Axway SecureTransport 5.5 Release Notes

Document version: 26 June 2020

SecureTransport 5.5 is a General Availability release. This document applies to: Axway SecureTransport Server 5.5, Axway SecureTransport Edge 5.5, and Axway SecureTransport Web Client 5.5 for all supported platforms, databases, and cluster types.

The information in this document supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.


About this release

File packages:

  • SecureTransport_5.5_Install_ap-x86-64_BN114.zip
    MD5 checksum: b637da5ced8112d454434ffe5e4a9f2b
    Size: 2.81 GB
  • SecureTransport_5.5_UP1-from-7.2_ap-x86-64_BN114.zip
    MD5 checksum: 99a7e8ecfd4584e9bf7c358a1afbd571
    Size: 2.16GB
  • SecureTransport_5.5_Install_aix-power-64_BN2306.zip
    MD5 checksum: eb25e82d631caa83ebd77efa5bd8111b
    Size: 513.67 MB
  • SecureTransport_5.5_Install_linux-x86-64_BN2306.zip
    MD5 checksum: 11433f6723c0a8eed7a65036f4ea9a9c
    Size: 930.67 MB
  • SecureTransport_5.5_Install_win-x86-64_BN2306.zip
    MD5 checksum: 250eafebd345ae76164d7618eac9a985
    Size: 806.82 MB
  • SecureTransport_5.5_UP1-from-5.4_aix-power-64_BN2306.zip
    MD5 checksum: 366acaef18097f55011efb503fd42431
    Size: 520.77 MB
  • SecureTransport_5.5_UP1-from-5.4_win-x86-64_BN2306.zip
    MD5 checksum: f5de32ddce194137ff325ec3aec8ae48
    Size: 814.7 MB
  • SecureTransport_5.5_UP1-from-5.4_linux-x86-64_BN2306.zip
    MD5 checksum: b9f3f59b7a098a6cc0340031c29e720e
    Size checksum: 937.93 MB
  • SecureTransport_5.5_DockerImage_edge_linux-x86-64_BN2306.tar.gz
    MD5: acb348e30f97439c6db17496de2b0979
    Size: 448.43 MB
  • SecureTransport_5.5_DockerImage_server_linux-x86-64_BN2306.tar.gz
    MD5 checksum: 8d5cf77edbd62e985cad9552ce4a7003
    Size: 460.8 MB

SecureTransport new features and enhancements

The enhancements and improvements in SecureTransport 5.5 Release Notes are organized into several categories:

Deployment enhancements

Containerized deployment of SecureTransport

Starting with the SecureTransport 5.5 release, the SecureTransport administrators have the option to deploy SecureTransport Servers or Edges as Linux (RHEL) Containers using Docker Engine as the container runtime and Kubernetes as the container orchestrator.

The containerized delivery of SecureTransport consists of two docker images (one for Edge and one for Server) that can be downloaded from the Axway Support Portal.

The support for Kubernetes as container orchestration engine:

  • Simplifies the SecureTransport Edge/Server update procedure
  • Adds the ability to manually and automatically scale the Edge/Server deployments without any additional steps

Zero downtime in active-passive deployment

With SecureTransport 5.5, the switchover of an active Enterprise cluster to a passive one is facilitated to complete with insignificant to no downtime.

Zero downtime is a concept that allows to smoothly redirect traffic from an active Enterprise cluster to a passive Enterprise cluster without experiencing interruptions in file transfers and event logging. This feature allows you to finish current ongoing transfers on the current cluster and smoothly redirect new ones to your normally passive (backup) cluster.

This is extremely useful for preparing your initially active cluster for upgrades or maintenance while keeping running your current transfers. When necessary, you can use the same zero downtime procedure to switch back to your initial setup.

As part of this feature SecureTransport 5.5 offers the ability to perform graceful shut down of the Transaction manager, Protocol servers or the entire SecureTransport Server node.

Graceful shutdown of Transaction Manager

The SecureTransport Administration Tool provides the option to gracefully shut down the Transaction manager server. With this feature you can plan a Transaction Manager stop without abrupt cancellation of current transfers. Note that all protocol servers must be stopped prior Transaction Manager graceful shutdown.

A dedicated configuration option allows the SecureTransport administrator to define the period to "wait" for existing transfers to complete before initiating the shutdown process.

Graceful shutdown of protocol servers

Graceful shutdown of protocol servers allows a shutdown of all servers with the selected protocol daemon without abrupt cancellation of the currently ongoing client-initiated transfer sessions.

Dedicated configuration options per protocol allow the SecureTransport administrator to define the period to "wait" for existing CITs to complete. During that period, new uploads and downloads are not permitted.

Graceful shutdown of SecureTransport Server

As part of this enhancement, the SecureTransport 5.5 administrator can gracefully shut down the SecureTransport Server node. This allows you to stop the SecureTransport server without abrupt cancellation of current transfers.

The dedicated configuration options for Transaction Manager and protocols servers allow the SecureTransport administrator to define the period to "wait" for existing transfers to complete before initiating the shutdown process.

Option to add SecureTransport Server by FQDN instead of IP address

The SecureTransport administrator is given the option to add SecureTransport Server to a cluster by typing its FQDN in the following format: [host name].[domain].[tld]. The option is added to the Operations -> Cluster Management page in the SecureTransport Administration Tool. This feature is also implemented for external databases in an Enterprise Cluster.

Support for custom JDBC URLs

SecureTransport 5.5 allows database administrators to specify custom JDBC connection strings for Oracle and Microsoft SQL Server databases. This new feature enables SecureTransport to connect to complex Oracle database configurations like Data Guard or combination of RAC and Data Guard. The custom connection string can be configured either via the Administration Tool or the Admin REST API by using the newly introduced /configurations collection that contains resources for managing the database configuration.

Start/Stop Folder Monitor and Scheduler via Admin REST API and Administration tool

With SecureTransport 5.5, the option to start and/or stop the Folder Monitor and Scheduler are added to the Extended Server Control page in the SecureTransport Administration tool. As part of this feature, corresponding start and stop resources are exposed in the Admin REST API.

Report SecureTransport deployment info to Sentinel

With SecureTransport 5.5, reporting to Sentinel is enhanced with the following changes:

  • XFB ST Info - a new object which contains various SecureTransport deployment info including: number of active accounts, product version, current patch version, list of installed plugins and their versions, etc.
  • XFB Transfer - the Transfer object is now reported with an additional property: EnvironmentId.

The new SecureTransport 5.5 package for Sentinel is available for download on Axway Support website.

URL binding support

SecureTransport 5.5 offers basic support for URL binding. This allows SecureTransport servers (both SecureTransport Edge and Server) to work behind a load balancer that does not support 'sticky-sessions'. When a SecureTransport HTTP server is reached, the browser URL is replaced with the configured one allowing unobstructed processing.


Extensibility and API enhancements

End-user & Admin REST API version 2.0

With the release of SecureTransport 5.5, a new version of the End-user & Admin API services is presented: 2.0. Compared to previous versions, the 2.0 of both APIs provide more consistency and compliance with latest practices.

An important improvement is the simplified Partner onboarding by allowing you set up a partner account with bulk configurations.

The Admin API offers several new resources including options to view and change various configurations (LDAP domains, clustered management, file archiving, etc.).

Apart from new resources and consistency, the admin API includes features such as:

  • field filtering - the ability to specify preferred sets of returned data (as selections from a large list)
  • field search - the ability to find objects based on common properties (for example, get a list of all transfer sites that are using a specified host server)
  • wildcard search in File Tracking - several scenarios to retrieve file transfers by starting or trailing symbols (or both), as well as filenames containing any string, etc.

Pluggable Authorization enhancements

  • Certificate and SSL context service in Pluggable Authorization:
    • The CertificateService allows validation of login certificate against the SecureTransport certificate stores, as well as specific certificate attributes in custom authorization flows.
    • The SSLContext service can be used to establish secure SSL connections to external services from within the plugins.
  • An Expression evaluator service is added to allow evaluation and validation of expressions used in custom authorization plugins.

Pluggable Authentication expression evaluator

An Expression evaluator service is added to allow evaluation and validation of expressions used in custom authentication plugins.

Pluggable Transfer Site enhancements

  • SPI 1.7 exposes a new service - SSLContextService - that can be used when connecting over a secure connection to a remote partner.
  • custom parameters can be added in REST API Pull requests and used in any Transfer Site.
  • custom parameters can be added in REST API Pull requests and preserved in a sequential Advance Routing step (for example Send To Partner)
  • a generic log method added with Pluggable Transfer Sites
  • ability to notify SecureTransport for executed post-transmission actions (PTAs) to report in SecureTransport File Tracking
  • two new services are exposed - TransferAttributesData and AccountAttributesData - that can be respectively used for reading transfer and account-related attributes of the currently transferred file.
  • The Certificate Service of Pluggable Transfer Sites is now able to get the complete x509 certificate.
  • The Certificate Authentication mechanism is improved to support multiple plugins.
  • Plugins can pass two new properties through the RemotePartner object - one for identifying the network connection port and one for identifying the remote impersonated entity.
  • Plugins can also report executed PTAs to File Tracking.

Pluggable Advanced Routing Step SPI 1.1

Pluggable AR Step SPI 1.1 exposes three new services - CertificateService, LoggingService, and ExpressionEvaluatorService - that can be used for certificate parsing and validation against the SecureTransport keystore, logging messages, and exceptions with a different log level, evaluating and validating expressions.


Reporting enhancements

Improved SecureTransport to Sentinel reporting

The reporting of transfer related events to Axway Sentinel is improved. The following Sentinel attributes are now reported in more states for both PeSIT and non-PeSIT transfers:

  • SenderId
  • ReceiverId
  • OriginalSenderId
  • FinalReceiverId
  • UserID
  • Site

In addition, the RFC code of the cipher suite used during a SSL/TLS session is now reported to Axway Sentinel in the SSLCypher attribute.

Note To use this enhancement, you need to install the new version of SecureTransport Package for Sentinel.

End-to-end tracking of files transferred over SFTP

SecureTransport 5.5 supports Sentinel end-to-end tracking of SFTP transfers established across the following Axway products: SecureTransport and Transfer CFT. The events reported in Sentinel for a single transfer are reported with the same CycleId.

End-to-end reporting covers the below SFTP file transfer cases, with SecureTransport acting as either server or client when transferring files with Transfer CFT.

New Sentinel property: Parent Cycle ID

SecureTransport now reports the Parent Cycle ID in the XFB tracked object.

Improved monitoring of secure server-initiated transfers

The Server log functionality is extended to provide detailed information about each server-initiated transfer for which an SSL connection is successfully negotiated. For such transfers, a message with the following information is shown in the server log:

  • Account name and login name on the server that initiated the transfer
  • Client IP address
  • Negotiated cipher suite

Improved monitoring of secure client-initiated transfers

The Server log functionality is extended to provide detailed information about each Client initiated transfer for which an SSL connection is successfully negotiated. For such transfers, a message with the following information is shown in the server log:

  • Account name and login name of the client that initiated the transfer
  • Client IP address
  • Negotiated cipher suite

Audit log performance improvement

The SecureTransport performance is improved on auditing complex accounts with multiple routes and subscriptions.


Functional enhancements

File Maintenance enhancements

File management in SecureTransport is extended with new options that allow the SecureTransport administrators to automate deletion of old files in the accounts’ home folders, based on age, expiry date, or a matching file name pattern.

As part of this, the administrator can add logic and templates for email notifications regarding file deletion.

File Maintenance is introduced on a global, Business Unit, Account Template or individual User account level. A dedicated File Maintenance application is introduced to perform the actions on a defined schedule.

Account Maintenance enhancements

User account management in SecureTransport 5.5 is extended with new options that allow the SecureTransport administrator to automate the user account lifecycle management by setting criteria for the user account lifetime and prospects upon lifetime expiration – disabling, deletion or purging.

As part of this, the administrator can add logic and templates for email notifications to users about a performed action, password expiry or certificates expiry.

Account Maintenance is introduced on a global, Business Unit or individual User account level. A dedicated Account Maintenance application is introduced to perform the actions on a defined schedule.

Enhanced Authorization and Authentication Service

The functionality of the former Extended Authentication and Authorization add-on (EAAS) is added to the SecureTransport 5.5 core feature set and the authentication and authorization user exits. It includes:

  • Extended LDAP domain search
  • Unified LoggingService and CertificateService for all custom user exits

With this feature, the LDAP search in the SecureTransport Administration Tool is extended in a way that allows the SecureTransport administrator to use any LDAP parameter in a generic search query without additional appending.

Unified SPI services for all user exits

The Logging, Certificate, and Expression Evaluator services have been unified to provide common functionality for all user exits. As part of this task, the LoggingService is added in the Advanced Routing exit, while the previously used method for logging messages is kept for backwards compatibility. The ExpressionEvaluatorService (the ability to evaluate user defined expressions) is added to the authentication and authorization exits.

Configurable Pre-connection in PeSIT Transfer Sites

The PeSIT transfer site configuration is enhanced with options to add Server ID and password and validate it against a Partner ID and password in the PeSIT pre-connection phase.

PeSIT Store and Forward improvements

SecureTransport 5.5 administrators are able to specify the Originator, Final destination, Store and Forward mode, and Connection timeout per PeSIT transfer site. The Originator can also be specified when creating a Send to Partner route step.

Automatic detection of the client SSL mode for PeSIT transfers

The PeSIT Transfer Site restriction to communicate with Transfer CFT over PeSIT SSL/TLS Legacy mode only was removed and a new PeSIT listener with auto-detect SSL mode capabilities is introduced. It is able to detect the SSL mode used by the client and serve requests in both SSL COMP and SSL LEGACY modes. Dedicated configuration options allow the SecureTransport administrator to define the following settings for the listener: status, port number, key alias, key algorithm, trust algorithm, and protocol.

Test SSH Transfer site connection

SecureTransport 5.5 administrators are able to check if an SSH transfer site connection to the remote partner is configured correctly. Available both as user interface in the Administration Tool and exposed as an admin REST API resource. This allows SecureTransport administrators to:

  • Test Connection before or after saving the Transfer Site
  • Automate the testing of existing transfer sites
  • Test by overriding parameters of a Transfer Site

Max Parallel Transfers per Transfer Site

A configuration for Maximum Parallel Transfers is added to the following transfer sites:

  • AS2
  • FTP(S)
  • SSH
  • Generic-HTTP(S)

As part of this, recommended configurations for increased payload in Enterprise and Standard clusters are added.

Alternative connection endpoints

SecureTransport 5.5 introduces the option to add a list of alternative connection endpoints to transfer sites. These endpoints act as backup alternatives to the configured Server-Port Site Settings and are particularly useful in cases of transfer failures.

The SecureTransport administrator can provide ordered lists of endpoints (in the format of IP address or localhost entries) to FTP, HTTP(S), AS2, SSH, and PeSIT transfer sites.

Support for FTP Append with server-initiated transfers using FTP

The FTP transfer site settings are expanded with an option to use the APPE (append) upload command with server-initiated transfers.

The Add Transfer Site settings page for FTP transfer sites now includes the Upload command drop-down list with the following options: STOR(default) or APPE.

As part of this feature, the upload command used is reported to Axway Sentinel and displayed in the Protocol Parameter attribute.

GET version resource updated in REST API

The GET version resource of the Admin REST API (v1.4 and v2.0) is updated to use the following new properties:

  • updateLevel returns the latest successfully installed update.
  • updateHistory returns all updates that are successfully installed on the current SecureTransport implementation. If the current SecureTransport service pack/patch is successfully removed, this update will be removed from update history.
  • spiVersions returns the supported SPIs and their versions.

Superuser execution of External Script in Advanced Routing step

Advanced Routing now allows super user execution of external scripts on the External script step.

Trace log messages from third-party libraries

The Pluggable Transfer Site functionality in SecureTransport now allows tracing log messages. In this way, SecureTransport clients can log custom messages from third-party libraries.

Option to disable folder auto-creation for Publish steps

The Publish to account step in Advanced Routing is enhanced with a check-box option to disable auto-creation of a target folder upon step execution.

Improved monitoring of active users

The Active Users page in the SecureTransport Administration Tool shows the total of currently used licenses. The active users count is also available via the Admin REST API.

Scheduling server-initiated file downloads using cron expressions

The Scheduler now supports cron expressions in Quartz v.1.8.6. Cron expressions can be used for scheduling server-initiated file downloads and maintenance jobs.

Display of user account data: account creation date, last modified

The SecureTransport 5.5 administrator can view user account related data about account creation date and date of last modification. This feature is not available for LDAP users.

Removing weekends from holiday schedule

The SecureTransport 5.5 administrator can define weekends as regular working days in the holiday schedule.

Deprecation of statuschecker and monitor scripts

The status_checker and monitor scripts available in previous versions of SecureTransport are now deprecated.

New method of registering SecureTransport in Central Governance

Starting with SecureTransport 5.5 onward, the registration with Central Governance will occur only on Central Governance level.

As a result, the Central Governance Registration files and the dedicated page in the SecureTransport Administration Tool are removed from the product.

Dual authentication per User class

The Login Settings page in the SecureTransport Administration Tool allows offers options to set dual authentication for selected User classes.

Folder Monitor failover improvements

The Folder Monitor failover mechanism is improved to prevent execution of folder monitor service on more than one node in Enterprise Cluster.

Two new configuration options are introduced to control the heartbeat mechanism:

  • FolderMonitor.heartbeatInterval: heartbeat is going to be sent on specified interval of seconds. Default value is 5 sec.
  • FolderMonitor.heartbeatTimeout: the timeout in seconds after which the Folder Monitor holder will be changed. Default value is 60 sec.

Note: The SecureTransport Standard Cluster is not affected.


Security enhancements

Multi-protocol listeners

With SecureTransport 5.5, the option to add multiple listeners per protocol server is added. You can now configure additional listeners to your FTP, HTTP, AS2, SSH and PeSIT servers.

The new functionality is introduced to the revamped appearance of the Server Control screen in the SecureTransport Administration Tool.

Extended list of supported ciphers and algorithms for SSH

The Maverick client/server and common versions are upgraded, which helps extend the list of the SSH ciphers, Key Exchange and MAC algorithms supported in SecureTransport.

Policy for Minimum password age

The new password policy allows the SecureTransport administrator to set a minimum period (in days) for a repeated password change. This means that when a user changes their password, they will not be allowed to perform this action again until the minimum password age period expires.

File Tracking and Server Log enhancements: Display of originating IP addresses of users behind proxy

File tracking now displays the original IP address of user accounts that perform transfers behind a proxy or a load balancer. As part of this enhancement, the Server Log displays the login, logout and file transfer IP address of a user behind a proxy/load balancer. The new parameter uses the X-Forwarded-For HTTP header for fetching the original IP address of a user account.

HTTP "Strict-Transport-Security" header with AS2 transfers

The Strict Transport-Security HTTP header is now added to AS2 server messages for improved security in AS2 transfers.

DSA key-based authentication for SFTP transfers

SSH keys generated with DSA can be used in SSH transfer sites for initiating server transfers.

Configurable HTTP security headers

SecureTransport adds support for security HTTP headers: Content-Security-Policy, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy and Expect-CT. These headers can be enabled using a dedicated Server Configuration option. The options are per HTTP server.

Configurable cipher suites per transfer site

This feature allows the SecureTransport administrator to configure cipher suites with a selected transfer site for secure server-initiated transfers. Available in Advanced SSL settings for AS2, FTP, HTTPS, SFTP and PeSIT transfer sites.

Configurable minimum length for answer to secret question

A dedicated Server Configuration option allows the SecureTransport administrator to configure the required minimum length of the answer to secret questions for users.


ST Web Client enhancements

GZIP compression of selected static resources file formats for improved HTTP performance

With this feature the SecureTransport administrator can extend the list of static resources file formats for GZIP compression to reduce data traffic and loading time of all ST Web Client pages served by the HTTP server.

Removed deprecated setting in ST Web Client 1.34

The previously deprecated features.secretQuestion.newPasswordResetApi setting has been removed. When set to false, it was used to call the legacy reset password API.

More detailed information for files and folders

The ST Web Client end-users can see more detailed information about files and folders. The View Details dialog now shows the file's CoreID and MD5 checksum, which can be used for verifying its authenticity. For shared folders, the View Details dialog shows all the collaborators.

Alert on invalid file format

The ST Web Client shows a more informative error message when the custom configuration file (stwebclient.config.json) has an invalid format or cannot be accessed.

Configurable default settings in Share dialog

Administrators can set the default Share dialog settings:

  • the default selection of the Action menu
  • the default states of the checkboxes located under Options and Notifications.

The defaults are applied when a folder is shared for the first time. For already shared folders, the Share dialog opens with the existing sharing settings pre-selected.

Security updates

To keep the ST Web Client up to date with the latest security fixes, nearly all third-party libraries used in the client are updated to their latest versions. The jsRender library is removed, and the Content-Security-Policy HTTP header can be set to a more restrictive value.

ST Web Client version information

An About section is added to the Welcome menu to allow end-users to quickly identify the version of the ST Web Client they are using. The About dialog contains a logo that can be customized by modifying the ST Web Client custom configuration file.

Pre-login disclaimer banner

Administrators can configure a disclaimer banner that is displayed to users before they log in. The banner can contain legal statements that must be accepted before a user can continue to the login process. The disclaimer can be set to appear either before every login attempt or once per user/browser. The user confirmation is stored locally along with a content hash to ensure the disclaimer will pop again when its content changes.

Branding improvements

You can customize the colors of the ST Web Client user interface to reflect your company's branding, and add your own content on the login page and on the pages logged in users can access.

Optimized startup time

Startup optimizations include the reduced size of the initial bundle and faster page load.

Custom links can be added to the ST Web client user menu. They appear between the last menu item and the Logout one. The functionality supports translations with the i18n module.

Warning on active uploads when navigating away

To prevent accidental upload interruptions, the ST Web Client displays a warning dialog when the user navigates away from the application while an upload is in progress.

Message of the day

The SecureTransport 5.5 administrator can set a notification message to display to ST Web Client users after log-in.

Adjustable columns of Uploads monitor

The Uploads monitor table is improved with adjustable order and size of columns: the end user can move columns and resize them to a preferred layout. The latest adjustment is preserved in a cookie.

Additional ST Web Client enhancements

  • Versioning is added to JavaScript plugins bundles using webpack plugins allows long-term browser caching of resources and to prevent downloading them multiple times.
  • Improved performance and faster loading times
  • React is adopted more extensively in ST Web Client
  • ST Web Client 5.5 uses the 2.0 version of the end-user REST API
  • Open folder from URL allows a folder to be opened typing its path in the URL <SecureTransport URL>/path/to/folder
  • Browser history enhancement allows the use of the browser "Go forward" and "Go back" buttons for navigation to previously opened folders
  • Accessibility help is now translatable - all labels are described in translation.json

Supported platforms and third-party software

New database support: PostgreSQL 12

SecureTransport 5.5 supports PostgreSQL 12 as an external database for Enterprise Cluster deployments. Automated migration is available for existing customers using Oracle databases.

SecureTransport 5.5 Virtual Appliance

SecureTransport 5.5 is available as a 64-bit virtual appliance running SuSE Linux Enterprise Server 12 SP5.

Chrome browser support

The SecureTransport 5.5 Administration Tool is supported on the latest versions of the Google Chrome browser.

Migration to Java 11

The migration Java 11 adds numerous optimizations and fixes multiple security vulnerabilities.

Updated Operating System support

  • CentOS 8
  • Oracle Linux 8
  • Red Hat Enterprise Linux 8
  • Windows Server 2016
  • Windows Server 2019
  • SuSE Linux Enterprise Server 12 SP5

Updated database support

  • Microsoft SQL Server 2017 and Microsoft SQL Server 2019
  • Oracle 18c and Oracle 19c
  • Amazon RDS for supported releases of Oracle Database and Microsoft SQL Server

Updated File System support

  • GFS2
  • IBM Spectrum Scale (GPFS) 5

Updated Cloud File Storage support

  • Amazon Elastic File System (EFS)


SecureTransport corrections and fixed issues

Fixed security vulnerabilities

SecureTransport 5.5 provides the following fixed security vulnerabilities:

Case ID Internal ID CVE ID Description
01144864
01153461
01140233
01145760
01147797
RDST-30212 CVE-2019-17569 Apache Tomcat vulnerabilities are fixed with the upgrade of the Apache Tomcat library to 7.0.99.
RDST-30213
CVE-2020-1935
CVE-2019-17569
01055204 RDST-19886 CWE-757

Issue: Previously, TLS Fallback Signaling Cipher Suite Value" (SCSV) was not supported and this posed a risk of client-side or server-side protocol downgrade.

Resolution: Now, with the update to Java 11, this issue is fixed.

01050795
01065944
01133882
RDST-21584 none

Issue: Previously, the default ErrorReportValve was including the Apache Tomcat version number in the response headers.

Resolution: Now, the Apache Tomcat version is not included in the response headers.

00944323

RDST-12178

none

Issue: Previously, SecureTransport was vulnerable to host header (host redirection) attacks.

Resolution: Now, two new configuration options are introduced to control the list of accepted host headers for the Admin and the Public webservices, respectively:

  • Webservices.Admin.Host.Whitelist
  • Webservices.Public.Host.Whitelist

Both options accept regular expressions.

00945674

RDST-12181

none

Issue: Previously, SecureTransport was using the default session ID length.

Resolution: Now, session ID is increased to 128 bits in length.

00975445

RDST-14611

RDST-14583

CVE-2016-1000031

Issue: Previously, SecureTransport was vulnerable to CVE-2016-1000031 due to an old version of Apache Commons FileUpload being used.

Resolution: Now, SecureTransport has upgraded to a non-vulnerable version of Apache Commons FileUpload.

00975445

00994853

RDST-14626

RDST-15993

CVE-2015-9251

CVE-2012-6708

Issue: Previously, the SecureTransport Administration Tool was vulnerable to CVE-2015-9251 and CVE-2012-6708 due to an outdated version of jQuery 1.7.

The SecureTransport Administration Tool was using an outdated version of Angular 1.3.4 with several vulnerabilities, including arbitrary code execution and multiple XSS paths.

Swagger-UI version was 2.2.10-1 containing outdated version of jQuery 1.7.

Resolution: Now, jQuery version is updated to 3.4.1 and Angular version to 1.7.9 both containing the latest security fixes. The Swagger-UI version is updated to 3.25.0.

00976582

RDST-14908

none

Issue: Previously, some GET requests containing sensitive data did not have appropriate Cache-Control settings.

Resolution: Now, the Cache-Control header is configured correctly, and the user's browser does not store sensitive content in the browser cache.

01033585 RDST-19574 none

Issue: Previously, wrong header values resulted in sensitive information exposure.

Resolution: Now, the error is handled properly and no sensitive information is exposed.

Fixed issues per SecureTransport Patches

SecureTransport 5.5 provides the following corrections and fixed issues:

Fixes in SecureTransport 5.2.1

Case ID Internal ID Description
SecureTransport 5.2.1 SP 9 Patch 5
00906676 RDST-17645

Issue: Previously, the ST Web Client user had to refresh the page in order to download an AdHoc attachment.

Resolution: Now, download of an AdHoc attachment works without refreshing the page.

00989203 RDST-17648

Issue: Previously, SecureTransport was vulnerable to CVE-2014-3527 and CVE-2014-0097 due to an old version of spring-security-web.jar used.

Resolution: Now, the spring-security-web.jar dependency is removed and SecureTransport is no longer vulnerable.

SecureTransport 5.2.1 SP 8 Patch 4

00911779 RDST-14327

Issue: Previously, isAlert=1 was wrongly reported to Sentinel when EventQueue.maxRetryCount was set to 1.

Resolution: Now, isAlert=1 is correctly reported to Sentinel regardless of the EventQueue.maxRetryCount value.

Fixes in SecureTransport 5.3.1

The following corrections and fixed issues have been addressed:

Case ID Internal ID Description
SecureTransport 5.3.1 Patch 19

Patch 19

00921250

RDST-19618

Issue: Previously, the SecureTransport REST API was returning duplicate JSON object entries that were containing different values with some resources.

Resolution: Now, when a SecureTransport REST API resource contains duplicate JSON object entries, those are returned as an array data structure.

Patch 19

00946682
RDST-14310

RDST-19624

Issue: Previously, an incorrect HTTP code (204 No Content) was returned with some unsuccessful POST requests to the subscriptions resource in the SecureTransport REST API.

Resolution: Now, the proper HTTP code is returned in the specified cases. (422 - Unprocessable Entity.)

Patch 19

00993966
RDST-19630

Issue: Previously, there was a significant delay in end user login times when SecureTransport was operating under heavy load.

Resolution: Now, delays in the end user log-in attempts are greatly minimized.

Fixes in SecureTransport 5.3.3

The following corrections and fixed issues have been addressed:

Case ID Internal ID Description
SecureTransport 5.3.3 Patch 32

Patch 32

00985109

RDST-18162

Issue: Previously, Advanced Routing was failing on Windows due to OS limitation in file path size.

Resolution: Now, Advanced Routing does not fail on Windows due to OS limitation in file path size.

Patch 32

00965624
RDST-18159

Issue: Previously, when the Admin daemon on SecureTransport Server was trying to get some properties from an Edge server over streaming protocol, but an error occurred meanwhile in the process, the hostname of that Edge server was not logged.

Resolution: Now, the hostname of the Edge server is logged when error occurs.

Patch 32

00957942
RDST-18160

Issue: Previously, not enough information was logged during execution of the Archive Maintenance Application.

Resolution: Now, detailed information like total files deleted, folder name, and execution period is logged.

Patch 32

00968865
RDST-18158

Issue: Previously, wildcard pulls in the REST API Files resource were not working properly when sorting returned entries.

Resolution: Now, the wildcard pull for this resource are working as expected.

Patch 32

00955625
RDST-18161

Issue: Previously, if a remote post transition action failed, transferred files could not arrive to the final destination.

Resolution: Now, if a remote post transition action fails, transferred files arrive to the final destination successfully.

Patch 32

00931791
RDST-18157

Issue: Previously, there was a possibility of a session leak when a client logged on and immediately logged off over SSH protocol. This was highly dependent on the timing.

Resolution: Now, no sessions leak in such a scenario.
Note: If you see the following warning on console: log4j:WARN No appenders could be found for logger (sessions)., you may safely ignore it.

SecureTransport 5.3.3 Patch 30

Patch 30

00957994

RDST-14810

Issue: Previously, when archiving was enabled and the archiving directory ran out of disk space, all file uploads were failing.

Resolution: Now, when the archiving directory is full, the original file transfer processes successfully and indicates a failed sub-transmission in the archiving process.

Patch 30

00950376
00934360

RDST-14811

Issue: Previously, server-initiated pull transfers were failing if a post-transmission action was set in a transfer site.

Resolution: Now, transfers in such setup are successful.

SecureTransport 5.3.3 Patch 29

Patch 29

00951918
00951922

RDST-13938

Issue: Previously, file globbing was not working with the REST API Files operation.

Resolution: Now, file globbing is working properly with the REST API Files operation.

Fixes in SecureTransport 5.3.6

The following corrections and fixed issues have been addressed:

Case ID Internal ID Description
SecureTransport 5.3.6 Patch 50

Patch 50

01070697

RDST-25085

Issue: Previously, master administrators without permissions to the Certificates page were not able to view the local certificates when creating or updating a transfer site.

Resolution: Now, master administrators without permissions to the Certificates page can view and use the local certificates through the REST API as well as in the Administration Tool when creating or updating a transfer site.

Patch 50

01060712

RDST-25084

Issue: Previously, SecureTransport was vulnerable to CVE-2017-7957 due to an outdated version of the Xstream library.

Resolution: Now, Xstream is updated to v1.4.11.1; the denyTypes workaround, provided with SecureTransport 5.3.6 Patch 8 (RDST-7721), is removed as it’s no longer needed.

Patch 50

none

RDST-25077

Issue: Previously, SecureTransport was vulnerable to CVE-2019-14379 due to an outdated version of FasterXML jackson-databind.

Resolution: Now, SecureTransport uses updated Jackson libraries:

  • jackson-databind v2.9.9.3
  • jackson-core v2.9.9
  • jackson-annotations v2.9.9
  • jackson-dataformat-yaml v2.9.9

SecureTransport 5.3.6 Patch 49

Patch 49
01084561
RDST-24163

Issue: Previously, the Users.SecretAnswer.MinLength option was incorrectly exposed in the SecureTransport EDGE server configuration settings. The option was removed with Patch 48. but the change was not reflected in the documentation.

Resolution: Now, in a streaming (Server + Edge) deployment, the value of the Users.SecretAnswer.MinLength parameter can be set only from the SecureTransport Server configuration options, and the instructions on setting a minimum length for the secret question answer are up-to-date.

Patch 49
01084566
RDST-24161

Issue: Previously, when the AuditLog.Enabled.CollectionLog configuration option was set to false, SecureTransport displayed an error in the server log on unchecking the Allow this account to login to SecureTransport Server checkbox.

Resolution: Now, when AuditLog.Enabled.CollectionLog set to false, only an information message for disallowing an account to log into SecureTransport is displayed in the server log.

Patch 49
01081029
RDST-24159 Following the latest security best practices, the storing mechanism for sensitive data in SecureTransport is further enhanced to withstand attacks.

SecureTransport 5.3.6 Patch 48

Patch 48
01058200
RDST-23609

Issue: Previously, failed to transfer files were deleted from the Connect:Direct temporary folder only on Transaction Manager start.

Resolution: Now, a new configuration option ExternalServerTransferAgent.temporaryDirectoryPurge is introduced that allows administrators to control the deletion of files from the temporary folder.
Possible values:

  • false (default) - the temporary folder is cleared on Transaction Manager start.
  • true - the temporary folder is cleared when a server-initiated push over Connect:Direct fails.
Patch 48
01073380
RDST-23605

Issue: Previously, the REST API allowed configuring / (root) as a base folder and thus setting a user home folder under / which could pose risks especially on root installations.

Resolution: Now, SecureTransport checks if the absolute home folder path supplied via the REST API is a concatenation of a valid base folder path (other than / (root)) and the home folder path.

Patch 48
01066092
RDST-23606

Issue: Previously, when the com.maverick.sshd.events logger was set to debug, the message body was formatted incorrectly and included newline characters. As a result, log messages couldn't be parsed into useful information.

Resolution: Now, the logger presents all content of the message on a single line following the SecureTransport logs convention. All events can be matched and parsed correctly.

Patch 48
01020970
RDST-23608

Issue: Previously, certain REST API end-user resources did not return information about the operation result in the response body.

Resolution: Now, with SecureTransport End-User API version 1.5, schema definitions are added to Swagger and resources are modified to return the operation result in the response body.

Patch 48
01020970
RDST-23607

Issue: Previously, some of the /myself and /files REST API end-user resources were returning incorrect response codes.

Resolution: Now, SecureTransport End-User API is updated to version 1.5, and the correct response codes are returned.

Patch 48
01033091
RDST-22294

Issue: Previously, on EC setup using Oracle database, the deletion of a network zone used by more than 10,000 transfer sites could take a significant amount of time and eventually fail due to a system timeout.

Resolution: Now, deleting a network zone is significantly faster.

Patch 48
01016532
RDST-23610

Issue: Previously, the information about the ST_DATA tablespace in the SecureTransport Capacity Planning Guide was not detailed enough.

Resolution: Now, the SecureTransport Capacity Planning Guide is updated with detail information about the ST_DATA tablespace.

Patch 48
01039650
RDST-23612

Issue: Previously, the SecureTransport Installation Guide was providing incomplete instructions for setting up Oracle database correctly.

Resolution: Now, the SecureTransport Installation Guide is updated with the correct instructions to set an Oracle database.

SecureTransport 5.3.6 Patch 47

Patch 47
01054469
01061573
01061795
RDST-22714

Issue: Previously, the SecureTransport Administration Tool and ST Web Client were vulnerable to CVE-2019-11358 due to an outdated version of jQuery (3.3.1).

Resolution: Now, jQuery is updated to version 3.4.1 which contains the latest security fixes.

Patch 47
01066941
RDST-22716

Issue: Previously, SecureTransport was vulnerable to CVE-2019-5427 due to an outdated version of the c3p0 library (0.9.2.1).

Resolution: Now, c3p0 is updated to version 0.9.5.4 which fixes the vulnerability.

SecureTransport 5.3.6 Patch 46

Patch 46
01022572
RDST-22218

Issue: Previously, when Repository encryption was enabled, there was a delay in initiating large file downloads due to the whole file being read.

Resolution: Now, the download is initiated immediately as the file is not read anymore.

Patch 46
01044707
RDST-22221

Issue: Previously, when Repository encryption was enabled, there was an exponential upload speed degradation due to the whole file being read at the beginning of every chunk upload.

Resolution: Now, there is no upload speed degradation, and only the first chunk of the file is read.

Patch 46
01061137
RDST-22220

Issue: Previously, there was a memory leak in the Transaction Manager related to the caching of stfs attributes, which were never cleared.

Resolution: Now, a time-based caching mechanism is used which evicts entries after the configured timeout or when the capacity is reached. The timeout and the capacity are configured by the Stfs.attributes.cache.timeout and Stfs.attributes.cache.size configuration options.

SecureTransport 5.3.6 Patch 45
Patch 45
00949613 01039198
RDST-21847

Issue: Previously, SecureTransport didn't limit the number of the simultaneous connections to the remote server when pulling files using the ‘Maximum number of parallel transfers’ from the subscription.

Resolution: Now, SecureTransport limits the simultaneous connections to the number specified in the ‘Maximum number of parallel transfers’ field in the subscription.

Patch 45
01028659
RDST-21852

Issue: Previously, the administrator could not set a minimum length for the secret question answers.

Resolution: Now, the administrator can specify the minimum length of the secret question answers using the Users.SecretAnswer.MinLength configuration option.
Note: Changes to the Users.SecretAnswer.MinLength configuration option require Transaction Manager service restart on all nodes in the cluster.

Patch 45
01037290
RDST-21464

Issue: Previously, SecureTransport didn’t evaluate properly the User ID and Group ID attributes for the user class custom expressions which resulted in users being assigned to an incorrect user class.

Resolution: Now, UID and GID are populated in the environment as DXAGENT_USERUID and DXAGENT_USERGID, respectively, and SecureTransport determines the proper user class for a user.

Patch 45
00997187

RDST-21477

RDST-21478

Issue: Previously, when pushing files via Connect:Direct or Multipoint Binary File Transfer, temporary folders were created with hardcoded permissions(drwxr-xr-x), making pulls impossible in certain occasions.

Resolution: Now, administrators can set suitable temporary directory permissions for Connect:Direct and Multipoint Binary File transfers using the ExternalServerTransferAgent.temporaryDirectoryPermissions configuration option.

Patch 45
01042087
RDST-20213

Issue: Previously, SSH transfers were processing at low speeds on networks with high latency.

Resolution: Now, new configuration settings are introduced in the start_sshd script to allow improving the SSH transfer speeds in high latency networks. The SecureTransport administrator can specify buffer sizes for inbound / outbound transfers, as well as values for minimum and maximum window space, as follows:

  • -DrecvBufferSize - 8192 by default
  • -DsendBufferSize - 8192 by default
  • -Dssh.maxWindowSpace - 1048576 by default
  • -Dssh.minWindowSpace - 131072 by default
Patch 45
01032957
RDST-21479

Issue: Previously, POST requests of an XML formatted Certificate object to /certificates/export in REST API v1.4 failed with response code 400(Bad Request).

Resolution: Now, POST requests of XML formatted Certificates to /certificates/export are successful.

Patch 45
01032957
RDST-21465

Issue: Previously, the documentation for the /certificates/export resource in Swagger was incomplete.

Resolution: Now, the documentation for the /certificates/export resource in Swagger is updated.

Patch 45
01027570
RDST-21849

Issue: Previously, deleting subscriptions with a configured schedule prevented users from logging in and uploading files.

Resolution: Now, this issue is fixed.

Patch 45
01037795
RDST-21476

Issue: Previously, the logger com.tumbleweed.st.server.sshd.logging was missing information that helps identifying the users who triggered Maverick events.

Resolution: Now, the logger provides information about the accountId, remoteAddress and sessionId.

SecureTransport 5.3.6 Patch 43
Patch 43
01023580
01003989
RDST-15308

Issue: Previously, SecureTransport failed to transfer files containing LF file endings which were processed by Pluggable Transfer Sites due to an incorrectly calculated file size.

Resolution: Now, this issue is fixed.

Patch 43
01019734
RDST-18337

Issue: Previously, ST Web Client was taking a lot of time to load on IE 11 on Windows 7.

Resolution: Now, ST Web Client loading times are similar across all supported browsers.

Patch 43
01011995
RDST-19285

Issue: Previously, in the case when SecureTransport was configured to move the sandbox to a local folder, it would not evaluate any expression language used in the Home folder string. This resulted in the creation of a common subfolder for all accounts that were using Advanced Routing, regardless of account type.

Resolution: Now, a new configuration option is added: AdvancedRouting.sandboxFolderLocation.expressionLanguage. When set to true, the folder from AdvancedRouting.sandboxFolderLocation, if set, will be evaluated as expression language. This, for example, allows the SecureTransport administrator to separate sandbox subfolders by account type.

Patch 43
01017781
RDST-19296

Issue: Previously, SecureTransport used to print verbose messages for SSH connections using the com.maverick.sshd.events package logger.

Resolution: Now, the SecureTransport internal Maverick library is upgraded and those messages are not available on the specified logger. A new logger is introduced and must be used on debug level, using the following package: com.tumbleweed.st.server.sshd.logging.

Patch 43
01015773
RDST-19294

Issue: Previously, SecureTransport was not sending PI 28 (Record Number) to Axway Sentinel with PeSIT transfers.

Resolution: Now, SecureTransport is reporting to Axway Sentinel the Record Number with each PeSIT transfer.

Patch 43
01009818
RDST-19282

Issue: Previously, updating properties of a site template that was being used by multiple sites, was taking a lot of time or was resulting in an internal server error.

Resolution: Now, updating properties of a site template that is being used by multiple sites, does not cause errors and takes much less time.

Patch 43
01012540
01019982
RDST-19292

Issue: Previously, if the mail notification for the Route step in Advanced Routing was configured before applying Patch 39, installing patch 39 or later was reverting the Mail Template value to None and the SecureTransport administrator had to re-configure it.

Resolution: Now, with the upgrade to Patch 43 the selected values for mail templates are preserved with the correct properties.

Patch 43
01009843
RDST-19287

Issue: Previously, the transferLog maintenance application was failing to export partitions on rare occasions because of a database operation timeout.

Resolution: Now, each transferLog partition table is successfully exported through a new database session.

SecureTransport 5.3.6 Patch 41
Patch 41
00900125
RDST-7347

Issue: Previously, the REST API documentation (api/v1.4/docs/index.html) was lacking descriptive information and complete model schema for /accounts resource.

Resolution: Now, missing properties from the REST API documentation are added in the model schema.

Patch 41
00962638
RDST-18061

Issue: Previously, SecureTransport did not decrypt files that were encrypted with repository encryption when performing server-initiated transfers over AS2, so the transferred files were still encrypted on the receiving side and could not be used.

Resolution: Now, SecureTransport decrypts successfully files that are encrypted with repository encryption when performing server-initiated transfers over AS2 and the files are usable on the receiving side.

Patch 41
01005467
RDST-18063

Issue: Previously, attempts to update a siteTemplate element of an existing siteTemplate using the REST API was not successful but a HTTP 204 No Content success status response code was returned.

Resolution: Now siteTemplate can be updated successfully with a proper response code.

Patch 41
01013180
RDST-18101

Issue: Previously, updating an account property via the REST API was resetting all properties to what was configured in the Business Unit.

Resolution: Now, after an update via the REST API, only the affected property / properties are affected by the changes.

Patch 41
00900125
RDST-18059

Issue: Previously, the REST API documentation (api/v1.4/docs/index.html) was lacking descriptive information and complete model schema for /accounts resource.

Resolution: Now, missing properties from the REST API documentation are added in the model schema.

Patch 41
01014312
RDST-18108

Issue: Previously, when the AuditLog.Enabled.Admin configuration property was set to true, the audit logging was disabled in both - Server Log and Audit Log.

Resolution: Now, a new configuration property is introduced - AuditLog.Enabled.AuditLogMenu, that allows the SecureTransport administrator to disable audit logging of the Audit Log only while preserving Audit messages in the Server Log.

SecureTransport 5.3.6 Patch 40
Patch 40
01008970
01002107
01007724
RDST-17231

Issue: Previously, on each subscription display (new or existing, regardless of the ownership), several Connect:Direct entries were being added to the list with transfer site types.

Resolution: Now, this issue is fixed.

Patch 40
00987905
RDST-17863

Issue: Previously, when file names were containing control characters, the Transfer and Xfer logs were broken and reported those files with incorrect names.

Resolution: Now, the respective logs report those characters correctly as part of the file name.

Patch 40
00939429
RDST-17558

Issue: Previously, subscription "Delete" PTAs did not trigger when they were set using the REST API.

Resolution: Now, these events are successfully triggered.

Patch 40
01008361
RDST-18056

Issue: Previously, the chosen "Select An Account" value in the Send To Partner step was incorrectly displayed.

Resolution: Now, the chosen "Select An Account" value in the Send To Partner step displays properly.

Patch 40
00992353
RDST-18055

Issue: Previously, it was not possible to configure deletion of file if a HTTP transfer failed because of integrity check.

Resolution: A new configuration option Http.DeleteFileOnFailedIntegrityCheck is introduced. When set to true, the uploaded file will be deleted if the integrity check fails.
Note: The default value is false. No restart is needed if the value is changed.

Patch 40
00987152
RDST-17653 The SecureTransport Administrator REST API Swagger documentation is updated with some missing properties.
Patch 40
00991461
RDST-17650

Issue: Previously, the common convention for audit log entries was broken, because in some places the username that was triggering an audit event was not passed, or appeared as "unknown" or "Admin".

Resolution: Now, an unknown user that triggers an audit event is logged as "System". Empty usernames are replaced with the correct ones. Quotes in these audit messages are removed.

Patch 40
0997986
RDST-17285

Issue: Previously, SecureTransport was relying on the operating system filesystem to check, validate and resolve file names, in this case - preserving trailing whitespaces at the end of file names.

Resolution: Now, SecureTransport explicitly strips trailing whitespaces at the end of file names.

Patch 40
00988323
RDST-17656

Issue: Previously, SecureTransport administration tool was failing to display some pages due to old versions of commons-dbcp and commons-pool libraries.

Resolution: Now, commons-dbcp and commons-pool libraries are updated to versions 1.4 and 1.6.

SecureTransport 5.3.6 Patch 39

Patch 39
00982157
RDST-17505

Issue: Previously, reassigning account (with route package based on a template assigned to a specific BU) to another BU was causing an Internal Server Error.

Resolution: Now, such attempt fails with a proper error message.

Patch 39
00982154
RDST-17281

Issue: Previously, SecureTransport was checking each BU, unassigned from a route package template, for accounts who have such route packages.

Resolution: Now, SecureTransport does not perform such checks if the template does not have any BUs assigned afterwards, since it becomes globally accessible.

Patch 39
00967577
00979675
RDST-17019

Issue: Previously, it was not possible to disable archiving for Send to partner step.

Resolution: Now, a new configuration option AdvancedRouting.DisableSendToPartnerArchiving is introduced. When set to true, the archiving is disabled for Send to partner step.

Note: The default value is false.

Patch 39
00953578
00961378
00974685
RDST-17283

Issue: Previously, if the Advanced Expression for Download Folder was not checked in the transfer site settings, remote folder was missing from file tracking report.

Resolution: Now, if the Advanced Expression for Download Folder is not checked in the transfer site settings, remote folder is populated into file tracking report.

SecureTransport 5.3.6 Patch 38
Patch 38
00976807
RDST-16665

Issue: Previously, when using the REST API to import a certificate, the access level of this certificate was not preserved.

Resolution: Now, when using the REST API to import a certificate, the access level of the imported certificate is preserved.

Patch 38
00995494
RDST-17483

Issue: Previously, the decompressing of .zip and .gzip archives in Advanced Routing was extremely slow, when using repository encryption under IBM AIX.

Resolution: Now, there is a significant performance improvement in that scenario.

Patch 38
00984565
RDST-16664

Issue: Previously, verbose error messages were found to be returned within the HTTP responses.

Resolution: Now, generic error messages are used instead.

SecureTransport 5.3.6 Patch 37
Patch 37
00991984
RDST-17415

Issue: Previously, additional ports opened by FTPs, HTTPs and TM services were accepting connections over TLSv1.0.

Resolution: Now, these additional ports do not accept connections over TLSv1.0 and listen on localhost only.

Note: The Transaction Manager and PeSIT services open random high number ports which are accessible only from 127.0.0.1.

SecureTransport 5.3.6 Patch 36
Patch 36
00958217
RDST-14892

Issue: Previously, when downloading a large file from ST Web Client, the user was redirected to a timeout page after session timeout.

Resolution: Now, a download polling mechanism is added to prevent the client-side session timeout. Download polling is configurable and is disabled by default.

Note: Download polling depends on transfers API. The "Allow this account to submit transfers using the Transfers RESTful API" option must be enabled for the user.

Patch 36
00978338
RDST-15896

Issue: Previously, disabling of "Share" functionality in ST Web Client stwebclient.config.json had incorrect behavior - "Share" was present in folders tree.

Resolution: Now, "Share" functionality can be completely turned off from stwebclient.config.json.

Patch 36
00971345
RDST-15935

Issue: Previously, if a file signed with -clearsign option is submitted to a PGP Decrypt step for decryption / validation, advanced routing step fails with "NoSuchFileException".

Resolution: Now the file signature is checked and removed after that, and the file is processed.

Patch 36
00920309
00970508
00973694
RDST-15902

Issue: Previously, when having an expired certificate in the keystore on IBM AIX, an error was thrown and the http and ftp daemons couldn't not start.

Resolution: Now, when having an expired certificate in the keystore on IBM AIX, http and ftp daemons are started without errors.

Patch 36
00973492
RDST-15501

Issue: Previously, Advanced Routing line ending transformation step was not transforming properly LF to CRLF, when file with CRLF was provided

Resolution: Now, Advanced Routing line ending transformation step is transforming properly LF to CRLF, when file with CRLF is provided.

Patch 36
00976853
RDST-15933

Issue: Previously, serialization of huge amount of objects, that contain metadata links, by the REST API could fail.

Resolution: Now, this issue is fixed.

SecureTransport 5.3.6 Patch 35
Patch 35
00965736
00969586
RDST-14275

Issue: Previously, the number of the accounts was decreasing after a password change in the Administration Tool.

Resolution: Now, number of the accounts remains unchanged when an account password is changed.

Patch 35
00966110
00954272
00974386
RDST-14714

Issue: Previously, SFTP transfers were failing with bigger files when a buffer size was specified.

Resolution: Now, SFTP transfers are successful regardless if a buffer size is specified or not.

Note:The Maverick (client/server and common) version was upgraded from 1.7.12/1.7.12 to 1.7.15/1.7.16 and 1.3.1 to 1.3.4.

SecureTransport 5.3.6 Patch 34
Patch 34
00978764
RDST-15438

Issue: Previously, calculating the certificate chains was slow in establishing the streaming connections when having many certificates.

Resolution: Now, this process is optimized because certificate chain calculation is performed only when a new certificate is added or imported.

Note: In order to have the correct certificate chain on AS2 daemon, the existing certificate should be re-created or exported and then re-imported back again.

SecureTransport 5.3.6 Patch 33
Patch 33
00906578
RDST-8341

Issue: Previously, SecureTransport was vulnerable to CWE-732.

Resolution: Now, SecureTransport is no longer vulnerable to CWE-732.

Patch 33
00910414
RDST-14457

Issue: Previously, the end user using SecureTransport Legacy skin was not able to navigate to a parent directory when SecureTransport was behind an IBM WebSeal reverse proxy.

Resolution: Now, the end user can navigate in such a setup.

Patch 33
00967933
RDST-14893

Issue: Previously, the SecureTransport admin Swagger API website was not loading in Internet Explorer.

Resolution: Now, it is possible to open and use Secure Transport admin Swagger API website in Internet Explorer.

Patch 33
00950795
RDST-14887

Issue: Previously, received encrypted files over AS2 were temporarily stored with the same file name.

Resolution: Now, there is a new configuration option As2.Unique.Smime.Name that allows SecureTransport to add a unique part to the temporary file name.

Note: In order to apply change of value of the new configuration option, you must restart the Transaction Manager service on all nodes in the cluster.

Patch 33
00962139
RDST-14890

Issue: Previously, the SecureTransport Administrator was not able to fully manipulate query which was executed against LDAP on AddressBook search.

Resolution: Now there is new property checkbox, which disables every search parameters that SecureTransport appends by default and allows the Administrator to fully define the search attributes and search query of AddressBook LDAP.

Patch 33
00918358
00896128
RDST-14878

Issue: Previously, with SecureTransport running on Windows server, subscriptions were not getting triggered, when a user was navigating to a folder with the same name, but different case letter sizes.

Resolution: Now, with SecureTransport on Windows server, subscription gets triggered when a user goes to a folder with the same name, but different case letter sizes.

Patch 33
00951920
RDST-13199

Issue: Previously, the Advanced Routing decompress step was failing with .gz files in case the user executing the route had repository encryption enabled.

Resolution: Now, such transfers execute successfully.

Patch 33
00958217
RDST-13718

Issue: Previously, when downloading a large file from ST Web Client, the user was redirected to a timeout page after session timeout.

Resolution: Now, a download polling mechanism is added to prevent the client-side session timeout. Download polling is configurable and is disabled by default. See the Readme.htm file with SecureTransport 5.3.6 Patch 33 for more info.

Note: Download polling depends on transfers API. The "Allow this account to submit transfers using the Transfers RESTful API" option must be enabled for the user.

Patch 33
00907861
RDST-8360

Issue: Previously, the PGP decryption was not triggered when the LDAP user was uploading PGP encrypted file in the basic application folder.

Resolution: Now, the decryption is triggered and the file is decrypted successfully.

Patch 33
00952168
RDST-14885

Issue: Previously, the administrators did not have control over the network zones blacklisting functionality.

Resolution: Now, a new configuration option Proxy.Blacklisting.Enabled is added which controls whether the blacklisting mechanism is enabled or disabled.

Patch 33
00962139
RDST-14895

Issue: Previously, when the ST Web Client was requesting more AddressBook entries than defined in the AddressBook.Limit.MaxDisplayEntries configuration option, an error was thrown in the server log and no entries were returned.

Resolution: Now this error is no longer thrown in the server log: instead a warning message is displayed. The value defined in the AddressBook.Limit.MaxDisplayEntries configuration option is now used for amount of entries which will be returned by SecureTransport, instead of being handled as a request value supplied by the user value which exceeds this.

SecureTransport 5.3.6 Patch 32

Patch 32
00969436
00969858
RDST-14591

Issue: Previously, there was a memory leak in the Transaction Manager when a new home folder or a sub-folder was created, including AdvanceRouting sandbox folder.

Resolution: Now, the memory leak is fixed in such cases.

Patch 32
00954603
RDST-14589

Issue: Previously, AuditLog was slow when it had to process big collections of data.

Resolution: Now, there is a new configuration option AuditLog.Enabled.CollectionLog. Change its value to false in order for the AuditLog to skip the Iterable objects for better performance. You can view the skipped objects in the AuditLog diff.

Note: The default value is true.

SecureTransport 5.3.6 Patch 31

Patch 31
00964509
00962800
RDST-14582

Issue: Previously, SecureTransport was vulnerable to CVE-2016-1000031 due to an old version of Apache Commons Fileupload being used.

Resolution: Now, SecureTransport has upgraded to a non-vulnerable version of Apache Commons Fileupload. The new version is 1.3.3.

Patch 31
00963779
RDST-14131

Issue: Previously, the Site templates drop-down wasn't alphabetically ordered.

Resolution: Now, entries in the Site templates drop-down are alphabetically ordered.

Patch 31
00967621
RDST-14138

Issue: Previously, whitespaces between Ssh.SIT.AllowedMacs and Ssh.AllowedMacs configuration options were not parsed correctly and only the first option value was used.

Resolution: Now, whitespaces between Ssh.SIT.AllowedMacs and Ssh.AllowedMacs configuration options are parsed correctly and all values are being used regardless of the number of whitespaces between them.

Patch 31
00956516
RDST-14584

Issue: Previously, Maximum file size allowed to archive text box option in File Archiving configuration did not accept empty value for size.

Resolution: Now, Maximum file size allowed to archive text box option in File Archiving configuration accepts empty value for size.

Patch 31
00946859
RDST-14580

Issue: Previously, there was no session timeout for SSH daemon.

Resolution: Now, configuration option Users.Session.idleTimeout is used for defining maximum time of idle SSH session.

Patch 31
00951158
RDST-14577

Issue: Previously, SecureTransport was failing with multiple errors when multiple SSH channels were opened over one SSH connection.

Resolution: Now, there are no errors thrown and files are being successfully uploaded over one SSH connection with multiple opened channels.

Patch 31
00945676
00836822
RDST-14128

Issue: Previously, an internal protocol address was exposed in some REST API end user resources responses.

Resolution: Now, an internal protocol address is not exposed in some REST API end user resources responses.

SecureTransport 5.3.6 Patch 30

Patch 30
00966425
RDST-14324

Issue: Previously, during SFTP logging the additional info message for authentication failure was logged.

Resolution: Now, no such message in this case is logged.

Patch 30
00967105
RDST-13964

Issue: Previously, when composing an adhoc message in the ST Web Client during an attachment upload, the Send button was active.

Resolution: Now, the Send button is always inactive during attachments upload.

Patch 30
00919197
RDST-14290

Issue: Previously, SecureTransport was auditing all import activity.

Resolution: Now, there is a new configuration option AuditLog.Enabled.Import that allows the SecureTransport administrator to control this behavior. The new option can have any of the following values:

  • true - the import itself should audit its work.
  • false - the import is not audited, but all other activity is.

Note: Once the import has started, the option cannot be changed before the import has finished. The default value is false.

Patch 30
00943264
00948677
RDST-14237

Issue: Previously, AS2D did not provide the complete certification chain.

Resolution: Now, AS2D provides the complete certification chain.

SecureTransport 5.3.6 Patch 29

Patch 29
none

RDST-13760

Issue: Previously, the compress/decompress steps that uses GZIP algorithm were leaving the copies of the output files in {FDH}/bin/ directory.

Resolution: Now, the output of the both steps are in the target user's home folder.

Patch 29
00896828
RDST-14300

Issue: Previously, on some occasions the SecureTransport services were failed to start due to coherence errors.

Resolution: Now, due to the Oracle recommendations, the coherence was updated to the latest version 3.7.1-16.

Patch 29
00953901
RDST-13876

Issue: Previously, SecureTransport was sending a temporary (encrypted) PGP file in the Send to Partner step.

Resolution: Now, SecureTransport sends the original encrypted PGP file in the Send to Partner step.

Patch 29
00923288
RDST-10117

Issue: Previously, the description for the assigned route package template could not be changed to an empty string.

Resolution: Now, the description for the assigned route package template can be changed to an empty string.

SecureTransport 5.3.6 Patch 28

Patch 28
00947149
00952168
RDST-14254

Issue: Previously, in case of Edge DNS resolution failure, SecureTransport was blacklisting the network zone.

Resolution: Now, there is a new configuration option Dmz.Edge.proxyDnsResolutionCheck. When a connection fails, SecureTransport checks whether this failure is caused by DNS resolution failure. In such case the network zone does not get blacklisted.

Note: In order to change the value of the new configuration option, you must restart the TM service. This option will take action only if "Use the Edge DNS" configuration is enabled in the Network zone configuration.

Patch 28
00958643
RDST-13357

Issue: Previously, password policy was not displayed when user tried to reset password trough 'Forgot Your Password' and navigated to ST Web Client from the received password reset link.

Resolution: Now, password policy is shown on the Password Reset page after following the password reset link.

Patch 28
00933575
RDST-13261

Issue: Previously, sharing folders wasn't working in some cases when the provided e-mails contained capital letters.

Resolution: Now, sharing folders functionality is working regardless of the letter case.

Fixes in SecureTransport 5.4

The following corrections and fixed issues have been addressed:

Case ID Internal ID Description
SecureTransport 5.4 Patch 35
Patch 35
00924916
00870509
RDST-29156

Issue: Previously, unsuccessful server-initiated transfers over PeSIT were not retried and the SecureTransport File tracking was listing each such transfer as "failed" with the only option to cancel it.

Resolution: Now, unsuccessful server-initiated transfers over PeSIT are processed correctly and the retry functionality functions as expected.

Patch 35
01120127
RDST-29146

Issue: Previously, the database maintenance operations were reported with wrong dates in the Server Log.

Resolution: Now, the Maintenance applications report the correct dates of the performed database maintenance operations.

Patch 35
01123463
RDST-29160

Issue: Previously, the ICAP Scan Policy Expressions containing flow.attributes were not evaluated correctly.

Resolution: Now, the ICAP Scan Policy Expressions are evaluated correctly.

Patch 35
01109699
01116498
01098455
RDST-29141

Issue: Previously, SecureTransport failed to report DXAGENT_SITE_ATTR_DOWNLOAD_FOLDER and DXAGENT_FULLSOURCE in the External Script step.

Resolution: Now, SecureTransport exposes and reports both session variables.

Patch 35
01108917
01116244
RDST-29162
RDST-29142

Issue: Previously, the Decompress step was failing when the archive contained a file with the same name.

Resolution: Now, new Collision settings are added to the Decompress step configuration.

Patch 35
01106959
01120021
RDST-29144

Issue: Previously, when the PASV command was disabled on the server, the transfers initiated by SecureTransport, were failing as it did not fall back to EPSV.

Resolution: Now, when the PASV command is disabled on the server, SecureTransport falls back to EPSV.

Patch 35
01096025
RDST-29159

Issue: Previously, sending an invalid request method resulted in a Server Error which made SecureTransport vulnerable to CWE-388.

Resolution: Now, in the case described, a 400 Bad Request error is returned and a message is logged in the Server Log.

Patch 35
01094953
RDST-29140

Issue: Previously, when multiple rules were enabled in a Login Restriction Policy, the users assigned to the policy were logging on for a longer period of time.

Resolution: Now, regardless of the authentication method and the Login Restriction Policy, login delay is not observed.

Patch 35
01050910
RDST-29161

Issue: Previously, an acknowledgment for the transfer was sent twice in case of an Advanced Routing pull.

Resolution: Now, in the case described, the transfer acknowledgment is sent once.

Patch 35
01061542
RDST-29151

Issue: Previously, it was not possible to set the X-Frame-Options HTTP response header for the Administration Tool server.

Resolution: Now, the header can be enabled and set via the newly added Admin.Security.FrameOptions server configuration option.

Patch 35
01061529
01085592
RDST-29153

Issue: Previously, it was not possible to set the X-Content-type-options header for the Administration Tool server.

Resolution: Now, the header can be enabled and set via the newly added Admin.Security.ContentTypeOptions server configuration option.

Patch 35
01061533
RDST-29154

Issue: Previously, it was not possible to set the X-XSS-Protection header for the Administration Tool server.

Resolution: Now, the header can be enabled and set via the newly added Admin.Security.XSSProtection server configuration option.

Patch 35
01060196
RDST-29158

Issue: Previously, responses to the HTTP OPTIONS requests was disclosing the library and its version.

Resolution: Now, the responses to this method do not contain sensitive information.

Patch 35
00998198
01114087
RDST-29155

Issue: Previously, sending a file located in an Advanced Routing subscription folder using the REST API triggered the AR application as well.

Resolution: Now, when an API call is used to trigger a push of a file located in an Advanced Routing subscription folder, the AR application is not triggered.

Patch 35
01050997
01127635
RDST-22883

Issue: Previously, the Administration Tool was displaying subscriptions of an account assigned to a business unit ordered by creation date.

Resolution: Now, the subscription list is sorted alphanumerically regardless if the account belongs to a business unit or not.

SecureTransport 5.4 Patch 34
Patch 34
01125099
RDST-27957

Issue: Previously, SecureTransport was performing validation for host and port on all flow deployments.

Resolution: Now, this validation is removed from the Admin REST API v1.4 and is added with the future release of Admin REST API 2.0.

Patch 34
01115829
RDST-27958

Issue: Previously, the collect_support_information utility was failing to generate a heap dump, causing errors.

Resolution: Now, the script is fixed and successfully generates a heap dump.

Patch 34
none
RDST-27748 The "Maximum number of parallel transfers" code has been re-factored to address possible issues with server-initiated transfers not starting as expected.
Patch 34
01079070
01089139
RDST-27961

RDST-26944

Issue: Previously, the ssh.maxPendingConnections configuration option was not working correctly.

Resolution: Now, the configuration option sets the server socket backlog value. It is responsible for parallel connections that are not yet accepted by the application.

Patch 34
01117016
RDST-27956

Issue: Previously, the list of certified software for file exchange, provided in the SecureTransport Administrator's Guide, was outdated.

Resolution: Now, Axway SecureTransport Mobile 1.6.0 and SecureTransport Outlook add-in are removed from the list as they are no longer supported.

Patch 34
01117038
RDST-27955

Issue: Previously, the clientLocalCertificate property was not documented in all relevant transfer site representations, located in the Model section of the SecureTransport REST API documentation.

Resolution: Now, the Model section of the SecureTransport REST API documentation is updated, and clientLocalCertificate element is described in the models of all transfer sites that allow certificate authentication or do sign/encrypt.

Patch 34
01083161
01101670
01088358
01116826
01123552
01125666
RDST-27962

Issue: Previously, sessions closed on OS level were incorrectly shown on the Server Usage Monitor page even after the session timeout period had elapsed.

Resolution: Now, the Server Usage Monitor shows only the active sessions.

Patch 34
01091741
RDST-27959

Issue: Previously, the responses to GET /certificates requests sometimes contained duplicate IDs.

Resolution: Now, GET /certificates returns the correct number and order of certificates.

Patch 34
01083411
RDST-27954

Issue: Previously, when transferring files over S3 with Sentinel reporting enabled, an error message related to the file attribute resolutions was shown in the Server Log, although the transfer was successful.

Resolution: Now, the error message is no longer shown.

Patch 34
01083868
RDST-27960

Issue: Previously, SecureTransport was failing to archive the file when PGP encryption was enabled via a Basic Application subscription with a post-transmission action set to delete on success.

Resolution: Now, file archiving is successful regardless of the selected post-transmission action.

SecureTransport 5.4 Patch 33
Patch 33
01035961
RDST-26231
RDST-26236
RDST-26237
RDST-26235

Issue: Previously, verbose information was found to be returned within the responses to PUT and POST requests to the /fileops resource.

Resolution: Now, responses to such requests contain generic messages.

Patch 33
01107889
RDST-26811

Issue: Previously, Repository Encryption was not working for files uploaded with WinSCP over SSH to a Basic subscription folder with Encrypt Mode set to "Enabled."

Resolution: Now, in the specified scenario, the uploaded file is repository encrypted.

Patch 33
01118955
RDST-27105

Issue: Previously, patch installation was failing when Oracle system privileges were assigned through a role.

Resolution: Now, patch installation is successful regardless of how Oracle system privileges are assigned.

Patch 33
01116997
RDST-26958

Issue: Previously, SecureTransport administrators were unable to update the Network Zone in a PeSIT Transfer Site via the Administration Tool; the value of the Network Zone drop-down list was always "none" regardless of the user selection.

Resolution: Now, the Network Zone can be updated successfully via the Administration Tool.

Patch 33
01110967
RDST-26941

Issue: Previously, the Firewall rule list was numbered incorrectly in the SecureTransport 5.4 Administrator's Guide.

Resolution: Now, the numbering of the Firewall rules is corrected.

Patch 33
01098969
RDST-26932

Issue: Previously, the SecureTransport Administrator's Guide was providing incomplete instructions on how to perform graceful shutdown of a SecureTransport Edge node.

Resolution: Now, the Graceful shutdown topic contains instructions on how to perform graceful shutdown of a SecureTransport Edge node.

Patch 33
01098969
RDST-26948

Issue: Previously, the SecureTransport Administrator's Guide was providing incomplete instructions for executing Zero downtime.

Resolution: Now, the Zero downtime in active-passive deployment topic offers the corrected instructions for Zero downtime execution steps.

Patch 33
01100301
RDST-26940

Issue: Previously, the documentation on the firewall rules for Enterprise Cluster was incomplete.

Resolution: Now, TCP port 7 is added as a requirement when configuring firewalls for cluster members.

Patch 33
01085132

RDST-29143

RDST-27072

To help prevent patch installation problems, the SecureTransport Installation Guide and the Readme file now contain a note explicitly stating that the SecureTransport installation directory and the Axway Installer components must never be in the same directory.
Patch 33
01103337
RDST-26947

Issue: Previously, the documentation for using SOCKS5 as a third-party proxy server was not clear.

Resolution: Now, SecureTransport Administrator's Guide is corrected.

Patch 33
01101676
RDST-26939

Issue: Previously, several items in the stwebclient.config.json file were not documented in the ST Web Client Configuration Guide.

Resolution: Now, the ST Web Client Configuration Guide is updated with the needed configuration items.

Patch 33
01086654
RDST-26945

Issue: Previously, files containing square brackets in their names couldn't be downloaded from ST Web Client because SecureTransport treated the square brackets as wildcard characters.

Resolution: Now, SecureTransport first tries to find the file, and then considers file globbing.

Patch 33
01086283
RDST-26946

Issue: Previously, the ST Web Client users, who were not logged in, couldn't download files via direct links because the URL suffix was stripped from the URL after login.

Resolution: Now, the ST Web Client users are able to download files via direct links downloaded after they log in.

Patch 33
01082955
01084043
01085687
01087225
01092139
01094915
01106181
01106558
01107926
01107999
01109768
01111756
01117961
RDST-26936

Issue: Previously, when there were more than 100 accounts, SecureTransport administrators were unable to move forward and backward through User Accounts pages using the arrow buttons.

Resolution: Now, SecureTransport administrators can move forward and backward through User Accounts pages using the arrow buttons.

Patch 33
01083398
01088995
RDST-27104

Issue: Previously, the Standard Router application was failing to route files submitted by subscribed accounts when the service account's login to SecureTransport was disabled. In this case, the service account is not associated with a login name, which in turn is used by SecureTransport to find the service account.

Resolution: Now, SecureTransport searches by the account name of the service account rather than a login name, which might not exist.

Patch 33
01084278
RDST-26938

Issue: Previously, the Actions drop-down lists on the Extended Server Control page were not expanding on Mozilla Firefox 68.0.1.

Resolution: Now, the Action drop-down lists are working correctly on Mozilla Firefox 68.0.1.

Patch 33
01071201
01084204
RDST-26937

Issue: Previously, the resubmission of inbound AS2 transfers was failing when file archiving was enabled.

Resolution: Now, the file archiving functionality is redesigned, and both outbound and inbound AS2 transfers are resubmitted successfully.

Patch 33
01060654
01058784
RDST-26943

Issue: Previously, the Server and User checkboxes were not displaying on the File Tracking page.

Resolution: Now, both checkboxes are visible when Advanced Search is expanded.

Patch 33
00975445
RDST-27074

Issue: Previously, SecureTransport was using Apache Groovy library, which was reported to be vulnerable to CVE-2016-6814 and CVE-2015-3253.

Resolution: Now, SecureTransport does not use Apache Groovy anymore.

Patch 33
01021231
RDST-20136

Issue: Previously, ST Web Client users used to receive an error message in JSON format after clicking an expired download link.

Resolution: Now, ST Web Client handles the error properly and displays a clear message.

SecureTransport 5.4 Patch 32
Patch 32
01034544
RDST-26918

Issue: Previously, after upgrading SecureTransport 5.3.6 to 5.4 and applying Patch 12 or Patch 14, the installer displayed the product version incorrectly as SecureTransport_V5.3.6.

Resolution: Now, the installer displays the correct version of SecureTransport.

Patch 32
01055815
RDST-26920

Issue: Previously, an outdated version of Java in the Axway Installer made SecureTransport prone to several security vulnerabilities.

Resolution: Now, the Axway Installer Java version is updated to 1.8.0_541 for IBM AIX, and 1.8.0_231 for Windows, Linux, and Solaris.

Patch 32
01033262
01084510
RDST-26919
RDST-23786
RDST-23744

Issue: Previously, the MySQL component shipped with SecureTransport was presenting several security vulnerabilities, including CVE-2019-2534.

Resolution: Now, the MySQL component version is updated to 5.6.44.

Note: This update does not apply to SecureTransport on AIX and SUSE 11.

Patch 32
01112409
RDST-26921

Issue: Previously, SecureTransport was using version 2.10.0 of Jackson-Databind which was reported to be vulnerable to deserialization of untrusted data:

  • CVE-2019-17267
  • CVE-2019-16943
  • CVE-2019-16942
  • CVE-2019-16335
  • CVE-2019-14540

Resolution: Now, SecureTransport is using Jackson-Databind 2.10.1.

SecureTransport 5.4 Patch 31
Patch 31
01102605
RDST-26341

Issue: Previously, after executing requests to the Admin REST API /transfers resource, threads were not released.

Resolution: Now, once the REST API call is completed, the used threads are closed gradually.

Patch 31
01101146
RDST-26342

Issue: Previously, in an EC environment, the execution of an external script was failing when the script was executed over 8,000 times in one session.

Resolution: Now, an external script can be executed over 8,000 times in one session successfully.

SecureTransport 5.4 Patch 30
Patch 30
01104837
01105823
01104674
RDST-25770

Issue: Previously, SecureTransport was failing to establish a connection to OpenSSH_7.4p1 servers.

Resolution: Now, the connections to OpenSSH servers are successful.

Patch 30
01102605
RDST- 25773

Issue: Previously, the threads of the Admin service were not released after the API call was completed.

Resolution: Now, once the REST API call is completed, the used threads are closed gradually.

Patch 30
01095972
RDST-25779

Issue: Previously, the documentation on command line client login to SecureTransport was out-of-date.

Resolution: Now, the SecureTransport Administrator's Guide is updated.

Patch 30
01097884
RDST-25768

Issue: Previously, the upgrade from Patch 24 was failing when SecureTransport was using an Oracle database which password contained an exclamation mark.

Resolution: Now, the Oracle database password is escaped in the JDBC URL used during the upgrade procedure.

Patch 30
01092203
RDST-25742

Issue: Previously, when the Delete on Success option in the Post Routing Settings of an Advanced Routing subscription was enabled, SecureTransport did not always delete the source file.

Resolution: Now, given Delete on Success is selected, the source file is always deleted upon success.

Patch 30
01093876
RDST-25744

Issue: Previously, the start_all script was failing to start the PeSIT over Secured Socket (Legacy & Comp) listener if it was the only PeSIT listener enabled.

Resolution: Now, all enabled PeSIT listeners are started by executing the start_all command.

Patch 30
01088083
RDST-25763

Issue: Previously, the outbound AdHoc transfers via System to Human transfer sites were failing when ICAP was enabled.

Resolution: Now, when ICAP is enabled, the AdHoc transfers via System to Human transfer sites are successful.

Patch 30
01088520
RDST-25764

Issue: Previously, when a file was renamed using an internal transfer site, Advanced Routing Publish To Account or Send to Partner step, SecureTransport used to report to Sentinel the original file name instead of the new one.

Resolution: Now, after a file is renamed, SecureTransport reports the new file name to Sentinel via the ProtocolFileName attribute.

Patch 30
01089043
RDST-25767

Issue: Previously, administrators could initiate transfers during Transaction Manager graceful shutdown through the REST API.

Resolution: Now, if the Transaction Manager is in the process of graceful shutdown, all requests to the Admin REST API /transfers resource are rejected.

Patch 30
01079219
RDST-25915

Issue: Previously, the SecureTransport Administrator's Guide was providing incomplete instructions for setting up AS2 transfers with asynchronous MDN receipts and an Advanced Routing subscription.

Resolution: Now, the SecureTransport Administrator's Guide is updated to provide detailed instructions for setting up AS2 transfers with asynchronous MDN receipts and an Advanced Routing subscription.

Patch 30
01086367
RDST-23952

Issue: Previously, the prerequisites for installing SecureTransport on CentOS were incomplete.

Resolution: Now, the SecureTransport Installation Guide and SecureTransport on AWS Installation Guide provide the requirements for installing SecureTransport on CentOS.

Patch 30
01071454
01063234
RDST-25774

Issue: Previously, certain DXAGENT variables were not exposed as session variables and, therefore, couldn't be used in the Advanced Routing External Script step.

Resolution: Now, the following DXAGENT environment variables are exposed as session variables, and can be used in the Advanced Routing External Script step:
DXAGENT_TYPE, DXAGENT_TIMESTAMP_OUTGOING_END, DXAGENT_LOGFILENAME, DXAGENT_EDGEID, DXAGENT_SUBSCRIPTION_FOLDER, DXAGENT_APPLICATION_TYPE, DXAGENT_APPLICATION_NAME, DXAGENT_APPLICATION_NOTES, DXAGENT_SITE_ATTR_UPLOAD_FOLDER, DXAGENT_SITE_ATTR_USERNAME, DXAGENT_SITE_ATTR_HOST.

Patch 30
01074729
RDST-25777

Issue: Previously, when the Send To Partner route step option Send trigger file for each transferred file was enabled, the subsequent route steps were executed without payload.

Resolution: Now, the Advanced Routing steps after the Send To Partner one are executed with payload.

Patch 30
01079065
RDST-25760

Issue: Previously, the documentation on authentication plug-ins was missing instructions on how to update an authentication plug-in.

Resolution: Now, the SecureTransport Administrator's Guide provides instructions on updating both authentication and authorization plug-ins.

Patch 30
01070385
RDST-25761

Issue: Previously, the information in the Administrator's Guide on using flow attributes in Advanced Routing was misleading users into thinking that flow attributes can be evaluated in all fields in Advanced Routing, which is valid only if the application is operating with files.

Resolution: Now, to evaluate expressions regardless of file availability, subscription attributes are exposed and can be used in Advanced Routing.

Patch 30
01057102
01097717
RDST-25762

Issue: Previously, on Windows with shared storage, the Advanced Routing Send to Partner step failed to send files to transfer sites.

Resolution: Now, on Windows with shared storage, the Advanced Routing Send to Partner step successfully sends files to transfer sites.

Patch 30
01015372
RDST-25765

Issue: Previously, the Pesit.Client.Inactivity.Timeout configuration option, which defines the client inactivity timeout, was applicable for all PeSIT server-initiated transfers.

Resolution: Now, the client inactivity timeout can be configured per PeSIT transfer site.

SecureTransport 5.4 Patch 29
Patch 29
00965624
RDST-24623

Issue: Previously, when the Admin daemon on SecureTransport Server was trying to get some properties from an Edge server over streaming protocol, but an error occurred meanwhile in the process, the hostname of that Edge server was not logged.

Resolution: Now, the hostname of the Edge server is logged when error occurs.

Patch 29
01081811
RDST-25222

Issue: Previously, the documentation on using advanced expressions for subscription flow attributes in the SecureTransport Administrator's Guide was incomplete.

Resolution: Now, the Pluggable Transfer Sites topic in the SecureTransport Administrator's Guide is updated.

Patch 29
01067848
RDST-24422

Issue: Previously, as part of the subscription initialization, the user classes were evaluated per account subscription which resulted in slow login times for accounts with a large number of subscriptions.

Resolution: Now, the user classes are evaluated once per login, and the number of subscriptions does not affect login time significantly.

Patch 29
01088333
RDST-25246

Issue: Previously, the Advanced Routing Decompress step failed to unzip archives containing comments.

Resolution: Now, the Advanced Routing Decompress step successfully executes and unzips archives with comments.

Patch 29
01081965
RDST-25224

Issue: Previously, the description of the Login Threshold Maintenance application in the SecureTransport Administrator's Guide was confusing.

Resolution: Now, the Applications topic provides a clear overview of the Login Threshold Maintenance application.

Patch 29
01074332
RDST-25238

Issue: Previously, the server log message for failed connections from the Transaction Manager to a SecureTransport Edge server in a network zone, was misleading administrators into thinking that the Edge was blacklisted.

Resolution: Now, in the specified scenario, the server log message also shows the current state (failed or denied) of the SecureTransport Edge server to which the Transaction Manager failed to connect.

Patch 29
01064759
RDST-25237

Issue: Previously, the server-initiated pushes to Folder Monitor transfer sites were failing when an account template was used.

Resolution: Now, the server-initiated pushes to Folder Monitor transfer sites through account templates are performed successfully.

Patch 29
01062611
RDST-25221

Issue: Previously, the Unlicensed Accounts Maintenance application failed to delete the unlicensed accounts that had been inactive for the specified period.

Resolution: Now, the application deletes from the database the unlicensed accounts after they are inactive for the specified number of days.

Patch 29
01063259
RDST-25223

Issue: Previously, when logging was redirected to a flat file, some variables that are typically reported in the server log were not exposed and therefore, not reported in the flat file.

Resolution: Now, ServerName is exposed for all protocol daemons, and sessionId is exposed for the SSH daemon. Both variables can be configured in the layout element of the log4j file of a given protocol daemon.

Patch 29
01038798
RDST-25227

Issue: Previously, dynamic synchronization on Standard Cluster was failing to update the RecentPassword table across other nodes after changing an admin password that had been manually expired. As a result, there were differences in the nodes’ xml files of exported accounts.

Resolution: Now, the table is successfully synchronized across the nodes upon password change.

Patch 29
01037120
RDST-25225

Issue: Previously, a SecureTransport administrator was unable to apply unique security settings for the SSH listeners.

Resolution: Now, the security settings are part of StSSHContext, and the administrator can configure unique settings for each SSH listener.

Patch 29
01070697
RDST-24478

Issue: Previously, master administrators without permissions to the Certificates page were not able to view the local certificates when creating or updating a transfer site.

Resolution: Now, master administrators without permissions to the Certificates page can view and use the local certificates through the REST API as well as in the Administration Tool when creating or updating a transfer site.

Patch 29
01084566
RDST-24160

Issue: Previously, when the AuditLog.Enabled.CollectionLog configuration option was set to false, SecureTransport displayed an error in the server log on unchecking the Allow this account to login to SecureTransport Server checkbox.

Resolution: Now, when AuditLog.Enabled.CollectionLog set to false, only an information message for disallowing an account to log into SecureTransport is displayed in the server log.

Patch 29
01081029
RDST-24157 Following the latest security best practices, the storing mechanism for sensitive data in SecureTransport is further enhanced to withstand attacks.
SecureTransport 5.4 Patch 28
Patch 28
01039650
RDST-23620

Issue: Previously, the SecureTransport Installation Guide was providing incomplete instructions for setting up Oracle database correctly.

Resolution: Now, the SecureTransport Installation Guide is updated with the correct instructions to set an Oracle database.

Patch 28
01058200

01054469

RDST-23619

RDST-24060

Issue: Previously, failed to transfer files were deleted from the Connect:Direct temporary folder only on Transaction Manager start.

Resolution: Now, a new configuration option ExternalServerTransferAgent.temporaryDirectoryPurge is introduced that allows administrators to control the deletion of files from the temporary folder.
Possible values:

  • false (default) - the temporary folder is cleared on Transaction Manager start.
  • true - the temporary folder is cleared when a server-initiated push over Connect:Direct fails.
Patch 28
01066092
RDST-23616

Issue: Previously, when the com.maverick.sshd.events logger was set to debug, the message body was formatted incorrectly and included newline characters. As a result, log messages couldn't be parsed into useful information.

Resolution: Now, the logger presents all content of the message on a single line following the SecureTransport logs convention. All events can be matched and parsed correctly.

Patch 28
01073380
RDST-23615

Issue: Previously, the REST API allowed configuring the root directory (/) as a base folder and thus setting a user home folder under / which could pose risks especially on root installations.

Resolution: Now, SecureTransport checks if the absolute home folder path supplied via the REST API is a concatenation of a valid base folder path (other than / (root)) and the home folder path.

Patch 28
01074891
00916035

RDST-24566

RDST-24583

RDST-29157

Issue: Previously, the server log messages for successful and failed certificate authentication did not provide enough details about the certificate in use.

Resolution: Now, each time a user attempts to log in using a certificate via the following protocols: HTTPS, FTPS, SSH and PeSIT, a message is created in the server log containing the following information:

  • The user who logged in/attempted to log in using a certificate
  • The certificate serial number
  • The certificate owner(s)
Patch 28
01071262
01077488
01076124
01084043
RDST-24582

Issue: Previously, the Transfer Log Maintenance application failed to clean up the transfer log entries from MySQL databases containing large amounts of data.

Resolution: Now, the Transfer Log Maintenance application successfully cleans up the transfer log entries regardless of the MySQL database size.

Note: Axway recommends using equal values for Delete transfer log when*: and Delete in-progress transfers that started more than*: on instances running with MySQL database. Otherwise, the necessary database queries might become time-consuming and even result in failure to execute the maintenance application on tables with a lot of data.
Note: On very highly utilized systems, the Transfer Log export might become slower and, in some cases, fail to complete. To keep the application running, consider using smaller values for the Number of records per file: option.

Patch 28
01081923
RDST-24574

Issue: Previously, there was an error in the example of how to calculate the JAVA_MEM_MAX value, which is used to set the maximum heap size for the Java Virtual Machine(JVM).

Resolution: Now, the instructions on configuring the SSH server settings are updated with the correct example calculation.

Patch 28
01071068
RDST-24562

Issue: Previously, the login restriction policies for SSO-authenticated users were not working correctly; at times, users could not log in or experienced a logon delay.

Resolution: Now, the login restriction policies are working correctly for SSO-authenticated users.

Patch 28
01061518
RDST-24565

Issue: Previously, it was possible to configure the Content-Security-Policy header only for the HTTP daemon.

Resolution: Now, a new configuration option Admin.Security.ContentSecurityPolicy is introduced to allow configuring the Content-Security-Policy header for the Admin daemon.

Note: For the Administration Tool to function correctly, you should specify the following directives as a minimum: default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline';. Any deviations from the suggested values might result in unexpected behavior of SecureTransport Admin UI.

Patch 28
01049419
RDST-24581

Issue: Previously, the extended Server Control page was showing Folder Monitor and Scheduler as "Running" when they were disabled from the Server Configuration and therefore not performing any actions.

Resolution: Now, when FolderMonitor.enable/Scheduler.enable configuration option is set to false, the respective service is shown as "Disabled" on the Server Control page.

Patch 28
01060780
RDST-24577

Issue: Previously, the documentation for the Core ID parameter in SecureTransport Administrator's Guide was incomplete.

Resolution: Now, the SecureTransport Administrator's Guide is updated with detail descriptions of the Session ID, Transfer ID, and Core ID parameters.

Patch 28
01060187
RDST-24564

Issue: Previously, the swagger-ui component contained an outdated version of the remarkable library which was vulnerable to Denial of Service (DoS) attacks.

Resolution: Now, the remarkable library is upgraded to its latest version (2.0.0) which does not contain the flaw.

Patch 28
01060185
RDST-24571

Issue: Previously, SecureTransport was vulnerable to CWE-116.

Resolution: Now, when using the TransferMode parameter under /files endpoints, the error message contains properly escaped JavaScript based on the Content Type of the request.

Patch 28
01056323
RDST-24567

Issue: Previously, the resubmitted parameter was missing from the responses to GET requests to /transfers.

Resolution: Now, the response to GET requests to /transfers contains the resubmitted parameter.

Patch 28
01054971
RDST-24575

Issue: Previously, SecureTransport occasionally displayed an error for inserting a duplicate entry when persisting the server log in a database.

Resolution: Now, the persistence mechanism is improved, and the error is no longer displayed.

SecureTransport 5.4 Patch 27
Patch 27
01043389
01082236
01074579
RDST-24000

Issue: Previously, the last login time and the number of successful and failed login attempts, displayed in the user account settings, were not updating for LDAP accounts mapped to virtual users with externally stored passwords.

Resolution: Now, those attributes show the correct information for LDAP accounts mapped to virtual users with externally stored passwords.

Patch 27
01032979
RDST-23996

Issue: Previously, the status of an administrator account with an expired password was not visualized correctly on the Administrators page. On attempt to use the REST API with an expired admin password, the response code contained only a "401 Authentication required" error without details that can help in identifying the problem.

Resolution: Now, in the specified case, the account status is displayed correctly on the Administrators page, and the API response contains a password expiration message.

Patch 27
01060192
RDST-23998

Issue: Previously, when sending a request containing invalid data to the end-user REST API, the response included technical details about the application.

Resolution: Now, the application provides only a generic error and returns a 400 Bad Request response code. The stack trace that holds the sensitive technical information is redirected to the Server Log.

Patch 27
01059356
01054469
RDST-22128

Issue: Previously, the SecureTransport Administration Tool and ST Web Client were vulnerable to CVE-2019-11358 due to an outdated version of jQuery (3.3.1).

Resolution: Now, jQuery is updated to version 3.4.1 which contains the latest security fixes.

Patch 27
01062788
RDST-23999

Issue: Previously, SecureTransport was failing to evaluate a path from a Windows server to a Unix or Unix-like server defined in a transfer site using expression language.

Resolution: Now, SecureTransport evaluates the path correctly.

Patch 27
01071935
RDST-24001

Issue: Previously, on the extended view of the Server Control page, the Key Alias field could not display the full key alias name if it was longer than 20 characters.

Resolution: Now, if the key alias name is longer than 20 characters, it is shown truncated with an ellipsis, and the full name is displayed on mouseover.

Patch 27
01022572
RDST-19454

Issue: Previously, with Repository encryption enabled, there was a delay in initiating large file downloads due to the whole file being read.

Resolution: Now, the download is initiated immediately as the file is not read anymore.

Patch 27
01044707
01073403
RDST-22222

Issue: Previously, when Repository encryption was enabled, there was an exponential upload speed degradation due to the whole file being read at the beginning of every chunk upload.

Resolution: Now, there is no upload speed degradation, and only the first chunk of the file is read.

SecureTransport 5.4 Patch 26
Patch 26
01055835
01070003
RDST-23976

Issue: Previously, when user was logged in through HTTPD on SecureTransport Edge, an error was displayed in the Server log about missing ShowHiddenFiles configuration option.

Resolution: Now, the ShowHiddenFiles configuration option is added to SecureTransport Edge.

Patch 26
01071692
01071170
RDST-23961

Issue: Previously, after kernel upgrade from 3.10.0-957.5.1.el7.x86_64 to 3.10.0-957.21.3.el7.x86_64, users were no longer able to establish FTPS connections to the server because the SSL handshake could not be completed.

Resolution: Now, FTPS connections are established and the SSL handshake is completed successfully.

Patch 26
01052165
RDST-23967

Issue: Previously, when a custom transfer site was used as a source for an Advanced Routing flow with the First Matching Route rule set, SecureTransport did not execute the routes correctly in certain scenarios.

Resolution: Now, SecureTransport executes the routes correctly in all scenarios under the conditions described.

Patch 26
01038731
RDST-23971

Issue: Previously, status_pesitd and status_as2d scripts were always returning status Disabled for the corresponding protocol servers.

Resolution: Now, SecureTransport returns the correct statuses on executing these scripts.

Patch 26
01055198
RDST-23964

Issue: Previously, resubmitting file transfers based on the cycleId attribute via the REST API /transfers/resubmit resource was unsuccessful.

Resolution: Now, such resubmits are successful.

Patch 26
01046287
RDST-23977

Issue: Previously, SecureTransport was not reporting the RETURNMESSAGE value to Axway Sentinel in case of failed transfers.

Resolution: Now, the RETURNMESSAGE value is properly reported to Axway Sentinel in case of failed transfers.

Patch 26
01026928
RDST-23968

Issue: Previously, the HTTP Strict-Transport-Security (HSTS) header was missing in responses to some login.jspx requests when using HSTS in the Admin component.

Resolution: Now, the security headers are present in these responses.

Patch 26
01069466
01065639
RDST-23975

Issue: Previously, establishing a test connection to a Microsoft SQL Server database was failing because special characters in the password were escaped in the JDBC URL, leading to authentication errors.

Resolution: Now, establishing a test connection to a Microsoft SQL Server database occurs successfully.

Patch 26
01021461
01062008
RDST-23972

Issue: Previously, an incorrect flag was reported to Sentinel when a file transfer was denied by the ICAP server.

Resolution: Now, when a file transfer is denied by the ICAP server, an Alert flag is reported to Sentinel.

Patch 26
01034470
RDST-20418

Issue: Previously, it was not possible to use the substring function in the account temple fields.

Resolution: Now, substring is added to the expression language functions and can be used in the account template fields.

  • Syntax: ${substring(variable, beginIndex,endIndex)}.
  • Example: /${substring(stenv.loginname,0,1)}.
Patch 26
01029676
RDST-19425

Issue: Previously, the /file resource in the end user API was not working with file globbing.

Resolution: Now, the /file resource in the end user API works properly with file paths containing GLOB characters.

Patch 26
00949613
01039198
RDST-21848

Issue: Previously, SecureTransport did not limit the number of the simultaneous connections to the remote server when pulling files using the Maximum number of parallel transfers value as configured in the subscription.

Resolution: Now, SecureTransport limits the simultaneous connections to the number specified in the Maximum number of parallel transfers value as configured in the subscription.

Patch 26
01027570
RDST-21470

Issue: Previously, deleting subscriptions with a configured schedule was preventing users from logging in and uploading files.

Resolution: Now, the deletion of subscriptions with configured schedules does not affect user login or file upload.

Patch 26
01032957
RDST-21490

Issue: Previously, the documentation for the /certificates/export resource in Swagger was incomplete.

Resolution: Now, the documentation for the /certificates/export resource in Swagger is updated.

Patch 26
01037795
RDST-21491

Issue: Previously, the logger com.tumbleweed.st.server.sshd.logging was missing information that helps identifying the users who triggered Maverick events.

Resolution: Now, the logger provides information about the accountId, remoteAddress and sessionId.

Patch 26
00997187
RDST-21492
RDST-21493

Issue: Previously, when pushing files via Connect:Direct or Multipoint Binary File Transfer, temporary folders were created with hardcoded permissions(drwxr-xr-x), making pulls impossible in certain occasions.

Resolution: Now, administrators can set suitable temporary directory permissions for Connect:Direct and Multipoint Binary File transfers using the ExternalServerTransferAgent.temporaryDirectoryPermissions configuration option.

Patch 26
01032957
RDST-21494

Issue: Previously, POST requests of an XML formatted Certificate object to /certificates/export in REST API v1.4 failed with response code 400(Bad Request).

Resolution: Now, POST requests of XML formatted Certificates to /certificates/export are successful.

Patch 26
01037290
RDST-21489

Issue: Previously, SecureTransport was not evaluating properly the User ID and Group ID attributes for the user class custom expressions which resulted in users being assigned to an incorrect user class.

Resolution: Now, UID and GID are populated in the environment as DXAGENT_USERUID and DXAGENT_USERGID respectively, and SecureTransport determines the proper user class for a user.

SecureTransport 5.4 Patch 25
Patch 25
01036738
RDST-23125

Issue: Previously, on EC setup using Oracle database with two active servers, resubmitting transfers failed with “Error during transfer operation" due to the transfer being processed by one of the servers and the sandbox environment was created on the other one.

Resolution: Now, a new logic for processing outgoing events that were triggered on resubmitting is implemented: the cluster node, which triggers the file resubmission, processes the outgoing event. In this case, the local sandbox folder contains the archived file, and the latter can be restored successfully.

Patch 25
01057760
RDST-23119

Issue: Previously, the COREID parameter was ignored in the GET requests to the /transfers endpoint in the end user API. As a result, instead of the transfer with the specified COREID, a list of all transfers was returned.

Resolution: Now, a GET request to the /transfers endpoint in the end user API returns only the transfer with the specified COREID.

Patch 25
01046608
RDST-23124

Issue: Previously, the exchange of AS2 messages between two SecureTransport 5.4 servers occasionally failed with one of the following errors: "MIC comparison failed" or "insufficient-message-security."

Resolution: Now, the exchange of AS2 messages between two SecureTransport 5.4 servers is successful.

Patch 25
01047179
01061023
RDST-23112

Issue: Previously, when the home folder of an account template was defined using the STSESSION_LDAP_DIR_* variable with replace function, the file transfer failed due to the variable not being resolved correctly.

Resolution: Now, the STSESSION_LDAP_DIR_* variable is resolved correctly, and the expressions with it are evaluated successfully.

Patch 25
01051236
RDST-23120

Issue: Previously, SecureTransport couldn't authenticate an account if it existed in any default LDAP domain other than the first one SecureTransport was bound to. The issue was caused by the SecureTransport LDAP search mechanism: the search would stop if the account was not found in the first server of the first domain and would not continue to the second domain.

Resolution: Now, SecureTransport tries to bind to at least one server in a domain.

  • If binding to the first server fails, SecureTransport continues to the next server.
  • If binding to the first server is successful, SecureTransport tries to find the requested user in it. In case the user is not found there, subsequent calls to other servers in that domain are not permitted. If the user is not found in the domain, SecureTransport continues searching in the other default domains.
Patch 25
01043646
RDST-23122

Issue: Previously, in a streaming environment, SecureTransport failed to send asynchronous AS2-MDN receipts via HTTPS and errors were reported in the server log and on recipient site.

Resolution: Now, both the AS2 transfer and the asynchronous AS2-MDN receipt are successfully sent and received via HTTPS.

Patch 25
01050865
01052765
RDST-23121

Issue: Previously, the Admin REST API returned non-working links to the transfer details in the responses to pull requests to the /transfers/pull resource when:

  • the request was submitted over PeSIT
  • the request was submitted over FolderMonitor and the destination folder was a subscription folder.

Resolution: Now, the returned link is correct and leads to the transfer details.

Patch 25
01047427
01054449
01049461
RDST-23115

Issue: Previously, an excessive CPU usage was observed on the EC node that didn't hold the Folder Monitor (started second) caused by an infinite loop with no pause time.

Resolution: Now, a sleep period is added for the loop mentioned above to prevent high CPU usage.

Patch 25
01061137
RDST-22219

Issue: Previously, there was a memory leak in the Transaction Manager related to caching of stfs attributes, which were never cleared.

Resolution: Now, a time-based caching mechanism is used which evicts entries after the configured timeout or when the capacity is reached. The newly added Stfs.attributes.cache.timeout and Stfs.attributes.cache.size configuration options control the timeout and the capacity, respectively.

Patch 25
01015105
01050707
01037370
RDST-23959

Issue: Previously, a memory leak in the Transaction Manager caused big heap occupancy and excessive garbage collection activity leading to cluster issues.

Resolution: Now, the memory leak mentioned above is fixed, and the cluster outages are resolved.

SecureTransport 5.4 Patch 24
Patch 24
01037115
RDST-22706

Issue: Previously, SecureTransport was using Oracle Java Runtime Environment version 1.8.0_162 and IBM AIX Java Runtime Environment version 1.8.0_507.

Resolution: Now, SecureTransport is using Oracle Java Runtime Environment version 1.8.0_212 and IBM AIX Java Runtime Environment version 1.8.0_527.

Patch 24
01061477
RDST-22671

Issue: Previously, SecureTransport was exposed to the following vulnerabilities due to an outdated version of Apache Tomcat (7.0.85):

  • CVE-2019-0232
  • CVE-2019-0221
  • CVE-2018-11784
  • CVE-2018-8034
  • CVE-2018-8014
  • CVE-2018-1336

Now, Apache Tomcat version is updated to 7.0.94 and SecureTransport is no longer exposed to these vulnerabilities

SecureTransport 5.4 Patch 23
Patch 23
01026928
RDST-22554

Issue: Previously, in the SecureTransport Administrator's tool, some GET requests were incorrectly handled like POST requests and processed with status OK, even though an incorrect HTTP method was used, and this behavior could pose security risks.

Resolution: Now, when an incorrect HTTP GET method is used with the request, an error response code is returned: HTTP 405 Method Not Allowed.

Patch 23
01026928
01061567
RDST-22548

Issue: Previously, when users tried to open a valid hidden directory which they didn't have access to, the server responded with a HTTP 403 Forbidden message, making the file system prone to directory-enumeration attacks.

Resolution: Now, in the specified case, a HTTP 404 Not Found message is returned which prevents directory-name guessing.

Patch 23
01026928
RDST-22556

Issue: Previously, verbose server information was displayed in the Server header of HTTP responses in the SecureTransport Administration Tool.

Resolution: Now, there is a new configuration option Admin.ServerHeaderTokens that allows an administrator to control the information displayed in the Server HTTP response header for the Administration Tool. Possible values are:

  • None - no information is displayed
  • Prod - the product name, SecureTransport, is displayed
  • OS - the operating system on which SecureTransport is running is displayed
  • Full - default; the product name, build number, and the operating system are displayed

In addition, the behavior of the Http.ServerHeaderTokens configuration option (which controls the Server HTTP header in ST Web Client responses) has been changed to be consistent with Admin.ServerHeaderTokens.

Patch 23
01026928
RDST-22547

Issue: Previously, when a custom unexpected header was added to some of the SecureTransport Administrator's tool requests, the server was returning a HTTP 500 Internal Server Error that contained sensitive data.

Resolution: Now, the server handles unexpected headers correctly by returning a HTTP 400 Bad Request error.

Patch 23
01026928
RDST-22555

Issue: Previously, application content served over HTTPS was cached due to the Cache-Control: private directive in HTTP headers of the SecureTransport Administrator's Tool requests.

Resolution: Now, there is a new configuration option Admin.ControlCaching that allows a SecureTransport administrator to control resource caching behavior. Possible values are true or false. When the option is set to true, the setting of the header is Cache-Control: no-cache, no-store on all static and non-static requests.

Note: When requests are not being cached, performance degradation may occur. After changing the value of the Admin.ControlCaching, the Admin service must be restarted.

Patch 23
01026928
RDST-22557

Issue: Previously, some client-side ST Web Client restrictions could be manipulated and processed.

Resolution: Now, user-defined input is validated on the server-side in sync with the client-side logic. When the user is not permitted to perform an action, a HTTP 401 Unauthorized error is returned.

Patch 23
01025773
RDST-22546

Issue: Previously, when uploading malicious content in a Mailbox message, the content remained present on the server even if ICAP Scanning was enabled.

Resolution: Now, when ICAP Scanning is enabled, a scan is performed upon saving a draft or sending a message. The scan is done according to the settings of the ICAP Server. If malicious content is detected, it is immediately deleted from the server and a HTTP 406 Not Acceptable error is returned.

SecureTransport 5.4 Patch 21
Patch 21
01023832
01041772
01048066
01052077
01055223
01052013
01051077
01061357
RDST-22117

Issue: Previously, Server Log and Transfer Log Maintenance applications failed to export all specified for rotation entries when SecureTransport was running on MySQL database.

Resolution: Now, both applications successfully export all specified for rotation entries when SecureTransport is running on MySQL database.

Patch 21
01039713
RDST-22113

Issue: Previously, the transfer site (AWS) S3 settings were not visible to Delegated administrators created with Read Only or Checker rights.

Resolution: Now, transfer site (AWS) S3 settings are exposed to Delegated administrators with Read Only or Checker rights.

Patch 21
01039178
01057362
RDST-21145

Issue: Previously, the decompression of large archived files as part of a route was lagging when repository encryption was enabled.

Resolution: Now, the compression/decompression library was replaced with Zip4j, which significantly decreases the Desteps execution time.

Patch 21
01044549
RDST-22110

Issue: Previously, when the usage parameter was not populated in a request, the api/v1.4/certificates resource returned incorrect certificate objects.

Resolution: Now, in the specified case, the api/v1.4/certificates resource returns certificate objects according to the "offset".

Patch 21
01049438
RDST-22116

Issue: Previously, the Line Folding step in Advanced Routing was not working correctly and folded up to 4096 lines when used with large files.

Resolution: Now, the Line Folding step is working correctly with files of any size.

Patch 21
01021339
RDST-22112

Issue: Previously, SecureTransport patches could not be applied if the server was running on MSSQL 2014 Standard Edition database without partitioning.

Resolution: Now, SecureTransport patches can be successfully applied on servers running on MSSQL 2014 Standard Edition regardless of partitioning.

01039450
00979797
00915027
RDST-22111

Issue: Previously, SecureTransport did not remove .stfs/attrs files from the Folder Monitor's download folder when the Post transformation action for pushed files was set to delete.

Resolution: Now, in the specified case, SecureTransport removes all the .stfs/attrs files from Folder Monitor's download folder.

01049438 RDST-22116

Issue: Previously, the Line Folding step in Advanced Routing was not working correctly and folded up to 4096 lines when used with large files.

Resolution: Now, the Line Folding step is working correctly with files of any size.

SecureTransport 5.4 Patch 20
Patch 20
00934232
00963524
00969089
00969102
00987665
01045760
RDST-21786

Issue: Previously, no SSL/TLS related information about newly successfully established connections was logged in SecureTransport.

Resolution: Now, five new configuration options are introduced, each dedicated to a protocol server connection:
SSLLogging.Http, SSLLogging.Ftp, SSLLogging.Ssh, SSLLogging.As2, and SSLLogging.Pesit
When you set the respective option to true, SSL/TLS security information (remote address (host), cipher suite and TLS/SSL protocol version) for each successfully established protocol connection is added to the ServerLog. When you set the option to false, SSL/TLS security information is not added to the ServerLog.

Patch 20
01033484
RDST-21798

Issue: Previously, SecureTransport did not report to Axway Sentinel the STATE=SENT when ICAP was enabled.

Resolution: Now, SecureTransport reports the STATE=SENT to Axway Sentinel when ICAP is enabled.

Patch 20
01044490
RDST-21796

Issue: Previously, DXAGENT_TARGET was not being populated when Axway Sentinel was enabled and configured and the administrator was using REST API to submit server-initiated transfers pull requests.

Resolution: Now, DXAGENT_TARGET is populated on REST API pull requests regardless of the Axway Sentinel configuration in SecureTransport.

Patch 20
01032772
RDST-21801

Issue: Previously, SecureTransport was not generating new CoreID values for inbound files if files with the same name from the same account were transferred in a previous session.

Resolution: Now, new CoreID values are generated for all inbound transfers regardless of the file names and sessions.

Patch 20
01046988
01042218
01052063
01033837
01034384
RDST-21797
RDST-21795
RDST-21800
RDST-21250

Issue: Previously, the DXAGENT_TRANSFERSAPI_* environment variables were not exposed by SecureTransport in transfer sites.

Resolution: Now, the DXAGENT_TRANSFERSAPI_* environment variables are populated and resolved correctly.

SecureTransport 5.4 Patch 19
Patch 19
01012009
RDST-21390

Issue: Previously, the SecureTransport administrator could not import a certificate of type PKCS12 with non-encrypted parts.

Resolution: Now, such certificates can be imported and used as expected.

Patch 19
01031334
RDST-21388

Issue: Previously, the SecureTransport Administrator's Guide did not include sufficient info about the way the File Tracking was logging PeSIT transfers.

Resolution: Now, a dedicated note is added to the SecureTransport Administrator's Guide.

Patch 19
01043834
RDST-21387

Issue: Previously, the ST Web Client Configuration Guide contained an incorrect reference to fileOperations configuration.

Resolution: Now, the ST Web Client Configuration Guide is updated with the correct information.

Patch 19
01033091
RDST-21396

Issue: Previously, if a network zone was used by multiple transfer sites, its deletion could take a significant amount of time and even time out.

Resolution: Now, if such a zone is not attached to a transfer site, deletion occurs instantly; otherwise the delete action is denied.

Patch 19
01049071
RDST-21163

Issue: Previously, the SТ Web Client did not load properly when the Http.ServerHeaderTokens server option was set to "None".

Resolution: Now, the ST Web Client loads normally when Http.ServerHeaderTokens is configured to "None".

Patch 19
01043138
RDST-21389

Issue: Previously, there was inconsistent reporting of Sentinel states during server-initiated transfer pull. The inconsistency was as follows:

  • Internal transfer sites - when fixed file name was used as download pattern, the TO_EXECUTE state was reported, instead of SUBMITTED state. Also, the filename attribute was populated with subscription folder, instead of fixed file name.
  • Custom connectors - regardless of the remote download pattern, the state was always TO_EXECUTE, instead of SUBMITTED state.

Now, during server-initiated transfer pull, the SUBMITTED state is reported with the correct filename attribute, regardless of the remote download pattern.
Note: For custom connectors, now there is way to report both the remote download folder and remote download pattern. In order for custom connectors to have consistent states during pull, the connector must report the remote download pattern and could optionally report the remote download folder.

Patch 19
01040027
RDST-21392

Issue: Previously, in some cases, attempts to change PGP keys in an advanced routing PGP encryption step resulted in an error with the following message:"Please specify account for encryption setting".

Resolution: Now, the SecureTransport administrator can successfully change PGP keys in the advanced routing PGP encryption step.

Patch 19
01042013
RDST-21391

Issue: Previously, SecureTransport was not sending proper response codes for failed push transfers through the REST API.

Resolution: Now, response codes are sent for failed push transfer through the REST API in the following cases: incorrect file name or site name, incorrect account credentials, stopping of Transaction Manager or protocol servers.

SecureTransport 5.4 Patch 18
Patch 18
01021339
RDST-21372

Issue: Previously, SecureTransport used to fetch all application properties during advanced routing in order to evaluate the subscription folder.

Resolution: Now, during subscription folder evaluation, SecureTransport fetches only the needed properties of the application.

Patch 18
00962139
RDST-14891

Issue: Previously, when the SТ Web Client was requesting more AddressBook entries than defined in the AddressBook.Limit.MaxDisplayEntries configuration option, an error was shown in the server log, and no or random entries were returned.

Resolution: Now, instead of throwing an error in the server log, a warning message is displayed. The value defined in the AddressBook.Limit.MaxDisplayEntries configuration option is now used for specifying the number of entries that will be shown in the Address book.

Patch 18
01009843
RDST-19286

Issue: Previously, on rare occasions, the transferLog maintenance application was failing to export partitions due to a database operation timeout.

Resolution: Now, each transferLog partition table is exported through a new database session.

Patch 18
01015773
01047817
RDST-19293

Issue: Previously, Sentinel was not displaying the number of records in a transfered file over PeSIT due to the RecordNumber attribute value not being sent by SecureTransport to Axway Sentinel.

Resolution: Now, SecureTransport reports the RecordNumber to Axway Sentinel with each PeSIT transfer, and Sentinel displays the correct number of records (PI28) when the transfer is finished.

Patch 18
01033095
00921250
RDST-21367

Issue: Previously, the SecureTransport REST API was returning duplicate JSON object entries that were containing different values with some resources.

Resolution: Now, when a SecureTransport REST API resource contains duplicate JSON object entries, those are returned as an array data structure.

Patch 18
01033095
00946682
RDST-19552

Issue: Previously, an incorrect HTTP code (204 No Content) was returned with some unsuccessful POST requests to the subscriptions resource in the SecureTransport REST API.

Resolution: Now, the proper HTTP code is returned in the specified cases. (422 - Unprocessable Entity.)

SecureTransport 5.4 Patch 17
Patch 17
01032979
RDST-21298

Issue: Previously, when an administrator was trying to authenticate with an expired password via the REST API, SecureTransport returned an error in HTML format.

Resolution: Now, when an administrator attempts to authenticate with an expired password via the REST API, SecureTransport returns a message in json/xml format.

Patch 17
01022268
RDST-21301

Issue: Previously, REST API deleting (without purging) of an account with a home folder located on Amazon EFS that contained more than 10 000 files, could take up to 40 seconds.

Resolution: Now, in the specified case, such an account is deleted almost instantly.

Patch 17
01023817
RDST-21313

Issue: Previously, the timestamp for the "Last modified" property of files and folders (as reported by the SecureTransport SFTP server) did not include seconds.

Resolution: Now, the timestamp for the "Last modified" property of files and folders (as reported by the SecureTransport SFTP server) includes seconds.

Patch 17
01021602
01028269
RDST-21314

Issue: Previously, the SecureTransport Administrator's Guide did not include the complete list of supported SSH cipher suites.

Resolution: Now, the SecureTransport cipher suites in the SecureTransport Administrator's Guide offers the complete list of supported SSH cipher suites, including MACs, KEXs and public keys.

Patch 17
01030844
RDST-21299

Issue: Previously, it was not possible to enable the “Allow this account to login to SecureTransport Server” option for an account if the option was disabled during the account's creation.

Resolution: Now, this option can be enabled after the account's creation.

SecureTransport 5.4 Patch 16
Patch 16
01024156
RDST-21274

Issue: Previously, the server log and the File Tracking were displaying an error that the transfer did not go through when archiving was disabled on the SendToPartner step in Advanced Routing, while archiving was enabled globally.

Resolution: Now, file archiving is working in all cases without errors.

Patch 16
01033837
01034384
RDST-21250

Issue: Previously, download/pull of files when using advanced expressions for the download folder in the Transfer Site was not successful when the destination folder was a subscription folder and the value needed to evaluate this expression was passed as a custom property for transfer pull.

Resolution: Now, these advanced expressions for are properly evaluated.

Patch 16
01025615
RDST-21268

Issue: Previously, it was not possible to enable an existing account to log in to SecureTransport, unless this option was enabled with the account creation.

Resolution: Now, it is possible to toggle this option with an existing account.

Patch 16
01027677
RDST-21265

Issue: Previously, the logger of the BaseServerTransferAgent class was missing some of the log messages.

Resolution: Now, all messages are logged accurately.

Patch 16
01007233
RDST-21270

Issue: Previously, in SecureTransport cluster setup, file deletion with some file systems was failing across all nodes on Advanced Routing transfers.

Resolution: Now, file deletion with these file systems processes successfully across all nodes on Advanced Routing transfers.

Patch 16
01009858
RDST-21273

Issue: Previously, SecureTransport would search across all backup LDAP servers (when configured for a specific domain) after an incorrect user login attempt.

Resolution: Now, SecureTransport does not search across all backup LDAP servers (when configured for a specific domain) when user credentials input is incorrect.

Patch 16
01021231
RDST-21266

Issue: Previously, when a user sent a file using AdHoc with a configured expiration time for the download link, the package maintenance application would run after link expiration period (thus deleting the package), and the recipient would get an HTTP error 500 on file download attempt.

Resolution: Now, in the case described, the recipient receives a HTTP error code 404, indicating that the download link to the respective file has expired.

Patch 16
01024580
RDST-21267

Issue: Previously, ST Web Client was adding a tilde '~' symbol at the end of the root URL after account authentication due to issues with WAF and blocked requests.

Resolution: Now, the tilde '~' symbol is not added to the ST Web Client root URL.

Patch 16
01032553
RDST-21252

Issue: Previously, the Connect:Direct transfer folder was deleted on Transaction Manager launch.

Resolution: Now, a new configuration option is added: ConnectDirectTransferAgent.transfersFolder.purge. When set to false, the folder from ConnectDirectTransferAgent.transfersFolder will not be deleted on Transaction Manager launch.

SecureTransport 5.4 Patch 15
Patch 15
01031931
RDST-21182

Issue: Previously, after applying SecureTransport 5.4 Patch 11, there was a performance degradation with downloads of files over SFTP.

Resolution: Now, the performance degradation of file downloads over SFTP is mitigated.

Patch 15
00890670
RDST-21183

Issue: Previously, it was not possible to create an Account Template with mapped home folders for SiteMinder users.

Resolution: Now, SecureTransport can be configured to explicitly use the SiteMinder attributes and thus enable Account Templates to be created for SiteMinder users with mapped home folders.

Patch 15
01028370
RDST-21184

Issue: Previously, when SecureTransport was receiving files in ASCII mode over PeSIT protocol from Transfer CFT, the file line endings were corrupted.

Resolution: Now, when performing such transfers, the file integrity is correct and the line endings are properly preserved.

Patch 15
01025754
01027067
01027889
RDST-21190

Issue: Previously, a server-initiated transfer pull via SSH using an Advanced Routing subscription was processed successfully but an error was logged in the Server Log.

Resolution: Now, there are no errors present in the Server Log and the pull is executed successfully.

SecureTransport 5.4 Patch 14
Patch 14
01006400
01014971
01030597
RDST-21176

Issue: Previously, SecureTransport administrators were unable to add nodes in Enterprise Cluster environment after upgrade to Patch 6 and later.

Resolution: Now, this issue is resolved and adding nodes to Enterprise Cluster environment is possible.

Patch 14
01025773
RDST-21172

Issue: Previously, with SecureTransport logs exported in CSV format, some ICAP Settings column fields were vulnerable to MS Excel formula injections.

Resolution: Now, the vulnerable ICAP Settings column fields are properly escaped.

SecureTransport 5.4 Patch 13
Patch 13
01014822
RDST-19355

Issue: Previously, Transfer status was not returned in REST API query response when the destination folder was a subscription folder.

Resolution:Now, the transfer status is returned correctly regardless of the destination folder.

Patch 13
01025773
RDST-19364

Issue: Previously, with SecureTransport logs exported in CSV format, some ICAP Settings column fields were vulnerable to MS Excel formula injections.

Resolution: Now, the vulnerable ICAP Settings column fields are properly escaped.

Patch 13
01017781
RDST-18905

Issue: Previously, SecureTransport used to print verbose messages for SSH connections using the com.maverick.sshd.events package logger.

Resolution: Now, the SecureTransport internal Maverick library is upgraded and those messages are not available on the specified logger. A new logger is introduced and must be used on debug level, using the following package: com.tumbleweed.st.server.sshd.logging.

Patch 13
01014822
RDST-18338

Issue: Previously, Transfer status was not returned in REST API query response when the destination folder was a subscription folder.

Resolution: Now, the transfer status is returned correctly regardless of the destination folder.

Patch 13
01018381
RDST-19352

Issue: Previously, updating values of the FolderMonitor.pollInternal and FolderMonitor.fileDelayInterval configuration properties was requiring a Transaction Manager for changes to take effect.

Resolution: Now, changes to the values of those properties are applied instantly.

Patch 13
00967933
RDST-14894

Issue: Previously, the SecureTransport admin Swagger API website was not loading in Internet Explorer.

Resolution: Now, it is possible to open and use Secure Transport admin Swagger API website in Internet Explorer.

Patch 13
01009858
RDST-19351

Issue: Previously, when multiple LDAP servers were configured under a domain, SecureTransport was searching across all LDAP servers for a user even when passing wrong credentials.

Resolution: Now, if SecureTransport does not find a record for the user in the first available LDAP database, it does not try to connect to backup LDAP servers.

Patch 13
01025773
RDST-18957

Issue: Previously, Title and Notes fields in "Setup ->Network Zones ->New Network Zone ->New Node" were vulnerable to DOM based XSS attack.

Resolution: Now, Title and Notes fields are protected against XSS attack.

Patch 13
01020296
RDST-19359

Issue: Previously, connection to MySQL was failing if the database password contained some special characters.

Resolution: Now, connection to MySQL is successful regardless of characters used into the database password.

Patch 13
01012163
RDST-19354

Issue: Previously, when ICAP scans were enabled, there was inconsistency in the "Status" column values in File Tracking Export and File Tracking as displayed in the SecureTransport Administration Tool.

Resolution: Now, the "Status" column values across File Tracking and File Tracking Export are consistent.

Patch 13
01022268
RDST-19362

Issue: Previously, account deletion through REST API was reporting an error after 2 minutes if the account's home folder was on the Amazon EFS and was containing a large number of files.

Resolution: Now, account deletion through REST API in the specified case occurs faster and does not report any errors.

Patch 13
00900125
RDST-18058

Issue: Previously, the REST API documentation (api/v1.4/docs/index.html) was lacking descriptive information and complete model schema for /accounts resource.

Resolution: Now, missing properties from the REST API documentation are added in the model schema.

Patch 13
00987905
RDST-17306

Issue: Previously, when file names were containing control characters, the Transfer and Xfer logs were broken and reported those files with incorrect names.

Resolution: Now, the respective logs report those characters correctly as part of the file name.

Patch 13
00997986
RDST-17284

Issue: Previously, SecureTransport was relying on the operating system filesystem to check, validate and resolve file names, in this case - preserving trailing whitespaces at the end of file names.

Resolution: Now, SecureTransport explicitly strips trailing whitespaces at the end of file names.

Patch 13
00953578
00961378
00974685
RDST-17282

Issue: Previously, if the Advanced Expression for Download Folder was not checked in the transfer site settings, remote folder was missing from file tracking report.

Resolution: Now, if the Advanced Expression for Download Folder is not checked in the transfer site settings, remote folder is populated into file tracking report.

SecureTransport 5.4 Patch 12
01017427 RDST-18978

Issue: Previously, transfer resubmit was not working with SecureTransport running on Windows and using CIFS shares for home folders and archiving.

Resolution: Now, the resubmit action is successful when having the home folders and archiving on such setup.

01004562
01017037
RDST-18976

Issue: Previously, the mail templates selection in routes was reverted to "None" after saving the Route.

Resolution: Now, mail templates in routes are saved successfully.

01017008 RDST-18977

Issue: Previously, an attempt to create a Connect:Direct transfer site when using a site template with placeholders triggered a server error.

Resolution: Now, the creation of a Connect:Direct transfer site when using a site template with placeholders executes successfully.

01021639
01021341
RDST-18979

Issue: Previously, it was not possible to open Route Package Templates and Route Packages with configured ‘Notifications’.

Resolution: Now, Route Package Templates and Route Packages with configured ‘Notifications’ can be opened successfully.

SecureTransport 5.4 Patch 11
Patch 11
01017388
01006884
RDST-18902

Issue: Previously, SSH transfers were processing at low speeds on networks with high latency.

Resolution: Now, new configuration settings are introduced in the start_sshd script to allow improving the SSH transfer speeds in high latency networks. The SecureTransport administrator can specify buffer sizes for inbound / outbound transfers, as well as values for minimum and maximum window space, as follows:

  • -DrecvBufferSize - 8192 by default
  • -DsendBufferSize - 8192 by default
  • -Dssh.maxWindowSpace - 1048576 by default
  • -Dssh.minWindowSpace - 131072 by default
Patch 11
00998751
RDST-18886

Issue: Previously, when the Publish To Account step was trying to send a file considered as malware, the final file status was In progress.

Resolution: Now, such file transfer is marked as Failed.

Patch 11
01010222
RDST-18881

Issue: Previously, when working with Amazon S3 Pluggable transfer sites, SecureTransport was not putting failing proxies in denied state after reaching the maximum transfer attempts.

Resolution: Now, SecureTransport is working correctly when using proxies and S3 transfer sites.

Patch 11
01015981
RDST-18904

Issue: Previously, a SecureTransport 5.4 upgrade attempt to Patch 5 or later was failing throwing the following error: "java.sql.SQLException: ORA-02443: Cannot drop constraint - nonexistent constraint".

Resolution: Now, this issue is fixed and an upgrade to a patch later than Patch 5 proceeds successfully.

Patch 11
01013258
RDST-18889

Issue: Previously, SecureTransport was trying to pull all files at once, ignoring the maximum allowed number of parallel transfers when using the REST API call HOSTNAME/api/v1.4/transfers/pull to trigger a transfer on a transfer site.

Resolution: Now, if the maxParallelSitPulls parameter is added in the /transfers/pull POST request, its value applies in both cases - pull existing subscription or pull destination directory, if no subscription was found. If this parameter is not present in the request, the subscription configuration is used. For pulling destination directory without subscription, use the Transfer Site maxParallelSitPulls value.

Patch 11
01003493
RDST-18888

Issue: Previously, an upgrade to SecureTransport 5.4 Patch 6 introduced connectivity issues to the Oracle database when the password was containing exclamation mark symbols.

Resolution: Now, this issue is fixed.

Patch 11
01007780
RDST-18357

Issue: Previously, the PSO plugin could not read its configuration.

Resolution: Now, the PSO plugin successfully reads its configuration.

Patch 11
01006783
RDST-18879

Issue: Previously, getting information for the global route template or user route package could be very slow.

Resolution: Now, there is performance improvement while getting global route template or user route package information.

Patch 11
01015266
RDST-18890

Issue: Previously, the SecureTransport administrator was unable to add an underscore symbol in the hostname field for the Transfer Site server.

Resolution: Now, the SecureTransport administrator is able to add underscore symbol in the hostname field for the Transfer Site server.

Patch 11
00978203
RDST-18883

Issue: Previously, a regular expression string used in the Folder Monitor Transfer site / "Upload location” was not properly evaluated in the File Tracking page.

Resolution: Now regular expression used in 'Upload Folder' is evaluated properly.

Patch 11
00998821
RDST-18885

Issue: Previously, the option 'Audit Log Rights' was not selected when a delegated administrator was configured with 'Read Only' or 'Checker Rights' privileges.

Resolution: Now, the option 'Audit Log Rights' is automatically selected when a delegated administrator is configured with either 'Read Only' or 'Checker Rights' privileges.

Patch 11
00993661
RDST-18884

Issue: Previously, an attempt to create a new Delegated Administrator was resulting in producing many duplicate entries for the selection of a Parent Administrator.

Resolution: Now, the option to select a Parent Administrator does not contain duplicate entries.

SecureTransport 5.4 Patch 10

Patch 10
00971186

00946383

RDST-18155

Issue: Previously, all files and directories in a current account directory were visible.

Resolution: Now, two new configuration options are introduced: ShowOwnedFilesOnly and ShowHiddenFiles. The possible values with each are true or false.

  • When ShowOwnedFilesOnly is false, all files and directories in the current account directory will be visible. When set to true, only files and directories owned by that account will be visible. Default value is false.
  • The ShowHiddenFiles configures on the server side whether to show hidden files or not. When ShowHiddenFiles is true hidden files will be displayed. When set to false, only files that are not hidden will be displayed. Default value is true.
Note: The configuration option ShowOwnedFilesOnly will take action only on Unix-like Operation Systems.
SecureTransport 5.4 Patch 9
Patch 9
01001051
RDST-18149

Issue: Previously, the HTTP POST request was including a CRSF header without any value when a user was resetting their password.

Resolution: Now, the HTTP POST request was including a does not contain a CRSF header when a user is resetting their password.

Patch 9
01011604
RDST-17891

Issue: Previously, automatic sync on Standard Cluster was not updating across other nodes when deleting login restriction policy rules.

Resolution: Now, the automatic sync on login restriction rules works correctly.

Patch 9
01011171
RDST-17889

Issue: Previously, the LoginPolicy_BusinessUnit, LoginRestrictionPolicy and LoginRestrictionRule tables were not included into the sync_tables.conf file.

Resolution: Now, the LoginPolicy_BusinessUnit, LoginRestrictionPolicy and LoginRestrictionRule tables are included into the sync_tables.conf file.

Patch 9
00998825
RDST-17386

Issue: Previously, the Business Unit property "Allow Login Restriction Policy modifying" was not included during account export.

Resolution: Now, this property is included during a Business Unit export and also properly imported during import.

Patch 9
01006925
RDST-18150

Issue: Previously, processing cycles for Pluggable Transfer Sites were not linked.

Resolution: Now, processing cycles for Pluggable Transfer Sites are linked.

Patch 9
00991762
RDST-18146

Issue: Previously, when a user was using a certificate for authentication, the account page did not display settings and information about failed or successful login attempts.

Resolution: Now, the account page displays information and settings for failed and successful login attempts, regardless of the user authentication type.

SecureTransport 5.4 Patch 8
00985610
00990434
RDST-18139

Issue: Previously, when email is sent with attachment file with selected option "Send attachment link only", when clicking the download link in the email we get an HTTP 500 error.

Resolution: Now, download link in the email works successfully.

00997338 RDST-17410

Issue: Previously, administrators with "Read Only" rights for a specific business unit could not view the certificates of a user belonging to that business unit using RESTful service.

Resolution: Now, administrators with "Read Only" rights for a specific business unit can successfully list the certificates of a user belonging to that business unit using RESTful service.

00997151 RDST-17413

Issue: Previously, SecureTransport did not check list of recent passwords when updating administrator password using RESTful service.

Resolution: Now, SecureTransport checks list of recent passwords during administrator password update.

01003185 RDST-17411

Issue: Previously, Transfer Site Owner Not Reported to Sentinel in case of Send to partner step execution.

Resolution: Now, Transfer Site Owner is reported to Sentinel in the RECEIVERID attribute.

SecureTransport 5.4 Patch 7

00989029
00990463
RDST-17074

Issue: Previously, in rare occasions due to concurrency issue Folder Monitor downloads was failing with an error for creating destination directory.

Resolution: Now, folder monitor downloads do not fail in the above described case.

00997148 RDST-17072

Issue: Previously, administrator's failed login over basic authentication using REST API was not handled correctly.

Resolution: Now, administrator's failed login attempts over basic authentication using REST API is handled correctly.

00980563 RDST-17075

Issue: Previously, some of the administrators could not change their passwords using REST API.

Resolution: Now, administrators with Change Password rights are able to change their passwords.

SecureTransport 5.4 Patch 6

Patch 6
00999197
RDST-17946

Issue: Previously, migration of route step statuses to Oracle DB was failing.

Resolution: Now, migration of route step statuses to Oracle DB processes successfully.

Patch 6
00975445
RDST-18135

Issue: Previously, SecureTransport was using Oracle ojdbc6 (11.2.0.1.0)/ ojdbc7 (12.1.0.2), MySQL (5.1.35) and MSSQL (4.2) drivers.

Resolution: Now, SecureTransport is using Oracle ojdbc8 (12.2.0.1), MySQL (5.1.46) and MSSQL (4.2.8112.200) drivers.

Patch 6
00974591
RDST-16667

Issue: Previously, the APPEND command in FTP protocol was not working as expected.

Resolution: Now, APPEND command will append data to the end of a file on the remote host. If the file does not exist, SecureTransport will create it.

SecureTransport 5.4 Patch 5

00991915 RDST-18121

Issue: Previously, when executing a publish to account step, transfers were having different core IDs.

Resolution: Now, when executing a publish to account step, transfers have the same core IDs.

SecureTransport 5.4 Patch 4

00975445 RDST-15151

Issue: Previously, SecureTransport was vulnerable to CVE-2017-15095, CVE-2017-17485, CVE-2018-5968 and CVE-2018-7489 due to the outdated 2.8.9 version of FasterXML/ jackson-databind.

Resolution: Now, FasterXML/jackson-databind version is updated to 2.9.5 which contains the latest security fixes.

00982325 RDST-16375

Issue: Previously, login restrictions on key authentication over SSH were checked twice, causing a thread lock on the second check of the session counter.

Resolution: Now, as expected, login restrictions on key authentication over SSH are checked only once.

00975445 RDST-15178

Issue: Previously, private keys were saved on the file system using vulnerable 3DES encryption.

Resolution: Now, this encryption is changed to AES-128.

Note: Internal CA should be regenerated/reimported after patch installation in order to change the file encryption algorithm.
When the patch is uninstalled, Internal CA should be regenerated/reimported again in order to change the file encryption algorithm to 3DES.

00980563 RDST-15917

Issue: Previously, an administrator could not change their own account password using the REST API.

Resolution: Now, administrators may change their own settings, but cannot delete their own accounts.

00982044
00984018
RDST-18114

Issue: Previously, it was not possible to search for SecureTransport accounts using the Internet Explorer browser.

Resolution: Now, it is possible to search for SecureTransport accounts using the Internet Explorer browser.

00959602

00988009

00975445

00974783

RDST-17506

Issue: Previously, the SecureTransport Administration Tool was vulnerable to CVE-2015-9251 and CVE-2012-6708 due to an outdated version of jQuery 1.7.

  • The SecureTransport Administration Tool was using an outdated version of Angular 1.3.4 which has many known vulnerabilities, including arbitrary code execution and multiple XSS paths.
  • Swagger-UI version was 2.2.10-1 containing outdated version of jQuery 1.7.

Resolution: Now, jQuery version is updated to 3.3.1 and Angular version to 1.7.2 both containing the latest security fixes. The Swagger-UI version is updated to 3.17.1.

SecureTransport 5.4 Patch 3

00987871 RDST-15635

Issue: Previously, SSH server-initiated transfers may fail because absolute path is not used if "Upload Folder" is left empty into transfer site settings.

Resolution: Now, in this case transfers are successful and absolute path is used.

00972567
00987759
00984292
00987914
00987918
RDST-15585

Issue: Previously, setting file attributes during SFTP server-initiated push transfer is set after the transfer is completed.

Resolution: Now, new configuration option Ssh.UpdateFilePermissionsWithChmodCommand is added. When Ssh.UpdateFilePermissionsWithChmodCommand is set to true, the file permissions, specified in SSH transfer site configuration are set after transfer end with chmod command. When Ssh.UpdateFilePermissionsWithChmodCommand is set to false, the file handler is opened with specified permissions. The default value is true.

SecureTransport 5.4 Patch 2

Patch 2
00976582
RDST-15667

Issue: Previously, transfers history entries in ST Web Client were stored always in browser localStorage.

Resolution: Now, transfers history entries are stored in sessionStorage when "Allow this account to submit transfers using the Transfers RESTful API" option is enabled for the user account.

Note: When the above option is disabled, ST Web Client uses localStorage as before.

Patch 2
00976582
00983207
RDST-14794
RDST-15137

Issue: Previously, some error pages in ST Web Client were vulnerable to Reflected XSS attacks.

Resolution: Now, SecureTransport successfully processes all data when importing a private SSH key and exporting works as expected.

Patch 2
00955993
RDST-15634

Issue: Previously, SecureTransport was not processing all data when importing and then exporting a private SSH key.

Resolution: Now, SecureTransport successfully processes all data when importing a private SSH key.

Patch 2
00959376
RDST-15877

Issue: Previously, PeSIT encoding Transfer Mode was not preserved with Advanced Routing even though the was used with the "Store And Forward Mode".

Resolution: Now, encoding in PeSIT transfers is preserved in the same way as Record Format and Record Length and works as expected in Advanced Routing.

Patch 2
00953560
RDST-15878

Issue: Previously, there was a problem when the org.quartz.dataSource.DS.testOnBorrow property was set to true in FDH/conf/scheduler.properties.

Resolution: Now, this problem is fixed and SecureTransport works as expected with property org.quartz.dataSource.DS.testOnBorrow=true.

SecureTransport 5.4 Patch 1

Patch 1
00959203
RDST-14459

Issue: Previously, Swagger UI (2.1.4) was vulnerable to CVE 2016-5682.

Resolution: Now, Swagger UI version is updated to 2.2.10-1.


Additional fixes

The following table contains additional fixes, which are not part of patches.

Case ID Internal ID Description

00812422

RDST-464

Issue: Previously, on SecureTransport with MySQL running on Linux, an error was incorrectly shown in the Server Log on successful administrator login using a client certificate when the certificate was specified via the issuer file option (Administrator Login options > Client Certificate Settings> Accept certificates issued by> issuer file).

Resolution: Now, when a valid location is specified in the issuer file option and the administrator successfully logs in using a certificate, the server log does not show an error.

none

RDST-480

Issue: Previously, SecureTransport advertised UTF-8 in its FEAT response but the feature was not working.

Resolution: Now, an appropriate response code is returned to the OPTS UTF-8 command.

00819846

RDST-485

Issue: Previously, the error message for denied CWD FTP command was misleading.

Resolution: Now, SecureTransport responds with '550: Permission denied' in all cases of restricted access.

00826347
01154848

RDST-518

Issue: Previously, overwriting a decrypted file did not trigger repository encryption.

Resolution: Now, all newly uploaded files get encrypted.

00904261
00861418

RDST-1829

Issue: Previously, a few end-user REST API resources and the ST Web Client (legacy skins) pages contained internal information.

Resolution: Now, the ST Web Client legacy skins and the REST API do not reveal any additional data that is considered sensitive.

00874075

RDST-3121

Issue: Previously, the Monitor Server was logging 'Current ST internal session count' message several times per minute.

Resolution: Now, the logging is fixed.

00878253
00876266
00878255

RDST-3703

Issue: Previously, when publishing a large file to an account, the recipient was able to download or delete the file before it was fully transferred.

Resolution: Now, the file is not available for download or deletion until it is completely received.

00881006

RDST-3852

Issue: Previously, on Linux platforms, errors were shown in the File Tracking when the AdHoc functionality was used with the following upload restrictions: users were prohibited from uploading to the root (/) directory and permitted to upload in the root sub-folders (//*).

Resolution: Now, when the package delivery is successful, the upload restrictions does not cause errors in File Tracking.

00896905

RDST-6615

Issue: Previously, when downloading a file from the SecureTransport Legacy Client, the Content-Type HTTP response header was always set to application/octet-stream regardless of the download mode.

Resolution: Now, the Content-Type HTTP response header is populated based on the transfer mode.

00911296, 00966063

RDST-8722

Issue: Previously, the maximum number of parallel transfers limit was disregarded when server-initiated pulls were triggered by using the Retrieve Files Now button under the subscription's settings.

Resolution: Now, in the specified scenario, the maximum number of parallel transfers limit is applied.

00914346

RDST-9018

Issue: Previously, due to an extra space around the delimiter in the list of the allowed HMAC algorithms in the Ssh.SIT.AllowedMacs configuration option, only the first HMAC in the list was advertised during the KEX.

Resolution: Now, the formatting of the list is corrected and the configured HMAC algorithms are advertised during the KEX.

00924216

RDST-10227

Issue: Previously, hmac-sha2-256 was missing from the default list of allowed HMAC algorithms in the Ssh.AllowedMacs and Ssh.SIT.AllowedMacs configuration options.

Resolution: Now, hmac-sha2-256 is added to the default configuration in the Ssh.AllowedMacs and Ssh.SIT.AllowedMacs options.

00922462

RDST-10464

Issue: Previously, the SSH service port was resetting to its default (22) after installing a new node in an Enterprise Cluster.

Resolution: Now, after installing a new cluster node, the SSH service port number assigned to the first server is preserved.

00928239

RDST-10923

Issue: Previously, the silent installation of an Enterprise Cluster node failed when performed after removing an existing DMZ node using the Administration Tool. That was because the auto-generated name for the new node was not unique.

Resolution: Now, SecureTransport automatically generates unique names for the new nodes.

00937905

RDST-11441

Issue: Previously, an SSH user session did not get terminated after disabling or locking the account.

Resolution: Now, the user session is immediately killed once the account is disabled.

00946645

RDST-12609

Issue: Previously, for accounts in a business unit, the applications in the Subscribe to drop-down list were ordered by creation date.

Resolution: Now, the application list is sorted alphanumerically regardless if the account belongs to a business unit or not.

00959227

RDST-13581

Issue: Previously, when a Folder Monitor transfer site was used to pull files for Basic Application, all transfer sites to which files were automatically sent renamed the files according to the "Receive File As" value set in Folder Monitor.

Resolution: Now, in the specified scenario, all transfer sites rename the file according to their "Send File As" value.

00960829

RDST-13602

Issue: Previously, the installation of SecureTransport with Microsoft SQL Server was failing if the database password contained a dollar sign ($).

Resolution: Now, the requirements for database passwords are documented in the SecureTransport Installation Guide.

00971242, 00964769

RDST-13823

Issue: Previously, the SSH certificate authentication option was reset to its default value "Disabled" after installing a new node using the "Using existing schema" option set to true.

Resolution: Now, after installing a new cluster node, the value of the SSH certificate authentication option remains unchanged.

00981905, 00969586

RDST-14258

Issue: Previously, the number of the accounts was decreasing after a password change in the Administration Tool.

Resolution: Now, number of the accounts remains unchanged when an account password is changed.

00973136

RDST-14404

Issue: Previously, the Setup menu was unavailable after navigating to Operations > Support Tool in the Administration Tool.

Resolution: Now, the Setup menu is available after navigating to Operations > Support Tool in the Administration Tool.

00970160

RDST-14494

Issue: Previously, with the "Axway Box and Stripe in Blue" and "Jelly Ball 9" HTML templates, a click on the download link of a file did not work as expected.

Resolution: Now, a click on the download link of a file on either mentioned template works as expected.

00975626, 01143857, 01044162

RDST-14752

Issue: Previously, when pulling files from SMB and pushing to a SSH server, SecureTransport was stripping the .pgp extension while preserving the file encryption.

Resolution: Now, in the specified scenario, SecureTransport doesn't strip the .pgp extension from the filename.

00978293

RDST-14913

Issue: Previously, it was not possible to disable the TRACE method for HTTPD.

Resolution: Now, the SecureTransport administrators can disable the TRACE method for the HTTPD.

00975783

RDST-14983

Issue: Previously, server-initiated transfers over FTP using the '${stenv.target}(+1)' expression was incorrectly evaluated at first. A resubmission attempt was correctly processed.

Resolution: Now, the file transfer is correctly completed in the described scenario.

00981541

RDST-15052

Issue: Previously, an error was shown on attempt to enable a user to log in to SecureTransport Server if the account was created with the login option disabled.

Resolution: Now, the Allow this account to log in to SecureTransport Server setting can be changed any time for any user.

00980509

RDST-15071

Issue: Previously, the SecureTransport Administrator's Guide was providing incomplete instructions for exporting and exporting server configuration.

Resolution: Now, the SecureTransport Administrator's Guide provides more detailed information about server configuration export and import.

00980115

RDST-15493

Issue: Previously, SecureTransport did not validate the classes used in the selectorStrategy configurations.

Resolution: Now, if an erroneous value is used for one of the following options Dmz.Edge.selectorStrategy, Dmz.Proxy.Address.selectorStrategy, or Dmz.Zone.selectorStrategy, the option is set to default and the transfer is successful. In the Server log, a warning message is displayed, stating that the value for the option is erroneous and that the default one will be used.

00990442

RDST-15712

Issue: Previously, some of the examples in the "LDAP-related expression language and variable" topic were not clear.

Resolution: Now, the examples are clarified.

00976754

RDST-15799

Issue: Previously, the TRANSFER_STATUS_ID and TRANSFER_STATUS_START_TIME variables were not populated in the received email notifications for FTP(S) and SFTP inbound transfers.

Resolution: Now, TRANSFER_STATUS_ID and TRANSFER_STATUS_START_TIME are correctly evaluated and populated in the inbound transfer email notifications regardless of the protocol.

00994853

RDST-15996

Issue: Previously, some error messages were revealing the web server name and version.

Resolution: Now, generic error messages are displayed to users.

01031515
01014948
01001534
01006211
00998200

RDST-16564

Issue: Previously, The HTTP OPTIONS method was enabled in the SecureTransport Administration Tool.

Resolution: Now, the HTTP OPTIONS method is disabled in the SecureTransport Administration Tool.

00990458

RDST-16966

Issue: Previously, the SSH service was failing to start when the Ssh.Host server configuration parameter was not set (default) and IPv6 was disabled.

Resolution: Now, when the Ssh.Host server configuration parameter is not set, the server starts listening on all IPv4 addresses.

01003007

RDST-16996

Issue: Previously, the output of the dir command, executed manually on FTP connection via CLI, contained an extra blank line.

Resolution: Now, the blank line in the output was removed.

01006779

RDST-17069, RDST-17070

Issue: Previously, there was no limitation when adding Additional attributes via the REST API.

Resolution:Now, the key name property should start with "userVars." for all API versions except for API 2.0.

00976582

RDST-17224

Issue: Previously, the internal server IP address was displayed in the Transfer-Reference response header on a request to rename a file.

Resolution: Now, the Transfer-Reference header does not contain the IP of the server.

01007816

RDST-17422

Issue: Previously, the Monitor service was unnecessarily checking the external databases.

Resolution: Now, the Monitor service checks only the SecureTransport services and restart them if they are not running.

00998718, 01001892

RDST-17454

Issue: Previously, simultaneous logout of two user accounts, members the same User Class, were logged in one line in the Server log, while they should be separate lines.

Resolution: Now, SecureTransport logs separately the user account actions in the described case.

01008574

RDST-17493

Issue: Previously, the Swagger Transfers resource listed "amazonS3" as a valid value for protocol.

Resolution: Now, the Swagger documentation is updated. The valid values for the protocol of the site are "as2", "ftp", "http","ssh", "pesit", "folder", "adhoc" as well as the protocols added with transfer site plugins.

01020030

RDST-18445

Issue: Previously, the MANIFEST.MF file in the Custom Authorization plugin for SecureTransport was incorrect.

Resolution: Now, the SDK contains the correct MANIFEST.MF file.

01098223 RDST-30682

Issue: Previously, in some cases, SecureTransport was performing outbound file transfers without applying repository decryption which prevented files from being usable on the partner side.

Resolution: Now, SecureTransport correctly applies repository decryption to outbound file transfers.

01141121 RDST-30683

Issue: Previously, Oracle Coherence was started after completion of manual database synchronization.

Resolution: Now, this problem does not occur on completion of manual database synchronization.

01120021 RDST-30161

Issue: Previously, when the PASV command was disabled on the server, the transfers initiated by SecureTransport, were failing as it did not fall back to EPSV.

Resolution: Now, when the PASV command is disabled on the server, SecureTransport falls back to EPSV.

01139926 RDST-28827

Issue: Previously, the Transaction Manager (TM) log did not have records when the TM was started or stopped using the respective start_tm and stop_tm scripts.

Resolution: Now, the TM stores records in the respective log for such events.

01119729 RDST-27571

Issue: Previously, SSH key import was unsuccessful when following the example described in the administrator's REST API Swagger documentation.

Resolution: Now, the behavior is fixed and SSH import occurs successfully in the case described.

01124883 RDST-27501

Issue: Previously, the SecureTransport Installation Guide contained insufficient info regarding the Axway Installer.

Resolution: Now, the SecureTransport Installation Guide is updated with the required information.

01118243 RDST-26899

Issue: Previously, after a new member of an Enterprise Cluster was added, the Client Certificate Settings of the SSH service was reverting to its default value: Disabled.

Resolution: Now, this behavior is fixed and the Client Certificate Settings of the SSH service does not revert to its default value.

01101198 RDST-25331

Issue: Previously, accounts belonging to a Business Unit (BU) could not be edited via the administrator's REST API when the BU settings do not allow HTML Template modification of accounts assigned to it.

Resolution: Now, the administrator's REST API is fixed to successfully edit accounts as expected.

01088083 RDST-24483

Issue: Previously, the SecureTransport Administrator's Guide contained insufficient info regarding the configuration option to maintain link data when Sentinel or Decision Insight is disabled.

Resolution: Now, the SecureTransport Administrator's Guide is updated with the needed info.

01055232
01074861
01069903
RDST-23411

Issue: Previously, re-imaging of existing VMs on the Axway Appliance platform was unsuccessful.

Resolution: Now, the introduction of SecureTransport 5.5 Virtual Appliance fixes the described issue.

01065674 RDST-22399

Issue: Previously, the SecureTransport Administrator's Guide did not contain info that the Title value in the 'Private' Network Zone could not be changed from the hardcoded 'Host'.

Resolution: Now, the SecureTransport Administrator's Guide is updated with the needed info.

01064283 RDST-22319

Issue: Previously, the administrator's REST API was not returning the timestamp value for the last modification of a SecureTransport account.

Resolution: Now, four new properties (Account Created, Last Modified, Last Login) are exposed for User Accounts, Unlicensed Users and Service Accounts. Additionally, two new properties (Account Created and Last Modified) are exposed for Account templates.

01049465 RDST-22131

Issue: Previously, when the $DISPLAY parameter was set and the underlying *nix OS was missing the libXext.so.6 library, SecureTransport was failing to operate normally.

Resolution: Now, the SecureTransport Installation Guide is updated with a note regarding needed info.

01015970 RDST-19886

Issue: Previously, attempts to pull a file using any connector (S3, SMB, Azure) with preserved folder structure were unsuccessful when a shared folder application was used as a subscription.

Resolution: Now the issue is fixed and pulls of files are successfully performed in the described use case.

01139926 RDST-28824

Issue: Previously, the Server Log, tm.stdout.log, and xferlog used different date formats.

Resolution: Now, the default date format in all mentioned logs is set to yyyy-MM-dd HH:mm:ss,SSS, and can be manually changed in the log4j files.

01083411 RDST-24174

Issue: Previously, after upgrade to SecureTransport 5.4, error messages related to transfer status ID were logged on successful pull transfers via an Amazon S3 transfer site.

Resolution: Now, the pull and push transfers via Amazon S3 Transfer Site are successful.

01057615 RDST-23652

Issue: Previously, after a patch was applied on SecureTransport 5.4, the rotate script stopped rotating the xferlog and cmdlog files.

Resolution: Now, the rotate script rotates the xferlog and cmdlog files.

01048470 RDST-21327

Issue: Previously, developer's comments and debug info were visible when accessing the SecureTransport Administration Tool.

Resolution: Now, the comments in loginRestrictionPolicies-controller.js are not visible.

01034416 RDST-21133

Issue: Previously, it was not possible the ${date("yyyyMMdd")} variable to be used for setting the current date in the URL path to a Generic HTTP transfer site.

Resolution: Now, the ${date("yyyyMMdd")} variable can be used for updating the current date in the URL path from the transfer site.

01025902 RDST-20288

Issue: Previously, streaming breakdown occurred when longer exceptions couldn't fit in the Trace Line column of the logging_event_exception table.

Resolution: Now, the issue is fixed and server logs with more than 2048 characters are stored in the serverlog-fallback.log file.

01035961

RDST-19961

RDST-19960

RDST-19959

RDST-19958

Issue: Previously, verbose information was found to be returned within the responses to PUT and POST requests to the /fileops resource.

Resolution: Now, responses to such requests contain generic messages.

01036256 RDST-19766

Issue: Previously, the description of the EventQueue.maxRetryCount server configuration option in SecureTransport Administration Tool was incomplete.

Resolution: Now, the description of the EventQueue.maxRetryCount server configuration option is updated.

01033257 RDST-19581 Issue: Previously, the error messages on attempt to create an AS2 transfer site with a duplicated name via REST API was misleading.

Resolution: Now, such attempt fails with a proper error message.

01029431 RDST-19227

Issue: Previously, when the sshd log was redirected to a flat file, there was a difference in the account information reported in the Server Log and the flat file.

Resolution: Now, there is no difference in the account information reported in the server log and the flat file.

01021994 RDST-19078

Issue: Previously, user activity over the HTTPS and FTP services related to folders was not recorded in the Server log.

Resolution: Now, records for Create, Rename and Delete folders are shown in the Server logs for the FTP and HTTPS services.

01025382 RDST-19002

Issue: Previously, for server-initiated pull transfers over FTP and SSH, the Remote folder field was not populated under File Tracking export and Transfer Status details.

Resolution: Now, in the specified case, the Remote Folder field is populated correctly.


ST Web Client general recommendations

For optimal performance of ST Web Client, the value of readChunkSize must be set to 262144 in stwebclient.config.json.

If the user does not want to be prompted to save their password, except for setting autocomplete to off on the login page, they must disable this feature from the browser's settings.

Autocomplete is disabled by default with out-of-the-box SecureTransport in the ST Web Client interface input fields.


Known issues and limitations

Case ID Internal ID Description
01040257
01064486
RDST-20438
RDST-11266
RDST-2590
When the Transaction Manager (TM) on a given node (in Enterprise Cluster deployments) is restarted while processing one or more active file transfers, these file transfers are not automatically re-initiated after a TM restart. Instead, such a transfer would remain in "in Progress" state and the associated '.m_inproc' file will be orphaned on the file system, thus preventing the automatic resubmission of the given file.
As part of this, the following behavior is observed:
  • Failover functionality is not working when Transaction Manager is suspended during files transfer processing.
  • File locking does not perform correctly in some cases.
  • A permanent database failure on the primary SecureTransport node does not trigger a cluster failover and recovery in an Active/Active Standard Cluster.

Workaround solution: A SecureTransport administrator must remove manually the ‘.m_inproc’ leftover files, associated with the corresponding transfers.
none RDST-17108 When a user in the ST Web Client creates a subfolder named "api" in their root folder, attempts to access a direct link or refresh a page within the "api" subfolder will result in URL redirection to the end-user Swagger API Documentation.
none RDST-22139 PeSIT transfers from CFT fail if repository encryption is enabled and the transfer is paused and then resumed.
none RDST-27698 Password policy cannot be configured for administrators on SecureTransport Edge.
none RDST-31458

SecureTransport cannot resubmit files which have been already resubmitted once in an outbound transfer, performed in an Advanced Routing "Send to partner" step.

none RDST-31663

In rare occasions, some intermittent EOFException errors are thrown during the Advanced Routing "Send to partner" step processing. This has no functional impact.


Documentation

This section describes the related documentation.

Go to the Axway Documentation Portal at https://docs.axway.com/ to find all documentation for this product version.

SecureTransport 5.5 provides the following documentation:

  • SecureTransport Administrator's Guide – This guide provides descriptions and usage instructions to the SecureTransport Administrator's Tool for configuration, deployment and administration of SecureTransport Servers and Edges. Also available as the Administration Tool online help.
  • SecureTransport Appliance Guide – This guide provides the SecureTransport Appliance installation, configuration, and operation instructions.
  • SecureTransport Containerized Deployment Guide – This guide describes how to deploy SecureTransport as a Docker container.
  • SecureTransport Developer's Guide – This guide provides descriptions and usage instructions for implementing custom pluggable components in SecureTransport.
  • SecureTransport Getting Started Guide – This guide explains the initial setup and configuration of SecureTransport using the SecureTransport Administrator setup interface.
  • SecureTransport Installation Guide – This guide provides instructions how to install and set up SecureTransport.
  • SecureTransport Security Guide – This guide provides security information necessary for the secure operation of the SecureTransport product.
  • ST Web Client Configuration Guide – This guide describes how to configure and customize the ST Web Client user interface.
  • ST Web Client User Guide – This guide describes how to use the ST Web Client.
  • SecureTransport on AWS Installation Guide – This guide provides installation and setup information to deploy SecureTransport on AWS (Amazon Web Services).
  • SecureTransport on Azure Installation Guide – This guide provides installation and setup information to deploy SecureTransport on Microsoft Azure.
  • Third Party Licenses – This document lists the proprietary and open source licenses of third-party software that is included or used by SecureTransport.
  • SecureTransport Release Notes – (current document) – This document contains information about new features and enhancements, information received after the finalization of the rest of the documentation, and a list of known and fixed issues.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.


Copyright © 2020 Axway. All rights reserved

Related Links