete the .m_inproc files and the transfer failed.
Resolution: Now, Shared Folder subscriptions created using the REST API are consistent with ones created using the Administration Tool and SecureTransport deletes the .m_inproc files when the transfer completes.

Note: SecureTransport does not require a REST API call to create a transfer configuration for a subscription to a Shared Folder type application. However, subscriptions to applications of all other types require a second REST call to create the transfer configuration.
701968 114882 Issue: Previously, on the Compose mail page in SecureTransport Web Access Plus user interface elements that appeared as buttons were not accessible to the visually impaired because they were actually links.
Resolution: Now, these user interface elements are accessible buttons. A documentation update includes instructions for the visually impaired on how to use the Attach File button.
703124 107308 Issue: Previously, when the Http.FdxAuthReply server configuration parameter was set to PREAUTH, Internet Explorer, Google Chrome, and Safari could not display the SecureTransport web client login page. Firefox displayed the page, but login using a correct user name and password failed.
Resolution: Now, when the Http.FdxAuthReply server configuration parameter is set to PREAUTH, all of the supported browsers display the SecureTransport web client login page and the user can log in.
6804377 107641 Issue: Previously, for SecureTransport 5.2, when the RenameLockedFiles server configuration parameter was enabled, users could not move uploaded files, but the File Tracking page reported that the file was moved successfully.
Resolution: Now, the correct operation of RenameLockedFiles is restored.
(none) 96899 Issue: Previously, a SecureTransport 5.2 LDAP user who did not use a user template was able to compose and reply to messages in Web Access Plus.
Resolution: Now, such users do not have access to this unauthorized functionality.
(none) 99780 Issue: Previously when the SecureTransport 4.9.2 SP2 HTTP server received an invalid request, it responded with an error message that contained information about the underlying system version or code base.
Resolution: Now, the HTTP server displays generic error messages that do not contain any detailed information about the underlying system.
(none) 105137 Issue: Previously, when running in Firefox 20.0 or later, the SecureTransport 5.2.1 Administration Tool did not display the progress messages during a manual synchronization of an active/active standard cluster.
Resolution: Now, the Administration Tool displays the progress messages in all supported versions of Firefox.
(none) 107232 Issue: Previously, when the FTPS was not enabled, SecureTransport 5.2.1 still required FTPS connections.
Resolution: Now, SecureTransport allows FTP connections without SSL when the FTPS is not enabled.
(none) 107591 Issue: Previously, it was impossible to bind SecureTransport admin service to a specific IP address.
Resolution: Now, it is possible to bind SecureTransport Admin Service to a specific IP address by editing the Admin.Host server configuration parameter.
(none) 107792 Issue: Previously, when performing a non-root installation or upgrade with the Axway Installer, the installer files and folders were owned by the root user.
Resolution: Now, SecureTransport installation and update creates all files and folders with the correct permissions.
(none) 109685 Issue: Previously, the SecureTransport 5.2.1 HTTP server failed during load tests and the server log displayed OutOfMemoryError.
Resolution: Now, session memory is freed correctly and the server does not fail during such a load test.
(none) 110485 Issue: Previously, a Web Access Plus user could not select multiple transfers in the transfer queue.
Resolution: Now, users can select multiple transfers in the transfer queue and perform certain operations on the selected items.
(none) 110493 Issue: Previously, when a Web Access Plus user tried to delete a file using the keyboard shortcuts, a confirmation dialog disabled any further interaction using the keyboard.
Resolution: Now, when deleting a file, the user can navigate to the confirmation dialog.
(none) 113370
113483
Issue: Previously, Web Access Plus did not work behind an IBM Tivoli Access Manager WebSEAL proxy.
Resolution: Now, Web Access Plus operates correctly behind an IBM Tivoli Access Manager WebSEAL proxy.
(none) 113476 Issue: Previously, if a Web Access Plus user (full version with the Java applet enabled) dragged a folder from the local tree in the My Computer pane or the remote tree in the SecureTransport pane on the left and dropped it into an empty area in a pane on the right, SecureTransport did not upload the folder.
Resolution: Now, SecureTransport uploads the folder.
(none) 113479 Issue: Previously, if a Web Access Plus user (full version with the Java applet enabled) dragged a folder from the local tree in the My Computer pane on the left and dropped it on a subfolder in a SecureTransport page on the right or dragged a folder from the remote tree in the SecureTransport pane on the left and dropped it on a subfolder in a My Computer page on the right, the folder was uploaded twice, once to the folder where the user dropped it and once to the parent folder of the folder where the user dropped it.
Resolution: Now, the folder is uploaded only once to the folder which the user dropped it on.
(none) 113497 Issue: Previously, if the server configuration parameter Stfs.Hash.HashOnUpload was true and a Web Access Plus user paused and resumed an upload twice, the upload restarted from the beginning and completed successfully.
Resolution: Now, when the server configuration parameter Stfs.Hash.HashOnUpload is true, the upload is always resumed.
(none) 113584 Issue: Previously, when a Web Access Plus user started a second upload to SecureTransport while an upload was running, Web Access Plus did not display the progress of the first upload and became unresponsive. The user could not pause the running upload. When the first upload completed, the second upload started and Web Access Plus displayed the upload progress and responded to inputs.
Resolution: Now, Web Access Plus processes a second upload and any subsequent uploads correctly and continues to respond. Web Access Plus displays the progress and the user can pause the running uploads.
(none) 113657 Issue: Previously, if a Web Access Plus user discarded a message while Web Access Plus was uploading the message's attachments, SecureTransport displayed a message in the File Tracking page stating that the message's attachments upload was not completed. If the user discarded a message again in the same session while Web Access Plus was uploading the message's attachments, SecureTransport displayed a "Failed to process item upload" message in the server log.
Resolution: Now, when a user discards a message while Web Access Plus is uploading the message's attachments, SecureTransport discards the message without errors.
(none) 114052 Issue: Previously, in an active/passive standard cluster, if the primary node went down and a user connected to a protocol server on the new primary (previously secondary) node, when the original primary node becomes active, the protocol server with the active session on the now-secondary node continued to accept new connections and SecureTransport continued to report that node as primary. The server log reported "There is at least one active session ... Will not disconnect it just now." The secondary node did not kill active sessions when primary became active. It waited until these sessions ended before becoming passive.
Resolution: Now, SecureTransport kills all active sessions and becomes passive in such scenario.
(none) 115647 Issue: Previously, when a Web Access Plus user tried to download a file with special characters in the file name, the result was a page containing the results from the REST API in XML format.
Resolution: Now, downloading files with special characters in the file name works as designed.
SecureTransport 5.2.1 SP3
672402 103231 Issue: Previously, authentication could fail because SecureTransport did not trim space characters from the end the values of the UID and Group ID fields on the Account Templates page.
Resolution: Now, those authentications succeed because SecureTransport trims those values.
674462 103882 Issue: Previously, SecureTransport ignored the custom expression field in user classes during ad hoc file transfers and selected the wrong account template for the receiver.
Resolution: Now, SecureTransport evaluates the user classes custom expressions correctly and uses the correct account template.
677028 105011 Issue: Previously, an administrator could not determine which Administration Tool made a configuration change.
Resolution: Now, each entry on the Audit Log page includes the IP address the Administration Tool that made the configuration change and the exported audit log CSV file includes a row with the user agent string of the client that made each change.
687781 109795 Issue: Previously, when a Web Access Plus user tried to open or download an attachment from a message and the user did not have permission for the operation, the message on Administration Tool Server Log page did not give the reason that the action failed and Web Access Plus did not display a message.
Resolution: Now, the message on the Server Log page includes the reason and Web Access Plus displays an informative message.
678393 105825 Issue: Previously, if the recipient email for an ad hoc package matched two or more user classes, SecureTransport did not deliver the package successfully.
Resolution: Now, if the recipient email matches two or more user classes, SecureTransport selects the first user class that has "*" as the value of From Address (if there is a such class) and delivers the package successfully.
679050 106295 Issue: Previously, the SecureTransport REST API did not include an interface to report cluster status.
Resolution: Now, the SecureTransport API reports cluster status.
For more information, refer to the description of the ClusterNodesResource in the online REST resources documentation.
682979 107715 Issue: Previously, the SecureTransport 5.2.1 SP1 and SP2 readme files did not include a documentation update for the Package Manager System Username that SP1 added to the Administration Tool AdHoc Settings page.
Resolution: Now, this readme file includes the documentation update.
685925 108736 Issue: Previously, SecureTransport provided a single server configuration parameter to specify SSL cipher suites used for server-initiated transfers over both AS2 and HTTPS.
Resolution: Now, you can use the following server configuration parameters to specify SSL cipher suites for each protocol: As2.SIT.Ciphers, As2.SIT.EnabledProtocols, Https.SIT.Ciphers, and Https.SIT.EnabledProtocols. Also, you can use similar server configuration parameters for FTPS server-initiated transfers: Ftps.SIT.Ciphers and Ftps.SIT.EnabledProtocols.
686778 108867 Issue:Previously, SecureTransport did not report the time of the last successful cluster synchronization.
Resolution:Now, the Administration Tool Cluster Management page includes this information. Programs can use the REST API to get this and other information about the cluster.
For more API information, refer to the description of the ClusterNodesResource in the online REST resources documentation.
686783 108872 Issue: Previously, when an administrator resized the browser window while editing an entry on any page in the Access tab of the Administration Tool, SecureTransport displayed the fields overlapped and scrambled.
Resolution: Now, all fields on these pages resize when an administrator resizes the browser window so that they do not overlap.
688198 109774 Issue: Previously, SecureTransport limited the value of base directory in Change Home to fields on the Account Template, Service Account, and User Account pages to 80 characters.
Resolution: Now, the base directory path can be 255 characters long.
688200 109713 Issue: Previously, SecureTransport sent files with incorrect name and displayed incorrect file names in the File Tracking page for server-initiated transfers if the file name contained certain UTF-8 characters.
Resolution: Now, SecureTransport uses and displays correct file names.
688973 111162 Issue: Previously, when Secure Client paused and resumed an SFTP file transfer, SecureTransport reported incorrect information about size and status of the files on the Administration Tool File Tracking page.
Resolution: Now, SecureTransport reports the correct file size and status except when Secure Client pauses an upload and the uploaded chunk is marked as successful on the File Tracking page page because of protocol restrictions and when Secure Client resumes and upload from the beginning.
689445 109802 Issue: Previously, when a Web Access Plus user tried to compose a mail message but did not have permission, the message on Administration Tool Server Log page did not indicate that the action was not permitted.
Resolution: Now, the error message states: "Unable to commit package because permission denied."
692609 111194 Issue: Previously, SecureTransport returned an incorrect code over SCP when the file requested for download did not exist.
Resolution: Now, SecureTransport returns the correct code.
692821 115457 Issue: Previously, when there were very many expired packages to purge, a Package Retention Maintenance application could fail.
Resolution: Now, a Package Retention Maintenance application executes successfully in those cases.
693023 114374 Issue: Previously, in a non-root SecureTransport installation, a virtual user could not access a subdirectory of its home folder when the subdirectory was assigned to a secondary group of the non-root user running SecureTransport.
Resolution: Now, virtual users can access such subdirectories.
693321 111417 Issue: Previously, a Log Entry Maintenance application did not delete old exported log entry files even though a Transfer Log Maintenance application provided this functionality.
Resolution: Now, a Log Entry Maintenance application deletes old files.
693513 111555 Issue: Previously, with the SecureTransport Server on Windows, if the Delivery Method was Account With Enrollment and the value of the Real User field was not a Windows user or a Windows user that did not have an entry in the SecureTransport password vault, the Transaction Manager logged an error and wrote a core dump repeatedly.
Resolution: Now, SecureTransport detects and reports this configuration error.
695547 112775 Issue: Previously, in Web Access Plus, there was no keyboard method to open the list view.
Resolution: Now, the "g then r" keyboard shortcut opens the list view.

Issue: Previously, the Web Access Plus keyword shortcuts help contained a misspelling and an error.
Resolution: Now, those errors are corrected.

Issue: Previously, in Web Access Plus, there was no keyboard method to select Save Now in the Compose Mail pane.
Resolution: Now, the Save Now button is in the tab order.
695897 114083 Issue: Previously, the SecureTransport 5.1 SP3 FTP server required approximately twice the time to upload a file to a basic application when an account belonged to a business unit.
Resolution: Now, the FTP server upload time is not increased when the account belongs to a business unit.
696264 112935 Issue: Previously, the Administration Tool Transfer Log displayed smime.p7m instead of the actual name of a file received using encrypted AS2. The Status Details window displayed the actual filename.
Resolution: Now, the Transfer Log page displays the correct filename.
696697 114770 Issue: Previously, a SecureTransport user logged in to Web Access Plus with the applet running on JRE 1.6.0_xx could not transfer a file because the SSL handshake between the client and the server failed.
Resolution: Now, the handshake and the file transfer succeed.
697896
699882
704287
114184 Issue: Previously, if DNS was not available on the SecureTransport Server, there was no way to resolve a host name or FQDN in a transfer site route the transfer through the proxy server on the SecureTransport Edge.
Resolution: Now, the Administration Tool Network Zone entry page includes an option to resolve the host name or FQDN using the DNS on the SecureTransport Edge.
698930 114479 Issue: Previously, the age had to be expressed in months when an audit log entry was deleted by an Audit Log Maintenance application.
Resolution: Now, the values of the Delete audit log entries when field in Audit Log Maintenance Application Application Details page can be in months or days.
699280 115296 Issue: Previously, the SecureTransport REST API returned an incorrect transfer mode ( transferMode) value for binary transfers.
Resolution: Now, the API reports the correct value.
700058 115326 Issue: Previously, when a Web Access Plus user on Internet Explorer 9 double-clicked a file to download it, a new window opened with the message, "The web page could not be found."
Resolution: Now, double-click works to download a file using Web Access Plus in Internet Explorer 9.
700196 114120 Issue: Previously, the Monitor server on SecureTransport Edge caused Authentication failed messages on the Server Log page when the proxy server was running.
Resolution: Now, these messages are only logged at the DEBUG level.
700415 114489 Issue: Previously, when a file upload using a web client failed because of directory upload restrictions, SecureTransport did not return a correct response.
Resolution: Now, when a user attempts to upload a file into a directory with upload restrictions, SecureTransport responds that access is denied.
For Web Access Plus, Internet Explorer 9 displays "Upload error. Error 403 Forbidden HTTP ERROR 403 Problem accessing /api/v1.0/files/restricted_folder/. Reason: Forbidden" and Internet Explorer 8 does not show a message, but prevents the user from uploading file.
The other HTML templates display "You don't have permission to access /restricted_folde/ file_name on this server" in all browsers.
700586 114307 Issue: Previously, an administrator could configure multiple default network zones although only one was valid.
Resolution: Now, the Administration Tool permits only one default network zone.
700591 114308 Issue: Previously, SecureTransport did not correctly validate FQDNs and host names added to the list on the Allowed ST servers page of the SecureTransport Edge Administration Tool. As a result, an error was returned and the administrator was not able to save the page.
Resolution: Now, and administrator can enter and save accurate FQDNs and host names on this page.
701392 117965 Issue: Previously, in an active/active standard cluster, SecureTransport sometimes failed to remove the event for a server-initiated pull from the event table on the secondary node and reported that the subscription was in progress when the pull was scheduled to run again. The cause was database transaction deadlocks.
Resolution: Now, the event is removed and the transfers occur as scheduled.
701425 115048 Issue: Previously, when users reset their password through Web Access Plus, SecureTransport sent emails with the new passwords that contained a reference to the URL http://$password_reset_url/ instead of the address of the SecureTransport server.
Resolution: Now, SecureTransport sends reset password emails with the correct address.
701642 115780 Issue: Previously, the SecureTransport FTP server did not apply file system restrictions and download restrictions correctly and consistently with the SSH server.
Resolution: Now, the SecureTransport FTP server applies file system restrictions and download restrictions correctly and consistently with the SSH server.
701797 114879 Issue: Previously, when an invalid user name was used in an attempt to log in to the Administration Tool, SecureTransport displayed the Login page again with no error message.
Resolution: Now, when the user name or password is wrong, the Administration Tool displays the Login page with the message, "[!] Invalid username or password."
702184 116162 Issue: Previously, for SecureTransport 5.1 SP3 with Patch 1 applied, if an FTP(S) transfer site was configured with the Transfer Mode field set to Auto detect, SecureTransport used binary mode to transfer a text file for a server-initiated upload (push) and the end-of-line character sequences in the destination file were wrong.
Resolution: Now, SecureTransport uses the correct mode in accordance with the settings in <FILEDRIVEHOME>/conf/mime.types configuration file when Transfer Mode field is set to Auto detect.
702782 116466 Issue: Previously, during a manual synchronization of an active/active standard cluster, SecureTransport duplicated in progress transfers, and the original transfers either failed or did not complete.
Resolution: Now, manual synchronization updates the secondary nodes in the cluster with any configuration changes and SecureTransport does not duplicate transfers.
703215 115688 Issue: Previously, when a user authenticated using SiteMinder while attempting to access a link to a file located in a subdirectory on SecureTransport, SecureTransport directed the user to the user account's home folder instead of the subdirectory where the file was located.
Resolution: Now, SecureTransport directs the user properly.
703577 116189 Issue: Previously, when an incoming transfer was routed within a SecureTransport server using a Folder Monitor transfer site, SecureTransport reported the two transfers to Axway Sentinel using different cycle IDs.
Resolution: Now, SecureTransport links the transfers and uses the same cycle ID.
703602
693023
115538
114374
Issue: Previously, in a non-root SecureTransport installation, a virtual user could not access a subdirectory of the user's home folder when the subdirectory was assigned to a secondary group of the non-root user running SecureTransport.
Resolution: Now, virtual users can access such subdirectories.
703979 115611 Issue: Previously, after changing Encrypt Mode for a SecureTransport account from Enabled to Unspecified, the new setting did not work properly when overwriting a file. The file was encrypted and its content could not be read.
Resolution: Now, SecureTransport applies the Encrypt Mode setting correctly and overwrites the encrypted file with the unencrypted file.
705102 117505 Issue: Previously, when the SecureTransport server configuration parameter SSL.RandomAccessDownloads.enable was set to true and an SFTP client attempted to download a file, the transfer did not complete. SecureTransport reported "Unexpected error while closing the input stream" and closed the connection on timeout. The transfer status might remain in progress on the File Tracking page.
Resolution: Now, such transfers finish successfully.
705811 M116223 Issue: Previously, after successful authentication, a SecureTransport user could use the REST API to read and modify an ad hoc message that were not sent to or sent by that user.
Resolution: Now, SecureTransport users can only access messages sent to or sent by them using the REST API.
705966 116416 Issue: Previously, Web Access Plus displayed the Compose Mail button for a user account with Delivery Method set to Disabled.
Resolution: Now, Web Access Plus does not display the button for such accounts.
706011 117476 Issue: Previously, the SecureTransport REST API returned an incorrect transfer details URL in response to a requested for log entry information by transfer ID.
Resolution: Now, the returned log entry metadata contains a valid URL.
706113 116896 Issue: Previously, when the Network Zone field of a transfer site is set to any or Default, server-initiated outbound transfers (pushes) to the transfer site through a SecureTransport Edge server sometimes failed.
Resolution: Now, those transfers succeed for such transfer sites.
707706 117125 Issue: Previously, the Administration Tool did not permit correction of an invalid value in the Warning Threshold (Percent of File Size) on the Axway Sentinel Events page.
Resolution: Now, the Administration Tool displays an error message when the value is not valid and you can correct the value.
708825 118179 Issue: Previously, SecureTransport displayed some characters of the Japanese version of the Legacy Web Client as "?????".
Resolution: Now, SecureTransport displays the Japanese characters correctly with UTF-8 encoding.

Issue: Previously, when using the Japanese version of the Legacy Web Client, SecureTransport displayed some messages in English.
Resolution: Now, SecureTransport displays these messages in Japanese.

Issue: Previously, when using the Japanese version of the SecureTransport Legacy Web Client, the Set Ascii, Set Binary, and Change password buttons did not function properly. A blank page was displayed.
Resolution: Now, these buttons produce the correct action.

Issue: Previously, when using the Japanese version of the SecureTransport Legacy Web Client, the Logout button from the File Properties and Change Password pages did not function properly. SecureTransport displayed an error message, "Not-valid CSRF prevention token."
Resolution: Now, these Logout buttons work correctly without error messages.

Issue: Previously, SecureTransport did not include a newly created HTML template in the drop-down list for the HTML Template field in the Miscellaneous Options pane.
Resolution: Now, a new HTML template can be default for all users.

Issue: Previously, SecureTransport always displayed English versions of all HTML templates in the drop-down list for the HTML Template field in the Miscellaneous Options pane.
Resolution: Now, SecureTransport uses the current locale to select the HTML templates to include in the list.
708879 117648 Issue: Previously, when an administrator tried to verify MDN receipt of a file stored by a repository encrypted user, the Administration Tool always reported "Failed".
Resolution: Now, the administrator receives the correct status of the verification.
709071 117900 Issue: Previously, when using a Basic application with a Folder Monitor transfer site to retrieve a file, SecureTransport did not send the cycle link ( CycleLink) to Axway Sentinel.
Resolution: Now, SecureTransport sends the cycle link to Sentinel.
709855 118025 Issue: Previously, when a user who was subscribed to an application logged in over HTTP(S) using certificate authentication, SecureTransport did not create the specified subscription folder.
Resolution: Now, SecureTransport creates the subscription folder when a user logs in using certificate authentication.
710050 118297 Issue: Previously, manual synchronization of cluster nodes failed when the client certificate authentication was mandatory for the administrator.
Resolution: Now, manual synchronization succeeds. The cluster node authenticates against the other secondary nodes using the value of the Cluster.DynamicSync.keyAlias server configuration parameter as the private key alias.
710698 118356 Issue: Previously, the Monitor server did not monitor the SSH protocol correctly if the value of the Ssh.Host server configuration parameter was not blank or localhost.
Resolution: Now, the Monitor server works correctly in this case.
710797 118533 Issue: Previously, SecureTransport did not set the values of the DXAGENT_USERCOOKIE, DXAGENT_AUTHCOOKIE, and DXAGENT_CERTCOOKIE environment variables correctly.
Resolution: Now, SecureTransport sets the correct values of those environment variables.
714180 118984 Issue: Previously, after many login operations, log messages could indicate communication delays between the nodes in a SecureTransport large enterprise cluster and nodes could be removed from the cluster.
Resolution: Now, login operations require fewer cache and cluster node interactions when SecureTransport is searching for an account by login name, verifying a login certificate, updating the login data for the last login attempt, or retrieving a CA from the Trusted Certificates keystore. As a result, the communication delays do not occur.
714598 119922 Issue: Previously, on AIX the user could not start the Transaction Manager from the console because the start_tm_console script failed.
Resolution: Now, the script runs because it checks the operating system and set the correct locale identifier for AIX.
714650 120336 Issue: Previously, when two or more SSH transfer sites referenced the same local certificate in the SSH Key field, any attempt to add a new node to a network zone or to edit an existing one failed with a web service request error.
Resolution: Now, the web service request and the updates succeed.
714884 119967 Issue: Previously, it was necessary to log on with root or administrator access to install SecureTransport to be run by a non-root user.
Resolution: Now, the non-root user installs SecureTransport and the installer no longer asks about non-root installation.
715127 121369 Issue: Previously, if there were two SecureTransport users with email addresses that were the same except one included an underscore (_) and the other included a dot (.) or other symbol in the same location, SecureTransport sent a ad hoc email to both users when the email was sent to the one whose address included the underscore.
Resolution: Now, the SecureTransport sends the email message only to the correct address.
715242 120145 Issue: Previously, the execution of a SecureTransport monitor scripts could start before the previous execution of the same script finished. Also, the scripts wrote their output to the /tmp directory and never cleaned up the files.
Resolution: Now, a script execution starts only if the previous execution has finished. The scripts write their output files to the <FILEDRIVEHOME>/var/logs directory and server log rotation moves them to the <FILEDRIVEHOME>/var/db/hist/logs directory.
715268 120054 Issue: Previously, installation of SecureTransport created a world-writable /etc/fd directory that contained environment scripts.
Resolution: Now, the installation does not create this directory and environment scripts are located in the <FILEDRIVEHOME> directory. The new environment scripts are profile.sh InstallationName and profile.csh InstallationName .
717583 120983 Issue: Previously, the Transaction Manager could terminate with an OutOfMemory error because the connection object used for Transaction Manager heartbeats to the database failed to release a few bytes of memory at a regular interval.
Resolution: Now, the OutOfMemory error does not occur because the memory usage for this connection object is corrected.

Issue: Previously, when SecureTransport pulled many files using FTPS from an FTP server that does not respond with close_notify alert on terminating the connection, events were left in the event queue and the Event database table grew.
Resolution: Now, SecureTransport logs warnings for FTPS connection timeouts such as these due to a faulty partner server, and EventQueue thread pool scalability is improved.
718968 121318 Issue: Previously, SecureTransport ignored the value of the OutboundConnections.maxConnectionsPerHost server configuration parameter and allowed more simultaneous connections to the same host than specified.
Resolution: Now, SecureTransport uses the value and limits simultaneous connections as specified.
721271 122220 Issue: Previously, the SecureTransport Administration Tool failed to open an Extended Router subscription that defined Subscription Routing Rules to a transfer site and logged an Unexpected Error.
Resolution: Now, SecureTransport displays such a page without the error.
(none) (none) Issue: Previously, Web Access Plus did not indicate when the user's session had expired.
Resolution: Now, when the user takes no action for the time specified in the Session Timeout (seconds) filed under Miscellaneous Options, Web Access Plus displays a Session Timeout page.
SecureTranport 5.2.1 SP4
692365
718493
111427
121971
Issue: Previously, SecureTransport did not link in Sentinel the upload notification for an ad hoc attachments to the notification for the related ad hoc SEND.
Resolution: Now, SecureTransport reports the attachment to Sentinel as linked to the ad hoc message.

Issue: Previously, the Transaction Manager stopped sending events to Sentinel when a file had a special character in its file name.
Resolution: Now, the Transaction Manager continues to send events to Sentinel in this case.
693171 111642 Issue: Previously, in an active/passive standard cluster with passive_legacy cluster mode, after a user-initiated password change, SecureTransport did not synchronize the password to the secondary server. If the secondary Server was promoted to primary, the user could not login using the new password.
Resolution: Now, Secure Transport dynamically synchronizes the password.

Issue: Previously, in an active/passive standard cluster with passive_legacy cluster mode, after a login failure for an account, SecureTransport did not synchronize changes in the database to the secondary server and in the Administration Tool on the secondary server, the value of Failed Logins field for that account was incorrect.
Resolution: Now, after a login failure, the database on the secondary server is updated and the value of the field is correct.
703733
703733-1
125122
125123
Issue: Previously, transfers were occasionally failing with error message "Database error when fetching SentinelLinkDataBean".
Resolution: Now, transfers do not fail and duplicate entries are no longer added to the SentinelLinkData database table.
704680
734400
116171 Issue: Previously, when users were configured with AdhocDefault.xhtml as their default notification mail template, and sent an email to Outlook Web Access or Lotus, the body of the received email had all new lines and paragraphs omitted.
Resolution: Now, when users send an email to Outlook Web Access or Lotus using AdhocDefault.xhtml as the default notification mail template, the formatting of the received email is correct.
712462
730181-8
120531
125872
Issue: Previously, the SecureTransport SSH server allowed the following message authentication code (MAC) algorithms: hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96, hmac-sha256 and hmac-sha256@ssh.com. In FIPS transfer mode, the SSH server allowed hmac-sha1 and hmac-sha1-96. There was no way to change the allowed algorithms.
Resolution: Now, the Ssh.AllowedMacs server configuration parameter specifies the allowed MAC algorithms. List the allowed algorithms in Ssh.AllowedMacs in order of preference separated by commas. Always include hmac-sha1. If no algorithms are listed, the SSH Server uses hmac-sha1. Restart the SSH service after you change the value of Ssh.AllowedMacs.
715507
715100
120201
120522
Issue: Previously, if the path name of the account's home folder was a symbolic link, when that account was deleted, SecureTransport did not delete the symbolic link.
Resolution: Now, SecureTransport deletes the symbolic link in this case, but does not delete the linked directory.

Issue: Previously, when changing a Folder Monitor transfer site in an application subscription to other type of transfer site, SecureTransport presented the wrong type of scheduler.
Resolution: Now, SecureTransport presents the correct type of scheduler.
716499 120821 Issue: Previously, when an expired or not yet valid encryption or signing certificate was used for an AS2 transfer, SecureTransport did not indicate that the certificate was not valid.
Resolution: Now, if such a certificate is used for encryption, decryption, or signing with the AS2 protocol, SecureTransport logs a warning message in the server log that indicates which subscription has an invalid certificate and which certificate is invalid. If an invalid certificate is used for MDN verification, the verification fails and SecureTransport marks the transfer as failed in the transfer log and logs an error message in the server log that describes the problem.
717022 125112 Issue: Previously, SecureTransport performance was significantly reduced when a Transfer Log Maintenance application processed a very large amount of data.
Resolution: Now, Transfer Log Maintenance performance is improved and SecureTransport performance is not affected significantly in such cases.
717405 122385 Issue: Previously, the output from the HTML Custom List Agent was not correct when it included a blank line.
Resolution: Now, the agent produces the correct output in this case.
718404 127483 Issue: Previously, SecureTransport did not support TLS 1.1 and TLS 1.2 for inbound client connections over HTTPS when FIPS mode was enabled.
Resolution: Now, SecureTransport supports TLS 1.1 and TLS 1.2 for all inbound client connections when FIPS is enabled.
721095 122190 Issue: Previously, when a user logged in to Web Access Plus on a SecureTransport Edge running on Windows connected to a SecureTransport Server running on a UNIX-based operating system, the user could not download email attachments.
Resolution: Now, a user can download attachments in this case.
721109
721963
727837
124197
124321
125111
Issue: Previously, the SecureTransport AS2 server permitted client certificate authentication and sent the full CA bundle over the HTTPS connection. Some clients rejected the connection.
Resolution: Now, the AS2 server does not permit client certificate authentication and those clients connect successfully.

Issue: Previously, a resubmitted unsuccessful outbound AS2 transfer failed because SecureTransport tried to access the file at the wrong location.
Resolution: Now, such a transfer succeed.

Issue: Previously, sending a large file over AS2 with encryption enabled could result in an out-of-memory error in the Transaction Manager.
Resolution: Now, such a transfer succeeds with no unnecessary memory allocations.
721263
717897
123576
121879
Issue: Previously, large file transfers from Secure Client sometimes did not complete successfully because SecureTransport enforced a timeout and terminated the session.
Resolution: Now, SecureTransport does not terminate such a session while a transfer is in progress.

Issue: Previously, a server-initiated transfer over HTTPS from another SecureTransport Server failed with an "Access Denied" error when the upload folder had a download restriction.
Resolution: Now, SecureTransport accepts uploads when the download of the same files is not allowed.
721330 122356 Issue: Previously, SecureTransport Server did not initialize the DXAGENT_EDGEID environment variable to the value of the EdgeId SecureTransport Edge server configuration parameter for the HTTP protocol.
Resolution: Now, SecureTransport Edge sends the value of EdgeId to SecureTransport Server which sets DXAGENT_EDGEID correctly.
721798
721798-1
723169
725630
122742
122763
123236
124312
Issue: Previously, when an account with repository encryption enabled uploaded a file to SecureTransport that overwrote an existing file, SecureTransport did not treat the file correctly. Due to the error, SecureTransport ignored the value of the Stfs.Hash.HashOnUpload server configuration option and the client program could time out.
Resolution: Now, SecureTransport treats the uploaded files correctly and the client program does not time out.

Issue: Previously, SecureTransport did not provide utility for decrypting repository encrypted files.
Resolution: Now, you can use <FILEDRIVEHOME>/bin/repconv --decrypt to decrypt files and folders. See the command usage output for the applicable options.
722260 122642 Issue: Previously, PGP decryption failed when SecureTransport used a PGP RSA-2048 key generated by the McAfee E-Business Server v8.6.0 PGP generation tool.
Resolution: Now, PGP decryption completes successfully with such a key.
723026 125000 Issue: Previously, the SecureTransport Administration Tool took a long time to display the list of subscriptions for an account when the account was subscribed to applications that were assigned to large number of business units.
Resolution: Now, the Administration Tool lists such subscriptions much more quickly.
723126 124342 Issue: Previously, SecureTransport was intermittently sending separate email messages with a duplicate message id in the MIME headers.
Resolution: Now, each message has a unique id in the MIME header. This is resolved by upgrading to the latest JavaMail API version - 1.5.2 where this issue is fixed.
723621 125361 Issue: Previously, the SOCKS5 proxy on SecureTransport Edge selected its source IP address based on the operating system's routing table.
Resolution: Now, you can use the OutboundConnections.Proxy.clientHost server configuration parameter to configure the source IP addresses that the SOCKS5 proxy uses. By default, the value of the parameter is empty and the proxy behavior is unchanged. To specify the source IP address of the proxy, set the parameter value to the required IPv4 address.
724032 123585 Issue: Previously, the SecureTransport SSH server did not correctly handle an SSH_MSG_CHANNEL_EOF message received from a client during client-initiated transfers. The server treated such transfers as successful and SecureTransport executed the post-transmission actions.
Resolution: Now, the SSH server marks these transfers as failed and SecureTransport does not execute the post-transmission actions.
724654 125553 Issue: Previously, when a real user logged in using Web Access Plus, the SecureTransport pane displayed the operating system root folder (/) instead of the user's home folder.
Resolution: Now, the SecureTransport pane displays the user's home folder.
724654-1 127519 Issue: Previously, when real users logged in using Web Access Plus, they landed in their home directory, but were unable to navigate back and forth.
Resolution: Now, real users are able to navigate outside and inside their home folder when using Web Access Plus.
724846 123909 Issue: Previously, when listing a large number of files, SecureTransport took a long time or timed out.
Resolution: Now, listing a large number of files takes less time and SecureTransport does not time out that often.
725080
730874
123785
126161
Issue: Previously, the HTTP server could add many "EndPoint making no progress" messages to the server log in response to repeated invalid requests from a client. This could fill the database.
Resolution: Now, the HTTP server does not loop in this case.
725091 123853 Issue: Previously, the tracking information for client-initiated transfers over HTTP in <FILEDRIVEHOME>/var/log/xferlog did not contain the file name when the transfer was performed from web browser.
Resolution: Now, SecureTransports records complete tracking information for those transfers in <FILEDRIVEHOME>/var/log/xferlog.
725794
731384
125715
126436
Issue: Previously, during the transfer of a large file, a race condition for an internal buffer could lock up threads, resulting in streaming warnings and an unstable number of connections between the Transaction Manager and the protocol servers.
Resolution: Now, the Transaction Manager sends just enough data to the protocol servers to avoid disturbances in the communication between the services.
726035 128085 Issue: Previously, when receiving encrypted files over AS2 with ${stenv.rawsource} set in the "Receive Options" in an AS2 transfer site and sending them to other transfer site, SecureTransport did not send the cycle link ( CycleLink) to Axway Sentinel.
Resolution: Now, SecureTransport sends the cycle link to Sentinel.
726779 124446 Issue: Previously, when an administrator tried to edit a business unit after several custom properties had been added to it, the server log reported errors and the operation could not be completed.
Resolution: Now, the edit of the business unit succeeds without errors.
728899 125349 Issue: Previously, help pages in Administration Tool contained a few irrelevant "review questions" paragraphs.
Resolution: Now, those paragraphs are removed.
729214 125774 Issue: Previously, in an active-active standard cluster with an application that is triggered on every minute (or other small interval of time), if the user performed manual synchronization, the application would stop working after the synchronization finished.
Resolution: Now, after the manual synchronization the application continues to work properly.
729234 125489 Issue: Previously, a delegated administrator could create a Shared Folder type application with the shared folder anywhere in the file system.
Resolution: Now you can use the SharedFoldersInsideBusinessUnitFolder server configuration parameter to force the shared folder path to be under the base folder of one of the business units assigned to the delegated administrator.

Issue: Previously, any delegated administrator could create or edit Shared Folder type applications.
Resolution: Now, only delegated administrators with the Manage Shared Folders privilege can perform these actions.
729622
727294
126566
128127
Issue: Previously, when a user tried to access a non-existent ad hoc package or a package sent to another user, SecureTransport displayed NullPointerException in the browser.
Resolution: Now, SecureTransport returns an appropriate response.
730181-2
730945-1
125866
128745
Issue: Previously, SecureTransport Administration Tool was subject to a persistent and reflected cross-site scripting (XSS) attack. The persistent XSS could happen when a new application with malicious name was created and the application then accessed the Audit Log page. The reflected XSS could also happen when a REST API resource with a malicious query parameter accessed the Audit Log page.
Resolution: Now, Administration Tool is protected against these vulnerabilities.
730181-4 125868 Issue: Previously, SecureTransport Web Access Plus was subject to a persistent cross-site scripting (XSS) attack, more specifically when a new folder with Manage Folders option in the Compose Mail function selected was created.
Resolution: Now, Web Access Plus is protected against this vulnerability.
730379 125694 Issue: Previously, an SFTP server-initiated transfer (pull) with a delete on success post-transmission action from a remote subdirectory failed with a sub-transmission error when the remote user's home directory had restriction on stat command execution.
Resolution: Now, such a transfer succeeds.
730768 126100 Issue: Previously, SecureTransport Administration Tool allowed passing potentially dangerous parameters such as Class.ClassLoader and class['classLoader'] to the pages that use Apache Struts. This could result in exploits as described in the security vulnerability CVE-2014-0114.
Resolution: Now, such parameters are filtered and a ClassLoader manipulation is not possible.
730959 126442 SecureTransport provides a new command line tool to delete specific administrator accounts. The tool is called rmadmin and it is located in <FILEDRIVEHOME>/bin directory.
Usage: rmadmin [OPTION]... ADMIN...
Removes administrators.
-f, never prompt
-r, remove administrators and their descendents recursively
To remove an administrator, whose name starts with a '-', for example '-foo', use :
rmadmin -- -foo
731110
712574
126288
122298
Issue: Previously, a Folder Monitor transfer site did not process files when the name of the subscription folder contained special characters. SecureTransport also sent bad Folder Monitor events to Sentinel when the name of a file contained special characters.
Resolution: Now, Folder Monitor transfer sites process files and Sentinel events correctly in this case.

Issue: Previously, the Administration Tool export account function and the xml_export sometimes did not export some accounts.
Resolution: Now, SecureTransport exports all accounts.
731553 126520 Issue: Previously, when a remote FTP client abnormally interrupted a transfer, SecureTransport reported incorrect failure details in File Tracking.
Resolution: Now, SecureTransport correctly indicates that the transfer was aborted.
733007 127065 Issue: Previously, when a Web Access Plus user answered the secret question incorrectly, Web Access Plus returned an internal error.
Resolution: Now, Web Access Plus displays an error message that indicates that the secret answer is incorrect.
736832 128854 Issue: Previously, when a user tried to download ad hoc package containing a small or an empty file via the Download All Files link in an email the downloaded zip archive was corrupted.
Resolution: Now, the archive is downloaded properly and all the containing files can be accessed.
SecureTransport 5.2.1 SP4 Patches
Patch 1
733857
127489 Issue: Previously, the list of all applications in the Application page of SecureTransport Administration Tool was very slow because of the large number of listed applications.
Resolution: Now, the Application page has pagination and list of the applications is faster.

Issue: Previously, the Application page of SecureTransport Administration Tool did not have search by name functionality.
Resolution: Now, the Application page has search by name functionality.
Patch 3
739654
130349 Issue: Previously, the SecureTransport HTTP daemon was vulnerable to a Directory traversal attack. From a browser, the user could traverse the entire file system of the machine where the HTTP daemon was running if the machine's operating system was Windows.
Resolution: Now, the Directory traversal attack vulnerability is eliminated.
Patch 4
740814
131314 Issue: Previously, SecureTransport Server had hard-coded number of credits for FC protocol in the Standard Cluster protocol stack.
Resolution: Now, this number is configurable via Cluster.InitialFCredits server configuration parameter.
Patch 5
737189
736849
129027
130245
Issue: Previously, high loads causing temporary reduced performance might result in communication interruptions between the SecureTransport Server and the SecureTransport Edge, followed by an inability to perform client-initiated transfers until after the Server is restarted.
Resolution: Now, SecureTransport will recover from this situation with no apparent interruptions in the service.
Patch 7
738387
129866 Issue: Previously, when downloading a file through SecureTransport's Web Access Plus using Firefox' Save file as... option, the file name was truncated.
Resolution: Now, when downloading a file through SecureTransport's Web Access Plus using Firefox' Save file as... option, the file has the correct name.
Patch 8
729297
126317 Issue: Previously, there were missing cycle links between Axway Sentinel events when using the Standard Router application.
Resolution: Now, they are correctly displayed in the Axway Sentinel End to End cycle graph.
Patch 8
735817
128393 Issue: Previously, during PESIT transfer SecureTransport was sending PI51 (Creation Date Time) to the remote partner and to Sentinel in UTC time zone.
Resolution: Now, PI51 is sent in the current time zone.
Patch 9
737189-2
740814
742507
129318
131314
132159
Issue: Previously, running of TransferLogMaintenance Application in a Standard Cluster exhausted the Cluster Credits.
Resolution: Now, running of TransferLogMaintenance Application in a Standard Cluster does not affect the function of the cluster.

Issue: Previously, the TransferLogMaintenance Application could not delete records in the database for in-progress transfers.
Resolution: Now, the TransferLogMaintenance Application UI has new parameter designating the age at which in-progress transfers are eligible for deletion and the designated transfers are deleted.

Issue: Previously, logging of TransferLogMaintenance Application activities was incomplete.
Resolution: Now, logging of TransferLogMaintenance Application activities is more complete.
Patch 10
738771
131008 Issue: Previously, PeSIT uploads to a repository encryption enabled user could fail to complete.
Resolution: Now, PeSIT uploads will complete successfully.
Patch 11
742316
131858 Issue: Previously, the LogEntry Maintenance application failed with the following error: "Failed To Drop Partition on LOGGING_EVENT_EXCEPTION: ORA-14098: index mismatch for tables in ALTER TABLE EXCHANGE PARTITION."
Resolution: Now, this is fixed and LogEntry Maintenance application functions properly.
Patch 13
747199
133949 Issue: Previously, parallel inbound transfers over PeSIT protocol could fail intermittently with the inability to write metadata attributes for the files.
Resolution: Now, SecureTransport will recover, rewrite the attributes, and successfully complete the transfers.
Patch 14
736265
131119 Issue: Previously, FolderMonitor picked up the same file twice when running in a LEC environment.
Resolution: Now, FolderMonitor picks up each file only once.
Patch 14
736486
131052 Issue: Previously, there were sporadic failures during AS2 server-initiated transfers (push) with an associated "Read End Dead" error message.
Resolution: Now, AS2 transfers complete successfully.
Patch 14
741526
131628 Issue: Previously, Secure Transport failed to evaluate expressions for UID and GID in Account Template settings during file upload.
Resolution: Now, Secure Transport no longer fails to evaluate expressions for UID and GID in "Account Template" settings during file upload.
Patch 14
743337
133600 Issue: Previously, during client-initiated downloads over HTTP, FTP and SSH, Secure Transport did not populate the Axway Sentinel attributes senderId and receiverId properly.
Resolution: Now, Secure Transport properly populates senderId and receiverId during client-initiated downloads over HTTP, FTP and SSH.
Patch 14
745314-1
134124 Issue: Previously, a terminated connection over PeSIT protocol could result in a needlessly long wait by Secure Transport for a transfer confirmation to be received.
Resolution: Now, Secure Transport will fail the transfer immediately if the connection terminates or closes abruptly.
Patch 15
736194
132535 Issue: Previously, it was impossible to disable cross-site request forgery (CSRF) protection for web services API clients.
Resolution: Now, CSRF protection can be enabled/disabled with the configuration option Http.EnabledCsrfProtection from the SecureTransport Administration UI.
Patch 15
748193
134313 Issue: Previously, the AuthAgent in SecureTransport could not pass custom messages to the SecureTransport Legacy Client skin template.
Resolution: Now, AuthAgent can send custom messages to SecureTransport Legacy Client skin template.
Patch 16
738793
130574 Issue: Previously, when an account with repository encryption enabled attempted to resume upload of a large file to SecureTransport from position larger than 2 GB, SecureTransport server sometimes entered into endless loop which consumed a lot of CPU and would become unresponsive.
Resolution: Now, SecureTransport will correctly resume the transfer.
Patch 17
747973
134595 Issue: Previously, SecureTransport Server always considered that PeSIT PI values contained only US-ASCII characters. This caused issues when transferring files with non-ASCII filenames.
Resolution: Now, the charset of PI values is configurable via the Pesit.PICharset server configuration parameter.
Patch 17
752322
136274 Issue: Previously, during login of a LDAP user via LDAP v.3 TLS, SecureTransport server sent the user name and the password in plain text.
Resolution: Now, the user name and password are encrypted.
Patch 18
715134
122017 Issue: Previously, an LDAP user from Oracle Directory Server 11.1.1.7.0 could not login through any of the SecureTransport daemons if the Oracle Directory Server 11.1.1.7.0 was set to support only elliptic curve cipher(s).
Resolution: Now, the login is successful.
Patch 18
(none)
(none) Issue: Previously, an LDAP user from Active Directory server could not login through any of the SecureTransport daemons if patch MS14-066 / KB2992611 was applied on the Active Directory server.
Resolution: Now, the login is successful.
Patch 19
753794
136927 Issue: Previously, the AdHoc Package send operation in 5.2.1 SP4 was too slow compared to 5.2.1 SP1.
Resolution: Now, the speed of AdHoc Package send operation in 5.2.1 SP4 with Patch 19 applied is comparable with 5.2.1 SP1.
Patch 20
751558
137355 Issue: Previously, when a transfer experienced a temporary failure, SecureTransport logged an entry in the TransferStatus table, which contained the user password in plaintext.
Resolution: Now, SecureTransport no longer logs the password in plaintext in case of a temporary failure.
Patch 21
721090
122250 Issue: Previously, the buttons in compose mail were hidden when there were too many attachments.
Resolution: Now, the buttons in compose mail are visible regardless of the number of attachments.
Patch 21
730209
125881 Issue: Previously, the user could not download more than six files at the same time via Web Access Plus.
Resolution: Now, the user can download more than six files at the same time via Web Access Plus.
Patch 21
740337
130841 Issue: Previously, the user could not download multiple files with Internet Explorer 11.
Resolution: Now, the user can download multiple files with Internet Explorer 11.
Patch 21
749537
134925 Issue: Previously, the MY COMPUTER pane in Web Access Plus was not displayed when using the full Web Access Plus version with Internet Explorer 11.
Resolution: Now, both the MY COMPUTER and Transfer Queue panes are displayed correctly.
Patch 21
751842
136088 Issue: Previously, when the user specified multiple email recipients and included an invalid recipient in the Web Access Plus mailbox, when the user tried to send the email Web Access Plus would stop working.
Resolution: Now, when the user specifies multiple email recipients and includes an invalid recipient in the Web Access Plus mailbox, when the user tries to send the email Web Access Plus notifies the user that the email address is invalid and does not attempt to send the email.
Patch 22
(none)
138820
138821
138822
Issue: Previously, the service-failure-policy was set to exit-cluster.
Resolution: Now, the service-failure-policy is set to exit-process.

Issue: Previously, a non-functional PGP transformation was added to each subscription regardless of whether or not it was actually configured. This lead to an unnecessary I/O operations when triggering a subscription.
Resolution: Now, a PGP transformation is added only when explicitly configured.

Issue: Previously, the LDAP configuration properties recorded in the database were not cached in memory. This lead to excessive database traffic when performing operations with multiple LDAP users.
Resolution: Now, LDAP objects are cached in the memory and are not frequently retrieved from the database.
Patch 23
753201
141385 Issue: Previously, when sending files via SecureTransport's Standard Router application, if the source account had repository encryption enabled and the target account had repository encryption disabled, there were leftover .m_inproc files in the source folder.
Resolution: Now, when using SecureTransport's Standard Router application, there are no leftover .m_inproc files.
Patch 23
760085
140777 Issue: Previously, when a SecureTransport Server using Microsoft SQL Server encountered a deadlock condition in the database it would leave events in progress and ultimately prevented future scheduled transfers from occuring.
Resolution: Now, SecureTransport handles a deadlock condition gracefully by retrying the failed transaction.
Patch 23
(none)
141572 Issue: Previously, under rare conditions the SecureTransport Server Transaction manager stopped processing events and consumed an extremely large portion of the CPU cycles.
Resolution: Now, SecureTransport Server Transaction manager performs as expected.
Patch UNNAMED
733479
127509 Issue: Previously, there was an information leak over HTTPS when executing log in a post method using curl.
Resolution: Now, there is no information leak over HTTPS when executing log in a post method using curl.
Patch UNNAMED
737431
132179 Issue: Previously, after the execution of the rotate script, the new entries of the ftp command log were written to the rotated file.
Resolution: Now, after the execution of the rotate script, the new entries of the ftp command log are written to the correct command log file.
Patch UNNAMED
742467
764654-1
131894
142668
Issue: Previously, there was a cross site script vulnerability in the ad hoc messages download link.
Resolution: Now, there is no cross site script vulnerability in the ad hoc messages download link.
Patch UNNAMED
(none)
122922 Issue: Previously, various vulnerabilities were found in Appliance Platform 6.5.1 (SuSE 11.2).
Resolution: Now, the vulnerabilities are validated against Appliance Platform 6.7 (CVE-2013-1979; CVE-2013-2174; CVE-2012-6085; CVE-2002-2443; CVE-2013-3076; CVE-2013-3222; CVE-2013-3223; CVE-2013-3224; CVE-2013-3225; CVE-2013-3227; CVE-2013-3228; CVE-2013-3229; CVE-2013-3232; CVE-2013-3234; CVE-2013-3235; CVE-2013-3231; CVE-2013-2141)
Patch UNNAMED
(none)
134071
134072
Shellshock Vulnerability CVE-2014-6271
CVE-2014-7169 - effect on pre-5.2.x SecureTransport versions in regards of mod_cgi and mod_cgid modules in the Apache HTTP Server
Patch UNKNOWN
719627
122226 When enabled the NFS Classes in SecureTransport Transaction Manager and SecureTransport Server log start to show a large number of Info log messages.
Patch UNKNOWN
727067
124495 Remove the tunning section from the start_sshd script in SecureTransport 5.2.1.
Patch UNKNOWN
730437
132526 Email login is case sensitive when SecureTransport is installed with Oracle DB.
Patch UNKNOWN
750080-1
135261 Memory leak in the Transaction Manager component fixed by upgrading JScape Secure FTP Factory to version 9.2.0.
Patch UNKNOWN
754027
137068 Issue: Previously, customers could not save and configure a Subscription when there were a number of triggers that had to be configured.
Resolution: Now, customers can save and configure a Subscription when there are a number of triggers which need to be configured.

Known issues

This section lists the known SecureTransport 5.3.0 issues and limitations.

Known defects from previous releases

Defect ID Internal ID Description
D-31553 69052 When the user chooses Allow this account to login to SecureTransport Server on the Account page there is no selection to specify which protocols the account will be able to login through.
D-55388 (none) When a user installs an agent on the primary server of an active/active standard cluster and performs a synchronization, the installed agent file from the primary server’s bin\agents folder gets copied to the secondary server with incorrect file permissions.
D-55349 (none) If the InStreaming and InPermissionCheck agents are disabled and the ExtStreaming and ExtPermissionCheck agents are enabled in the SecureTransport Administration Tool Transaction Manager page, login attempts over HTTP, FTP and SSH fail.
D-65424 121172 A SecureTransport cluster performs some operations related to a large amount of files slower than a single node does due the cluster's file system synchronization.
D-65755 121530 When the Server Configuration Pesit.Transfer.Acknowledge parameter's default value is used, a "No such file" message in the "MDN receipt" pop-up and in the server log can occur after a transfer.
(none) 122017 SecureTransport cannot login LDAP users to Oracle Directory Server 11.1.1.7.0 if the selected ciphers on the Oracle Server are of the Elliptic Curve type.
D-66594 122446 Manual synchronization does not replicate the user classes to the secondary server.
D-67337 123282 Insufficient and misleading messages are received when attempting to download an attachment with permission denied from a draft Web Access Plus message.
(none) 124777 SecureTransport does not support SSL connections to an Oracle database.
D-69420 125362 While using the Legacy Client HTML template, during navigation through the menus in file options in Web Access Plus there is an HTTP 404 Not Found error.
D-69487 125437 When using the Web Access Plus template files are always uploaded in Binary transfer mode, regardless of the selected transfer mode in the Preferences menu.
D-69595 125552 SecureTransport truncates the LocalId field to 25 symbols when reporting it to Axway Sentinel.
D-69892 125865 If a user that is only allowed to login via SSL attempts to login to the SecureTransport FTP daemon, the password is sent in clear text. Only after the password is sent in clear text does the user see that SSL is mandatory.
D-69898 125871 The FTP service (ST Server + Edge Server) is vulnerable to an AUTH TLS plain text command injection. The commands that are sent immediately after AUTH TLS and before receiving the response of AUTH TLS are accepted by the SecureTransport FTP Daemon.
D-70278 126291 When a folder monitor pull fails, the remote files are deleted.
D-70572 (none) When a user aborts a customer initiated transfer over SSH and HTTPS protocols, the xferlog entries incorrectly lists the abort as an error instead of an abort. Over FTPS the xferlog correctly lists the abort as an abort instead of an error.
D-71087 (none) SecureTransport SFTP pulls (from another instance of SecureTransport) are approximately 3 times slower than an equivalent transfer using the OpenSSH client.
D-71473 127527 When an active/active cluster is installed on Windows, an intensive upload of many small files leads to leftover m_inproc files on the network share if the share is slow.
D-72383 (none) When displaying 100 or more accounts (by default a maximum of 100 accounts can be displayed) in the Administration Tool User Accounts page and all of the accounts have subscriptions and business units assigned to them, an approximately 5 second delay is introduced due to duplicated cache lookups.
D-72862 129033 In passive mode, after a failover from the from primary to the secondary node and then starting and stopping the former primary node, "Unable to choose cluster node" in the logs of the new primary node (former secondary) are observed.
D-72929 129110 In streaming mode the SecureTranport Edge performs DNS queries, which results in delays during file transfers when the DNS server is not accessible.
D-75353 131856 Customizing the Account page to include additional custom properties is allowed, but the values for these properties are missing after duplicating the account.
D-75354 131857 Customizing the Account page to include additional custom properties is allowed, but the values for these properties are not validated during save.
D-75429 (none) The SecureTransport DXAGENT_CLIENTADDR environment variable is not populated when an HTTP or HTTPS login session is made through a SecureTransport Edge.
D-75566 (none) There are multiple OpenSSL vulnerabilities against the $FDH/bin/openssl tool. The built-in “openssl” tool in the $FILEDRIVEHOME/bin/ folder is version 1.0.1g. It is associated with multiple CVEs. The CVEs referenced are: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
D-77090 (none) In a large enterprise cluster setup using MSSQL database with 2 backend servers and 2 edges in active/active configuration it is possible after a prolonged network outage (more than 1 hour), that a connection to the TM server can not be established and file transfers can not pass. The issue is observed when the Streaming.LoadBalancingPolicy is set to Blacklist-Round-Robin on all edges and servers.
D-77247 133507 AS2 encryption is not working for AS2 transfers between SecureTransport and e-AS2 server version 5.1.
D-79190 (none) When the following access restriction are enabled in the Administration Tool Access > Restrictions-Filesystem in this order:
<file operation > No */*
<file operation > Yes */accessible/*
The required file operation for folder /accessible is not allowed, although it should be.
Note: Only FTP and FTPS protocol are affected.
D-79323 135573 During upgrade from MySQL to Oracle error messages indicating data loss for the CustomProperties table are observed in the migration log when the values stored in the table are bigger than 1024 bytes.
D-79985 136275 When the Oracle database connection is restarted, multiple copies of the same email notifications “SecureTransport Server Log Database Is Back To Normal” and “SecureTransport Server Log Database Is Unavailable” are received, instead of only one successful connection restart notification message.
D-81193 137602 There are MSSQL DB alarms for abnormally high TransactionLog utilization when SecureTransport is heavily loaded.
D-81436 137847 There is a security vulnerability (CVE-2010-4410) related to the Push.pm file.
D-81437 137848 There is a security vulnerability (CVE-2010-2761) related to the Push.pm file.
D-81438 137849 There is a security vulnerability (CVE-2010-4411) related to the Push.pm file.
D-81439 137850 There is a security vulnerability (CVE-2010-2253) related to the loopback.pm and cpan.pm files
D-81440 137851 There is a security vulnerability (CVE-2011-0633) related to the loopback.pm and cpan.pm files.
D-81841 (none) On operating systems where the locale EN_US.UTF-8 is missing the following warning is logged in the console log during Transaction Manager startup:
warning: setlocale: LC_ALL: cannot change locale (EN_US.UTF-8): A file or directory in the path name does not exist.
The missing locale does not interfere with SecureTransport's operation and the missing locale can be installed by an operation system's administrator.
D-82519 139021 When Integrator sends a file to SecureTransport, the file is sent successfully but in the file tracking the transfer is shown as failed. There are error messages in the logs and in the directory where the file is received there is a leftover file named .m_inproc.
D-84058 140404 Customizing the Business Unit page to include additional custom properties is allowed, but the values of the custom properties are missing after a business unit is saved.
D-84285 140619 There are sporadic failures in transmissions to partners over AS2 with decryption. A failed transmission message is displayed.
D-85465 141831 SecureTransport Installer checks for 250MB of free space in the temp directory, but in some rare cases 250MB of free space is not enough and the installation will fail.

General issues

Defect ID Internal ID Description
(none) (none) When using SecureTransport as a client to pull files over FTP from a remote Pure-FTPd server, if the number of pulled files is over 50, SecureTransport returns an error and the transfers are unsuccessful.

Advanced Routing

Defect ID Internal ID Description
D-61352 (none) Routes linked to Route Packages or Route Package Templates cannot be deleted via REST API.

If such attempt is made the following error code and message are returned:
Status Code: 400 Bad Request
{
"message" : "Error validating request",
"validationErrors" : [ "Route is in use." ],
"docLink" : "https://10.232.3.91:444/api/v1.2/
docs/resource_RoutesResource.html#path__routes_-routeId-.html"'
}


If an administrator wants to delete a linked route, it can be done in two ways:
  • By deleting the route in the Administrative Tool;
  • Or by deleting the ExecutionStep linking the route and the corresponding Route Package or Route Package Template. This would delete both the step and the linked route.
D-66029 (none) There will be more than one entry in the Audit Log when an update operation with a single route is performed within the Administrative Tool. When a simple route with steps is updated there will be two entries in the Audit Log.
D-71357 (none) The Audit log only tracks the disabling of inherited route steps. The enabling of inherited route steps is not tracked in the Audit log.
D-71643 (none) Account templates in SecureTransport cannot be configured to receive files over PeSIT protocol. PeSIT partnerships can only be completed using virtual users.
D-74700 (none) When importing large accounts with routes the admind memory should be increased to avoid Audit log out of memory errors.
D-77159 (none) When a route with multiple steps is updated there are two entries in the Audit Log.
D-79368 (none) Advanced Routing is not triggered after remote PTAs. Advanced Routing is triggered when a file is uploaded to the subscription folder of the source account unless routing is going to be triggered using a trigger file. Therefore, all actions to the file triggered immediately after the upload (for example, renaming) will fail.
D-79669 (none) Network shares are not accessible through the external script for the External Script step.
D-81403 (none) When the Send To Partner or Publish To Account steps of the Advanced Routing functionality is used, signed messaging disposition notification (MDN) receipts will fail to be generated as the file is routed from a temporary location which is purged immediately after transmission.
D-83105 (none) The configuration of the TM package PGPTransform is not taken into account when the old PGP keys are used within the PGP Encryption step of the Advanced Routing feature. Files encrypted using PGP Encryption step may not be compatible with legacy PGP tools.
D-83443 (none) Files processed by Advanced Routing use a temporary sandbox folder. SecureTransport legacy system restrictions do not apply to the temporary Advanced Routing folder.
D-84225 (none) If an account_export.xml, containing accounts with route package templates, is imported with Skip option selected to a target SecureTransport Server, already configured with account and route package templates, the corresponding imported account and route package templates will be rejected during the import if there are already existing objects with the same names on the target SecureTransport Server.

Line Ending

D-72942 (none) On AIX, it is recommended to always specify the endian of the output character set when using UTF-16 (for example, specify either UTF-16le or UTF-16be). Otherwise, the file may not be properly transcoded.
D-73053 (none) Symbols from U+0020 to U+007F should not be used as end of line sequence.
D-73075 (none) When transcoding from Unicode to EBCDIC, the Line Ending step uses by default the CDRA mapping which means that "LF" symbols are transcoded to "0x15" instead of "0x25". This behavior can be changed only on AIX by doing the following modification to the bin/start_tm_console script:

Replace

AVA_OPTS="-Dfile.encoding=utf8 $JAVA_OPTS"

with

JAVA_OPTS="-Dfile.encoding=utf8 -Dibm.swapLF=true $JAVA_OPTS"

After modifying the start_tm_consolse script you need to restart the Transaction Manager.
D-74552 (none) Audit log and Account Import/Export use records of the inputEolSequence and outputEolSequence properties in hexadecimal format.

Publish To Account

B-79360 (none) For the Publish To Account step, business units are only applicable for accounts within the same business unit.
B-80267 (none) Business units are only applicable for accounts within the same business unit. Not expected to work with parent and child business units.

Send To Partner

D-71542 (none) If SecureTransport is running in a large enterprise cluster with Oracle, the configuration of the partners in the Send to Partner step is case sensitive.
D-75799 (none) When input for an account is an EL expression or empty, and the Send To Partner step is added via REST API, in the Administrative Tool, the fields for Transfer Sites and Transfer Profiles will be shown as Expression fields despite the expression type specified in the REST API call. When the Send To Partner step is saved in the Administrative Tool, the expression type for the Transfer Sites and Transfer Profiles will be changed.

Encryption

Defect ID Internal ID Description
D-73643 (none) With repository encyption enabled, attachments may remain unencrypted even after the edit and save of a draft message. The saved message will be encrypted, but the attachments may be unencrypted.
D-73648 (none) If a repository encryption is enabled for a user, any existing files, mail messages, or attachments will remain unencrypted. Also, if a repository encryption is disabled for an account with repository encryption, any existing files, mail messages, or attachments will remain encrypted.

ICAP scanning

Defect ID Internal ID Description
(none) (none) SecureTransport 5.3.0 supports two ICAP servers. SecureTransport supports three Data Loss Preventation (DLP) solutions, but only two of them can be used at the same time on a single SecureTransport Server.
(none) (none) ICAP scanning can be controlled globally or per Business Unit. It cannot be controlled per user account.
(none) (none) There is no verification check from the Administration UI to verify that an ICAP server connection can be established.
(none) (none) The User Access setting in Web Access Plus is not saved if the user sends an ICAP denied message. This applies whenever there is no default User Access option. Upon resending the user must choose the User Access option again.
(none) (none) Any ICAP Deny responses will not be displayed in Web Access Plus.

Shared folders

Defect ID Internal ID Description
(none) (none) Shared Folders can be controlled globally or per Business Unit. They cannot be controlled per user account.
(none) (none) The share settings of a sub-folder of a shared folder can not be changed.
D-77689 (none) Only users with a specified email address can use the Shared Folders feature.
D-77689 (none) Real users are not allowed to use Shared Folders feature.
D-78106 (none) A non-encrypted user cannot decrypt files uploaded from a repencrypted user.
D-78113 (none) The directory of the shared folder owner can not be changed.
D-79169 (none) A user cannot share a folder with the same name as an already shared folder.

Web Access Plus

Defect ID Internal ID Description
D-66680 (none) When using Safari it may be necessary to change site mode to Unsafe. Safari > Preferences > Security > Manage Website Settings > Java > (select the site you want to open) > Allow> Run in Unsafe mode > Trust
D-71275 (none) Reading phase of Internet Explorer is considerably slower than other browsers.
D-71449 (none) HTML5 Transfer Queue in WAP on Internet Explorer 10 is fully functional but with a substantial performance degradation due to some browser limitations. In order to avoid those performance issues, resulting in slower transfers, upgrade to a higher version of Internet Explorer or use one of the other supported browsers.
D-79944 (none) Filenames beginning and ending in white spaces can not be renamed.
D-84079 (none) HTML5 Transfer Queue in WAP does not load and will not display when using Internet Explorer 9.
D-86277 (none) Due to a limitation in Internet Explorer 9, the non-applet version of WAP cannot upload files larger than 4GB. We recommend using other supported browser (Internet Explorere 10 or 11, Firefox, or Chrome) or Internet Explorer 9 and WAP with the applet enabled.

General limitations

Defect ID Internal ID Description
(none) (none) CSRF protection cannot be disabled. Web services API clients must specify the required referrer headers or the CSRF protection mechanism will reject their requests.
D-55234 (none) SecureTransport Edge new hosts cannot be added to the Private zone using either Admin UI or Rest API. New hosts are successfully added to Private zone on SecureTransport Server 5.3.0.
D-57205 (none) The following warnings and errors are expected during normal fresh installation or upgrade:

ERROR Script/command error: [copy] Warning: Could not find file <FILEDRIVEHOME>/lib/certs/db/serial to copy.
ERROR Script/command error: [move] Warning: Could not find file <FILEDRIVEHOME>/var/tmp/upgrade.temp.
dir280960001/lib/certs/db/serial
to copy.
WARN A C3P0Registry mbean is already registered. This probably means that an application using c3p0 was undeployed, but not all PooledDataSources were closed prior to undeployment...
WARN <INSTALLATION_DIR>/Components/./../Documentation/
Installer_4.5.x_InstallationPrerequisitesGuide_allOS_en/index.htm
is not a file!
WARN Task skipped on Unix platforms.
WARN The tag @FILEDRIVEHOME@ doesn't exist in file ...
WARN The tag @AUDITLOGAPPENDER_IDBEGIN@ doesn't exist in file ...
WARN The tag @AUDITLOGAPPENDER_IDEND@ doesn't exist in file...
D-63920 (none) When installing SecureTransport on AIX, the installation process may fail with the error "java.lang.UnsatisfiedLinkError: /tmp/AxwayTemp2014-01-15161914/Java_tmp/jre7_64/lib/ppc64/motif21/libmawt (No such file or directory)". To resolve the issue unset the DISPLAY environment variable prior to starting the setup script. After successful installation of SecureTransport, set the DISPLAY environment variable.
D-65627 (none) During startup of the Transaction Manager service, you may encounter the following warnings:

WARNING: org.apache.xerces.jaxp.
SAXParserImpl$JAXPSAXParser
: Property http://www.oracle.com/xml/jaxp/properties/
entityExpansionLimit
is not recognized.
Compiler warnings:
WARNING: org.apache.xerces.jaxp.SAXParserImpl: Property http://javax.xml.XMLConstants/
property/accessExternalDTD
is not recognized.

This is expected and does not indicate any server issues.
D-68291 (none) In a standard cluster environment, if a node is removed from the cluster and added back after configuration changes have been made on the daemons, these configuration changes will not be reflected on that node. You need to apply the configuration changes manually.
D-69792 (none) The IP addresses in one node should refer to one machine only (with multiple network interfaces). However, to configure connections to multiple edges, multiple nodes should be added.
D-72893 (none) When accounts are imported from 5.2.1 SP3 or older into 5.2.1 SP4 or newer (including 5.3.0) the Manage Shared Folder Applications is always disabled for the imported accounts. When the accounts are exported from 5.2.1 SP4 or newer and then imported into 5.2.1 SP4 or newer then the Manage Shared Folder Applications for the imported account is enabled if and only if it was enabled for the exported account.
D-75759 (none) In a Standard Cluster, only the server communication profile for node that is registered to Central Governance is registered. In a Large Enterprise Cluster, the server communication profiles for all nodes in a cluster are registered due to there being one private zone that contains the server communication profile information for all the cluster nodes.
D-80102 (none) Backslashes are removed from Expression Language strings.
D-85659 (none) The following ciphers do not work if the client and server use Certicom as provider:
  • TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
D-85952 (none) In SecureTransport Standard cluster, when the administrator refreshes the cluster management page from the secondary node during manual synchronization of the cluster, errors are logged in the Server log. These errors do not impact synchronization and normal cluster operation.
D-86413 (none) FTPS transfers from SecureTranport 5.1 to a SecureTransport 5.3.0 server operating in FIPS mode will fail. To work around the issue, disable FIPS on the destination server and add SSLv2Hello to the Ftp.Listeners.Ssl.enabledProtocols config parameter in the Server Configuration.
D-86632 (none) Internet Explorer 11 prevents the loading of SecureTransport Web Client Control due to Active X restrictions.

Documentation

This section describes documentation enhancements and related documentation.

Documentation enhancements

  • The SecureTransport 5.3.0 documentation set now includes the SecureTransport 5.3.0 Getting Started Guide. The SecureTransport 5.3.0 Getting Started Guide explains the initial setup and configuration of using the SecureTransport Administrator setup interface.
  • The SecureTransport 5.3.0 Installation Guide has been reorganized and incorporated into a new template.

Known documentation issues

The SecureTransport 5.3.0 Administrator's Guide includes updates in the following chapters and sections which are not included in the Administration Tool help:

  • Chapter 9 Manage accounts - Transfer sites - Transfer site properties
  • Chapter 9 Manage accounts - Transfer sites - AS2 transfers
  • Chapter 9 Manage accounts - Transfer sites - Folder Monitor transfer sites
  • Chapter 9 Manage accounts - Transfer sites - FTP(S) transfer sites
  • Chapter 9 Manage accounts - Transfer sites - HTTP(S) transfer sites
  • Chapter 9 Manage accounts - Transfer sites - SSH transfer sites
  • Chapter 13 Advanced Routing - Overview - Functional overview
  • Chapter 13 Advanced Routing - Overview - Process overview
  • Chapter 13 Advanced Routing - Configuration - Create Advanced Routing application
  • Chapter 13 Advanced Routing - Configuration - Assign Route Package Template
  • Chapter 13 Advanced Routing - Route steps
  • Chapter 13 Advanced Routing - Route steps - Publish To Account
  • Chapter 13 Advanced Routing - Route steps - Send To Partner
  • Chapter 13 Advanced Routing - Operation
  • Chapter 13 Advanced Routing - Operation - Basic use cases - PGP Decryption and Publish To Account
  • Chapter 13 Advanced Routing - Operation - Basic use cases - Line Ending and Publish To Account
  • Chapter 13 Advanced Routing - Operation - Basic use cases - PGP Encryption and Send To Partner
  • Chapter 13 Advanced Routing - Operation - Basic use cases - Decompress and Publish To Account
  • Chapter 13 Advanced Routing - Operation - Advanced use cases
  • Chapter 13 Advanced Routing - Operation - Advanced use cases - PGP Encryption (partner's certificate) and send to multiple partners
  • Chapter 13 Advanced Routing - Operation - Advanced use cases - Decompress and Send to Partner (Trigger File Output)
  • Chapter 13 Advanced Routing - Custom Expression Language functions and variables - Special routing variables

Related documentation

Go to Axway Support at https://support.axway.com to find all documentation for this product version.

SecureTransport provides the following documentation:

  • SecureTransport Installation Guide - This guide explains how to install, upgrade, and uninstall SecureTransport Server on UNIX-based platforms, Microsoft Windows, and Appliances.
  • SecureTransport Getting Started Guide - This guide explains the initial setup and configuration of using the SecureTransport Administrator setup interface.
  • SecureTransport Administrator's Guide - This guide describes how to use the SecureTransport Administration Tool to configure and administer your SecureTransport Server. The content of this guide is also available in the Administration Tool online help.
  • SecureTransport Web Client User Guide - This guide describes how to use the SecureTransport Browser Client and Web Access Plus to transfer files between your local machine and your SecureTransport Server. The Web Access Plus content of this guide is also available in the Web Access Plus online help.
  • SecureTransport Release Notes - (This document) This document contains information about new features and enhancements, late-breaking information that could not be included in one of the other documents, and a list of known and fixed issues.
  • SecureTransport Developer's Guide - This guide explains how to use rules, rule packages, and agents to customize . Additional information includes an explanation of how to use the application framework.
  • SecureTransport Capacity Planning Guide - This guides provides information useful when planning your production environment for SecureTransport.
  • Axway Appliance Quick Start - This document provides instructions for unpacking, mounting, connecting, and powering up an appliance, provides instructions for installing and deploying an Appliance, plus technical specifications and references to safety, regulatory, and recycling information.
  • Axway Email Plug-ins Installation Guide - This guide provides instructions for installing and deploying the Axway Microsoft Outlook add-in and the Axway Lotus Notes plug-in.
  • Axway Email Plug-ins Release Notes - This document contains information about installation and upgrade packages, new features, and a list of known limitations.
  • Axway Outlook Add-in Installation Guide - This guide provides instructions for installing and deploying the Axway Microsoft Outlook add-in.
  • Axway Outlook Add-in Release Notes - This document contains information about installation and upgrade packages, new features, and a list of known limitations.
  • Axway Integrator and SecureTransport Interoperability Guide - This guide describes the interface between Axway Integrator and Axway SecureTransport and how to configure those products to interoperate.
  • SecureTransport Software Developer Kit (SDK) online help - The SDK includes an HTML-based API reference developers can use while customizing SecureTransport.
  • SecureTransport REST API online reference - The SecureTransport Server hosts an HTML-based API reference developers can use while developing integrations for SecureTransport.

For more information about SecureTransport and how it is used in Axway 5 Suite, refer to:

  • Axway 5 Suite Overview
  • Axway 5 Suite Supported Platforms
  • Axway 5 Suite Interoperability Matrix
  • Axway 5 Suite Implementation Guide

Support services

The Axway Global Support team provides worldwide 24x7 support for customers with active support agreements.
Email support@axway.com or visit Axway Suppport at support.axway.com.

Copyright © 2017 Axway. All rights reserved

Related Links