SecureTransport 5.3.1 Release Notes

This document applies to Axway SecureTransport Server 5.3.1 for all supported platforms, databases, and cluster types.

The information in this document supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

About this release

File packages:

  • SecureTransport_5.3.1_Appliance_ap-x86-64_BN854.iso
    MD5 checksum: dce2727836c57aa0e4cbd7ecb76a9a60
    Size: 2747750400
  • SecureTransport_5.3.1_Install_aix-power-64_BN854.zip
    MD5 checksum: 89c8ac1126b1c6479f7c48ece542728f
    Size: 612128794
  • SecureTransport_5.3.1_Install_linux-x86-64_BN854.zip
    MD5 checksum: 1d77f15fbbfd1ea334956ba6fdefcf9b
    Size: 739948054
  • SecureTransport_5.3.1_Install_sun-sparc-64_BN854.zip
    MD5 checksum: 20e7cb4f858ac3279b7c7178ec8acbcf
    Size: 1798332450
  • SecureTransport_5.3.1_Install_win-x86-64_BN854.zip
    MD5 checksum: 4951da013e06348dcbc6213d0e2584fc
    Size: 862326475
  • SecureTransport_5.3.1_UP1-from-5.3.0_aix-power-64_BN854.jar
    MD5 checksum: 3fe99ecbd7daa2e3390a53967483eb1b
    Size: 362495736
  • SecureTransport_5.3.1_UP1-from-5.3.0_linux-x86-64_BN854.jar
    MD5 checksum: 41bbb00a10b12a1aa05ead4fe739f829
    Size: 595175572
  • SecureTransport_5.3.1_UP1-from-5.3.0_sun-sparc-64_BN854.jar
    MD5 checksum: f1ac82670556fd899c0c8dbd7203c4b8
    Size: 1604351361
  • SecureTransport_5.3.1_UP1-from-5.3.0_win-x86-64_BN854.jar
    MD5 checksum: 1b3c5fb06e26920858e58a5dec969a3c
    Size: 722163394

New features and enhancements

SecureTransport - Central Governance integration

SecureTransport 5.3.1 introduces the integration with Central Governance.

  • SecureTransport can be registered as a managed product in Central Governance.
  • Flow managers in Central Governance can create and deploy flows where SecureTransport is configured as a relay, source and target and receives and sends files over FTP/S, HTTP/S, PeSIT, and SFTP.
  • SecureTransport provides runtime visibility (in Sentinel) for the file transfers based on a humanly-readable name of the flows which are deployed and managed by Central Governance.

Advanced Routing enhancements

The main function of the Advanced Routing feature is to act as an intelligent routing engine and allow SecureTransport users to flexibly provision new data flows and to create diverse patterns for data movement between different participants, partner systems, and applications. The Advanced Routing will also function as a placeholder for implementation of routing mechanisms beyond those already developed in SecureTransport 5.3.0.

Advanced Routing provides advanced transformation and routing capabilities for the SecureTransport Server. On a high level, when specific conditions are met, particular steps are performed. Conditions and steps are wrapped in routes as part of a Route Package Template or Route Package.

Advanced Routing for SecureTransport 5.3.1 has the following new features:

  • New transformation steps:
    • Encoding Conversion step converts the character encoding of an input text file to a different configurable encoding.
    • Characters Replace step replaces or removes characters from an input text file.
    • Line Padding step coverts an input text file by padding each line with a configurable trailing character to a specified total length.
    • Line Truncating step coverts an input text file by removing characters from the end of each line to a specified total length.
    • Line Folding step transforms an input text file and splits the long lines into several shorter ones with a configurable maximum length.
    • A new email notification type is now available to notify email recipients upon routing rules triggering.
  • The Send to Partner and Publish to Account steps allow usage of both login and account name. Runtime, SecureTransport searches account names first and then searches the login names when Send to Partner or Publish to Account step is executed as part of a route.
  • The supported expression language is extended and the PGP Encryption, Publish to Account and Send to partner steps support the usage of currentfulltarget expression in all fields. The expression is evaluated to the absolute file path of the file being processed.

Other feature enhancements:

  • Administrators of SecureTransport Server can define additional custom attributes as part of the accounts and account template creation or modification. Administrators can access the values of the custom attributes using expression languange in any fields in the Account Templates and Advanced Routing configuration.
  • Administrators can define a pattern for the download file and download folder of any Transfer Site configuration using Expression Language.
  • Administrators of SecureTransport Server or Edge can provision SSH keys via the Administrator Tool or a REST API request without the need to provide the Internal CA password.
  • SecureTransport HTTP and PeSIT servers do not require restart after import or delete of a trusted certificate.
  • SecureTransport protocol servers, Transaction manager and Administrator's Tool do not require restart after enabling of debug logging or redirecting the logs to a flat file.
  • SecureTransport Transaction manager does not require restart after enabling of Sentinel reporting.
  • Administrators of SecureTransport can use REST API request to purge the subscription folder or the account's home folder when deleting the corresponding item.
  • SecureTransport 5.3.1 introduces improved performance of pTCP PeSIT transfers in Amazon Cloud environment.
  • Transaction Manager menu and UI pages for editing TM rules and packages are removed from the product.

Security enhancements:

  • Shared secret password used by SecureTransport during registration to Center Governance is encrypted.
  • User login passwords are stored using PBKDF2.

Third-party software, database and OS support changes:

  • SecureTransport 5.3.1 introduces changes into the external database support for Large Enterprise Cluster:
    • Support for external Oracle 11g and Microsoft SQL Server 2008 databases is discontinued.
    • SecureTransport supports only Oracle 12c Enterprise Edition (with Partitioning License option) and Microsoft SQL 2014 Standard and Enterprise Core external database.
    • The external database must be upgraded to a supported version (Microsoft SQL Server 2014 or Oracle 12c) prior to upgrading SecureTransport to version 5.3.1.
  • SecureTransport 5.3.1 introduces the following changes into the supported operating systems:
    • Support for Red Hat Enterprise Linux 5.x and Oracle Linux 5 is discontinued.
    • Support for Microsoft Windows Server 2008 R2 Standard Edition SP1 and Microsoft Windows Server 2008 R2 Enterprise Edition SP1 is discontinued.
  • SecureTransport 5.3.1 introduces support for McAfee Web Gateway and Symantec Protection Engine with ICAP for anti-virus scanning.

Third-party library changes:

  • Embedded MySQL database is upgraded from version 5.0.72 to 5.6.23 64-bit for all supported platforms except IBM AIX.
  • Struts 1.1 is removed for all supported platforms.
  • SecureTransport 5.3.1 uses runtime JRE 1.8.

Deprecated features:

  • Microsoft Internet Explorer 9 and 10 are no longer supported browsers for the Administration Tool and the SecureTransport web clients.
  • SecureTransport Web Client Control (the ActiveX control for Internet Explorer) is no longer supported feature in SecureTransport 5.3.1. Any usage of the ActiveX control must be discontinued and Axway would provide no support and fixes for it.

Corrections and fixed problems

SecureTransport 5.3.1 provides the following corrections and fixed problems:

Case ID Internal ID Description
SecureTransport 5.2.1 SP5
749171
751640-7
751640-6
751640-5
751640-4
751640-2
751640-1
751640-9
751640-10
751640-11
751640-12
751640-3
751640-8
135133
137732
137731
137729
137728
137726
137725
137734
137735
137736
137737
137727
137733
Apache Tomcat upgraded to address stability and security issues
CVE-2013-4286
CVE-2013-4590
CVE-2013-4322
CVE-2013-0346
CVE-2013-2071
CVE-2012-4431
CVE-2014-0096
CVE-2014-0099
CVE-2014-0119
CVE-2014-0075
CVE-2013-2067
CVE-2014-0050

751640-13

751640-14
751640-15
751640-16
751640-17

137847
137848
137849
137850
137851
Vulnerable Perl binary is removed
Vulnerable Perl module CGI.pm is upgraded
CVE-2010-4410
CVE-2010-2761
CVE-2010-4411
CVE-2010-2253
CVE-2011-0633
737278 129033 Issue: Previously, in Secure Transport Standard Cluster failover from primary to secondary, the passive nodes failed with "Unable to chose cluster node" error messages. The issue is observed when a second failover from primary to secondary (in a short period of time) is performed.
Resolution: Now, the failover to the secondary node is successful. The secondary node automatically promotes itself to be the new primary.
741765 131929 Issue: Previously, the DXAGENT_CLIENTADDR session variable was empty for HTTP/S login sessions made through a SecureTransport Edge server.
Resolution: Now, the DXAGENT_CLIENTADDR session variable is populated with the SecureTransport Edge server IP address.
727847 125362 Issue: Previously, there was an HTTP 404 error, during navigation through the Web Access Plus file options menu (only for Legacy Client HTML template).
Resolution: Now, there are no errors and the users are able to download their files.
737431 132179 Issue: Previously, after the execution of the rotate script, new entries in the FTP command log were written to the rotated file.
Resolution: Now, after the execution of the rotate script, the new entries in the FTP command log are written to the correct command log file.
714038 122446 Issue: Previously, manual synchronization did not replicate the user classes to the secondary server.
Resolution: Now, the manual synchronization replicates the user classes to the secondary server.
730437 132526 Issue: Previously, email login was case sensitive when SecureTransport was installed with an Oracle database.
Resolution: Now, email login is case insensitive when SecureTransport is installed with Oracle database.
719627 122226 Issue: Previously, the SecureTransport Server log showed numerous numbers of Info log messages when some NFS support classes were enabled.
Resolution: Now, there are no Info log messages, when these classes are enabled.
750080-1 135261 Issue: Previously, a memory leak was observed in the Transaction Manager component.
Resolution: Now, the memory leak is fixed by upgrading JScape Secure FTP Factory to version 9.2.0
754027 137068 Issue: Previously, the customer could not configure and save Subscriptions when there were a number of triggers that needed to be configured.
Resolution: Now, the customer can configure and save Subscriptions when there are a number of triggers which need to be configured.
733479 127509 Issue: Previously, there was an information leak over HTTPS when executing log in a post method using curl.
Resolution: Now, there is no information leak over HTTPS when executing log in a post method using curl.
742467 764654-1 131894
142668
Issue: Previously, there was a cross site scripting vulnerability in the Ad-hoc messages download link.
Resolution: Now, there is no cross site scripting vulnerability in the Ad-hoc messages download link.
727067 124495 Issue: Previously, some parameters in tuning section of the start_sshd script were more likely to cause problems than actually enhance performance.
Resolution: Now, these parameters are removed.
742142 131856 Issue: Previously, customizing an Account page to include additional custom properties was allowed, but the values for the additional custom properties were missing after duplicating an account.
Resolution: Now, after duplicating an account all properties including custom ones are properly saved.
742145 131857 Issue: Previously, customizing an Account page to include additional custom properties was allowed, but there was no way to validate the additional custom properties and accounts with non-validated data were saved.
Resolution: Now, all additional custom properties are validated the same as other properties and if there is a validation error for any custom property an account is not saved.
759216 140404 Issue: Previously, customizing a Business Unit page to include additional custom properties was allowed, but the values of the additional custom properties were missing after saving a business unit.
Resolution: Now, it is possible to customize Business Unit page. The additional custom properties can be properly saved and modified.
717921 121530 Issue: Previously, using the default value of the parameter Pesit.Transfer.Acknowledge in the Server Configuration resulted in a "No such file" message in the MDN receipt pop-up and in the server log.
Resolution: Now, the message "No such file" is removed.
730181-1 125865 Issue: Previously, the FTP daemon demanded a password after an unencrypted username was given, even when the encryption is mandatory.
Resolution: Now, the connection is interrupted with the message "SSL is mandatory" after the username is presented.
711155 121172 Issue: Previously, in a cluster environment with two or more nodes and using MySQL database, Secure Transport processed SITs really slow compared to a single node.
Resolution: Now, the processing of SITs by two or more nodes in a cluster on MySQL is improved.
760153 140619 Issue: Previously, there were sporadic failures in transmissions to partners over AS2 and decryption failure messages were observed.
Resolution: Now, compatibility with crypto ciphers is improved and there are no failures in transmissions to partners over AS2 and decryption failure messages are no longer observed.
751012 135573 Issue: Previously, a CUSTOMPROPERTIES value used to hold up to 1024 characters when SecureTransport is running on Microsoft SQL Server.
Resolution: Now, this limit is increased to 4000 characters.
727041 125437 Issue: Previously, regardless of the transfer mode, selected for the Web Access Plus template the file is always transferred in Binary mode.
Resolution: Now, the file is transferred in the selected mode.
723453 125863 Issue: Previously, SecureTransport HTTP service on IBM AIX in some cases did not release file handle when closing tcp socket.
Resolution: Now, file handle is always released when closing tcp socket. This is resolved by upgrading to the latest IBM AIX JRE 7.0 Service Refresh 8 Fix Pack 10 where this issue is fixed.
761092 141408 Issue: Previously, there were inconsistencies between FTPD daemon response codes sent to an FTP client in ST 5.1 SP3 and ST 5.2.1 SP4.
Resolution: Now, in ST 5.2.1 SP5 FTPD daemon response codes sent to a FTP client are consistent with FTPD daemon response codes sent to a FTP client in ST 5.1 SP3.
750201 135442 Issue: Previously, filesystem restrictions did not work as expected when using FTP - restrictions for deleting a file operation from Admin UI > Access > Restrictions-Filesystem page. Allow folder/deny all else did not take effect over FTP or FTPS and "Permission denied" errors were observed.
Resolution: Now, the filesystem restrictions work propertly when using FTP. Also a new server configuration option is introduced - Restrictions.OrderOfApplication which defines the order of application for filesystem and upload and download restrictions. There are two available values for the option:
  • legacy (default) - rules are applied from bottom to top
  • new - rules are applied from top to bottom.
767105 143802 Issue: Previously, there was a behavior change in the response of the FTP QUOTE SYST command between SecureTransport 5.1.x and SecureTransport 5.2.1 SPx which caused some native FTP clients to default to ASCII instead of BINARY transfer mode.
Resolution: Now, the FTP daemon responds with the message "215 UNIX Type: L8" when the FTP QUOTE SYST command is issued. Alternatively this response can be customized via Ftp.SYSTResponse server configuration parameter.
721188 128502 Issue: Previously, there was a slow performance when listing the User Accounts in SecureTransport Adminstration Tool.
Resolution: Now, the performance is improved.
743907 132584 Issue: Previously, SecureTransport version and release information (build number) was not updated in the /etc/platform.conf for Axway Appliances.
Resolution: Now, the version and release information (build number) are updated on upgrade (or downgrade) for Axway Appliances.
733480 127527 Issue: Previously, SecureTransport Server running in clustered environment under Windows OS failed to delete .m_inproc files due to shared filesystem update delays.
Resolution: Now, SecureTransport Server retries such failed deletion and mitigates this shared filesystem limitation.
762493 144172 Issue: Previously, click handler for menu was triggered while in animation state, making the menu unresponsive.
Resolution: Now, click handler is not executed while in animation state.
767479 144103 Issue: Previously, LIST and NLST ftp commands did not properly handle absolute/relative paths.
Resolution: Now, argument parsing is properly handling absolute/relative paths.
693311 111678 Issue: Previously, when the ExtStreaming and ExtPermissionCheck Transaction Manager rules packages were enabled the end user was not able to login.
Resolution: Now, the deprecated ExtPermissionsCheck and ExtStreaming Transaction Manager rules packages are removed. The following PERL and C agents are also removed: stream_auth.pl, stream_calc_attrs.pl, stream_chpwd.pl, stream_list.pl, stream_login.pl, stream_logout.pl, stream_rest.pl, stream_rmd.pl, stream_rnfr.pl, stream_rnto.pl, stream_cwd.pl, stream_dele.pl, stream_end.pl, stream_mdtm.pl, stream_pwd.pl, stream_retr.pl, stream_rtck.pl, stream_size.pl, stream_start.pl, stream_stor.pl, stream_mkd.pl, and fscheck.
692252 111743 Issue: Previously, manual synchronization copied the files from the primary servers bin\agents folder to the secondary server, but did not preserve their permissions.
Resolution: Now, when the files are copied their permissions are preserved.
NOTE: Does not apply to Windows.
736562 129110 Issue: Previously, there were two server configuration options Ftp.ReverseDnsLookups and Http.ReverseDNSLookup for the HTTP and FTP daemons.
Resolution: Now, there is a new global server configuration option named Server.ReverseDNSLookups that applies for HTTP, FTP and SSH daemons.
NOTE: SSH needs to be restarted after a modification to apply the changes, for HTTP and FTP only bounce is enough. The Ftp.ReverseDnsLookups and Http.ReverseDNSLookup configuration options still exist but their description is updated since they are now deprecated. They won't take effect even if their values are modified since HTTP and FTP already use the new global option.
745931 133344 Issue: Previously, Transaction Manager was unable to recover after one hour of network outage, without services restart.
Resolution: Now, after the network is restored the end users are able to authenticate via all of the protocols.
765978 143645 Issue: Previously, the passive cluster node was not able to establish streaming connections on Large Enterprise Cluster with Passive Disaster Recovery setup.
Resolution: Now, the Disaster Recovery node gets the correct list of streaming daemons to connect to and is a proper replacement for the Production nodes.
730181-7 125871 Issue: Previously, all commands coming after an AUTH command over FTP protocol were executed even if the SSL handshake was not performed.
Resolution: Now, after the AUTH command over FTP protocol is invoked all following commands are discarded until a SSL handshake is performed. An error is logged with the message: "Possible plain text injection after AUTH command." The <commandname> command is ignored and error code 452 with the same message is returned.
If another command for authentication (AUTH) follows an AUTH command or if a SSL handshake is already performed, the second command is not executed. An error is logged with the message: "Invalid sequence of commands (AUTH command is already invoked)." Error code 503 with the same message is returned.
675210 105195 Issue: Previously, the command line utilities aesdec and aesenc were not working in some environments.
Resolution: Now, the utilities work correctly.
724409 127136 Issue: Previously, the performance of SFTP server-initiated pulls was not optimal.
Resolution: Now, the performance of SFTP server-initiated pulls is improved.
752176-2 139021 Issue: Previously, when sending a file to SecureTransport via Integrator, there were errors in the Server log.
Resolution: Now, the file is successfully transfered and there are no errors in the Server log.
736250 121397 Issue: Previously, the administrator could set Post transmission actions when editing a subscription that pushes files to more than one transfer site.
Resolution: Now, file pushes to more than one transfer are not allowed.
725556 125552 Issue: Previously, the xml package provided with SecureTransport stored only a part of the LocalId sent by SecureTransport to Sentinel.
Resolution: Now, the full LocalId sent by SecureTransport is stored in Sentinel.
Note: The Sentinel Tracked Object XFBTransfer v4.1.0 should be used. LocalId size is 36 bytes long in it versus 25 in previous versions.
SecureTransport 5.2.1 SP5 Patches
Patch 1
762325
144053 Issue: Previously, an upload restriction replaced the user's file UID with the GID number.
Resolution: Now, UID and GID numbers are properly set after upload.
Patch 1
771349
147149 Issue: Previously, an upload restriction for Mode set GID:GID for file ownership instead of UID:GID
Resolution: Now, the ownership of the file is properly set.
Patch 2
776806
148108 Issue: Previously, when a file was uploaded the SecureTransport Server always applied the owner, group, and mode configured in the first upload restriction from the Upload restriction list.
Resolution: Now, SecureTransport Server applies the owner, group, and mode using the settings of the correct upload restriction matching the file transfer.
NOTE: This issue is applicable only for Unix platforms and it does not apply to SecureTransport running on Windows environment.
Patch 2
776806-1
148270 Issue: Previously, SecureTransport Server ignored the value of the Users.DefaultUmask configuration parameter and created the uploaded files with default permissions of 644.
Resolution: Now, the correct value of the Users.DefaultUmask configuration parameter is used.
NOTE: This issue is applicable only for Unix platforms and it does not apply to SecureTransport running on Windows environment.
Patch 2
(none)
(none) Issue: Previously, SecureTransport Server ignored the owner, group and mode values configured in an upload restriction when the file mode was set by the client during the transfer.
Resolution: Now, you can use a new server configuration parameter Users.Uploads.RestrictionsApplication to control SecureTransport behavior. There are two available values for the parameter:
  • limited (default) - preserves the current behavior. SecureTransport server applies the owner, group and mode values set in an upload restriction only when the file mode is not set by the client.
  • full - SecureTransport Server applies the owner, group and mode values set in an upload restriction regardless of the file mode set by the client during the transfer. SecureTransport Server applies the file mode set by the client when the mode value in the upload restriction is left empty.
NOTE: This issue is applicable only for Unix platforms and it does not apply to SecureTransport running on Windows environment.
Patch 2
(none)
(none) Issue: Previously, when Restrictions.OrderOfApplication server configuration parameter was set to new, SecureTransport Server sporadically applied the filesystem, upload, and download restrictions in the wrong order.
Resolution: Now, SecureTransport Server applies the filesystem, upload, and download restrictions in the correct order according to the value of the Restrictions.OrderOfApplication configuration parameter.
Patch 3
778982
148968 Issue: Previously, there was a cross-site scripting vulnerability in the Ad-hoc messages download link.
Resolution: Now, there is no cross-site scripting vulnerability in the Ad-hoc messages download link.
Patch 3
(none)
149607 Issue: Previously, there was a session leak when an user attempted to download an Ad-hoc message protected with a secret question without providing the answer.
Resolution: Now, the session is properly closed.
Patch 4
775592
147920 Issue: Previously, the behavior of the AUTH command of the SecureTransport FTP Server was not compliant with RFC 2228.
Resolution: Now, the behavior of the AUTH command of the SecureTransport FTP Server is compliant with RFC 2228.
Patch 5
746831
138317 Issue: Previously, sending lots of authentication requests containing passwords with thousands of symbols to the SecureTransport HTTP Server could lead to a denial of service.
Resolution: Now, SecureTransport handles such request by discarding them when the password exceeds the threshold defined by the new Http.Authentication.MaxPasswordLength configuration option.
SecureTransport 5.2.1 SP6
775586-1 147762 Issue: Previously, SecureTransport was vulnerable to CVE-2015-4000.
Resolution: Now, SecureTransport restricts the usage of DHE ciphers with keysize smaller than 1024.
740662 131130 Issue: Previously, the buttons and settings on the SecureTransport Admin > Operations > Server Control page could be enabled or disabled by hovering over the labels next to them.
Resolution: Now, SecureTransport allows those settings to be modified only if the buttons are clicked.
747102 134536 Issue: Previously, when multiple server initiated uploads were started and Upload restrictions were evaluated for the User Class of the account that initiated the transfers, some of the uploads sporadically remained in progress.
Resolution: Now, all server initiated transfers complete correctly.
745542 134546 Issue: Previously, when multiple client initiated uploads were started and Upload Restrictions were evaluated for the User Class of the account that initiated the transfers, some of the uploads sporadically remained in progress.
Resolution: Now, all client initiated transfers complete correctly.
756647 140064 Issue: Previously, in Folder Monitor transfer site the labels of the two fields Download Subfolder Pattern and Download Subfolder Pattern Type were misleading and unclear.
Resolution: Now, those two labels are renamed respectively to Subfolder Name Pattern and Subfolder Name Pattern Type and a help tool tip is added next to the Subfolder Name Pattern field describing its proper meaning.
758257 140275 Issue: Previously, SecureTransport stripped out CR characters on Client Initiated Uploads of text files using FTP protocol in ASCII mode.
Resolution: Now, SecureTransport successfully saves the uploaded file with its original line endings.
747973-1 140885 Issue: Previously, when SecureTransport pushed files with names containing German umlauts to Axway Transfer CFT, they were recieved with wrong encoding.
Resolution: Now, when SecureTransport sends to Axway Transfer CFT files with names containing German umlauts, they are recieved with proper encoding, since Axway Transfer CFT version 3.1.3 SP1.
777889 148660 Issue: Previously, SecureTransport users were not able to change their password through REST API if the password has expired.
Resolution: Now, SecureTransport users can use REST API calls to reset their password even if it is expired.
777263 149356 Issue: Previously, when Axway Transfer CFT interrupted transfer to SecureTransport and then successfully resumed it, SecureTransport marked the transfer as failed and left .m_inproc files on the filesystem.
Resolution: Now, SecureTransport marks the interrupted and then resumed transfer from Axway Transfer CFT as successful in the File Tracking and there are no leftover .m_inproc files on the filesystem.
777332-1 149618 Issue: Previously, SecureTransport deleted all Anonymous packages every time when the Save button was clicked on Setup > Adhoc settings page in Administration tool.
Resolution: Now, SecureTransport does not delete Anonymous packages and they are available after Adhoc settings are changed.
775005-3 150066 Issue: Previously, SecureTransport server initiated transfers over SSH were failing against an external server (can be SecureTransport as well) configured to require dual-factor authentication.
Resolution: Now, SecureTransport server initiated transfers over SSH against a server configured to require dual-factor authentication are successful.
714850 120059 Issue: Previously, when SecureTransport ArchiveAgent was used to archive transferred files, there was an inconsistency between name of archived file, log message in File Tracking, and the SecureTransport Administrator's Guide.
Resolution: Now, SecureTransport uses the same format for archived file name and the name in File Tracking log message. The correct archived file name format is: <unique_file_name_modifier> which represents the unique transfer ID.
736519 129954 Issue: Previously, if a user was uploading files using the Light version of the Web Access Plus client and their session expired, the transfers were abruptly ended.
Resolution: Now, while the user is uploading files their session can not expire and all transfers will successfully complete.
760570-1 141359 Issue: Previously, SecureTransport was vulnerable to "FTP bounce attack".
Resolution: Now, the "FTP bounce attack" vulnerability is eliminated.
763406 142192 Issue: Previously, SecureTransport did not honor Users.LoginNames.virtualUserCaseSensitive and Users.LoginNames.virtualUserCaseSensitive configuration parameter values.
Resolution: Now, SecureTransport honors these configuration parameters.
NOTE: If SecureTransport installation uses external Microsoft SQL Server database - the value of database collation must be set to SQL_Latin1_General_CP1_CI_AS. Otherwise, the values of the configuration options Users.LoginNames.virtualUserCaseSensitive and Users.LoginNames.virtualUserCaseSensitive will be ignored.
765388 143298 Issue: Previously, when trying to export a large number of partitions, the SecureTransport TransferLog Maintenance Application failed with ORA-06502 errors.
Resolution: Now, when trying to export a large number of pratitions, the SecureTransport's TransferLog Maintenance Application does not fail in such scenarios.
766348 143500 Issue: Previously, when an email message with addresses in the BCC field was sent with Web Access Plus, the Sent folder did not show the BCC recipients.
Resolution: Now, the sender can see all recipients of email messages in Web Access Plus.
764578 143542 Issue: Previously, SecureTransport server was throwing an Internal Server Error when file downloads were attempted if the file was sent by an Adhoc user as anonymous link only and both Package Manager Base Folder and Anonymous Account Home Folder in Adhoc Settings page, are located on the UNC path.
Resolution: Now, SecureTransport server does not throw an Internal Server Error and the file can be downloaded successfully.
768134 145055 Issue: Previously, SecureTransport left meta .stpack files in the _mailbox subfolders that refered to deleted AdHoc packages.
Resolution: Now, SecureTransport deletes all references to packages that have been deleted.
773192 146857 Issue: Previously, the DXAGENT_URL environment variable, which contained the original HTTP URL request used to connect to SecureTransport server, was missing.
Resolution: Now, the DXAGENT_URL environment variable exists and can be used in customized user configuration agents.
772505 147203 Issue: Previously, the SecureTransport Web Access Plus client did not properly display the Start time of the transfers in Transfer Queue when the minutes were less than 10.
Resolution: Now, the SecureTransport Web Access Plus client correctly displays the Start time of transfers.
(none) 152365 Issue: Previously, concurrent logins to SecureTransport Server using Microsoft SQL Server could lead to a deadlock condition.
Resolution: Now, the possible deadlock condition is resolved and concurrent logins no longer cause deadlocks.
782532-1
782532-2
782532-3
782532-4
782532-5
782532-6
782532-7
782532-8
782532-9
782532-10
782532-11
782532-12
782532-13
782532-14
782532-15
782532-16
782532-17
782532-18
782532-19
782532-20
782532-21
151249
151250
151251
151252
151253
151254
151256
151257
151258
151259
151260
151261
151262
151263
151264
151267
151268
151269
151270
151271
151272
Oracle Java SE upgraded to 7u85 to address stability and security issues
IBM Java SDK for AIX upgraded to 7.0 Service Refresh 9 Fix Pack 10 to address stability and security issues:
CVE-2015-4760
CVE-2015-4749
CVE-2015-4748
CVE-2015-4736
CVE-2015-4733
CVE-2015-4732
CVE-2015-4731
CVE-2015-4729
CVE-2015-2664
CVE-2015-2659
CVE-2015-2638
CVE-2015-2637
CVE-2015-2632
CVE-2015-2628
CVE-2015-2627
CVE-2015-2625
CVE-2015-2621
CVE-2015-2619
CVE-2015-2613
CVE-2015-2601
CVE-2015-2597
SecureTransport 5.3.0 Patches
Patch 1 144463 Issue: Previously, the template of the LDAP recipient was not calculated correctly by a SecureTransport Server with installed EAAS customization.
Resolution: Now, the SecureTransport Server correctly calculates the template.
Patch 2
770370
145421 Issue: Previously, a user upload of a file larger than 2GB failed using SecureTransport Web Access Plus with the Java Applet disabled.
Resolution: Now, uploads of files larger than 2GB are successful.
Patch 2
772739
147052
  • Issue: Previously, when using SecureTransport Web Access Plus, a temporarily failing upload was retried from the beginning.
    Resolution: Now, the retries of such failures are started from the last successfully uploaded chunk.
  • Issue: Previously, SecureTransport Web Access Plus counted the retry attempts for the whole transfer.
    Resolution: Now, SecureTransport Web Access Plus resets this counter on each successfully uploaded chunk.
  • Issue: Previously, SecureTransport Web Access Plus attempted to retry a transfer right after a failure was detected.
    Resolution: Now, in case of a failure SecureTransport Web Access Plus will wait 10 seconds between each attempt.
Patch 2
772640
147544 Issue: Previously, when there was temporary transfer failure (for example network outage) the transfer retry started from the beginning, and it started in the folder where the user was currently located, instead of the folder where the upload was interrupted.
Resolution: Now, retries start with the last chunk (100 MB segment) and in the same folder where the upload was interrupted.
Patch 3
773164
147266 Issue: Previously, in a non-root SecureTransport installation, there were significant performance issues and warnings when using the Shared Folder type application and the shared folder was outside the account home directory.
Resolution: Now, there are no performance issues or warnings in this case.
Patch 3
774508
147268 Issue: Previously, in a non-root SecureTransport installation, a Folder Monitor transfer site did not process files when the download directory was outside the account home directory.
Resolution: Now, Folder Monitor transfer sites process files correctly in this case.
Patch 4
771260
145835 Issue: Previously, unlicensed users with access to an AdHoc Shared Folder were able to view home folders of other users.
Resolution: Now, unlicensed user only have access to their home folders.
Patch 4
771114
778498
145836
148994
Issue: Previously, unlicensed users attempting to reply to an AdHoc message using SecureTransport Web Access Plus, were redirected to the login page with an "Invalid username or password" error message.
Resolution: Now, unlicensed users are able to reply to an AdHoc message.
Patch 4
772597
147179 Issue: Previously, an existing user was unable use non-existing users as collaborators with AdHoc Shared Folders.
Resolution: Now, sharing between existing and non-existing users is possible.
Patch 4
773915
147531 Issue: Previously, file upload using SecureTransport Web Access Plus triggering Publish to Account step, was blocked by the ICAP scan when Delete On Success Post Processing was selected.
Resolution: Now, the upload is successful and the Advanced Routing is triggered.
Patch 4
(none)
148975
  • Issue: Previously, SecureTransport Web Access Plus transfers were retried in infinite loop when an error affected the whole transfer.
    Resolution: Now, SecureTransport Web Access Plus resets the transfer retries counter on each successfully uploaded chunk.
  • Issue: Previously, when a network outage occurred, the SecureTransport Web Access Plus retry timer was not stopped when the transfer was paused or canceled by the user.
    Resolution: Now, the retry timer is stopped.
Patch 4
772597
147183
  • Issue: Previously, a SecureTransport user was not able to enroll collaborators if default network zone was not configured.
    Resolution: Now, AdHoc Shared Folder functionality is working correctly, even if there is not a default network zone configured.
  • Issue: Previously, a SecureTransport user that was part of business unit with a Default enrollment template, was not able to enroll collaborators.
    Resolution: Now, the Adhoc account enrollment template global setting is used even if Business Unit enrollment template is set to Default.
  • Issue: Previously, expressions set in the enrollment account template, were not resolved.
    Resolution: Now, expressions set in the enrollment account templates are working correctly.
Patch 5
(none)
148693 Issue: Previously, SecureTransport Web Access Plus occassionaly threw exceptions when multiple asynchronous requests were sent to mailbox resources.
Resolution: Now, SecureTransport REST mailbox resources function properly.
Patch 5
778205
148694 Issue: Previously, AdHoc messages with binary attachments were blocked by the ICAP server with preview mode enabled when SecureTransport ICAP scanning and package encryption were configured.
Resolution: Now, AdHoc message with binary attachments are successfully sent.
Patch 5
(none)
148697 Issue: Previously, Sentinel ICAP scanning events for Adhoc message subject and body were not linked to the original AdHoc package.
Resolution: Now, AdHoc message and subject ICAP events are linked to the AdHoc package Cycle Id.
Patch 5
772419
146455 Issue: Previously, SecureTransport did not honor the related configuration options Users.LoginNames.normalizedCaseInsensitiveUsername and Users.LoginNames.virtualUserCaseSensitive.
Resolution: Now, if the configuration option Users.LoginNames.virtualUserCaseSensitive is set to false and the configuration option Users.LoginNames.normalizedCaseInsensitiveUsernamel is not set to none but one of lower or upper values, the SecureTransport normalizes the typed user name before logging in.
Patch 5
777951
149795 Issue: Previously, SecureTransport Web Access Plus shared folders functionality did not work with SecureTransport Edge installed on Windows and SecureTransport Server installed on IBM AIX.
Resolution: Now, user logged in SecureTransport Web Access Plus through SecureTransport Edge running on Windows, can successfully share folders if SecureTransport Server is running on IBM AIX.
Patch 5
779781
149486 Issue: Previously, the SecureTransport Administration Tool ICAP Settings page did not support custom service input, other than REQMOD and RESPMOD.
Resolution: Now, SecureTransport administrator can edit the entire DLP/AV ICAP URL in the following format icap://dlpav-address:port/servicename
Patch 5
780810
149860 Issue: Previously, file paths used on the SecureTransport Server were constructed using the SecureTransport Edge file system path separator.
Resolution: Now, UNIX path separators are always used for communication between modules and are converted to Windows at the SecureTransport Server, if necessary.
Patch 6
780122
149697 Issue: Previously, when new account was created by the SecureTransport enrollment mechanism, Lock account after X failed attempts was not set.
Resolution: Now, there is a new server configuration option named Users.DefaultLockoutLimit. It is used when enrolling a user account to specify the default value of the Lock account after X failed login attempts property.
Patch 6
781430
150194 Issue: Previously, when a user shared a folder from SecureTransport Web Access Plus to an LDAP account that has not yet logged in SecureTransport, the LDAP account's home folder was created with an incorrect UID and GID.
Resolution: Now, when a user shares a folder to an LDAP account, the LDAP account's home folder is correctly created with the UID and GID specified in the corresponding Account Template.
Patch 6
780322
149650 Issue: Previously, unlicensed users were able to reply only to the first received message from a conversation using SecureTransport Web Access Plus or REST API. Replying to a subsequent message in the same conversation was rejected with error: "Unlicensed user cannot change message subject."
Resolution: Now, replying to a subsequent message in a conversation is allowed as long as the unlicensed user replies only once to the message.
NOTE: That there is a difference between replying multiple times to one message and replying to a subsequent message in the same conversation.
Patch 6
781954
150309 Issue: Previously, the Java Applet was loaded on Internet Explorer 11 in SecureTransport Web Access Plus even when set to Java Applet disabled.
Resolution: Now, the Java Applet is loaded on all supported browsers only when SecureTransport Web Access Plus is set to Java Applet enabled.
Patch 6
779833
149406 Issue: Previously, when a folder had been shared to an LDAP user, and the owner of the folder opened the sharing pop-up, but did no changes and clicked the Share button, an error message was returned in SecureTransport Web Access Plus.
Resolution: Now, there are no error messages in this case.
Patch 6
773912
147546 Issue: Previously, when Advanced Routing was configured with two steps (Decompress and Publish to Folder), and NFS share was used for the account home folder, in some cases the SecureTransport Server tried to decompress the files already decompressed from the original archive.
Resolution: Now, the Decompress step does not attempt to decompress the files already decompressed from the original archive.
Patch 6
779377
149424 Issue: Previously, when SecureTransport Server was installed on Microsoft Windows and updated with Patch 3 or newer, virtual users mapped to a real user account in the Password Vault were unable to upload files.
Resolution: Now, virtual users are able to upload files.
Patch 7
773447
147466 Issue: Previously, filesystem restrictions did not work as expected when using FTP - restrictions for deleting a file operation from the m Admin UI > Access > Restrictions-Filesystem page. Allow folder/deny all else did not take effect over FTP or FTPS and "Permission denied" errors were observed.
Resolution: Now, the filesystem restrictions work properly when using FTP.
Also, a new server configuration option is introduced - Restrictions.OrderOfApplication
There are 2 values available for the option - new and legacy.
Legacy (default) - rules are applied from bottom to top.
New - rules are applied from top to bottom
Patch 7
752176-2
139021 Issue: Previously, when sending a file to SecureTransport via Integrator, there were errors in the Server log.
Resolution: Now, the file is successfully transfered and there are no errors in the Server log.
Patch 7
762325
144053 Issue: Previously, selecting Upload restriction replaced the user's file UID with the GID number.
Resolution: Now, UID and GID numbers are properly set after upload.
NOTE: This issue is applicable only for UNIX platforms and it does not apply to SecureTransport running on Windows environment.
Patch 7
771349
147149 Issue: Previously, selecting Mode for Upload restrictions set GID:GID for file ownership instead of UID:GID.
Resolution: Now, the ownership of the file is properly set.
NOTE: This issue is applicable only for UNIX platforms and it does not apply to SecureTransport running on Windows environment.
Patch 7
776806
148108 Issue: Previously, when a file was uploaded the SecureTransport Server always applied the owner, group, and mode configured in the first upload restriction from the Upload restriction list.
Resolution: Now, SecureTransport Server applies the owner, group, and mode using the settings of the correct upload restriction matching the file transfer.
Issue: Previously, SecureTransport Server ignored the owner, group, and mode values configured in an upload restriction when the file mode was set by the client during the transfer.
Resolution: Now, you can use the new server configuration parameter Users.Uploads.RestrictionsApplication to control SecureTransport behavior.
  • limited (default) - preserves the current behavior. SecureTransport server applies the owner, group and mode values set in an upload restriction only when the file mode is not set by the client.
  • full - SecureTransport Server applies the owner, group and mode values set in an upload restriction regardless of the file mode set by the client during the transfer. SecureTransport Server applies the file mode set by the client when the mode value in the upload restriction is left empty.
NOTE: This issue is applicable only for UNIX platforms and it does not apply to SecureTransport running on Windows environment.
Patch 7
776806-1
148270 Issue: Previously, SecureTransport Server ignored the value of the Users.DefaultUmask configuration parameter and created the uploaded files with default permissions of 644.
Resolution: Now, the correct value of the Users.DefaultUmask configuration parameter is used.
NOTE: This issue is applicable only for UNIX platforms and it does not apply to SecureTransport running on Windows environment.
Patch 7 149700 Issue: Previously, when ICAP scanning and repository encryption for an account were enabled, client initiated uploads failed because the ICAP server blocked the transfer.
Resolution: Now, repository encryption does not affect the file upload and all transfers are correctly passed or blocked by the ICAP scanning.
Patch 7
781955
150310 Issue: Previously, when deleting a non-empty folder from SecureTransport Web Access Plus, there was a generic error stating that the operation was denied.
Resolution: Now, the error is more descriptive stating that the operation was unsuccessful because the directory is not empty.
Patch 7
783009
150624 Issue: Previously, when installing or uninstalling a SecureTransport patch, database operations were always performed and SecureTransport services always started automatically after an update.
Resolution: Now, SecureTransport offers an option to skip database changes and control services start when installing or uninstalling a patch update.
NOTE: This is applicable only for SecureTransport Large Enterprise Cluster. The only supported install procedure is console mode. In order to skip database operations when installing or uninstalling a patch update, add the following command line Java argument: -javaargument -DST_UPDATEDB=false
For example:
  • <AxwayHome>/update.sh -i <UPDATE_PACKAGE_FILE_LOCATION>/SecureTransport_5.3.0_Patch11_allOS_BN1390.jar -javaargument -DST_UPDATEDB=false for UNIX-based platforms and Axway Appliances
  • <AxwayHome>\update64.exe -i <UPDATE_PACKAGE_FILE_LOCATION>\SecureTransport_5.3.0_Patch11_allOS_BN1390.jar -javaargument -DST_UPDATEDB=false for Microsoft Windows.
In order to skip start of SecureTransport services, set a system environment variable STARTSERVICES with value false.
Patch 7
780321
772704-1
149688
147386
Issue: Previously, when a collaborator's account had been deleted or their home folder had been changed and the folder owner decided to unshare it, the folder still appeared as shared. Also when the folder owner account had been deleted or their home folder had been changed, all of the collaborators were still able to see the shared folder and if they tried to access it an error message was displayed.
Resolution: Now, when account is deleted or the home folder changed from the SecureTransport Administration Tool, all of the shared folders links are removed and no broken links remain.
Patch 7
782185
150333 Issue: Previously, an "Not-valid CSRF prevention token" error message was received in the browser if the user clicked on more than one download notification link originating from the Shared Folder Collaboration functionality.
Resolution: Now, a CSRF prevention token is not required for idempotent GET requests and user will not receive an error message in this case.
Patch 8
(none)
151628 Issue: Previously, an unlicensed user replying to a message was unable to access the custom properties of the messages RestAPI resource.
Resolution: Now, the custom properties of the messages resource are accessible by an unlicensed user.
Patch 8
(none)
150970 Issue: Previously, when a user tried to add a collaborator in the sharing dialog without entering any symbols, there was a non-descriptive warning message.
Resolution: Now, there is a more descriptive warning message stating that the user must enter a valid email address.
Patch 8
781953
150931
  • Issue: Previously, when a user tried to delete a non-empty shared folder, the delete operation failed but the folder was unshared leading to an inconsistency between the main and the tree view in SecureTransport Web Access Plus.
    Resolution: Now, the folder status is updated properly in both main and tree views.
  • Issue: Previously, when a user shared a folder and switched between list and icons views the status of the shared folder was not properly updated.
    Resolution: Now, the folder status is updated properly in both list and icons views.
Patch 8
781953
150930 Issue: Previously, when a user shared a folder with a # character and/or a & character in its name, the shared information was missing in SecureTransport Web Access Plus.
Resolution: Now, characters like # and & do not cause corruptions in the shared folder.
Patch 8
783009
150754 Issue: Previously, when an AdHoc package with large attachment(s) was forwarded in SecureTransport Web Access Plus, an error message "Draft was not saved" was occasionally displayed.
Resolution: Now, users can successfully forward an email with large attachment(s).
Patch 8
782148
150447 Issue: Previously, when SecureTransport Web Access Plus was configured to use Basic Authentication instead of a HTML form by setting Http.FdxAuthReply configuration parameter to BA, after the user logged out and tried to login again, the Basic Authentication prompt appeared and never went away.
Resolution: Now, a user can successfully logout and then login using Basic Authentication.
Patch 8
(none)
151053 Issue: Previously, when a user was tried to compose an email using SecureTransport Web Access Plus and requests were redirected trough a HTTP proxy server, occasionally a "ConcurrentModificationExeption" was thrown and a warning message was reported in the Server Log.
Resolution: Now, users can successfully compose an email using SecureTransport Web Access Plus while requests are redirected trough a HTTP proxy, and no warning message will be reported in the Server Log.
Patch 8
781648
150195 Issue: Previously, when a user shared a folder with accounts that have upper-case email addresses, a "Linking to directories is not supported" error message was displayed in SecureTransport Web Access Plus.
Resolution: Now, using upper or lower case in the account email addresses is irrelevant to SecureTransport Web Access Plus shared folders functionality.
Patch 8
783785
150942 Issue: Previously, when sending mail using SecureTransport Web Access Plus to multiple recipients and at least one address was not formatted properly, an unclear and misspelled error message was displayed.
Resolution: Now, a descriptive message is displayed, explaining the actual error cause.
Patch 8
782976
150663 Issue: Previously, when creating a directory using SecureTransport Web Access Plus in list file view on Internet Explorer 11, the notification message "Creating directory (1)" remained on the screen until the user is logged out.
Resolution: Now, the notification dialog is hidden once the operation is finished for all file and folder actions.
Patch 9
781953-3
150932 Issue: Previously, when dragging and dropping multiple files from a folder to another folder in SecureTransport Web Access Plus, the folder view was not properly refreshed. Some of the files still appeared to be present although they had been successfully moved to the new location.
Resolution: Now, all successfully moved files are not visible in the previous folder.
Patch 9
783808
150995 Issue: Previously, when a user shared a folder that contained subfolders and immediately navigated to it, the Sharing button was available for the subfolders although it should not have been.
Resolution: Now, when the user navigates to a sharedfolder, the Sharing button is not available.
Patch 9
785751
151841 Issue: Previously, when SecureTransport was configured to use Basic Authentication as an authentication method, the user session expiring would lead to an infinite loop.
Resolution: Now, using Basic Authentication no longer leads to an infinite loop.
Patch 9
772607
146931 Issue: Previously, when saving a route package in the SecureTransport Administration Tool, all routes were saved, resulting in decreased performance.
Resolution: Now, when saving a route package, fewer requests are sent and the performance is improved.
Patch 10
785225
151581 Issue: Previously, users could not login via SSH using a DSA private key.
Resolution: Now, users logging via SSH with a DSA private key are successfully authenticated.
Patch 10
785390-2
152040 Issue: Previously, users could not login via RestAPI using a client certificate unless a Referrer header was provided.
Resolution: Now, users logging in via RestAPI using a client certificate are successfully authenticated without setting the Referrer header.
Patch 10
785390-1
151773 Issue: Previously, when using custom variables in REST API calls to specify transfer site fields, requests failed and errors were reported in the SecureTransport server log.
Resolution: Now, transfer site fields can be successfully modified using custom variables in REST API requests.
Patch 10
785390
151774 Issue: Previously, when pulling files to a SharedFolder subscription via REST API, the files were transferred to the subscription directory under the user's home folder.
Resolution: Now, the pulled files are stored in the actual shared folder location.
Patch 10
(none)
152429 Issue: Previously, when a message with triangle brackets in its body was composed in SecureTransport Web Access Plus and delivered to a standard mailbox, the parts of the message enclosed in triangle brackets was missing on the received.
Resolution: Now, the complete message is received including the parts enclosed in triangle brackets.
Patch 10
(none)
151679 Issue: Previously, when downloading a file with special characters in its name, using the link in the Properties dialog in SecureTransport Web Access Plus web client, an error was thrown:
{"message" : "Error validating request","validationErrors" : [ "Error occurred while getting file size and type." ]}
Resolution: Now, this link is URL encoded and the file is downloaded successfully.
Patch 10
(none)
151945 Issue: Previously, SecureTransport Web Access Plus was vulnerable to HTML injection attack by uploading a file containing HTML code in its name.
Resolution: Now, uploaded files names are encoded properly and HTML injection is prevented.
Patch 10
(none)
151938 Issue: Previously, HTML character entities SecureTransport Web Access Plus were rendered as symbols when used in mail folders, mail attachments, local and remote files, and folders names.
Resolution: Now, text is displayed without HTML interpretations.
Patch 10
(none)
152857 Issue: Previously, in a standard cluster environment with streaming and ICAP scanning enabled, there was an "MD5 checksum verification failed" error message in SecureTransport Web Access Plus when a user uploaded a file on the edge.
Resolution: Now, SecureTransport Web Access Plus displays correct upload statuses.
Patch 10
(none)
(none) Add support for McAfee Web Gateway version 7.5.2 and later as external ICAP Anti-virus engine.
Patch 11
779714
151980 Issue: Previously, when a user tried to upload a file using SecureTransport REST API (POST request to https://<server>:<port>api/v1.2/files), the file was successfully uploaded, but the transfer appeared as failed in the File Tracking page.
Resolution: Now, upload transfer through REST API appears in File Tracking page as successful.
Patch 11
783072
151201 Issue: Previously, a Folder Monitor transfer site would try to create a SecureTransport system folder (named .stfs) into a folder, prior to the folder where it should pull the files from.
Resolution: Now, a Folder monitor transfer site will not try to create any SecureTrasnport system folders.
Patch 11
785733
151900 Issue: Previously, it was possible for FTPD or HTTPD to be bound to the address defined for another LEC node.
Resolution: Now, each daemon is bound to the address specified per its node.
Patch 11
785389
151649 Issue: Previously, characters outside the ASCII set or unsafe ASCII characters in mailbox folders names were not handled properly on Internet Explorer when using SecureTransport Web Access Plus, causing errors when opening the folder.
Resolution: Now, mailbox folders content is loaded successfully even when containing such characters.
Patch 11
786270
152102 Issue: Previously, a Standard Router application did not work correctly when repository encryption mode was disabled for the service account and enabled for the user account subscribed to the application. A file sent from the service account was received unencrypted by the user.
Resolution: Now, the file is received encrypted regardless of the service account's settings.
Note: For all application types, the encryption of the received file depends on the repository encryption mode of the recipient and not the sender. The following are some scenario descriptions:
1. Both the sender and recipient have repository encryption enabled. The received file will be encrypted.
2. The sender has repository encryption disabled and recipient has repository encryption enabled. The received file will be encrypted.
3. The sender has repository encryption enabled and recipient has repository encryption disabled. The received file will be unencrypted.
4. Both the sender and recipient have repository encryption disabled. The received file will be unencrypted.
Patch 11
782230
150353 Issue: Previously, sharing a folder from SecureTransport Web Access Plus to an account whose home folder has been removed, failed with a non-descriptive error message.
Resolution: Now, users can successfully share folders to accounts whose home folder has been removed.
Patch 11
785538
151711 Issue: Previously, when a user logged in SecureTransport Web Access Plus on Firefox multiple times, the Inbox tab was opened together with the SecureTransport tab. Then after closing the Inbox tab, the Open folder progress bar was stuck on the screen and disappeared only after logging out.
Resolution: Now, only the SecureTransport tab is opened and the progress bar is closed after loading all files in the folder.
Patch 11
(none)
151318 Issue: Previously, moving a message by selecting Create new folder from the mail folders list in SecureTransport Web Access Plus failed with error "400: Bad Request".
Resolution: Now, moving a message in a newly created mail folder is successful.
Patch 11
(none)
153414 Issue: Previously, when a SecureTransport user shared a folder and specified Download and Upload permissions, if a collaborator without overwrite permission tried to overwrite a file in the shared directory, upload failed as expected but after three retries.
Resolution: Now, the upload fails without retries when there are no overwrite permissions.
Patch 11
(none)
153771 Issue: Previously, AS2 messages received from a Linoma Partner (Go Anywhere 5.1) were not processed correctly because there was a problem with Base64 decoding.
Resolution: Now, AS2 messages are correctly processed.
Patch 11
787015
152448 Issue: Previously, listing a folder via FTPS using client certificate authentication failed unless the client explicitly sent the CWD command.
Resolution: Now, directories and folders are listed successfully.
Patch 11
781953-5
150934 Issue: Previously, info, warning and error messages in SecureTransport Web Access Plus remained on the screen unless explicitly closed.
Resolution: Now, all notification messages are automatically closed after 4 seconds.
Patch 11
(none)
151721
151722

Issue: Previously, keyboard shortcuts S (Share a selected folder) and G + S (Go to the Sent tab) in SecureTransport Web Access Plus were overlapping.
Resolution: Now, pressing S on a selected folder opens the sharing options and G + S opens the Sent tab.

Patch 13
00804369
D-98549 Issue: Previously, it wasn't possible to resume an interrupted file download from SecureTransport Web Access Plus client using Chrome, Firefox, Internet Explorer, and Safari built-in download managers.
Resolution: Now, transfer on ranges from the browsers built-in download managers are supported, making it possible to resume transfers after a network outage or when the transfers are manually paused.
Unlike in Firefox, Internet Explorer, and Safari 9 browsers, downloads on ranges in Chrome is toggled by the enable-download-resumption configuration option from chrome://flags features. For more information on how to enable the feature refer to the Chrome documentation.
Patch 13 00804773 D-98644 Issue: Previously, when a user using FTP tried to list a directory different than the root with an absolute path, the directory listing failed.
Resolution: Now, the listing of directory is successful in this case.
Patch 14
00802439
D-98069 Issue: Previously, a service account with encrypt mode enabled received a plain file (not encrypted) from an account with encrypt mode enabled via the StandardRouter application.
Resolution: Now, if the service account has encrypt mode enabled, the received file is also encrypted.
Patch 14
00802543
D-98237 Issue: Previously, when LDAP users tried to login with email address in SecureTransport Web Access Plus client and login by email was not allowed in the associated account template, some browsers did not get an indication of an error.
Resolution: Now, a login failure message is displayed on all supported browsers.
Patch 14
00802720
D-98300 Issue: Previously, Sharing button in SecureTransport Web Access Plus client was always disabled when a folder was selected in the Remote tree pane.
Resolution: Now, the button is functional when a folder is selected in both the Remote tree and the SecureTransport panes.
Patch 14
00803298
D-99008 Issue: Previously, SecureTransport running in Standard Cluster mode did not correctly process client-initiated transfers and would reach a point at which protocol daemons were not able to connect to SecureTransport Transaction Manager without restart.
Resolution: Now, SecureTransport running in Standard Cluster processes client-initiated transfers correctly and connections between Transaction Manager and SecureTransport daemons are stable.
Patch 14
00804580
D-98655 Issue: Previously, reverse DNS lookups always occurred even when the option was disabled from Setup > Miscellaneous > FTP (HTTP) Reverse DNS Lookups. There were specific options for FTP and HTTP. SSH used the value from HTTP option.
Resolution: Now, reverse DNS lookups are triggered only when the option is enabled. When the option is disabled no lookups occur. The FTP and HTTP options are removed and there is one global option for HTTP, FTP, and SSH.
EAAS Add-on
D-69052
147742
(none) Issue: Previously, when Allow this account to login to SecureTransport Server was selected on an Account page, the login protocol for the account could not be specified.
Resolution: Now, the functionality is implemented for an Account or an Account Template to be configured to login through a specified protocol. On the Account page the Login settings pane is modified to enable or disable login through protocols - HTTP, FTP, AS2, SSH, or PeSIT. On the Account Template page the Allowed Login Protocols pane is added to enable or disable login through protocols - HTTP, FTP, SSH, or PeSIT.
NOTE: If a protocol is not selected, An Account or an Account Template can not login through the protocol.
SecureTransport 5.3.1 Resolved Defects
D-84321
140658
757227 Issue: Previously, SecureTransport failed to pull existing files matching a regular expressions like abc[0-9]xyz when such an expression was specified within a SSH Transfer site download pattern.
Resolution: Now, SecureTransport correctly evalutes regular expressions in the SSH Transfer site download pattern and successfully pulls the matching files.
D-89822
146456
772399 Issue: Previously, the SecureTranport Administrator's Guide was not in sync with the Administration Tool help.
Resolution: Now, SecureTranport Administrator's Guide is in sync with the Administration Tool help as follows: The Send to Partner and Publish to Account steps allow usage of both login and account name. Runtime, SecureTransport searches account names first and then searches the login names when Send to Partner or Publish to Account step is executed as part of a route.
D-90331
146996
773657-3 Issue: Previously, SecureTransport was vulnerable to CVE-2015-0899.
Resolution: Now, SecureTransport 5.3.1 is not vulnerable to CVE-2015-0899. Struts 1.1 has been removed for all supported platforms.
D-90337
147004
773672 Issue: Previously, the custom subject in the mail notification template for Adhoc was not honored for folder sharing notifications.
Resolution: Now, the custom Adhoc subject is honored for folder sharing notifications.
D-90500
147171
773257 Issue: Previously, the Transaction Manager rule package import failed due to unnecessary XML elements in some custom rules.
Resolution: Now, the Transaction Manager custom rule package import is successful even when there may be unnecessary elements in the imported rule.
D-90592
147265
774016 Issue: Previously, the Axway Sentinel DXAGENT_CLIENTADDR client session variable would arrive empty when tranmitted over HTTP protocol.
Resolution: Now, the DXAGENT_CLIENTADDR client session arrives with the correct information encapsulated when transitted over HTTP protocol.
D-90951
147637
775448 Issue: Previously, errors were improperly handled on the the scheduleEdit.jspx page.
Resolution: Now, any errors on the scheduleEdit.jspx are properly handled.
D-91004
147692
775150 Issue: Previously, the SecureTransport Installation Guide had incomplete information on the IBM AIX files located in the <FILEDRIVEHOME>/bin/utils/ directory.
Resolution: Now, the SecureTransport Installation Guide has the correct file references.
D-91065
147760
773955 Issue: Previously, when an attempt was made to open the SecureTransport Administration Tool ServerLog page a permanent "ServerLog Database is unavailable message" was received.
Resolution: Now, the SecureTransport Administration Tool ServerLog page opens normally and no error message is received.
D-91068
147763
775586-2 Issue: Previously, SecureTransport was vulnerable to CVE-2015-4000 a.k.a LogJam attacks.
Resolution: Now, the SecureTransport vulnerability has been resolved.
D-91121
147823
775252 Issue: Previously, when a SecureTransport installation was attempted using setup.sh called with -m console option on a IBM AIX without X-windows installed, an error was received and the installation failed.
Resolution: Now, SecureTransport Installation Guide has been updated noting that X-windows may have to be installed on the IBM AIX for the installation to be successful.
D-91130
147834
(none) Issue: Previously, the ${currentfulltarget} expression was spelled wrong in the SecureTransport Administrator's Guide.
Resolution: Now, the the ${currentfulltarget} expression is spelled correctly in the SecureTransport Administrator's Guide
D-91148
147859
(none) Issue: Previously, PeSIT P119 was not populated with the expected value of ${DXAGENT_TRANSFERSAPI_NAME} in a SIT push from a RESTful call.
Resolution: Now, PeSIT P119 is populated with the expected value of ${DXAGENT_TRANSFERSAPI_NAME}.
D-91207
147918
774507 Issue: Previously, the Use existing database schema option was missing from the installer console menu during additional large enterprise cluster (LEC) node installations.
Resolution: Now, the Use existing database schema option is present in the installer console menu.
D-91852
148661
775400-1 Issue: Previously, SecureTransport 5.2.1 had a possible vulnerability to CVE-2013-0248 - Apache Commons FileUpload.
Resolution: Now, vulnerability has been resolved by upgrading the Apache Commons FileUpload to 1.3.1.
D-91858
148667
775400-5 Issue: Previously, SecureTransport 5.3.1 had a possible vulnerability to CVE-2014-0050 - Apache Commons FileUpload.
Resolution: Now, vulnerability has been resolved by upgrading the Apache Commons FileUpload to 1.3.1.
D-91979
148794
778475 Issue: Previously, SecureTransport was vulnerable to a possible Cross-Site Request Forgery (CSRF) protection bypass.
Resolution: Now, SecureTransport is not vulerable to a CSRF protection bypass.
D-92060
148877
776814 Issue: Previously, the Maverick version was not provided in the SecureTransport log files.
Resolution: Now, the Maverick version is provided in the log files.
D-92156
148978
776286 Issue: Previously, when Notify Following e-mails on route success was selected for an Advanced Routing global route, the email notifications were not being sent.
Resolution: Now, the email notifications are successfully sent.
D-92194
149021
(none) Previouly, the SecureTransport Edge Denied.Proxy.Timeout, Failed.Proxy.Timeout, and Proxy.Max.Failure.Series settings are not enforced properly after a failed transfer.
Resolution: Now, the Denied.Proxy.Timeout, Failed.Proxy.Timeout, and Proxy.Max.Failure.Series settings are properly enforced.
D-92589
149548
(none) Issue: Previously, SecureTransport always sent PI05 even when no server or partner passwords were defined in the PeSIT Transfer Site.
Resolution: Now, SecureTransport only sends PI05 when server or partner passwords are defined in the PeSIT Transfer Site.
D-93258
150233
781710 Issue: Previously, the assigned Mail Template names of a saved route were not loaded in the Notifications pane of the Route Package.
Resolution: Now, the assigned Mail Template names of a saved route were not loaded in the Notifications pane.
D-93333
150311
781957 Issue: Previously, when an unlicensed user unshared a folder they were booted from Web Access Plus and could not log back in due to CSRF prevention.
Resolution: Now, unlicensed users cannot unshare shared folders.
D-93604
150601
782491 Issue: Previously, the SecureTranport Web Client Users Guide did not include information on Microsoft Internet Explorer download limitations.
Resolution: Now, the SecureTranport Web Client Users Guide includes browser based information download limitation information.
D-94415
151387
783660 Issue: Previously, when a file or folder was created using Rest API and permissions was not the default (755); the query was successful, the file was created, but the permissions were not set.
Resolution: Now, the permissions are set correctly when a file or folder is created using Rest API.
D-94535
151513
(none) Issue: Previously, the SecureTranport Web Client Users Guide included information on renaming folders in Web Access Plus.
Resolution: Now, the folder renaming information has been removed from the SecureTranport Web Client Users Guide.
D-94607
151580
785230 Issue: Previously, sorting of emails in Web Access Plus in either Inbox or Sent box by column labels (to/from, subject, tracking, sent, date, expires, size) did not work.
Resolution: Now, the sorting of emails by column labels functions properly.
D-94671
151637
785252 Previouly, when a Web Access Plus download URL was incorrect the download error message contained a typographical error.
Resolution: Now, the typographical error in download message has been corrected.
D-94673
151639
785253 Issue: Previously, when large files were uploaded in Web Access Plus the wrong status was reported for files in the upload queue.
Resolution: Now, the correct status is reported for files in the upload queue.
D-94676
151642
785243 Issue: Previously, the SecureTransport Web Client Users Guide incorrectly included information on moving folders.
Resolution: Now, the information on moving folders has been removed from the SecureTransport Web Client Users Guide.
D-95222
152157
786582 Issue: Previously, setting the SecureTransport Administation Tool OutboundConnections.Proxy.serverHost server configuration did not work.
Resolution: Now, setting the OutboundConnections.Proxy.serverHost server configuration works correctly.
D-95957
152874
788138 Issue: Previously, SecureTransport Advanced Routing only sent notification emails for route failure when both Notify following e-mails on route failure: and Notify following e-mails on route success: were enabled.
Resolution: Now, the route failure email notifications are sent whenever Notify following e-mails on route failure: is enabled.
D-96375
153308
(none) Issue: Previously, SecureTransport leaked one or two file descriptors for each AdHoc transfer. When message was sent, one descriptor was leaked. If a file was attached to the message, two descriptors were leaked, one for the file and another for the message body.
Resolution: Now, SecureTransport file descriptors are not leaked during Adhoc transfers.
D-96600
153529
789472 Issue: Previously, the ICAP settings section of the SecureTransport Administrator's Guide did not include instructions to the verify that ICAPScan was enabled prior to configuring ICAP scanning.
Resolution: Now, the ICAP settings section of the SecureTransport Administrator's Guide includes instructions to verify that ICAPScan is enabled.
D-97374
154206
(none) Issue: Previously, files could not be downloaded from paths containing special characters in Web Access Plus from a SecureTransport Edge running on Microsoft Windows.
Resolution: Now, files with special characters in their paths can be downloaded.
D-97386
154216
(none) Issue: Previously, the Email contact field on the SecureTransport Administration Tool Account Template page truncated data and caused issues when its content was 70 or more characters long.
Resolution: Now, the content in the Email contact field is no longer truncated when over 70 characters long.
D-97506
154339
778150-1 Issue: Previously, pattern based (SIT) pulls failed when the ZeroByteWildcardPullAllowed configuration parameter was set to true on a SecureTransport Server running on Microsoft Windows.
Resolution: Now, pattern based (SIT) pulls are successful when the ZeroByteWildcardPullAllowed configuration parameter is set to true.
D-97593
154420
791808 Issue: Previously, the Advanced Routing email notifications were sent from the Administrator's email address instead of the Notify email address.
Resolution: Now, the email notifications are sent from the Notify email address.
D-97759 (none) Issue: Previously, SecureTransport administrator's received an HTTP 400 error when attempting to access the Administration Tool using either a FireFox or a Microsoft Internet Explorer browser.
Resolution: Now, HTTP 400 errors are no longer received and accessing SecureTransport Administration Tool is successful.
D-98717 (none) Issue: Previously, the human readable description the Mailbox API of the SecureTransport Rest API was not available.
Resolution: Now, the a human readable description of the Mailbox API is available.
D-99225 (none) Issue: Previously, SecureTransport was vulnerable to CVE-2015-4852 - Java Deserialization.
Resolution: Now, the vulnerability is resolved and SecureTransport is no longer vulnerable to CVE-2015-4852.
D-99624 (none) Issue: Previously, the SecureTransport currentfulltarget varible was inconsistently applied in the Advanced Routing Send To Partner and Publish To Account routing steps.
Resolution: Now, the currentfulltarget varible is iconsistently applied in the Advanced Routing Send To Partner and Publish To Account routing steps and holds the full path to the file.
D-100219 (none) Issue: Previously, there was an error downloading the AdHoc anonymous link when Package Base Folder and Anonymous Account Home Folder were are on the Universal Naming Convention (UNC) path.
Resolution: Now, the AdHoc anonymous link can be downloaded without errors.

Known issues and limitations

Internal ID Case ID Description
D-89133 770829 In case Axway Appliance running SecureTransport 5.2.1 is upgraded to an Appliance Platform version newer than 6.5.1, the upgrade to SecureTransport 5.3.0 using the SecureTransport_5.3.0_UP1-from-5.2.1_ap-x86-64_BN1289.tgz upgrade package may fail. If you have upgraded to Appliance Platform version newer than 6.5.1 (for example, 6.6.1), you can do the following.
Before starting the upgrade:
  • Edit the /etc/platform.conf and change AP_VERSION to 6.5.1 and perform the upgrade process normally.
If the upgrade process was started, but failed during the process:
  1. Edit the /etc/platform.conf and change the AP_VERSION to 6.5.1.
  2. From the installer files, navigate to the st-upgrade/platform directory and manually run the pf-upgrade.sh script
D-89134 770829-1 If customer starts with a fresh installation of SecureTransport 5.2.1 SP3 on Axway Appliance, the upgrade to SecureTransport 5.3.0 using appliance upgrade package may fail with the following error message: "ERROR: Unable to find ST installation." Customers can still upgrade to SecureTransport 5.3.0 after performing these manual steps:
  1. Create a /etc/fd directory.
  2. Copy the AXWAY_HOME/SecureTransport/profile* files into the /etc/fd directory.
  3. Rename the profile* files to env.sh<InstallationName> and env.csh<InstallationName>.
D-89289 771160 After successfully upgrading SecureTransport 5.2.1 SPx to SecureTransport 5.3.0 on an Appliance Platform, the <FILEDRIVEHOME>/conf/versions.txt file contains build 1288, while the /etc/platform.conf file contains PRODUCT_RELEASE=1289. This discrepancy is cosmetic and does not affect the functioning or upgradeability of the SecureTransport appliance.
D-89670 (none) Chrome 42+ does not support the Web Access Plus Java applet plugin.
D-91269
147985
775845 The Routes description on the SecureTransport Administration Tool User Accounts page can not be removed. It is only possible to edit the text or replace text with a space.
D-94305
154476
783705 When files are attached to a AdHoc messages, the attached files are not visible in the Web Access Plus Upload Queue.
D-94686
151651
785395 Cutting and pasting folders in Web Access Plus does not work
D-94749
151712
785542 When a pending Certificate Signing Request (CSR) is being completed, and the first attempt fails due to missing info (for examaple, no alias is specified, or no certificate file is provided, or no certificate content is pasted), then the second attempt always fails with "An Unexpected Error Occurred". Canceling the process after the first failure leads to the same error.
D-98162
D-98186
D-98250
D-98292
(none) The default TrustManager implementation, used in the JDBC driver, trusts expired or non-valid self-signed CA certificates located in the trust store. In the case of chained certificates, SecureTransport will trust all server certificates in the chain if the first certificate from the chain is in the trust store without validating the complete chain.
D-99062 (none) Behavior of SecureTransport has changed and Account Management (creating, editing, removing user accounts via the SecureTransport Admininistration Tool and ReST API) now require that the Transaction Manager service is running in order to function normally. Account Management is not handled gracefully when Transaction Manager is not running and there are no warning messages, the SecureTransport Admininistration Tool freezes for a while and error messages are logged in server log.
D-101412 (none) The renaming of an account name will not update references to it in the Advanced Routing steps. If a renamed account is referenced in the Advanced Routing steps, the relevant steps may fail.

Documentation

This section describes related documentation

Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

SecureTransport provides the following documentation:

  • SecureTransport Installation Guide – This guide explains how to install, upgrade, and uninstall SecureTransport Server on UNIX-based platforms, Microsoft Windows, and Axway Appliances.
  • SecureTransport Getting Started Guide – This guide explains the initial setup and configuration of SecureTransport using the SecureTransport Administrator setup interface.
  • SecureTransport Administrator's Guide – This guide describes how to use the SecureTransport Administration Tool to configure and administer your SecureTransport Server. The content of this guide is also available in the Administration Tool online help.
  • SecureTransport Web Client User Guide – This guide describes how to use the SecureTransport Browser Client and Web Access Plus to transfer files between your local machine and your SecureTransport Server. The Web Access Plus content of this guide is also available in the Web Access Plus online help.
  • SecureTransport Release Notes – (This document) This document contains information about new features and enhancements, late-breaking information that could not be included in one of the other documents, and a list of known and fixed issues.
  • SecureTransport Security Guide - This guide provides security information necessary for the secure operation of the SecureTransport product.
  • Axway Appliance Quick Start – This document provides instructions for unpacking, mounting, connecting, and powering up an appliance, provides instructions for installing and deploying an Axway Appliance, plus technical specifications and references to safety, regulatory, and recycling information.
  • Axway Email Plug-ins Installation Guide – This guide provides instructions for installing and deploying the Axway Microsoft Outlook add-in and the Axway Lotus Notes plug-in.
  • Axway Email Plug-ins Release Notes – This document contains information about installation and upgrade packages, new features, and a list of known limitations.
  • Axway Outlook Add-in Installation Guide – This guide provides instructions for installing and deploying the Axway Microsoft Outlook add-in .
  • Axway Outlook Add-in Release Notes – This document contains information about installation and upgrade packages, new features, and a list of known limitations.
  • Axway Integrator and SecureTransport interoperability Guide – This guide describes the interface between Axway Integrator and Axway SecureTransport and how to configure those products to interoperate.
  • SecureTransport Software Developer Kit (SDK) online help – The SDK includes an HTML-based API reference developers can use while customizing SecureTransport.
  • SecureTransport REST API online reference – The SecureTransport Server hosts an HTML-based API reference developers can use while developing integrations for SecureTransport.

For more information about SecureTransport and how it is used in Axway 5 Suite, refer to:

  • Axway 5 Suite Overview
  • Axway 5 Suite Supported Platforms
  • Axway 5 Suite Interoperability Matrix
  • Axway 5 Suite Concepts Guide
  • Axway 5 Suite Implementation Guide

Documentation updates

SecureTransport 5.3.1 Administrator's Guide

The SecureTransport Web Client Control for Internet Explorer section and any references to it must be considered removed from the SecureTransport 5.3.1 Administrator's Guide.

SecureTransport Web Client Control (the ActiveX control for Internet Explorer) is no longer a supported feature in SecureTransport 5.3.1. Any usage of the ActiveX control must be discontinued and Axway will provide no support and fixes for it.

SecureTransport 5.3.0 Installation Guide

Upgrade to SecureTransport 5.3.0 is supported on appliance models 4600/4620, 5600/5620, 6600/6620, 4700, 5700, 6700, 4710, 5710, and 6710 only.

Should be:

Upgrade to SecureTransport 5.3.0 is supported on appliance models 4600/4620, 5600/5620, 6600/6620, 4700, 4800, 5700, 6700, 4710, 5710, 5800, 6710, and 6800 only.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at support.axway.com.

Copyright © 2015 Axway. All rights reserved

 

Related Links