Axway SecureTransport 5.4 Release Notes

Document version: 02 April 2018

SecureTransport 5.4 is a General Availability release. This document applies to Axway SecureTransport Server 5.4, to Axway SecureTransport Edge 5.4, and to Axway ST Web Client 5.4 for all supported platforms, databases, and cluster types.

The information in this document supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

About this release

File packages:

  • SecureTransport_5.4.0_Install_ap-x86-64_BN1125.iso
    MD5 checksum: 33ea736326ec3263b127d61ae6b616de
    Size: 3.34 GB
  • SecureTransport_5.4.0_Install_aix-power-64_BN1125.zip
    MD5 checksum: 2580fbf1cb3c58421210692f3be47fd4
    Size: 605.78 MB
  • SecureTransport_5.4.0_Install_linux-x86-64_BN1125.zip
    MD5 checksum: ec972c598a50e992b343e9a93de00b57
    Size: 1009.5 MB
  • SecureTransport_5.4.0_Install_sun-sparc-64_BN1125.zip
    MD5 checksum: 5205a6c398367ccda705852510c981f4
    Size: 1.48 GB
  • SecureTransport_5.4.0_Install_win-x86-64_BN1125.zip
    MD5 checksum: f2641b9a23616eec6ffccb95e62d06d2
    Size: 790.35 MB
  • SecureTransport_5.4.0_UP1-from-5.3.6_aix-power-64_BN1125.jar
    MD5 checksum: ed4b76b75314d43a3ab675833870c626
    Size: 374.47 MB
  • SecureTransport_5.4.0_UP1-from-5.3.6_linux-x86-64_BN1125.jar
    MD5 checksum: 545a46d5f7dc2e47dbc34a75180e53bc
    Size: 876.96 MB
  • SecureTransport_5.4.0_UP1-from-5.3.6_sun-sparc-64_BN1125.jar
    MD5 checksum: 53bf4fc9652247c1e573bb741671d4f8
    Size: 1.3 GB
  • SecureTransport_5.4.0_UP1-from-5.3.6_win-x86-64_BN1125.jar
    MD5 checksum: a11d46cc5920df5dbf6a0ac8b3a47273
    Size: 661.59 MB

SecureTransport new features and enhancements

AMPLIFY Marketplace content

The following SecureTransport components are now available on the Axway marketplace.

  • LDAP Authentication for ST Administrators plugin
  • RADIUS Authentication plugin
  • ST-Syncplicity connector plugin
  • Amazon S3 connector plugin
  • Hadoop connector plugin
  • SMB connector
  • Embedded Analytics for ST

Extensibility features

Pluggable authentication

SecureTransport pluggable authentication feature provides the ability to build and use custom authentication logic, as part of your system. This authentication type is executed before any other internal SecureTransport authentication type (except for the Single sign-on (SSO) authentication type). The custom logic can successfully or unsuccessfully authenticate users but it can also delegate the authentication process to the internal authentication methods by declaring that the user is not found. End users can be authenticated over the following protocols: HTTP, FTP, SSH; and the admin users can be authenticated over HTTP only.

Pluggable authorization

The SecureTransport Pluggable Authorization feature provides the option to add custom authorization logic by plugging it to the system. Existing SecureTransport Access Restrictions will be executed after any custom authorization logic. The FTP protocol is an exception, where the internal restrictions will be applied before the custom logic. Custom authorization will be applied for all protocols on client-initiated transfers.

SecureTransport will be executing any custom authorization on the following operations:

  • Upload a file
  • Download a file
  • List content of a directory
  • Change permissions (file or directory)
  • Rename a file
  • Delete a file
  • Create a directory
  • Delete a directory

The custom authorization attempt can be either successful or unsuccessful.

In case of success, SecureTransport will continue executing the set of applied Access Restrictions (if any). In case of authorization failure, the operation will not be executed.

Pluggable authorization also supports file filtering capabilities. All plug-in implementations are able to use SecureTransport specific environment data described in the SecureTransport Developer's Guide.

Pluggable Advanced Routing steps exit

A generic pluggability interface for Advanced Routing is added to allow native Java customizations to extend the existing Advanced Routing processing using the External script step.

Pluggable Transfer Sites exit enhancements

The PTS (Pluggable Transfer Site) Interface is enhanced with various services: expression service, flow attribute service, logging service, additional information logging service and protocol command logging service.

PTS now supports multiple SPI versions into one package distribution.

REST API for Administrators and User Class management

All functionality available in the SecureTransport Administrator's interface regarding management of administrator users, administrative roles and user classes is now exposed through the SecureTransport Administrator REST API.

GW2ST features

Metadata over FTP (FTP SITE)

The new FTP SITE META command accepts input in the format of key - value pairs. The supplied information is stored in the FTP session and is available until the session finishes or times out. For files uploaded during the same session, the provided information will be stored as file metadata attributes. The information can be evaluated at a later point for each file.

In this way, the SITE META input could be used for defining routing rules for server-initiated transfers.

File Tracking includes CoreID

File Tracking now includes the CoreID of each transferred file.

ICAP connectivity

Multiple ICAP servers

There is no limitation in the number of ICAP servers which can be configured.

ICAP servers specialization

The ICAP servers provide incoming and outgoing ICAP scanning for all file and message transfers.

  • INCOMING: scanning will be performed by this ICAP server for all Incoming transfers: File upload, AdHoc message creation, Server-initiated pull (for example from a Transfer Site).
  • OUTGOING: scanning will be performed by this ICAP server for all Outgoing transfers: File download, Reading of an AdHoc message, Server-initiated push (for example in the Advanced Router step: Send to Partner or Publish to Account).
  • BOTH: scanning will be performed by this ICAP server for all types of transfers.

Simple ICAP policy

ICAP scan can be triggered based on expression language evaluation

X-Authenticated user header

ICAP headers such as "X-Authenticated-User", "X-Client-IP", "X-Server-IP" are now available in the ICAP requests.

Additional HTTP headers

Custom HTTP headers can be configured for reporting to the ICAP server.

Additional File Tracking reporting and Detailed logging

Better reporting for ICAP scan results in File Tracking and Sentinel and better logging for improved transparency.

Enhanced Sentinel reporting

Better reporting for ICAP scan results in File Tracking and Sentinel and better logging for improved transparency.

Functional enhancements

Maker/Checker for account creation

Two new delegated administrator roles are introduced - maker-checker.

The Maker is a delegated administrator who can create and update user accounts. Accounts created by the Maker will remain in "Pending" verification status until further processing by a Checker.

The Checker is a delegated administrator who can view in read-only mode all settings associated with an account. The Checker has the responsibility to review and accept or reject the newly created account by the Maker. In fact, these are the only actions the Checker privileges grant: the rest of the Checker permissions are read-only.

The concept of the Maker and Checker is to separate the responsibilities and duties of account creation and account approval. These two roles complement each other and the Checker acts as a second level of user account approval.

Bandwidth control for client-initiated transfers

An optional Bandwidth limit configuration is added on global, business unit, or account template / account level. The Bandwidth limits are configurable for both inbound and outbound file transfers. For example, you can limit all users in a business unit to a download speed of 500 kb/s per user and upload speed to 300 kb/s per user. This means that no inbound transfer can exceed 500 kb/s and, respectively, no outbound transfer can exceed 300 kb/s per user, assigned to the selected business unit.

The administrator can set the user account or account template to override or inherit the bandwidth limits on the global or business unit level.

As part of this feature the Server Usage Monitor displays all bandwidth consumption per User Classes and logged-in accounts.

Concurrent user account login sessions restriction

А new regular expression variable currentSessions is now supported and it allows the administrator to configure a login restriction for multiple concurrent user account login sessions. As part of this feature, SSH session monitoring is added to the Server Usage Monitor in the SecureTransport Administrator Tool.

Case insensitive patterns for upload/download restrictions

Two new flags are added to regular expressions for path regarding letter case (case sensitive paths and files). The SecureTransport administrator can now define path access on the Filesystem, Upload and Download levels in a case-sensitive fashion.

Password policy enhancements

A new password policy is added to the group or rules: enforce password history for the last n passwords. This rule allows you to set a number of passwords to store and match against for password reuse attempts.

This functionality is available for both administrators' and users' accounts.

File Tracking filtered display results

This is an enhanced capability to filter out resubmitted or non-resubmitted transfers. The filtering is performed via the advanced search on the file tracking page under the Secure and Non-secure section. The capability to resubmit temporary failed transfers has now been removed. The Resubmit button is displayed only on permanent failed transfers.

Longer expression fields in Advanced Routing notifications

The length of all notification email fields in the Advanced Router is extended to 2048 chars which allows SecureTransport administrators to include longer expressions (including conditional ones).

Configurable XFERLOG separator character

The field separator character in the xferlog file is by default a " " (whitespace). To avoid breaking the external parsers, when the name of a transferred file contains spaces, the separator character can now be made a configurable parameter.

To configure your own delimiter, add <param name="delimiter" value="{value}"/> as a property of com.tumbleweed.st.server.logging.xferlog.XferLogLayout in all log4j files (ftpd-log4j.xml, as2d-log4j.xml, sshd-log4j.xml, pesitd-log4j.xml, httpd-log4j.xml and tm-log4j.xml).

Configurable notification email subject

The subject prefix of email notifications is now configurable using the $SUBJECT_PREFIX variable added into the AdhocDefault.xhtml template. The SecureTransport administrator can use it to assign any custom subject prefix instead of the New message: prefix.

Dual-authentication per User or User class

The dual authentication check-box on the Login Settings page in the SecureTransport Administration tool has been replaced with a combo box which offers three options:

  • Disabled: No password required in addition to the certificate authentication option.
  • Enabled: A password is required in addition to the certificate authentication option to users from all user classes.
  • Specific user classes: A password is required in addition to the certificate authentication option only for one or more comma-separated user classes inserted in the text field. User classes are case sensitive.

A new text field now pops up when selecting the specific user classes option which allows the administrator to specify which user classes are forced to use the Dual authentication functionality.

Note: Changes to the Dual Authentication related options (Dual Authentication, User Classes) require Transaction Manager service restart on all nodes in the cluster.

Amplify menu in Administration Tool user interface

The following enhancements were developed in the top-right Welcome Administration Tool menu:

  • Go to My Axway
  • Create Support Ticket
  • Documentation (to currently installed SecureTransport version)
  • Marketplace
  • SecureTransport Community
  • Support
  • Check for Updates (only available to admins with Master administrator or Setup administrator role)
  • Help
  • Sign out

Server log visual enhancements

Server Log table has been optimized to better present the log information. As part of this, navigation controls are moved to better aid the SecureTransport administrator.

Security enhancements

SSH fingerprints using SHA-1 and SHA-256

Support for SSH fingerprints has been extended with the SHA-1 and SHA-256 algorithms in SSH Transfer Sites.

Delegated administrators access to Audit log

Delegated administrators can now be configured to have access to the Audit Log.

Sites REST API encrypted passwords enhancement

Previously, SecureTransport did not offer the ability to use REST API GET/POST methods to move configuration data (including protected objects) securely to another SecureTransport node using a different secret file.

Now, a new option allows the above-mentioned REST API use case with native encryption / decryption through local SecureTransport certificate(s).

The new option is called Webservices.Admin.CertAlias and is located under Operations -> Server Configuration in the SecureTransport Administration Tool. By default, it is empty - to preserve current behavior or it will hold the alias name of the used certificate. Restart of admin services is required.

Operating environments

Capacity Planning Guide update

A new version of the Capacity Planning Guide verified against SecureTransport 5.4 is to be released.

SecureTransport on Amazon Web Services Installation & Setup guide

A new Installation & Setup document is issued to outline a standard reference deployment on AWS (Amazon Web Services).

SecureTransport on Microsoft Azure Installation & Setup guide

A new Installation & Setup document is issued to outline a standard reference deployment on Microsoft Azure (Microsoft Azure Cloud Computing Platform).

GlusterFS support

SecureTransport now supports GlusterFS for any SecureTransport customer running SecureTransport in the Amazon Web Services infrastructure.

Support for long file names over PeSIT

Previously, a PeSIT file transfers with long file names from a CFT Windows or Linux Server to a Linux SecureTransport Server was limited to up to 80 characters. Hence, all file names exceeding 80 characters were truncated from position 81 onwards.

Now, PeSIT file transfer with long file names proceed as expected without truncating.

Additional logging for Pluggable Transfer Sites

This feature provides capabilities to log protocol commands and additional information for transfers performed by SecureTransport.

MS SQL Server 2016 support

SecureTransport 5.4 has added support for MS SQL Server 2016.

Interval partitions

Secure transport partitioned tables were redesigned to use Interval Partitioning when using an external Oracle database. This offloads SecureTransport maintenance application from creating partitions manually. The new partitions of the partitioned tables are now created automatically by the Oracle database engine which guarantees that each partition contains data for only one day.

Upgrade of third-party libraries

The following third-party libraries were upgraded:

  • Netty version 3.10.6
  • ESAPI version 2.1.0.1
  • MySQL version 5.6.39 on all Operating Systems except for on IBM AIX where the version is 5.0.72; and SLES 11 where version is 5.6.36
  • Jetty version 8.1.16
  • Apache HttpComponents version 4.5.3
  • Apache HttpClient version 4.1.1
  • Apache Guice version 2.17.7
  • Apache Mail version 2.17.7
  • Apache Camel version 2.17.7
  • Oracle Java JRE version 1.8.0_162
  • IBM AIX Java JRE version 1.8.0_507
  • Apache Kafka version 0.11.0.0
  • AWS Java SDK for Amazon S3 version 1.11.105
  • AWS SDK for Java Core version 1.11.105
  • AWS Java SDK for AWS KMS 1.11.105
  • s3fs version 1.5.3
  • Apache Tika core version 1.5
  • SnakeYAML version 1.17
  • Apache Commons Lang version 3.4
  • Jackson-dataformat-YAML version 2.8.9
  • Jackson-core version 2.8.9
  • Jackson-annotations version 2.8.9
  • Jackson-databind version 2.8.9
  • Apache Tomcat version 7.0.85
  • Maverick version 1.7.12

Newly introduced third-party libraries

  • pace-js version 1.0.2
  • clean-css version 4.1.9
  • pubsub-js version 1.5.7
  • Apache Kafka version 0.11.0.0
  • AWS Java SDK for Amazon S3 version 1.11.105
  • AWS SDK for Java Core version 1.11.105
  • AWS Java SDK for AWS KMS 1.11.105
  • s3fs version 1.5.3 - Checked - MIT License
  • Apache Tika core version 1.5
  • SnakeYAML version 1.17
  • Apache Commons Lang version 3.4
  • Jackson-dataformat-YAML version 2.8.9
  • Jackson-core version 2.8.9
  • Jackson-annotations version 2.8.9
  • Jackson-databind version 2.8.9

ST Web Client new features and enhancements

Accessibility enhancements

Accessibility is extended on the SecureTransport Web Client to provide the full spectrum of configured UI functionality to users with disabilities.

Loading indicator

When accessing the STWC in a slow-network environment, a loading indicator now informs the user of the loading process progress.

Configurable display of Account ID

The account ID that displays in the top right-hand side Welcome menu in the user interface of ST Web Client can now be configured to remain hidden.

Configurable access to file operations

Users can now be allowed / restricted to perform the following actions:

  • create a folder
  • move a file
  • rename a file or a folder

Password change/reset can be switched off/customized

UI Controls and screens for password reset on the login page are now configurable to be hidden from display.

ST Web Client Lite mode

Lite mode is a lightweight version of the ST Web Client. It offers all basic functionality of the ST Web Client in a simplistic view. Because of this, certain features and views in the Lite mode are disabled. You can find more details on how to enable Lite mode in ST Web Client Configuration Guide.

Upload folder in the upload monitor (ST Web client)

A new column is now available in the SecureTransport Web client Upload monitor view to display the folder where the file was / is being uploaded to.

SecureTransport corrections and fixed issues

Fixed security vulnerabilities

SecureTransport 5.4 provides the following fixed security vulnerabilities:

Case ID Internal ID CVE ID Description
00921308 RDST-9903 CVE-2017-9801

Issue: Previously, SecureTransport was vulnerable to CVE-2017-9801 due to an old version of Apache Commons Email being used.

Resolution: Now, SecureTransport uses an updated version of Apache Commons Email.

00909200 RDST-8606 CWE-614

Issue: Previously, there was a missing secure attribute in the encrypted session (SSL) cookie loggedIn.

Resolution: Now the attribute is added to the encrypted session (SSL) cookie.

00917109 RDST-10202 CWE-778

Issue: Previously, Audit logs [Server Log] did not show the IP address of an account with unsuccessful login attempts.

Resolution: Now the Audit logs [Server Log] show the IP address of an account with unsuccessful login attempts.

00921249 RDST-9902 -

Issue: Previously, SecureTransport Web Client compose and view mail dialogs were vulnerable to XSS attacks.

Resolution: Now extra protection against DOM XSS attacks is added to SecureTransport Web Client compose and view mail dialogs.

00920762
00920646
00919110
00836811
RDST-523 CWE-525

Issue: Previously, Cache-control and Pragma headers were missing in some HTTP daemon responses.

Resolution: Now the missing headers are added to all HTTP daemon responses.

00919517 RDST-9646 -

Issue: Previously, the integrity packet was skipped during encryption.

Resolution: Now the integrity packet is set during encryption.

00917109 RDST-10202 CWE-778

Issue: Previously, Audit logs [Server Log] did not show the IP address of an account with unsuccessful login attempts.

Resolution: Now the Audit logs [Server Log] show the IP address of an account with unsuccessful login attempts.

00886675 RDST-5727

CWE-284 Access Control Issues

Issue: Previously, there was a vulnerability, allowing attackers to execute code by crafting the requests to TM's JMX port.

Resolution: Now, this attack vector is mitigated by the new version of the Oracle JVM.

Note: Even though IBM claims that the issue is fixed in the latest version of IBM JVM, the issue is still reproducible

00892540 RDST-5983 CWE-264

Issue: Previously, the directory created by Shared Folder application, was writable for everyone.

Resolution: Now, the new SharedFolder.Application.Default.Directory.Permissionsconfiguration option has been added. It allows you to set a default umask, used for the directories created by the SharedFolder application, so the permissions can be restricted.

Note: All existing shared folder applications must be re-saved in order the new permissions to be applied. The option will work only on UNIX based systems on non-root installations. On root installations only the value of 777 will work properly.

00891909 RDST-5867 CWE-264

Issue: Previously, the temporary folders created by Connect Direct and Multipoint Binary File Transfer had drwxrwxrwx permissions.

Resolution: Now, the temporary folders created by Connect Direct and Multipoint Binary File Transfer have drwxr-xr-x permissions.

Other fixed issues

SecureTransport 5.4 provides the following corrections and fixed issues to previous versions:

Case ID

Internal ID

Description

SecureTransport 5.2.1 SP 8 Patch 1

00883837

RDST-4359
RDST-4185
RDST-4186

Issue: Previously, the following defects were observed for all web clients (except for Web Access Plus):

  • Uploading a binary file, deleting it, and re-uploading it corrupted the file.
  • If a subscription folder was not the root folder, uploading any files to it was not possible.
  • Trying to delete a file from a sub-folder caused an "error" message to be displayed.

Resolution: Now, the observed defects are corrected in all web clients.

00880707

RDST-4358

Issue: Previously, server-initiated FTP pulls from Mainframe machines running z/OS were not successful.

Resolution: Now, FTP pulls from Mainframe machines running z/OS are executed successfully.

00883837
00876035
RDST-4390

Issue: Previously, the transfer site Post Transmission Settings were not executed successfully, when SecureTransport had to pull files from a MS FTP Server with FTP User Isolation set to User name directory.

Resolution: Now, the transfer site Post Transmission Settings are executed successfully, when SecureTransport has to pull files from a MS FTP Server with FTP User Isolation set to User name directory.

00873684

RDST-4297

Issue: Previously, a timeout mechanism in SecureTransport caused HTTP sessions to leak, which exhausted the Http.MaxLoggedInUsers limit (if set). Reaching the limit introduced an additional increase in TM sessions that were not released, which caused TM sessions to leak as well.

Resolution: Now, the HTTP and TM session leaks are corrected.

00883835

RDST-4446

Issue: Previously, pulls over SSH failed when the ZeroByteWildcardPullAllowed server parameter was set to true and RegEx was used as a Download pattern on MS Windows.

Resolution: Now, pulls over SSH are successful when the ZeroByteWildcardPullAllowed server parameter is set to true and RegEx is used as a Download pattern on MS Windows.

SecureTransport 5.2.1 SP 8 Patch 2

00839096

RDST-528

Issue: Previously, calls to /myself/changePassword resource which contained unexpected JSON characters, large negative numbers or fields not specific to this resource were not validated.

Resolution: Now, calls to /myself/changePassword resource which contain unexpected JSON characters, large negative numbers or fields not specific to this resource are successfully validated.

00867427

RDST-2897

Issue: Previously, all PeSIT server-initiated pushes from SecureTransport to Axway Gateway failed when the Checkpoint Interval and the Checkpoint Window fields in transfer sites were set to 0. In this case, a file could not be transferred for 60 seconds under certain conditions were met; for example, large file size or slow network speed.

Resolution: Now, the new Pesit.Client.Inactivity.Timeout configuration option has been added. It allows the 60 seconds timeout to be adjusted, so all PeSIT server-initiated pushes from SecureTransport to Axway Gateway are successful when the Checkpoint Interval and the Checkpoint Window fields in transfer sites are set to 0.

00849483

RDST-660

Issue: Previously, it was not possible to import SSH public keys in the Login Certificates tab for a specific account.

Resolution: Now, it is possible to import SSH public keys in the Login Certificates tab for a specific account.

SecureTransport 5.2.1 SP 9

00732055

RDST-390

Issue: Previously, a PeSIT file transfer with long file names from a CFT Windows or Linux Server to a Linux Secure Transport Server was limited to up to 80 characters. Hence, all file names exceeding 80 chars were truncated from position 81 on.

Resolution: Now PeSIT file transfer with long file names proceed as expected without truncating long file names.

none

RDST-4493

Issue: Previously, an unexpected error occurred on attempts to overwrite a local certificate.

Resolution: Now, no error occurs when overwriting local certificates and the process completes successfully.

00784833

RDST-459

Issue: Previously, the login session 60 second timeout on the SecureTransport side did not close the user session.

Resolution: Now user session handling is fixed.

00858002

RDST-1465

Issue: Previously, when a slow DNS was used, the start of the services was very slow and nothing had indicated that there was such a problem.

Resolution: Now, there is a DNS check before the actual execution of the start scripts and a message is printed on every 30 seconds till the response of the DNS server.

00898534

RDST-8239

Issue: Previously, the Reset Password functionality was not working when the configuration option Webservices.Http.CsrfToken.enabled was set to true.

Resolution: Now, the Reset Password functionality is working when the configuration option Webservices.Http.CsrfToken.enabled is set to true.

00900885

RDST-8001

Issue: Previously, certificates used for signing and encryption were not preserved in AS2 transfer site settings during account duplication.

Resolution: Now, certificates used for signing and encryption are preserved in AS2 transfer site settings during account duplication.

Note: For successful creation or duplication of AS2 Transfer Site, combination of ST Server Settings AS2 Name and Remote Site Settings AS2 Name fields must be unique in AS2 Transfer Sites.

00829535

RDST-511

Issue: Previously, the User Clases were not working for PeSIT transfers when the classes were defined on Edge.

Resolution: Now, the User Clases are working for PeSIT transfers when the classes are defined on Edge.

none

RDST-413

Issue: Previously, SecureTransport did not decrypt files that were encrypted with repository encryption when performing server-initiated transfers over AS2, so the transferred files were still encrypted on the receiving side and could not be used.

Resolution: Now, SecureTransport decrypt successfully files that are encrypted with repository encryption when performing server-initiated transfers over AS2 and the files are usable on the receiving side.

00832991

RDST-797

Issue: Previously, when using password reset and a new random password is generated, the password reset e-mail was broken in some cases.

Resolution: Now, some of the special symbols that SecureTransport uses to generate random password on password reset are removed to avoid e-mail breaking.

none

RDST-5723

Issue: Previously, SecureTransport returned HTTP 500 Internal server error when file is being uploaded using rest in non-existing folder.

Resolution: Now, SecureTransport returns HTTP 404 Not found when file is being uploaded using rest in non-existing folder.

00869854

RDST-2658

Issue: Previously, when clicking on an attachment on draft message that has more then one file attached, the browser download prompt is displayed more than one time.

Resolution: Now, when clicking on an attachment on draft message that has more than one file attached, the browser download prompt is displayed only once.


Fixes in SecureTransport 5.3.1

The following issues and have been addressed:

Case ID

Internal ID

Description

SecureTransport 5.3.1 Patch 15

00858352

RDST-4370

Issue: Previously, continuous Client-initiated downloads of large amount of files would started to fail when each file executed an external script as part of a rule package.

Resolution: Now, SecureTransport handles these cases correctly and downloads finish successfully.

00882958

RDST-4159

Issue: Previously, SecureTransport's SSH server would not start (or will start and shutdown) if Ssh.SupportGroupExchangeSHA256 is the single enabled option about key exchange algorithms.

Resolution: Now, SecureTransport's SSH server starts correctly in this case.

SecureTransport 5.3.1 Patch 16

00886675

RDST-5727

Issue: Previously, there was a vulnerability, allowing attackers to execute code by crafting the requests to TM's JMX port.

Resolution: Now, this attack vector is mitigated by the new version of the Oracle JVM.

Note: Even though IBM claim that the issue is fixed in the latest version of IBM JVM, the issue is still reproducible.

00883333
00830184

RDST-4254

Issue: Previously, there was no way to disable Basic authentication method for admin REST API.

Resolution: Now, a new option controls whether Basic authentication against the admin REST API is allowed or not. The new option is called Webservices.Admin.BasicAuthEnabled and can have true (default) or false as a value.

00892713

RDST-6021

Issue: Previously, if a local certificate was overwritten, the JMX keystore was not updated with the new certificate.

Resolution: Now, if a local certificate is overwritten, the JMX keystore is updated with the new certificate.

00888383

RDST-5156

Issue: Previously, when user logged in with heading or trailing spaces in the login name, the DXAGENT_LOGINNAME variable value was populated with the spaces.

Resolution: Now, the spaces from the environment variable value are stripped.

00872293

RDST-4120

Issue: Previously, the message shown when account license subject limit is reached was ambiguous.

Resolution: Now, the message is more straightforward and the status of the Active accounts is changed to Enabled.

SecureTransport 5.3.1 Patch 17

00939077RDST-11543

Issue: Previously, SecureTransport was adding the fixed New message: prefix in subject for Adhoc notifications in external mailboxes.

Resolution: Now, this prefix is editable using the $SUBJECT_PREFIX variable added into the AdhocDefault.xhtml template. You can use it to assign any custom subject prefix instead of the New message: prefix.


Fixes in SecureTransport 5.3.3

The following issues and have been addressed:

Case ID

Internal ID

Description

SecureTransport 5.3.3 Patch 16

00901116RDST-7352

Issue: Previously, ST had issues evaluating multiple conditions in TM rules.

Resolution: Due to a limitation in the XML parser, conditions must be surrounded by brackets!

00872893RDST-6566

Issue: Previously, SecureTransport did not offer the ability to use REST API GET/POST methods to move configuration data (including protected objects) securely to another ST node using a different secret file.

Resolution: Now, a new option would allow the above-mentioned REST API use case with native encryption/decryption through local SecureTransport certificate(s).

The new option is called Webservices.Admin.CertAlias and is located under Operations -> Server Configuration in the SecureTransport Administration Tool. By default, it will be empty - to preserve current behavior or it will hold the alias name of the used certificate. Restart of admin services is required!
Example: Export a Transfer Site from "Server A" to "Server B" using REST POST.

  1. Generate a local certificate on "Server B".
    1. In the SecureTransport Administration Tool, go to Setup -> Certificates -> Local Certificates.
    2. Click Generate and on the newly opened dialog box select X509 Certificate / SSH key.
    3. Select Self-issued Certificate (default), and type in a name for the certificate Alias and a value for the certificate Validity in days:.
    4. Enter the Certificate subject values (dependent on your specific needs) and click Generate.
  2. Export public part from the local certificate as generated in step 1 on "Server B" and import it in "Server A" Trusted CAs.
    Export certificate on "Server B"
    1. Click the newly created local certificate.
    2. On the newly opened dialog box, click Export.
    3. The dialog box refreshes. Click again Export to download the .CRT file.
    Import the exported certificate on "Server A"
    1. In the SecureTransport Administration Tool, go to Setup -> Certificates -> Trusted CAs.
    2. Click Import.
    3. On the newly opened dialog box, type in the trusted certificate Alias, and click Choose file.
    4. Browse to the certificate file exported on "Server B", select it and click Open.
    5. Click Import.
  3. Fill in the certificate aliases in Webservices.Admin.CertAlias on both "Server A" and "Server B".
    1. In the SecureTransport Administration Tool, go to Operations -> Server Configuration.
    2. In the Parameter text box, type in Webservices.Admin.CertAlias to locate the parameter and click the corresponding Edit button.
    - On "Server A", type in the alias of the trusted certificate as imported on "Server A" in the previous step.
    - On "Server B", type in the alias of the local certificate as generated on "Server B" in step 1.
  4. Restart admin services on both "Server A" and "Server B".
    - Server A -> go to <FILEDRIVEHOME>/bin/ and execute the "stop_admin" script . After the service is stopped, execute the "start_admin" script.
    - Server B -> go to <FILEDRIVEHOME>/bin/ and execute the "stop_admin" script. After the service is stopped, execute the "start_admin" script.
  5. Perform a REST GET request to Transfer site on "Server A".
    Using any REST client - use GET method on https:///api/v1.3/sites.
    Copy the GET response information (also called response body) about the Transfer Site.
  6. Perform a REST POST request to Transfer site on "Server B".
    Using any REST client - use POST method on https:///api/v1.3/sites.
    Post the copied GET response body from the previous step.

You should now be able to export data from the Transfer Site from "Server A" to "Server B" using REST POST.

00882462

RDST-4224

Issue: Previously, if the Password Vault contained more than one entry, only the first entry was recognized after a system configuration import.

Resolution: Now, if the Password Vault contains more than one entry, all entries are recognized after a system configuration import.

00886228

RDST-4595

Issue: Previously, SecureTransport did not pull files from mainframe Z/OS over FTP/S.

Resolution: Now, SecureTransport pulls the files successfully.

00879410

RDST-3869

Issue: Previously, it was impossible to collect Java thread and heap dump data on AIX.

Resolution: Now, there is no problem collecting Java thread and heap dump on on AIX.

none

RDST-3694

Issue: Previously, the file flow attributes were not reported to Axway Sentinel, if the name of the file contained special characters or Cyrillic letters.

Resolution: Now, the file flow attributes are reported to Axway Sentinel, if the name of the file contains special characters or Cyrillic letters.

00861050

RDST-2655

Issue: Previously, all PeSIT server-initiated pushes from SecureTransport to Axway Gateway failed when the Checkpoint Interval and the Checkpoint Window fields in transfer sites were set to 0. In this case a file could not be transferred for 60 seconds under certain conditions; for example, large file size or slow network speed.

Resolution: Now, the new Pesit.Client.Inactivity.Timeout configuration option has been added. It allows the 60 seconds timeout to be adjusted, so all PeSIT server-initiated pushes from SecureTransport to Axway Gateway are successful when the Checkpoint Interval and the Checkpoint Window fields in transfer sites are set to 0.

00881833

RDST-4157

Issue: Previously, when an HTTP transfer was canceled or aborted, SecureTransport reported an incorrect error message to Axway Sentinel.

Resolution: Now, when an HTTP transfer is canceled or aborted, SecureTransport reports a correct error message to Axway Sentinel.

00876432

RDST-3483

Issue: Previously, in case of an unsuccessful LDAP authentication, SecureTransport did not log the LDAP principal in the Server Log .

Resolution: Now, in case of an unsuccessful LDAP authentication, SecureTransport logs the LDAP principal in the Server Log.

SecureTransport 5.3.3 Patch 17

00884660

RDST-4855

Issue: Previously, attempting to resubmit server-initiated transfers via Connect:Direct resulted in errors in the Administration UI and the transfers were not resubmitted.

Resolution: Now, such transfers are resubmitted successfully and no errors are observed.

00866276

RDST-2559

Issue: Previously, server-initiated transfers via System to Human protocol were failing.

Resolution: Now, server-initiated transfers via System to Human protocol are successful.

00884926

RDST-4385

Issue: Previously, SecureTransport did not reset failed logins counter after successful login.

Resolution: Now, the failed logins counter is reset when the user performs successful login.

00883559

RDST-4407

Issue: Previously, after applying Patch 14, big amount of file tracking data led to performance issues.

Resolution: Now, file tracking is working correctly with no performance issues.

none

RDST-4260

Issue: Previously, SecureTransport did not report correctly Max Number Of Retries configured in AdvancedRouting to Axway Sentinel when a server-initiated transfer was triggered by AdvancedRouting.

Resolution: Now, SecureTransport reports correctly Max Number Of Retries configured in AdvancedRouting to Axway Sentinel when a server-initiated transfer is triggered by AdvancedRouting.

00850148

RDST-955

Issue: Previously, if a local certificate was overwritten, the JMX keystore was not updated with the new certificate.

Resolution: Now, if a local certificate is overwritten, the JMX keystore is updated with the new certificate.

SecureTransport 5.3.3 Patch 18

00890046

RDST-5520

Issue: Previously, unsuccessful password authentication on the SSH transfer sites resulted in an attempt to authenticate user again using keyboard-interactive authentication.

Resolution: Now, upon incorrect password input, SSH transfer sites mark the authentication as failed and do not try to authenticate the user again using keyboard-interactive authentication.

00885116

RDST-5317

Issue: Previously, the AS2 server-initiated pushes of large files from SecureTransport to Axway Interchange were not sent in chunks when Enable Chunking (Send large files in multiple parts) was enabled in ST AS2 transfer site.

Resolution: Now, the AS2 server-initiated pushes of large files from SecureTransport to Axway Interchange are sent in chunks when Enable Chunking (Send large files in multiple parts) is enabled in ST AS2 transfer site.

00885911
00883378

RDST-4894

Issue: Previously, all AS2 server-initiated pushes from SecureTransport to Axway Interchange failed when a synchronous receipt was required and the receiving side could not send the receipt in the period of time defined in OutboundConnections.receiveTimeout configuration option. Adjusting the timeout resolved the issue but the change affected the HTTP/S and FTP/S.

Resolution: Now, a new As2.OutboundConnections.socketTimeout configuration option has been added. Instead of configuring OutboundConnections.receiveTimeout that affects HTTP/S and FTP/S, the new option should be used.

SecureTransport 5.3.3 Patch 19

00894374

RDST-6390

Issue: Previously, TransferLogMaintenanceApplications would fail to execute on installations running on Microsoft SQL Server with partitioning, due to an index mismatch in the temporary table.

Resolution: Now, the indexes are equalized and the TransferLogMaintenanceApplications are properly executed.

none

RDST-6423

Issue: Previously, when resubmitting transfers, the associated flow attributes were not reported to Axway Sentinel.

Resolution: Now, when resubmitting transfers, their flow attributes are properly reported to Axway Sentinel.

00892159

STWC-2096

Issue: Previously, users of ST Web Client were not able to open AdHoc messages without content. This occurred most visibly in the case of files transferred over System to Human Site.

Resolution: Now, recipients of AdHoc messages without content, including those generated by file transfers over System to Human Site can open them.

00891077

STWC-2095

Issue: Previously, the ST Web Client SAML logout was not working properly, leaving the user logged on.

Resolution: Now, the SAML logout is performed correctly, ending the user's session.

00893448

RDST-6170

Issue: Previously, the RETURNMESSAGE value was not reported by SecureTransport to Axway Sentinel in case of failed transfers.

Resolution: Now, the RETURNMESSAGE value is properly reported by SecureTransport to Axway Sentinel in case of failed transfers.

00892963

RDST-6120

Issue: Previously, SSH transfer sites performed password authentication over keyboard-interactive and unsuccessful login attempts generated two failed login attempt for a single file transfer attempt.

Resolution: Now, SSH transfer sites perform password authentication only.

00884887

RDST-5823

Issue: Previously, PGP decryption failed for relatively large files (approximately 1 MB and above) when the encrypted file was named with PGP extension (e.g. file0123.pgp) prior to PGP encryption.

Resolution: Now, PGP decryption works properly when decrypting a file named with PGP extension.

00892114

RDST-5936

Issue: Previously, externally supplied accounts (e.g. using LDAP) were mapped to users' usernames.

Resolution: Now, externally mapped accounts are mapped to users' login names.

SecureTransport 5.3.3 Patch 21

00818620

RDST-491

Issue: Previously, the FolderMonitor was starting a transfer of file even though there was no space in the destination folder, so the file was transferred partially and deleted from the source folder.

Resolution: Now, the FolderMonitor is checking if there is enough space in the destination folder and it is failing the transfer if there is not enough space. The file is preserved in the source folder.

SecureTransport 5.3.3 Patch 22

none

STWC-2130

Issue: Previously, the SecureTransport WebClient user was still logged in after killing the session from the Usage Monitor of the administration panel instead of being re-logged.

Resolution: Now, the SecureTransport WebClient user is successfully re-logged after killing the session from the Usage Monitor of the administration panel.

SecureTransport 5.3.3 Patch 23

00891850

STWC-2090

Issue: Previously, users of ST Web Client were not able to see the complete name of uploaded files in the transfer queue if those names were long.

Resolution: Now, truncated values in the transfer queue grid and other ST Web Client grids are entirely shown in the tooltip displayed on mouse over.

SecureTransport 5.3.3 Patch 24

00890667

RDST-5711

Issue: Previously, after an upgrade from SecureTransport 5.3.1 to 5.3.3 with an Oracle database, there were missing indexes and a missing column in some tables of the database that led to failure in execution of the TransferLog Maintenance application.

Resolution: Now, the missing indexes and the missing column are created if they do not exist.

00887909

RDST-5822

Issue: Previously, there were no protocol commands in the FileTracking entries for Connect:Direct (C:D) transfers, because there was a mismatch between the transfer ids in the TransferDetails and TransferProtocolCommands.

Resolution: Now, the TransferProtocolCommands entries are updated with the right transfer IDs, and the protocol commands are listed in the FileTracking entries.

00896324

RDST-6553

Issue: Previously, the entries in the TransferProtocolCommands table were saved with transfer IDs in a hostname+timestamp format, that resulted in a constraint validation exception on MySQL, because there were no such IDs in the TransferDetails table.

Resolution: Now, the entries in the TransferProtocolCommands table are saved with the real transfer IDs from the related transfer in TransferDetails table.

SecureTransport 5.3.3 Patch 25

00900857

RDST-7488

Issue: Previously, the TransferLog Maintenance application was failing due to a wrong name of the indexes for originalId in TransferResubmitData and TransferResubmitData_temp. Now, the indexes for originalId in TransferResubmitData and TransferResubmitData_temp have a correct name and the TransferLog Maintenance application can be executed successfully.

00900483

RDST-7149

Issue: Previously, when a virtual user account was deleted/disabled/locked, sessions associated with that account remains active.

Resolution: Now, when virtual user account is deleted/disabled/locked HTTP/S and FTP/S sessions associated with this account are invalidated.

00893919

RDST-6517

Issue: Previously, SecureTransport sometimes logged failed FileTracking entries when an user session expired.

Resolution: Now, the root cause for these failures is resolved and there are no randomly failing entries in FileTracking.

SecureTransport 5.3.3 Patch 26

00901862

RDST-7934

Issue: Previously, there were some leftover MDC properties in AdvancedRouting executing threads. When the threads were checked out of the thread pool for subsequent use, the MDC properties from the previous execution of the AdvancedRouting were being reported again.

Resolution: Now, the MDC properties are removed when they are not needed, so the thread can be used again with a clean environment.

00857780

RDST-1426

Issue: Previously, when trying to add a duplicate entry in Admin Access control, the error message stated: "There is already a matching entry in FDH/share/.htaccess".

Resolution: Now, when trying to add a duplicate entry in Admin Access control, the error message states: "There is already a matching entry in .htaccess".

SecureTransport 5.3.3 Patch 27

00918405

RDST-10180

Issue: Previously, cancelled file downloads from the Shared Folder application became grayed out in the SecureTransport Web Client and users couldn't download such files.

Resolution: Now, a cancelled file download still remains grayed out but is available to download - by a single or double-click, or by using the context menu (using a right-button click on the filename). The file status is restored to normal after successful download.

00924057

RDST-10577

Issue: Previously, CG variables STSESSION_FLOWNAME and FLOWNAME were populated incorrectly when queueing more than one file in a single session.

Resolution: Now, the variables are populated correctly.

00914425

RDST-9074

Issue: Previously, when replacing an existing file, but with different content in SecureTransport Web Client, the transfer was getting stuck with status "Reading".

Resolution: Now, the TransferQueue component has been fixed and file replacement is operating properly.

00916877
00917995

RDST-9481

Issue: Previously, when importing an account with more than one SSH login key, only one of the SSH login keys was actually imported.

Resolution: Now, when importing an account with more than one SSH login key, all SSH login keys are imported.

SecureTransport 5.3.3 Patch 28

00877508RDST-9960

Issue: Previously, it was not possible to verify a fingerprint generated with an algorithm different than MD5 in SSH transfer sites.

Resolution: Now, fingerprint with MD5, SHA-1 or SHA-256 format can be set in SSH transfer site and a certificate SSH key fingerprint generated with the three different algorithms is visualized in the Adminsitration Tool UI and REST API.

00938597RDST-11442

Issue: Previously, when FIPS mode was enabled, the SecureTransport SSH daemon did not promote the diffie-hellman-group-exchange-sha256 key exchange algorithm.

Resolution: Now, when FIPS mode is enabled, the SecureTransport SSH daemon correctly promotes the diffie-hellman-group-exchange-sha256 key exchange algorithm.


Fixes in SecureTransport 5.3.5

The following issues and have been addressed:

Case ID

Internal ID

Description

SecureTransport 5.3.5 Patch 4

00879661

RDST-3699

Issue: Previously, there was a missing secure attribute in the encrypted session (SSL) cookie loggedIn.

Resolution: Now, the attribute is added to the encrypted session (SSL) cookie.

SecureTransport 5.3.5 Patch 5

none

STWC-2038

Issue: Previously, the attachment couldn't be removed after DLP scan and the message containing it couldn't be re-sent.

Resolution: Now, when a message sent with ST Web Client is blocked by the DLP the message "Revise message and attachments for sensitive words or information and try sending again" is prompted to the user.

none

STWC-1986

Issue: Previously, the Web Client displayed file statuses based on the latest upload done through it.

Resolution: Now, the Secure Transport Web Client displays the file status properly.

00889141

RDST-5521

Issue: Previously, the installation of the patch on the secondary node of the Enterprise Cluster was failing.

Resolution: Now, the patch has been applied successfully.

00873451 00873451

RDST-3996 RDST-4522

Issue: Previously, there were multiple security vulnerabilities regarding the following jar files servlet-api-2.4.jar and spring-core-3.1.0.RELEASE.jar, which were part of the Pluggable Transfer Sites samples.

Resolution: Now, those jars have been removed for the Generic HTTP and Sharepoint samples. The jar servlet-api-2.4.jar for the SMB pluggable transfer site has been upgraded to a non-vulnerable version. The new version is javax.servlet-api-3.0.1.jar.

00800002

RDST-3519

Issue: Previously, unlicensed users which are allowed to reply to packages were not able to add attachments when replying.

Resolution: Now, unlicensed users can add attachments in message replies.

SecureTransport 5.3.5 Patch 6

00883614RDST-4223

Issue: Previously, when an email was sent using the SecureTransport Web Client, for a certain period of time the SecureTransport Web Client was checking if the message was sent successfully or if it was blocked because it contained sensitive information. If any of these two scenarios took place before the allotted time expired, the user received an alert or was prompted to check for the status of the message.

Resolution: Now, this behavior is controlled by two configuration options:
sendPollingInterval and sendPollingRetries.
The latter sendPollingRetries option defines how many times the SecureTransport Web Client will check for the status of the message, while the sendPollingInterval option defines the waiting time between successive checks in milliseconds.

Note: The options must be added to ric/custom/stwebclient.config.json

{
...
"mailbox": {
"sendPollingInterval": 500,
"sendPollingRetries": 10
}
...
}

00866964STWC-2075

Issue: The expiration interval when forwarding/editing a saved package to Drafts using the SecureTransport Web Client must correspond to the Default Expiration Interval and the Maximum Expiration Interval defined in the AdHoc Settings.

Resolution: Now, with installing patch 6 this is fixed.

NoneSTWC-2081

Issue: Previously, an error alert appeared when the user attached a file and then deleted the attachment.

Resolution: Now, with installing patch 6 this issue is fixed.

00892159STWC-2096

Issue: Previously, when a file was transferred over System-to-Human Transfer Site, the recipient received a new AdHoc message in the SecureTransport Web Client, but they were not able to open it.

Resolution: Now, with installing patch 6 this issue is fixed.

00894097STWC-2101

Issue: Previously, when an email was sent, the tracking information was available only in the contextual Details menu.

Resolution: Now, with installing patch 6, the tracking information is visible next to subject.

00897870RDST-6905

Issue: Previously, after a new patch update, the SecureTransport/share/ftdocs/html/skin/ric/custom folder was overwritten.

Resolution: Now, when updating with a new patch, this folder will not be available in the backup list and will not be overwritten. If it is missing, the Axway Installer will create it.

00893056RDST-6246

Issue: Previously, there were differences in table columns SUBTRANSMISSIONSTATUS and SUBTRANSMISSIONSTATUS_TEMP.

Resolution: Now, with installing patch 6, this issue has been resolved, but this change will not be reverted on patch uninstall.

00896839RDST-6557

Issue: Previously, it was not possible to import accounts with a configured "secret question".

Resolution: Now, accounts with a configured "secret question" can successfully be imported in SecureTransport.

00895060RDST-6438

Issue: Previously, when a user's account was locked, the user was able to log back in.

Resolution: Now, when a user's account is locked, the user will not be able to log back in.

00865986RDST-5190

Issue: Previously, the aliasQuery column in Ldap_Domain table was varchar with 255 symbols in length.

Resolution: Now, this column has 1024 symbols in length and it will preserve this length when patch 6 is uninstаlled.

SecureTransport 5.3.5 Patch 7

00917381

RDST-9566

Issue: Previously, after legacy import, an administrator could not create a new subscription folder.

Resolution: Now, a subscription folder can successfully be created after a legacy import.

00918080
00898735

RDST-7487

Issue: Previously, when a user was signing in via SSH, no information was logged about the SSH handshake (key exhange algorithm, hmac, etc.).

Resolution: Now, the SSH handshake information could be logged by setting the level of logging of com.tumbleweed.st to debug in {FDH}/conf/sshd-log4j.xml.

00919112

RDST-9616

Issue: Previously, when the Http.ServerHeaderTokens configuration was set to "None", the Login settings page of the Administration Tool displayed errors.

Resolution: Now, when the Http.ServerHeaderTokens configuration is set to "None", the Login settings page of the Administration Tool loads without errors.

00920762
00920646
00919110
00836811

RDST-10306

Issue: Previously, Cache-control and Pragma headers were missing from some HTTP daemon responses.

Resolution: Now, the missing headers are correctly sent as part of all HTTP daemon responses.


Fixes in SecureTransport 5.3.6

The following issues and have been addressed:

Case ID

Internal ID

Description

SecureTransport 5.3.6 Patch 2

00891013

RDST-5726

Issue: Previously, it was possible to use GET requests to log in user when single sign-on (SSO) was skipped or disabled.

Resolution: Now, only POST requests can be used to log in user when single sign-on (SSO) is skipped or disabled.

00890551

RDST-5586

Issue: Previously, when navigating to the Accounts tab in the SecureTransport Server and when the "Secret Question" feature is enabled, a missing secret question warning notification "User hasn't set his secret question" was displayed.

Resolution: Now, when navigating to the Accounts tab in the SecureTransport Server and when the "Secret Question" feature is enabled, a missing secret question warning notification "User has not set his secret question" is displayed.

none

RDST-5889

Issue: Previously, in case of password reset with a secret answer provided, the full content of the byte buffer used to store the answer, was hashed.

Resolution: Now, in case of password reset with secret answer provided, only the actual content of the byte buffer used to store the answer, is hashed.

00890551

RDST-5589

Issue: Previously, when a download operation of an encrypted file with an Encrypt mode set to disable was failing, the server log did not display the actual reason for the failure.

Resolution: Now, when a download operation of an encrypted file with an Encrypt mode set to disable is failing, the server log displays the actual reason for the failure.

00890806

RDST-5673

Issue: Previously, security scans reported vulnerabilities in servlet-api-2.4.jar, which was part of the SMB pluggable transfer site, the SharePoint pluggable transfer site and the Generic HTTP pluggable transfer site.

Resolution: Now, the SMB pluggable transfer site is using a non-vulnerable version which is javax.servlet-api-3.0.1.jar. Both the SharePoint pluggable transfer site and the Generic HTTP pluggable transfer site, are not dependent on servlet-api-2.4.jar.

SecureTransport 5.3.6 Patch 3

00861050

RDST-5145

Issue: Previously, all PeSIT server-initiated pushes from SecureTransport to Axway Gateway were failing when the Checkpoint Interval and the Checkpoint Window fields in the transfer sites were set to 0. In this case a file could not be transferred for 60 seconds under certain conditions like big file size or slow network speed.

Resolution: Now, a new Pesit.Client.Inactivity.Timeout configuration option has been added. It allows the 60 seconds timeout to be adjusted, so all PeSIT server-initiated pushes from SecureTransport to Axway Gateway are successful when the Checkpoint Interval and the Checkpoint Window fields in the transfer sites are set to 0.

00887242

RDST-4803

Issue: Previously, SecureTransport stored its local private keys unencrypted on the filesystem.

Resolution: Now, the keys are moved to the database and the one that remains is encrypted.

00888484

RDST-5157

Issue: Previously, there was vulnerability related with {FDH}/lib/certs/private/secret file.

Resolution: Now, the vulnerability is mitigated.

00891390

RDST-5859

Issue: Previously, SecureTransport did not reset the failed logins counter after a successful login.

Resolution: Now, the failed logins counter is reset when the user performs successful login.

00892738

RDST-6109

Issue:Previously, when user operates with Account -> Administrators menu, the Administration Tool was not functioning normally and stopped working for some time.

Resolution: Now, the failed logins counter is reset when the user performs successful login. Now, when user operates with Account -> Administrators menu, the Administration Tool is functioning normally.

SecureTransport 5.3.6 Patch 4

00881833

RDST-5271

Issue: Previously, when an HTTP transfer was canceled or aborted, SecureTransport reported an incorrect error message to Axway Sentinel.

Resolution: Now, when an HTTP transfer is canceled or aborted, SecureTransport reports a correct error message to Axway Sentinel.

00857780

RDST-1426

Issue: Previously, when trying to add a duplicate entry in Admin Access control, the error message stated: "There is already a matching entry in FDH/share/.htaccess".

Resolution: Now, when trying to add a duplicate entry in Admin Access control, the error message states: "There is already a matching entry in .htaccess".

00897870

RDST-6703

Issue: Previously, after updating with patch, SecureTransport/share/ftdocs/html/skin/ric/custom folder was overwritten.

Resolution: Now, when updating with patch this folder will not be in backup list and will not be overwritten. Only if it is missing, Axway Installer will create it.

00892963

RDST-6186

Issue: Previously, SSH transfer sites performed password authentication over keyboard-interactive and unsuccessful login attempts generated two failed login attempt for a single file transfer attempt.

Resolution: Now, ssh transfer sites perform password authentication only.

00894127

RDST-6207

Issue: Previously, administrator with Accounts privileges could not manage Mail Templates for account.

Resolution: Now, administrator with Accounts privileges can manage Mail Templates for account.

00894127

RDST-6206

Issue: Previously, administrator with Accounts privileges could not use templates bounded to account.

Resolution: Now, administrator with Accounts privileges can use templates bounded to account.

SecureTransport 5.3.6 Patch 5

00902234

RDST-7520

Issue: Previously, after installing SecureTransport 5.3.6 Patch 3, certificate generation and import would fail.

Resolution: Now, the import and generation of certificates is successful.

SecureTransport 5.3.6 Patch 6

00895182

RDST-6395

Issue: Previously, certificates used for signing and encryption where not preserved in AS2 transfer site settings during account duplication.

Resolution: Now, certificates used for signing and encryption are preserved in AS2 transfer site settings during account duplication.

Note: For successful creation or duplication of AS2 Transfer Site, combination of ST Server Settings AS2 Name and Remote Site Settings AS2 Name fields must be unique in AS2 Transfer Sites.

00896158

RDST-6522

Issue: Previously, users could request a password reset by only entering an email address.

Resolution: Now, SecureTransport can be configured to require both username and matching email address before proceeding with the password reset.

00896682

RDST-6555

Issue: Previously, user was unable to delete files if using Box with Stripe Template.

Resolution: Now, user is able to delete files if using Box with Stripe Template.

00891738

RDST-6847

Issue: Previously, file upload via legacy HTML skin templates did not work correctly.

Resolution: Now, file upload via legacy HTML skin templates works correctly.

00892540

RDST-5983

Issue: Previously, the directory created by Shared Folder application, was writable for everyone.

Resolution: Now, the new SharedFolder.Application.Default.Directory.Permissions configuration option has been added. It allow you to set a default umask, used for the directories created by the SharedFolder application, so the permissions can be restricted. Note: All existing shared folder applications must be re-saved in order the new permissions to be applied. The option will work only on UNIX based systems on non-root installations. On root installations only the value of 777 will work properly.

00894931

RDST-6393

Issue: Previously, audit log entries did not specify if certificate export contains export of private key.

Resolution: Now, audit log entries contains information about what is being exported during certificate export.

00895610

RDST-6416

Issue: Previously, unlicensed user were allowed to reply to messages even when "Allow reply to packages" was disabled.

Resolution: Now, unlicensed users will not be allowed to reply to packages if that option is disabled.

SecureTransport 5.3.6 Patch 7

00881069
00861050

RDST-433

Issue: Previously, SecureTransport did not disable the PeSIT Checkpoint, when sending files to CFT, if CFT does not send values during negotiation.

Resolution: Now, SecureTransport disable the PeSIT Checkpoint and Window when sending files to CFT, in case that CFT does not send values for PeSIT Checkpoint and Window.

00898902

RDST-6868

Issue: Previously, the AS2 "Server" header was always set to "Axway SecureTransport AS2" when the AS2 daemon returned a response.

Resolution: Now, there is a As2.ServerHeaderTokens configuration option with two possible values: "Full" and "None". If the "Full" value is configured, the "Axway SecureTransport AS2" value will be set for the AS2 "Server" header. If the "None" value is configured, then the AS2 "Server" header will be "Unknown".

00866229

RDST-6402

Issue: Previously, all PeSIT server-initiated pushes from SecureTransport to Axway Gateway failed when the Checkpoint Interval and the Checkpoint Window fields in transfer sites were set to 0. In this case a file could not be transferred for 60 seconds under certain conditions; for example, large file size or slow network speed.

Resolution: Now, the new Pesit.Client.Inactivity.Timeout configuration option has been added. It allows the 60 seconds timeout to be adjusted, so all PeSIT server-initiated pushes from SecureTransport to Axway Gateway are successful when the Checkpoint Interval and the Checkpoint Window fields in transfer sites are set to 0.

00894933

RDST-6394

Issue: Previously, P_NUM_DAYS_TO_PREBUILD was not configurable.

Note: Value of the system property partitionsMaxNumberToPrebuild should be changed, if you want to exceed maximum partition number limit.

00896838

RDST-6770

Issue: Previously, there was an annoying prompt for missing login policy rights when trying to edit an account with a Delegated Admin without log-in restriction rights.

Resolution: Now, there is no prompt for missing login policy rights when trying to edit an account with a Delegated Admin without log-in restriction rights.

00899214

RDST-7096

Issue: Previously, Account importing from the backend using an xml_import tool was logged in the audit log with the username and IP of the last admin to update the account.

Resolution: Now, Account importing from the backend using an xml_import tool is logged correctly in the audit log with an empty username and IP address of the admin.

00897737

RDST-6764

Issue: Previously, when an Administrator's session timed out while using certificate authentication and a server control update action was performed, the Services settings were lost.

Resolution: Now, the Administrator will be presented with a session expired page when attempting to change the server control settings with an expired session.

00897562

RDST-6670

Issue: Previously, the list of Transfer Sites in the Advanced Routing SendToPartner step could not be resized.

Resolution: Now, the list of Transfer Sites in the Advanced Routing SendToPartner step is resized dynamically when the Add Route Step window is resized.

00893476

RDST-6171

Issue: Previously, SecureTransport did not report which PGP key was used to encrypt/decrypt/sign files.

Resolution: Now, there's a log message, reporting the key ID that performed each operation.

00896136

RDST-6556

Issue: Previously, password reset did not work when there was a difference between the account name and the login name.

Resolution: Now, password reset works when there is a difference between the account name and the login name.

SecureTransport 5.3.6 Patch 8

00903321
00898147

RDST-6827

Issue: Previously, there was a concurrency issue in SecureTransport, which caused the TransactionManager to hang and stop processing.

Resolution: Now, the concurrency issue in SecureTransport is fixed and the TransactionManager no longer hangs.

00901727

STWC-2156

Issue: Previously, ST Web Client did not send all necessary cookies to the server when making AJAX calls.

Resolution: Now, ST Web Client sends all necessary cookies to the server when making AJAX calls.

00901047

RDST-7539

Issue: Previously, when an user was subscribed to a Shared Folder Application and the folder was renamed or deleted on the filesystem, the user was unable to log in.

Resolution: Now, when an user is subscribed to а Shared Folder Application and the folder is renamed or deleted on the filesystem, the user is able to log in and a message about incorrect folder mapping is logged in the server log.

00898452

RDST-7134

Issue: Previously, it was impossible to send notifications and then delete a file on client download action, using Advanced Routing settings.

Resolution: Now, it is possible to send notification and then delete a file on client download action, using Advanced Routing settings.

SecureTransport 5.3.6 Patch 9

none

RDST-7020

Contains fixes for SecureTransport reporting and it is prerequisite for Embedded Analytics for SecureTransport.

00902091

RDST-7722

Issue: Previously, when using REST API a different SSH finger print representation was shown for imported x509 certificates / ssh keys as opposed to ones, generated in the SecureTransport Administration Tool.

Resolution: Now, when using REST API the finger print representation of all x509 certificates / ssh keys are the same as the one, generated in the SecureTransport Administration Tool.

00896324
00907079

RDST-8101
RDST-8309

Issue: Previously, the entries in the TransferProtocolCommands table were saved with transfer IDs in a hostname+timestamp format, that resulted in a constraint validation exception on MySQL, because there were no such IDs in the TransferDetails table.

Resolution: Now, the entries in the TransferProtocolCommands table are saved with the real transfer IDs from the related transfer in TransferDetails table.

00890551

RDST-6687

Issue: Previously, SecureTransport did not report which authentication mechanism was used to log in a user.

Resolution: Now, there's a log message, reporting the authenticator type, that performed the authentication.

SecureTransport 5.3.6 Patch 10

00891042

RDST-7404

Issue: Previously, ST allowed simultaneous upload of files with the same file names over SSH.

Resolution: Now, ST does not allow simultaneous upload of files with the same file names over SSH.

00910538

STWC-2165

Issue: Previously, ST Web Client was sending an unauthorized Ajax request as a return of JSON or HTML URLs. Calls from the ST Web Client without session-cookies were being sent. Some proxies are blocking such requests and therefore the ST Web Client did not work properly.
Resolution: Now, the AJAX requests in ST Web Client have been updated to include the credentials and the requested resources are properly loaded.

00910274

STWC-2166

Issue: Previously, when replacing an existing file, but with different content in 5.3.6 ST Web Client, the transfer was stuck with status "Reading".

Resolution: Now, the TransferQueue component has been fixed and the file replacement is operating properly.

00910274

STWC-2167

Issue: Previously, in ST Web Client after a file was deleted, the next file in order could not get selected using the click of a mouse.

Resolution: Now, the selection in file list grid is working properly.

00907804
00904297

RDST-8168

Issue: Previously, in ST Web Client, the reset password functionality failed when there was more than one account with the same email address. ST 5.3.6 patch 6 provided a way (username + email address ) to uniquely identify the user, requesting the password reset. However, in the case when the email address was not unique, a server-side error was thrown.

Resolution: Now, the password reset functionality is working properly for accounts with the same email address.

00907268

RDST-8318

Issue: Previously, when resubmitting outgoing transfer made with Send to Partner step with the overwrite upload folder setting, SecureTransport was sending the file in the transfer site upload folder.

Resolution: Now, when resubmitting outgoing transfer made with Send to Partner step with the overwrite upload folder, SecureTransport sends the file in the upload folder specified in the Send to Partner step.

00911416

RDST-8743

Issue: Previously, the loading of File Tracking page was very slow, due to a large number of applications with lots of business units assigned to them, which had to be loaded in the advanced search criteria.

Resolution: Now, only the application name is loaded from the database when loading the File Tracking, so the advanced search brings the results faster.

00909698
00906713

RDST-8297

Issue: Previously, when Http.ServerHeaderTokens configuration option was set to "None", the login settings page of SecureTransport Administrator Tool displayed errors.

Resolution: Now, when Http.ServerHeaderTokens configuration option is set to "None", the login settings page of SecureTransport Administrator Tool loads without errors.

00906733

RDST-8275

Issue: Previously, when Admin.Host configuration option was set, the mkadmin script did not work.

Resolution: Now, when Admin.Host configuration option is set, the mkadmin script is working properly.

00905470RDST-8126

Issue: Previously, an upgrade from SecureTransport 5.3.3 to SecureTransport 5.3.6 disabled the admin certificate based login if the option was enabled.

Resolution: Now, an upgrade from SecureTransport 5.3.3 to SecureTransport 5.3.6 preserves the admin certificate based login if enabled.

SecureTransport 5.3.6 Patch 11

none

RDST-8973

Issue: Previously, opening the subscriptions page of an account was taking more than 2 minutes to display. Closing or saving a subscription within an account also caused the Admin GUI to hang.

Resolution: Now, opening of the subscriptions page is not longer delayed and closing or saving a subscription within an account no longer causes the Admin GUI to hang.

none

RDST-9158

Issue: Previously, both v1.4/passwordReset/requestLink and myself/resetPassword could be used.

Resolution: Now, myself/resetPassword resource is deprecated and v1.4/passwordReset/requestLink must be used instead.

00907804

RDST-8634

Issue: Previously, when the secret question functionality was enabled and the secret answer was not configured, the user was able to change the password.

Resolution: Now, there is a new configuration option Users.SecretQuestion.Required. If this option is true, the user cannot change the password when the secret question functionality is enabled and the current user has not configured the secret answer.

00903666

RDST-8056

Issue: Previously, on permanent transfer failure, the attribute isAlert was reported as 0 to Axway Sentinel.

Resolution: Now, on permanent transfer failure, the attribute isAlert is reported as 1 to Axway Sentinel.

00903871

RDST-8412

Issue: Previously, XML and JSON annotations in SecureTransport End-User API version 1.4 resource were inconsistent.

Resolution: Now, XML and JSON annotations in SecureTransport End-User API version 1.4 resource are consistent.

00901851

RDST-7718

Issue: Previously, unlicenced users could not reply to messages from LDAP users in cases when the LDAP server sent attributes that contained square brackets.

Resolution: Now, unlicenced users can successfully reply to messages from LDAP users, regardless of the attribute the LDAP server sends.

00902966

RDST-8682

Issue: Previously, SecureTransport did not provide detailed information about the route steps execution in File Tracking.

Resolution: Now, SecureTransport provides step execution status in File Tracking Transfer Details view.

SecureTransport 5.3.6 Patch 12

00917572

RDST-9413

Issue: Previously, an application could not be subscribed to an existing account.

Resolution: Now, an application can be subscribed to an existing account.

00909200

RDST-8606

Issue: Previously, there was a missing secure attribute in the encrypted session (SSL) cookie loggedIn.

Resolution: Now, the attribute is added to the encrypted session (SSL) cookie.

SecureTransport 5.3.6 Patch 13

00911416

RDST-8743

Issue: Previously, opening the subscriptions page of an account and an application page was taking more than 2 minutes to display. Closing or saving a subscription within an account also caused the Admin GUI to hang. Opening and closing accounts/subscriptions for more than 8 times by one or more logged admins, caused the Admin GUI to hang.

Resolution: Now, opening the subscriptions/application pages works without delay and closing or saving a subscription within an account no longer causes the Admin GUI to hang. Opening and closing accounts/subscriptions for more than 8 times by one or more logged admins, no longer causes the Admin GUI to hang

00895610

STWC-2122

Issue: Previously, when SecureTransport Web Client adhoc settings were configured with default and maximum expiration intervals, the configured values didn't apply when replying to or forwarding an email.

Resolution: Now, the maximum and default expiration intervals are applied when replying to or forwarding an email the same way they apply when composing one.

SecureTransport 5.3.6 Patch 15

00921249

RDST-9902

Issue: Previously, the SecureTransport Web Client compose and view mail dialogs were vulnerable to XSS attacks.

Resolution: Now, extra protection against DOM XSS attacks has been added to the SecureTransport Web Client compose and view mail dialogs and they are no longer vulnerable to XSS attacks.

00904153

RDST-8694

Issue: Previously, the trigger file could not have the same name as the file transferred with the send to partner step.

Resolution: Now, the trigger file can have the same name as the file transferred with the send to partner step.

00917573

RDST-9414

Issue: Previously, a user's e-mail was used as a password reset identifier.

Resolution: Now, a combination of a username and an email address is used when the PasswordReset.requireUsername option is set to true.

00919517

RDST-9646

Issue: Previously, the integrity packet was skipped during encryption.

Resolution: Now, the integrity packet is set during encryption.

SecureTransport 5.3.6 Patch 16

00920334
00923637

RDST-10214
RDST-10219

Issue: Previously, the folder monitor was traversing every monitored folder as many times per run as there were enabled accounts. That was causing a big performance degradation in the folder monitor service.

Resolution: Now, the folder monitor is traversing every monitored folder just once per run.

00917014

RDST-9567

Issue: Previously, there were missing database indexes, which caused performance issues when opening the file tracking details.

Resolution: Now, the indexes are added and no performance issues are observed when opening the file tracking details.

00920762
00920646
00919110
00836811

RDST-523

Issue: Previously, Cache-control and Pragma headers were missing in some HTTP daemon responses.

Resolution: Now, the missing headers are added to all HTTP daemon responses.

00910866

RDST-9510

Issue: Previously, there were occurrences of unexpected swaps of administrators' accounts that were logged in using SSO.

Resolution: Now, no such swaps occur for administrators' accounts logged in with SSO.

00917109

RDST-9319

Issue: Previously, server audit logs did not show the login IP addresses of administrators.

Resolution: Now, server audit logs show IP address of the successfully logged in administrators.

00919286

RDST-9617

Issue: Previously, an incorrect administrator name was logged in the Server Log while performing account import using the xml_import utility.

Resolution: Now, the correct administrator name is logged in the Server Log while performing account import using the xml_import utility.

00910520

RDST-8667

Issue: Previously, a delegated administrator with 'Read Only' privileges was able to resubmit transfers.

Resolution: Now, delegated administrator with 'Read Only' privileges cannot resubmit transfers.

00909728

RDST-8659

Issue: Previously, LDAP users were unable to upload files to a shared folder.

Resolution: Now, LDAP users are able to upload to a shared folder.

SecureTransport 5.3.6 Patch 18

00925819

RDST-10319

Issue: Previously, the advanced routing steps reported success on actual failure of step execution.

Resolution: Now, the actual state of the step execution is reported.

00917037

RDST-10294

Issue: Previously, populating the list of routes when creating or editing an Advanced Routing subscription took very long time to load.

Resolution: Now, the load time is greatly reduced.

00923097
00914983

RDST-9618

Issue: Previously, master administrators with Login restrictions and Accounts editing privileges, however excluding Business units access, were receiving an error when attempting to create / edit a Restriction Policy or a User Account. The error pop-up message stated an "Insufficient permissions" error.

Resolution: Now, the pop-up does not appear and such administrators are able to manage those pages correctly.

SecureTransport 5.3.6 Patch 20

00927524

RDST-10410

Issue: Previously, the email notification fields in the Advanced Router had a maximum length limitation of 255.

Resolution: Now, the maximum length of email notification fields is 2048.

00897812

RDST-9237

Issue: Previously, filtering of transfers by resubmit criteria was not available on the File Tracking page.

Resolution: Now, the File Tracking page features a filter to display transfers which are resubmitted or not.

00921308

RDST-9903

Issue: Previously, SecureTransport was vulnerable to CVE-2017-9801 due to an old version of Apache Commons Email being used.

Resolution: Now, SecureTransport uses an updated version of Apache Commons Email.

00915851

RDST-9218

Issue: Previously, the SecureTransport Web Client default translation.json file didn't have definitions for some notifications in files REST API - share and rename actions.

Resolution: Now, the SecureTransport Web Client default translation.json file is updated with the definitions for the missing notifications.
Note: All customers that have custom translations should update translation.json file for all locales in order to see the translated texts.
See the Readme.htm for SecureTransport 5.3.6 Patch 20 for more info.

00917109

RDST-10202

Issue: Previously, Audit logs [Server Log] did not show the IP address of an account with unsuccessful login attempts.

Resolution: Now, the Audit logs [Server Log] show the IP address of an account with unsuccessful login attempts.

00926697

RDST-10380

Issue: Previously, the 'Make a Directory' restriction was blocking 'Publish To Account' AR when a folder had to be created.

Resolution: Now, target account folder in Publish to account is created successfully no matter if the 'Make a Directory' restriction is set.

00928523

RDST-10511

Issue: Previously, administrator dual authentication could not be performed.

Resolution: Now, administrator dual authentication is available.

00924942

RDST-10835

Issue: Previously, data migration from Standard Cluster to Enterprise Cluster was failing.

Resolution: Now, data migration from Standard Cluster to Enterprise Cluster is successful.

SecureTransport 5.3.6 Patch 21

00931258RDST-10683

Issue: Previously, a save attempt of Route Package of an account was generating an error. A respective error message was displayed but quickly disappeared from the screen and the administrator was returned to route packages list with no changes applied. Also, it was impossible to save a Character Replace step when the 'Replace' field was empty and the option 'Strip lines starting with find string' was checked.

Resolution: Now, this behavior is fixed and no error occurs while saving route package. Also, you can save the 'Character Replace' step when 'Strip lines starting with find string' is checked and the 'Replace' field is empty.

00841686
00863095
00929919
00933122
RDST-529

Issue: Previously, the dayOffset() expression language function was only available in Advanced Routing.

Resolution: Now, the function is also exposed for usage in transfer sites.

00924593RDST-10853

Issue: Previously, there were duplicate ICAPScan rules added in AdvancedRouting.xml.

Resolution: Now, there are no duplicate entries in AdvancedRouting.xml.

00920341RDST-10367

Issue: Previously, there was a difference in Sentinel Event reporting between 5.0 and 5.3.6

Resolution: Now, when a user uploads a file and its transfer is still in-progress, a RECEIVING state will not be reported to Sentinel for all consequent attempts to upload a file with the same name.

SecureTransport 5.3.6 Patch 22

00919857RDST-9676

Issue: Previously, various accessibility issues have been reported with the SecureTransport Web Client.

Resolution: Now, all these issues have been fixed.

00915814RDST-9231

Issue: Previously, compose dialog in SecureTransport Web Client AdHoc appeared with broken styles in Internet Explorer 11 on new recipients addition.

Resolution: Now, Internet Explorer 11 specific fixes are applied to compose dialog and the recipients are displayed normally.

00924239RDST-10228

Issue: Previously, when a user tries to reset their password with a valid email and an invalid username, a NullPointerException was logged in the server log.

Resolution: Now, a proper message is being logged in the server log - "Account with email <email_address> and login name <username> not found!"

00935254RDST-11172

Issue: Previously, patch 8 cleared the agentlist file.

Resolution: Now, the new agent is appended and previous content of the file is not deleted.

00928809RDST-10703

Issue: Previously, /siteTemplates resource was not working.

Resolution: Now, the /siteTemplates resource is working properly.

00919231RDST-9993

Issue: Previously, when Sentinel was enabled, the resubmit functionality was not working.

Resolution: Now, the resubmit functionality is working regardless of the Sentinel state.

00936230
00908876
00927157
00933024
00935563
RDST-9238

Issue: Previously, SecureTransport intermittently failed to send email notifications.

Resolution: Now, all email notifications are sent successfully.

00921754RDST-9968

Issue: Previously, SecureTransport WebClient was redirecting the user to a timeout page on session timeout because of a loggedin cookie.

Resolution: Now, the loggedin cookie on unauthorized requests is removed.

SecureTransport 5.3.6 Patch 23

00943859RDST-11977

Issue: Previously, empty replace sequence in character replacement doesn't work after patch 22 installation.

Resolution: Now, empty replace sequence in character replacement work correctly.

noneRDST-11596

Issue: Previously, Previously, File Tracking does not have possibility to report the file transfer mode over Pluggable Transfer Site Service Provider Interface.

Resolution: Now, File Tracking have possibility to report the file transfer mode over Pluggable Transfer Site Service Provider Interface.

00939259RDST-11600

Issue: Previously, File Tracking searches by application was showing only inbound transfers.

Resolution: Now, File Tracking searches by application correctly show both inbound and outbound transfers.

00927597RDST-10510

Issue: Previously, the "Route file as" option was not taken into account when Connect:Direct transfer site was used.

Resolution: Now, the "Route file as" option works as expected when Connect:Direct transfer site is used.

00920895RDST-9810

Issue: Previously, an incorrect admin name was logged in the audit log and server log, when using the mkadmin script.

Resolution: Now, in the audit log, empty name and empty remote address are logged as blank, and in the server log the performer of the action is logged as 'system'.

00928808RDST-10565

Issue: Previously, setting the same basename of a trigger file as the file being transferred was not successful.

Resolution: Now, setting the same basename of a trigger file as the file being transferred is successful using the transferredfilename variable.

00937030
00918437
RDST-10141

Issue: Previously, PGP decryption failed when the original PGP file and the decrypted file were named with the same filename.

Resolution: Now, PGP decryption is successful when the original PGP file and the decrypted file are named with the same filename.

00928873RDST-10549

Issue: Previously, there was no way to evaluate routes against the original (raw) filename on AS2.

Resolution: Now, using the transfer.rawsource variable allows the routes to be evaluated against the original (raw) filename on AS2.

SecureTransport 5.3.6 Patch 25

00947275
00943263
RDST-11951
RDST-12067

Issue: Previously, the Delete action when configured in the Post Routing Settings was not being triggered with Advanced Routing subscription folder.

Resolution: Now, the Delete action when configured in the Post routing Settings is being triggered successfully with Advanced Routing subscription folder.

00915322RDST-9179

Issue: Previously, a log4j warning message appeared when the user was logging in through Edge via FTP/SFTP protocols.

Resolution: Now, the log4j warning message no longer appears.

00916513RDST-10525

Issue: Previously, it was not possible to apply a file archiving restriction based on file size.

Resolution: Now, a new File Archiving setting is added: "Maximum file size allowed to archive". If the file size equals or exceeds the max size limit, it will not be archived. Empty or zero value means there is no file size limit.
Note: The setting allows only integers.

00920646RDST-9935

Issue: Previously, the HttpOnly flag was not set in the loggedIn cookie.

Resolution: Now, the HttpOnly flag is always set in the loggedIn cookie.

00939356
00916752
RDST-10369

Issue: Previously, requests to open a shared folder with multiple sub-folders was failing and resulting in timeouts due to a limitation in the Streaming protocol.

Resolution: Now, this limitation is mitigated by introducing a new configuration option Streaming.Response.BatchSize, which allows such requests to be processed in batches. The default batch size value is 100.
Note: In order to change the value of the new configuration option, you must restart the HTTPd service.

00942066
00929186
RDST-10622

Issue: Previously, it was not possible to update with a new patch when a SMB pluggable transfer site was installed.

Resolution: Now, the update with a new patch on a deployment that includes an installed SMB pluggable transfer site is successful.

00935524RDST-11302

Issue: Previously, attempts to rename a file when the account had an "Overwrite a File" restriction were not successful.

Resolution: Now, an account that has an "Overwrite a File" restriction can successfully rename a file.

00915977
00928210
00928089
RDST-10468

Issue: Previously, 11 GB file ssh upload was causing OOM (Out of Memory) error for SecureTransport sshd streaming threads.

Resolution: Now, the Out Of Memory error is fixed.

SecureTransport 5.3.6 Patch 26

00945217RDST-12160

Issue: Previously, ${stenv.target} variable did not get populated with the resulting value from 'Route file as' option in the Send To Partner step using Connect:Direct.

Resolution: Now, the ${stenv.target} variable is correctly populated with the resulting value from 'Route file as' option in the Send To Partner step using Connect:Direct.

00937084RDST-11303

Issue: Previously, applying post routing settings was not working if routing was triggered without a payload.

Resolution: Now, post routing settings work properly regardless of the route payload.

00936125RDST-11427

Issue: Previously, the end-user could not remove the entry from the SecureTransport Web Client uploads monitor because the Remove button was not displaying.

Resolution: Now, the Remove button is correctly displayed and the end-user can delete entries from SecureTransport Web Client uploads monitor.

00938325RDST-11556

Issue: Previously, when there was a password policy, it was displayed only after the end user has tried to change his password and there was a mismatch with the password policy.

Resolution: Now, when there is a password policy configured, it is displayed when the password change page is loaded.

00929170RDST-10805

Issue: Previously, there were some leftover MDC properties in AdvancedRouting executing threads. When the threads were checked out of the thread pool for subsequent use, the MDC properties from the previous execution of the AdvancedRouting were being reported again.

Resolution: Now, the MDC properties are removed when they are not needed, so the thread can be used again with a clean environment.

00912055RDST-8869

Issue: Previously, when importing a certificate with fingerprint that already existed, no server log entry was being logged.

Resolution: Now, when importing a certificate with fingerprint that already exists, the server log entry is properly logged.

00912055RDST-8868

Issue: Previously, when importing an account with more than one SSH login key, only one of the SSH login keys was actually imported.

Resolution: Now, when importing an account with more than one SSH login key, all respective SSH login keys are imported.

00946962RDST-12253

Issue: Previously, the PGP Decryption Advanced Routing step was failing on attempts to decrypt large files.

Resolution: Now, the PGP Decryption step successfully decrypts large files.

00943556RDST-11976

Issue: Previously, the GET /siteTemplates/{name} request was not working correctly.

Resolution: Now, the the response should be according the given name as parameter.

SecureTransport 5.3.6 Patch 27

noneRDST-12159

Issue: Previously, line endings of some files were corrupted when transferred via pluggable transfer site.

Resolution: Now, line endings of files are not corrupted when transferred via pluggable transfer site.

00943906RDST-12220
RDST-12221

Issue: Previously, SecureTransport Web Client was vulnerable to CVE-2015-9251 and CVE-2016-10707 due to an old version of jQuery (2.2.4) library being used.

Resolution: Now, jQuery and its dependent libraries (jQuery migrate, JsRender and Mousetrap) are upgraded to their latest stable version.

00928429RDST-10854

Issue: Previously, transfers blocked by ICAP server were not displayed correctly in the File Tracking interface.

Resolution: Now, all transfers blocked by ICAP server are correctly displayed.

00910414RDST-8633

Issue: Previously, the logout URI was not correct in skins other than "SecureTransport Web Client" when SecureTransport was behind an IBM WebSeal reverse proxy.

Resolution: Now, the logout URI in such a setup is correct.

00931912RDST-10716

Issue: Previously, administrators without access to the certificate page were not able to use the global certificates in the PGP encryption step, including for the sole purpose of signing.

Resolution: Now, administrators without access to the certificate page are able to use the global certificates in the PGP encryption step for the purpose of signing only.

00944853RDST-12255

Issue: Previously, loading of certificates in pluggable transfer sites was slow because of certificate chain verification.

Resolution: Now, loading of certificates in pluggable transfer sites goes faster when the query parameter disableChaining is set to true and chain verification is skipped.

SecureTransport 5.4 Resolved Defects

The following issues and have been addressed:

Case ID

Internal ID

Description

00960822RDST-13590

Issue: Previously, due to a defect in Internet Explorer 11, the "Your Files" menu and its child folders in the ST Web Client (left upper corner) were not displaying correctly.

Resolution: Now, two new configuration options have been added: Http.EnableStaticFileCache and Http.StaticFileCacheTimeout have been added. When EnableStaticFileCache is set to false, the headers which are set in response are:

  • Cache-Control: no-cache, no-store, must-revalidate
  • Pragma: no-cache
  • Expires: 0 on FireFox and Chrome/Chromium and -1 on Internet Explorer

When EnableStaticFileCache is configured to true, the headers which are set in response are:

  • Cache-Control: public, max-age=${StaticFileCacheTimeout}
  • Pragma: public
  • Expires: ${StaticFileCacheTimeout}

00946702

RDST-12285

Issue: Previously, the “Open pattern help” button for the Basic and Advanced Routing applications in the “Post Routing Settings” and “Post Transmission Settings” sections are confusing.

Resolution: Now, the tooltip text for the Basic and Advanced Routing applications in the “Post Routing Settings” and “Post Transmission Settings” sections has been modified.

00947612

RDST-12275

Issue: Previously, SecureTransport Administrators Guide suggests that "Delete user account" deletes the home folder.

Resolution: Now, SecureTransport Administrators Guide is updated.

00939922

RDST-11930

Issue: Previously, the 'xml_export' utility does not work on SecureTransport Edge.

Resolution: Now, the 'xml_export' utility should not be present on SecureTransport Edge so it was removed.

00941604

RDST-11755

Issue: Previously, there was a discrepancy between product behavior and documentation for ‘taeh’ file in SecureTransport Installation Guide.

Resolution: Now, SecureTransport Installation Guide has been updated.

00919850

RDST-11599

Issue: Previously, the denied user IP was not presented in SecureTransport Server log.

Resolution: Now, the denied user IP is presented in SecureTransport Server log.

00918540

RDST-11598

Issue: : Previously, there were some corner cases where AdvancedRouting configured to start file processing based on trigger file arrival, failed to process files uploaded sequentially by the SFTP client to SecureTransport Server, in the same sftp session just before the 'trigger' file.Now, AdvancedRouting configured in Trigger File Mode successfully process all the files being uploaded in the same sftp session prior to the trigger file arrival.

Resolution: Now, this issue is fixed.

00918730

RDST-10986

Issue: Create an additional index for TRANSFERRESUBMITDATA

Resolution: Now, additional index on TRANSFERRESUBMITDATA table was created.

00928766

RDST-10702

Issue: Previously, when the user changes its password when and administrator updates the account at the same time, the user password is reverted to the one before the password change.

Resolution: Now, when the user changes its password when and administrator updates the account at the same time, the user password is not reverted to the one before the password change.

00925382

RDST-10246

Issue: Previously, Generic HTTP Transfer Site did not process some file types.

Resolution: Now, Generic HTTP Transfer Site process all supported file types.

00923117

RDST-10070

Issue: Previously, “Retrieve Files Now” button did not work correctly with Site Mailbox application.

Resolution: Now, “Retrieve Files Now” button works correctly with Site Mailbox application.

00919306

RDST-9809

Issue: Previously, the rotate_db script does not run when executed from cygwin cron.

Resolution: Now, the rotate_db script runs successfully when executed from cygwin cron.

00915831

RDST-9416

Issue: Previously, Logout link in download.html was impossible to see after rebranding.

Resolution: Now, Logout link in download.html is visible after rebranding.

00917109

RDST-9319

Issue: Audit logs [Server Log] do not show what IP an account logs in from

Resolution: none

00914932

RDST-9036

Issue: ST: [REST API] "Real User" field not exposed trough REST API (REF RDST-406)

Resolution: none

00910486

RDST-8660

Issue: In ST 5.3.3 to 5.3.6 Administration Guide, there is an error in the explanation for Session Timeout menu.

Resolution: Updated the Documentation Updates section of Axway SecureTransport 5.3.3 Patch 26 Readme, Axway SecureTransport 5.3.6 Patch 11 Readme and Axway SecureTransport 5.3.8 Administrator Guide.

00906578

RDST-8343

Issue: Security Vulnerability Full Path Disclosure 2.

Resolution: Now the issue is resolved.

00906578

RDST-8342

Issue: Security Vulnerability Windows username disclosure.

Resolution: Now the issue is resolved.

00891042

RDST-7404

Issue: ST does not properly lock the files being uploaded.

Resolution: Now the issue is resolved.

00900885

RDST-7388

Issue: Certificates missing from the AS2 transfer site when duplicating an Account.

Resolution: Now the issue is resolved.

00900044

RDST-7121

Issue: Import a third-party CA signed certificate with ST generated CSR fails.

Resolution: Import a third-party CA signed certificate with ST generated CSR now works.

00899214

RDST-7096

Issue: When importing accounts from the backend - using the FDH/bin/xml_import tool - in the Audit log the wrong admin User Name is logged: it is the admin User Name of the last admin to update an account from the UI.

Resolution: Now the issue is resolved.

00898902

RDST-6868

Issue: Suppress Server HTTP Header on AS2 service.

Resolution: A new configuration option is added - As2.ServerHeaderTokens. This configuration option accept 2 values - "None" and "Full". The default value is "Full". If "Full" is used the returned Server header is Axway SecureTransport AS2. If "None" is used then "Unknown" is returned as value for Server header.

00895309

RDST-6795

Issue: Pull fails when ZeroByteWildcardPullAllowed is true and Upload Restrictions in place.

Resolution: ST now behaves correctly even if there are Upload Restrictions in place.

00895643

RDST-6774

Issue: The Set-Cookie is empty in the REST responses from Admin. In addition the Expires field seems incorrect - set to 1970.

Resolution: The Set-Cookie has the Secure and HttpOnly flags.

00896838

RDST-6770

Issue: Annoying prompt for missing login policy rights when working with a Delegated Administrator.

Resolution: Now the issue is resolved.

00895968

RDST-6702

Issue: Previously, ICAP scanning was sporadically starting after Advanced Routing post processing actions were triggered.

Resolution: Now, ICAP scanning is starting before Advanced Routing execution.

00897562

RDST-6670

Issue: Account Transfer Sites list not resizable in "Send to Partner" AR step.

Resolution: The box populated with the transfer sites is now resizable.

00894045

RDST-6437

Issue: Previously, the Advanced Routing variable {account.user.class} described in the Administrators Guide did not print the expected result.

Resolution: Now, the variable {account.user.class} has been updated to {account.user.className} into the documentation and works as expected.

00884451RDST-5985Issue:

Previously, import of certificates generated by IBM ikeyman was impossible.


Resolution: Now, certificates generated by IBM ikeyman is possible.

00890577

RDST-5773

Issue: There was a customer request for a more explicit configuration step explanation for the cluster setup with the shared file system in the Getting Started guide.

Resolution: Another section called Shared Storage was added in the Getting Started guide and it was incorporated under Initial Configuration chapter between the Setup steps section and the View server log messages section.

00826131
00960829
RDST-4408

Issue: Previously, account mapping used to lay on user’s username.

Resolution: Now, account mapping lays on user’s login name.

00885368
00878147

RDST-3378

Issue: Incorrect file permissions when uploading to OS SSHD. SecureTransport couldn't change the file permissions while uploading to the OS SSH daemon. This occurred on Linux and AIX.

Resolution: Now the issue is resolved.

00877019

RDST-3298

Issue: It's not possible to change the permissions of a shared folder when one or more users have emails with combination of uppercase and lowercase characters. When the users have only uppercase letters or lowercase letters in their emails it works, the issue is only when there is a combination of both.

Resolution: Editing permissions is now possible and is not dependent on the case of the letters in the email.

00868589

RDST-2699

Issue: Previously, the ${parentFolder(transfer.targetDir)} variable used to return incorrect path.

Resolution: Now, the ${parentFolder(transfer.targetDir)} variable returns correct path.

00867603

RDST-2620

Issue: Previously, when email was sent with an attachment and it expires improper error message used to appear when clicking on the link.

Resolution: Now, when email is sent with an attachment and it expires proper error message appears when clicking on the link.

00869978RDST-2615

Issue: Previously, the Administrator's Guide described expression language statements in a legacy format not valid for Advanced Routing.

Resolution: Now, the expression language statements have been updated to the correct format.

00869138

RDST-2558

Issue: Previously, there is no "Reorder" functionality for Filesystem Restrictions.

Resolution: Now, "Reorder" functionality for Filesystem Restrictions was introduced.

00868096

RDST-2482

Issue: Previously, an unnecessary .stfs directory in the monitored folder was created.

Resolution: Now, unnecessary .stfs directory in the monitored folder is not created.

00862150

RDST-1793

Issue: Previously, no logs were reported in Server log when failed connection attempt through SSH when Client Certificate Authentication is Mandatory.

Resolution: Now, logs are reported in Server log when failed connection attempt through SSH when Client Certificate Authentication is Mandatory.

00860065

RDST-1697

Issue: Previously, transfers with status “Transfer resubmitted” were not presented in the exported transfer logs.

Resolution: Now, transfers with status “Transfer resubmitted” are presented in the exported transfer logs.

00850709

RDST-985

Issue: Previously, when file was overwritten information in SecureTransport Web Client was confusing.

Resolution: Now, when file is overwritten in SecureTransport Web Client appropriate error message is displayed.

00844589RDST-556

Issue: Previously, JSON Parameter Pollution (JPP) (A web attack evasion technique that allows an attacker to craft a json request in order to manipulate or retrieve hidden information) evasion technique based on splitting an attack vector between multiple instances of a parameter with the same name. By submitting the same parameter twice or more in the same request, the application can be fooled and cause the server to validate a parameter but use another.

Resolution: Now, the mechanism, used in SecureTransport for JSON deserialization, guarantees that only the validated one parameter will be used later.

00842951

RDST-555

Issue: Previously, it was possible to delete an application in use.

Resolution: Now, it is not possible to delete an application in use.

00842953
00842960

RDST-553
RDST-554

Issue: Previously, it was possible to rename user classes that are currently in use.

Resolution: Now, it is not possible to rename user classes that are currently in use.

00842131

RDST-541

Issue: Previously, when uploading a file over SFTP containing Unicode characters was now working correctly.

Resolution: Now, when uploading a file over SFTP containing Unicode characters is working correctly.

00842120

RDST-533

Issue: Uploading a file with the unicode characters "\u2028\u2029" results in a permanent 500 and kills the SFTP service after you log in and run ls.

Resolution: Now the issue is resolved.

00827561

RDST-510

Issue: There is no option which can provide control on which protocols (Mind protocols, not Ciphers or whatsoever) can be accepted by the Admin daemon. The nature of the request in general is to have ability to disable TLSv1.0 for the Admin daemon.

Resolution: The Admin.Ssl.protocols option is added to control the TLS version accepted by the Admin daemon.

00826131
00960829

RDST-470

Issue: Previously, a SecureTransport Enterprise Cluster installation used to fail if database password contains some special characters.

Resolution: Now, SecureTransport Enterprise Cluster installation can be installed even if database password contains special characters.

00806254

RDST-462

Issue: Previously, the user invoking External Script step from Advanced Routing on Windows was not able to be impersonated.

Resolution: Now, the user invoking External Script step from Advanced Routing on Windows can be impersonated.

00802032RDST-456

Shutdown and Startup scripts require a lock file in /var/lock/subsys for RHEL and Oracle Linux.

Workaround: Modify the init script based on the RedHat requirements i.e. create a lock file in /var/lock/subsys/ after starting the services and delete the lock file after stopping the services.

For more information, see this Support KB article.

00729469

RDST-384

Issue: Previously, account import fails when there are special characters in the transfer site name.

Resolution: Now, account import is successful when there are special characters in the transfer site name.

ST Web Client corrections and fixed issues

ST Web Client 5.4 provides the following corrections and fixed issues:

Case ID

Internal ID

Description

00910274

STWC-2166

Issue: Previously, when replacing an existing file, but with different content in 5.3.6 ST Web Client, the transfer was stuck with status "Reading".

Resolution: Now, the TransferQueue component has been fixed and the file replacement is operating properly.

00901727

STWC-2156

Issue: Previously, ST Web Client did not send all necessary cookies to the server when making AJAX calls.

Resolution: Now, ST Web Client sends all necessary cookies to the server when making AJAX calls.

none

STWC-2130

Issue: Previously, the SecureTransport WebClient user was still logged in after killing the session from the Usage Monitor of the administration panel instead of being re-logged.

Resolution: Now, the SecureTransport WebClient user is successfully re-logged after killing the session from the Usage Monitor of the administration panel.

00891792

STWC-2111

Issue: Previously, the password policy was not displaying consistently in ST Web Client.

Resolution: Now, the password policy is displaying consistently in ST Web Client

00894097STWC-2101

Issue: Previously, when an email was sent, the tracking information was available only in the contextual Details menu.

Resolution: Now, with installing patch 6, the tracking information is visible next to subject.

00892159STWC-2096

Issue: Previously, when a file was transferred over System-to-Human Transfer Site, the recipient received a new AdHoc message in the SecureTransport Web Client, but they were not able to open it.

Resolution: Now, this issue is fixed.

00891077

STWC-2095

Issue: Previously, the ST Web Client SAML logout was not working properly, leaving the user logged on.

Resolution: Now, the SAML logout is performing correctly, ending the user's session.

00891850

STWC-2090

Issue: Previously, users of ST Web Client were not able to see the complete name of uploaded files in the transfer queue if those names were long.

Resolution: Now, truncated values in the transfer queue grid and other ST Web Client grids are entirely shown in the tooltip displayed on mouse over.

00885929

STWC-2083

Issue: Previously, Internet Explorer was not displaying the ST Web Client log in page correctly.

Resolution: Now, Internet Explorer displays the ST Web Client pages correctly.

00836819

STWC-2077

Issue: Previously, autocomplete was not disabled by default with out-of-the-box SecureTransport in the ST Web Client interface input fields (e.g. “User Name” field).

Resolution: Now, autocomplete is disabled by default with out-of-the-box SecureTransport in the ST Web Client interface input fields.

00866964STWC-2075

Issue: The expiration interval when forwarding/editing a saved package to Drafts using the SecureTransport Web Client must correspond to the Default Expiration Interval and the Maximum Expiration Interval defined in the AdHoc Settings.

Resolution: Now, with installing patch 6 this is fixed.

none

STWC-1986

Issue: Previously, the Web Client displayed file statuses based on the latest upload done through it.

Resolution: Now, the Secure Transport Web Client displays the file status properly.

Known issues and limitations

Case IDInternal IDDescription
noneD-94999When creating a new file or directory whose name begins with a dot (.ssh or .profile), the file and directory will become inaccessible. Additionally, it is not possible to access or to remove directories or files whose names begin with a dot. However, the directories remain visible in the side-menu until there is refresh and then they become ghost directories or files. They are still present since another directory or file with the same name cannot be created.
00800843D-97719When a user who starts SecureTransport Administration service has the JRE_HOME variable defined in their OS environment variables, JRE_HOME is not revalidated and the Tomcat process is started with Java executable from JRE_HOME instead of Java executable inside the SecureTransport installation.
Workaround: Unset the JRE_HOME variable before starting the SecureTransport Administration service.
noneD-103631Due to a Java Critical Patch update, certificates, using the MD5 signature algorithm can no longer be used. Details: https://blogs.oracle.com/java-platform-group/entry/strengthening_signatures_part_2.
noneD-106421Uploading files from a mapped network drive using SecureTransport Web Client and Microsoft Edge browser results in a 0-bytes successful transfer. The problem is that Microsoft Edge can not correctly load files form a network location. This is a browser specific issue that's why it is also reproducible if any other SecureTransport HTML template is used. But is not reproducible if any other supported browser is used.
noneRDST-266A SiteMinder user with an account template cannot use Advanced Routing. File copy to the subscription folder fails.
00148039RDST-415Pull of non-existing file over FTP (plain) going through Edge socks proxy, results in incorrect error reported : "Connection refused" or "Connection timed out" rather than "No such file or directory"
00802032RDST-456Shutdown and Startup scripts require a lock file in /var/lock/subsys for RHEL and Oracle Linux.
Workaround: Modify the init script based on the RedHat requirements i.e. create a lock file in /var/lock/subsys/ after starting the services and delete the lock file after stopping the services.
For more information, see this Support KB article.
00829196RDST-517Timestamp is not displayed correctly for files older than 6 months.
When listing the directory content, the file modification time is not displayed for files and directories older than 6 months. Through the web interface, the output for timestamps of these files is '00:00'.
00820864RDST-551Secure Client does not display the correct year in the "Last modified" date field when the last modification has occurred during the previous year. The date is displayed incorrectly only if the file modification date falls within a 6-month period prior to current date. This occurrence is a result of a limitation with Linux systems. SecureTransport uses the ls -l command to list files and the output of this command does not specify the months as belonging to a previous year in the case described.
00848806RDST-761When the Compress step of Advanced Routing uses ZIP to compress files, the timestamp (created/accessed/modified) information for the compressed files is not maintained inside the archive.
noneRDST-795File archiving fails when a real user on Microsoft Windows uploads a file.
noneRDST-1987Locally stored sandbox folders are not purged when a two-node cluster failover takes place.
Workaround: Manually clean the sandbox folders.
00848610 RDST-2330When a transfer site name is changed, the SecureTransport administrator must manually update the transfer site name across all screens where this transfer site name is referenced (for example, in the "Send To Partner" step/route).
noneRDST-2231When SecureTransport is installed without DATA_PUMP, there is a default export directory value in the database for the Log Entry Maintenance application and the application will not trigger because of an exception.
Workaround: Set the export directory of the Log Entry Maintenance application using the REST API exportDir command.
noneRDST-2320SecureTransport fails to push files to SharePoint over plain HTTP when a HTTP proxy is configured.
noneRDST-2590A permanent database failure on the primary SecureTransport node does not trigger a cluster failover and recovery in an Active/Active Standard Cluster.
noneRDST-4116The SecureTransport Administration Tool pages are displayed poorly using Microsoft Internet Explorer 11 when the Administration Tool is accessed using a hostname (resolved via etc\hosts file).
Workaround: Disable Display Intranet sites in Compatibility View.
noneRDST-4154SecureTransport users that are SSO authenticated by an account template cannot receive emails. They can send emails, but the user and their emails are external to SecureTransport. Responding to their emails is not possible.
Workaround: Create and authenticate users using virtual accounts with externally stored passwords.
noneRDST-4245ST Web Client folders cannot be shared with SSO user accounts authenticated by an account template, because the users and their emails are external to SecureTransport.
noneRDST-4252SecureTransport users that are SSO authenticated by an account template cannot be used in the Advanced Routing Publish to Account route step.
noneRDST-4253SecureTransport is not be able perform server-initiated pushes or pulls over HTTP to and from another SecureTransport instance if the second instance requires SSO user authentication. HTTP transfer site does not support SSO authentication and cannot authenticate against SecureTransport server which requires SSO authentication.
00883513RDST-4304Under very rare circumstances, when upgrade process is executed on Solaris, it might fail with the following error: "A fatal error has been detected by the Java Runtime Environment". It has been discovered that it is related to a rare defect in JRE as described here: http://bugs.java.com/view_bug.do?bug_id=8032207.
Suggested workaround: Following the suggested steps have led to successfully finishing the upgrade process, so we encourage customers to try:
  1. Manually download the latest 32-bit Java 7 Runtime Environment for the respective platform and architecture from https://www.java.com/en/download/manual.jsp.
  2. Extract the JRE downloaded in Step 1 into a temporary folder.
  3. Set the JAVA_HOME environment variable to the value of the folder where the JRE was extracted into in Step 2.
  4. Retry the upgrade process.
noneRDST-4364When an action is performed from an iframe to a HTTPS site and the site certificate is not valid, Microsoft Internet Explorer does not send the request because it does not trust the site. This prevents the user from successfully logging out. For proper operation with Microsoft Internet Explorer 11 and Microsoft Edge, the SecureTransport and Identity Provider certificates should be valid.
noneRDST-4835SecureTransport responds with an Internal Server Error (ISE) when the end-user logs out, but its session in the Identity Provided (IdP) is already closed.
noneRDST-5051SecureTransport responds with HTTP Status 403 Authentication failed when the administrator logs out, but its session in the Identity Provider (IdP) is already closed.
noneRDST-5055Enrolled users will not be able to log in if the Identity Provider (IdP) is setup to return the Name ID in other than email format. Another approach is enrolled users to use an IdP which returns the Name ID in email format, this way they will be logged in correctly.
noneRDST-5306When Single Sign-On (SSO) is Enabled and Client certificates for Administrators is set to Optional and there is a certificate in the user's browser keystore, an administrator will be prompted for a Certificate Selection even when they will be authenticated using an Identity Provider. This prompt could be ignored.
noneRDST-8316Administrators cannot perform certificate authentication when the certificate's Common Name (CN) contains special characters like multiple spaces and tabs.
noneRDST-8601SecureTransport will not send an email notification when a user reaches their threshold of successful log-in attempts.
00904471RDST-8833Administrators cannot import certificates with older builds of Internet Explorer 10 or Internet Explorer 11.
Workaround: Update your Internet Explorer 10 or Internet Explorer 11 browser to the latest build.
noneRDST-11121In SecureTransport Web Client, the following "Go to" shotcuts are not working properly: "g + f", "g + m" navigate correctly to the respective pages (Your Files and Mailbox) but on each page the focus is expected to be on the corresponding tree. Also, the "g + q" shortcut navigates correctly to the Uploads queue page but the focus is expected to be on the list of transfer.
noneRDST-11210In SecureTransport Web Client, when a folder is currently shared and the 'Share' pop-up is opened once again, the collaborator entries are still read by JAWS as 'This folder is not shared with anyone yet.'.
noneRDST-11266Failover functionality is not working when Transaction Manager is suspended during files transfer processing.
noneRDST-11552SecureTransport verifies only the first negotiable certificate fingerprint of remote SSH host certificates.
noneRDST-12024Password Policy resource is not available for Unlicensed users and on an attempt to make a request to it SecureTransport will return HTTP Error 401 - Unauthorized.
noneRDST-12090A Site Minder account cannot log in to SecureTransport on Microsoft Windows.
noneRDST-12484When more than one authentication plugin is registered using the Pluggable Authentication Interface only one of them will be possible to be enabled at any certain time.
noneRDST-12558When trying to share folder with user's email that should be recognized with a template account, SecureTransport tries to identify the user's email through LDAP, even though LDAP is not configured and is disabled. The folder is successfully shared and email notifications are sent but the server log contains an error. b. This behavior is only observed when SecureTransport is on Microsoft Windows.
noneRDST-13419Enterprise Cluster communication among nodes is not possible when IPv6 addresses are used during cluster configuration.
noneRDST-13514In SecureTransport Web Client, when an Unlicensed user becomes a Licensed user and attempts to share a folder with an LDAP user, the process never completes.
noneRDST-13737Upgrade from SecureTransport 5.3.6 to SecureTransport 5.4 fails in the cases when transfers have never been executed and maintenance applications have never been started (used).
noneRDST-14005After upgrading to SecureTransport 5.4 from SecureTransport 5.3.6 with patch version later than Patch 30, the 'Dual Authentication' options are set to 'Disabled' and have to be configured again.

Documentation

This section describes the related documentation.

Go to Axway Support at https://support.axway.com to find all documentation for this product version.

SecureTransport 5.4 provides the following documentation:

  • SecureTransport Administrator's Guide – This guide describes how to use the SecureTransport Administrator's Tool to configure and administer your SecureTransport Server. The content of this guide is also available in the Administration Tool online help.
  • SecureTransport REST API documentation – The portal published API documentation derived from the API Swagger documents. To access the administrator API documentation, go to SecureTransport Administrator API v1.4. To access the end-user API documentation, go to SecureTransport End-User API v1.4.
  • SecureTransport Appliance Guide - This guide provides the SecureTransport Appliance installation, configuration, and operation instructions. It also provides SecureTransport installation and upgrade instructions for Axway Appliances.
  • SecureTransport Capacity Planning Guide – This guides provides information useful when planning your production environment for SecureTransport.
  • SecureTransport Developer's Guide – This guide provides the descriptions and usage of the plug-able information for the SecureTransport Pluggable Transfer Site and how to implement a Pluggable Transfer Site. It also provides Swagger REST API integration instructions and custom Address Book source implementation instructions.
  • SecureTransport Getting Started Guide – This guide explains the initial setup and configuration of SecureTransport using the SecureTransport Administrator setup interface.
  • SecureTransport Installation Guide – This guide explains how to install and uninstall SecureTransport on UNIX-based platforms and Microsoft Windows.
  • SecureTransport Release Notes – This document contains information about new features and enhancements, information received after the finalization of the rest of the documentation, and a list of known and fixed issues.
  • SecureTransport Security Guide – This guide provides security information necessary for the secure operation of the SecureTransport product.
  • SecureTransport Software Development Kit (SDK) – A set of software development tools and examples that allow extending SecureTransport by consuming and implementing available APIs.
  • SecureTransport Upgrade Guide – This guide explains how to upgrade SecureTransport on UNIX-based platforms and Microsoft Windows.
  • ST Web Client Configuration Guide – This guide describes how to configure and customize ST Web Client user interface.
  • ST Web Client User Guide – This guide describes how to use the ST Web Client.
  • SecureTransport on AWS Installation & Setup guide – Installation & Setup document to outline a standard reference deployment on AWS (Amazon Web Services).
  • SecureTransport on Azure Installation & Setup guide – Installation & Setup document to outline a standard reference deployment on Microsoft Azure (Microsoft Azure Cloud Computing Platform).

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.


Related Links