Syncplicity On-Premises Storage Connector release notes

The following lists recent updates to the Syncplicity On-Premises Storage Connector.

Connector servers should be up-to-date with the latest operating system version (OS version) and kernel patches. The following table provides the recommended OS versions for the latest releases of Storage Connector:

Storage Connector version

OS version

3.2.0.0 (OVA only) CentOS 7.6
2.12.1.0 (OVA only) CentOS 7.3
2.10.2.3 CentOS 6.9

Additional information:

December 2019

Version 3.2.0.0

OVA OS version: CentOS 7.6

Enhancements and fixes
  • Performance enhancements tо support up to 300 concurrent upload or download requests. 
  • The configuration file format changes from HOCOON to YAML due to technology shift from Scala/Play to Java.

  • To ensure a seamless upgrade from previous Storage Connector versions, this release provides a utility for automated migration of customer configuration. 

  • The format of the logger.xml file changes with this release. If you have saved custom settings in logger.xml, you will have to reapply them after the upgrade. 

  • Added support for Secure credentials.
  • The syncp-storage-https-configuration.py file is decommissioned.
Known Issues

During our extensive testing, the following known issues were discovered:

February 2019

Version 2.22.1.103

  • The changes in this hotfix release enable support for Outlook Universal add-in version 10.4.0. 
  • Added “Range” header name to the default exposed CORS headers list to enable the Syncplicity Outlook Universal add-in to resume chunked file uploads. If your Storage Connector is configured with a custom exposed CORS headers list using the setting “syncplicity.ws.corsexposeheaders” in the Storage Connector configuration file, the new "Range" header has to be added to this list by the system administrator when upgrading from version 2.22.0.102 to 2.22.1.103. For more information about editing this file, please see Configure the Storage Connector

January 2019

Version 2.22.0.102

  • Introduced support for Google Cloud Storage. All Enterprise Edition customers can now create their privately managed Syncplicity StorageVaults in Google Cloud Storage with the 2.22.0.102 release of the Storage Connector. For more details, see Deploying Storage Connector in Azure, AWS, or Google Cloud Storage.
  • Fixed several defects related to the SVA feature Storage Token TTL, and added support for Outlook Universal add-in. The nature of these fixes requires that this release (2.22.0.102) is the minimum version to support the Storage Token TTL feature. To enable Storage Token TTL you must upgrade your Storage Connectors to version 2.22.0.102 or later and upgrade all of the Syncplicity clients (mobile, desktop) to the minimum supported version. You can find more information about this feature in the Syncplicity StorageVault with Authentication Configuration Guide, which can be obtained by using the information in this article: About Syncplicity StorageVaults with authentication.
  • Added a new configuration parameter “syncplicity.ws.corsexposeheaders” to provide the option to change the default list of  CORS headers in the "Access-Control-Expose-Headers" header.

October 2018

Version 2.21.0.80

  • Introduced support for controlling the TTL (time-to-live) for the Storage Token used when authenticating a user to a StorageVault with SVA (StorageVault Authentication), for increased security. The SVA Storage Token can be refreshed before it expires up to the maximum refresh time, after which the user must re-authenticate to the StorageVault with SVA. Both the SVA Storage Token TTL and Max Refresh durations are set for the entire StorageVault with SVA and are configurable in the /etc/syncp-storage/syncp-storage.conf file. Further details about the Storage Token TTL feature are in the Syncplicity StorageVault with Authentication Configuration Guide . For access to this guide, contact Syncplicity Support.
  • Introduced the v3 API for the Syncplicity Storage Connector. This new version of the API supports the new SVA Storage Token TTL feature. Log into the Syncplicity Developer Portal for the updated API documentation coming in Q4 2018 at https://developer.syncplicity.com .

April 2018

Version 2.20.1.429

  • Resolved an issue where the Storage Connector would report reaching the maximum concurrent request limit incorrectly. The changes in this hotfix release improve the performance of the Storage Connector when operating under heavy loads.

March 2018

Version 2.20.0.423

  • Introduced support for a new feature offering called Customer Managed Keys, which integrates the Storage Connector with an on-premises HSM (Hardware Security Module) to enable customers to manage the encryption keys used to encrypt their Syncplicity files in their onpremises StorageVault. In this release, we have verified compatibility with Thales nShield Connect XC and Gemalto SafeNet Luna Network HSM 7. Contact Syncplicity Support if you are interested in further information about this new feature.
  • For enhanced security, we have increased the length of the default Syncplicity encryption keys from 128-bits to 256-bits.
  • Applied the Linux kernel patches to address the Meltdown and Spectre vulnerabilities as reported under CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. For more details see:
    https://access.redhat.com/errata/RHSA-2018:0012
    https://access.redhat.com/errata/RHSA-2018:0007
    https://access.redhat.com/errata/RHSA-2018:0014
  • Added support for SVA emails to use the custom email banner if setup in the Company Settings.
  • Added “Content-Range” header name to the allowed CORS headers list to enable the Syncplicity Outlook Universal add-in to upload files in chunks.
  • Added a new configuration parameter “syncplicity.ws.corsheaders” to provide the option to configure the list of CORS headers.
  • Added the following JVM options to enable better debugging and improved memory management on the Storage Connector node.
    -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/syncp-storage/syncpstorage.hprof
    -XX:MetaspaceSize=320 -XX:MaxMetaspaceSize=320m -XX:+UseCompressedOops
  • Disabled VMware Tools time synchronization since the Storage Connector users chrony for time synchronization.
  • Migrated from init.d to system.d for the syncp-storage service initialization and management.
  • Improved the comments in the /etc/syncp-storage/syncp-storage.conf file regarding storage type “fs” to give better guidance on how to configure NFS mounted storage. Also improved the setup instructions in the following article regarding configuration of the Storage Connector:
    Configure the Storage Connector

October 2017

Version 2.15.2.0

  • Fixed an issue causing the creation of shared links for an SVA-enabled StorageVault to fail.
  • Support added to enable the Syncplicity Outlook Universal to access files stored on SVA-enabled StorageVaults.

August 2017

Version 2.15.0.8

  • Support was added to pass through messages from Syncplicity Orchestration to the client to support data loss prevention (DLP) access policies. The returned message is 403 Prohibited by DLP Policy.
  • Support was added to pass through messages from Syncplicity API Gateway to custom apps to inform the app when it has exceeded the API threshold. The returned message is 429 Too many requests.
  • Fixed Support case where chunked uploads from a Syncplicity client failed when a chunk was removed from storage. This issue was tracked by the following errors in the storage connector logs:
    Orchestration request: Webservice Exception: Not Found (Service: Amazon S3;Status Code: 404; Error Code: 404 Not Found; Request ID: ******************* ******) com.amazonaws.services.s3.model.AmazonS3Exception: Not Found (Servic e: Amazon S3; Status Code: 404; Error Code: 404 Not Found; Request ID: ***** ********************)
  • Fixed Support case to change the following storage connector log message from INFO to ERROR. The message occurs when a Syncplicity client does not properly authorize with the SAML IDP:
    End Request 400 Missing Argument: Syncplicity-Storage-Authorization End Request 400 Missing Argument: Storage Authorization or cookie

August 2017

Version 2.12.1.0

OVA OS version: CentOS 7.3

Fixed Support case to include the nfs-utils package in the OVA. Some NFS mounts were failing without this package installed.

June 2017

Version 2.12.0.21

  • This release of the Storage Connector is available as an Open Virtualization Archive (OVA) file only. To deploy the OVA in your datacenter refer to Install the On-Premise Storage Connector . If you are upgrading from a previous version of Storage Connector, and want to preserve the settings from your current Storage Connector nodes before you decommission them, refer to Configure the Storage Connector .
  • Added support for CentOS 7.3. The underlying CentOS operating system in the OVA distribution of the Storage Connector has been upgraded to CentOS 7.3.
  • Updated to the latest versions of the Java SDK to address the CentOS critical Errata and Security Advisory 2017:0180.
  • Fixed an issue during a yum upgrade of the OS whereby the symlinks to Java are broken, causing the Storage Connector to encounter errors and fail to start up.
  • The default log level was changed from DEBUG to INFO. The log level can be changed by editing the /etc/syncp-storage/logger.xml file and changing the following setting:
    <logger name="application" level="INFO" />

October 2017

Version 2.10.4.0

  • Fixed an issue causing the creation of shared links for an SVA-enabled StorageVault to fail.
  • Default log level set to INFO for fresh installs of the Storage Connector.

January 2017

Version 2.10.2.3

  • Introduced support for 3rd party applications integrated with the Syncplicity API Gateway to now POST requests using the AppKey and As-User headers.
  • Enhanced the /v2/files Storage Connector API to support upload requests without multipartForm data required (now an optional parameter), thereby supporting the new background sync feature in the Syncplicity iOS mobile application.
  • Fixed an issue with NFS-mounted storage. In some rare cases a file system can, by default, create new directories requested by the Storage Connector as read-only, which prevents the Storage Connector from writing file data to these directories. This results in one or both of the following error messages in the Storage Connector logfile:
    End Request 500 Internal Server Error: Backend Storage Error (Permission denied) java.io.FileNotFoundException:To address this the Storage Connector now sets an explicit write permission to newly created folders and file chunks.
  • Addressed a security vulnerability related to StorageVault Authentication (SVA). Added the ability to whitelist domains for SVA SSO authentication.

December 2016

Version 2.10.1.0

  • Introduced support for the European Union (EU) PrivacyRegion, which allows on-premises customers to deploy Storage Connector in any public or private cloud anywhere in the world and configure it to process file storage for companies that are in the EU. Note that a Storage Connector can only be configured to communicate with one PrivacyRegion. For instructions on configuring the Storage Connector for EU PrivacyRegion see Syncplicity Support Article, Deploying and Upgrading Syncplicity On-Premise Storage Connector
  • Upgraded the underlying CentOS operating system kernel version to kernel-2.6.32642.11.1.el6.x86_64 in order to address a known vulnerability (CVE-2016-5195). See:
    https://access.redhat.com/security/vulnerabilities/DirtyCow
  • Upgraded to the latest OpenJDK version (java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.x86_64) to address a known vulnerability (CESA-2016:2079). See:
    https://rhn.redhat.com/errata/RHSA
  • Changed the default log retention setting from 30 days to 7 days. This can be changed by the system administrator by editing the /etc/syncp-storage/logger.xml file and changing the following value:
    <maxHistory>7</maxHistory>
  • To improve the hardening of the Storage Connector and host OS, the use of self-signed SSL certificates on the Storage Connector node is no longer supported.
  • Improved the error message emitted to the Storage Connector log when the NFS mounted storage runs out of space and uploads start failing. Previously and under certain scenarios, if a file upload failed due to lack of space on the NFS mounted storage, the only error message logged would be
    Upload Generic error java.io.IOException: No such file or directory
    In this release the following error message is now logged:
    Upload Generic error com.syncplicity.storage.client.StorageException:
    No space left on device /mnt/my_file/data/806/a9

September 2016

Version 2.9.0.3

  • Introducing support for Syncplicity Storage Connector compatibility with Microsoft Azure Compute and Blob Storage. With this integration Azure customers can:
    • Provision CentOS-based virtual machines such as the Standard A4 size, using Azure’s native Virtual Machine provisioning tools.  
    • Deploy the Storage Connector software package on these servers in an .rpm format.
    • Configure connectivity between your Storage Connector and your Azure Blob storage account.
    • Run the Syncplicity Storage Validation Tool after deployment to confirm proper connectivity to both Syncplicity Orchestration and your Azure Blob storage account. 
    • Achieve performance benchmarks that are comparable to the benchmarks for other supported hypervisors such as AWS EC2 and VMware ESX.
  • Documented the expected format of the Storage Connector Log files for messages of type INFO, WARN and ERROR. For customers who chose to consume Storage Connector Logs for operational or investigative purposes, the formatting in the logs has been updated and published in an article found on the Syncplicity Support site.  
  • Updated the layout of the default configuration file for the Storage Connector that is found in /etc/syncp-storage/syncp-storage.conf. The file now includes clearer references to the supported storage types, and clearer illustrations of the default values needed to connect to each storage type.  
  • Changed the default behavior of the Storage Connector remote version query utility. Previously, the default behavior allowed the version of any running Connector to be remotely queried from any browser using the URL of the Connector, suffixed with a /version string. If the connector is online the query would return the version number of the responding Connector. The utility is intended to help with connectivity troubleshooting and with run-time monitoring in a multiconnector environment to ensure all Storage Connectors run a common version. Now the utility is disabled by default to prevent revealing unnecessary detail. If needed an administrator can reenable the utility after an install. To enable the /version API, on each Storage Connector node add the following line to the /etc/syncp-storage/syncp-storage.conf file:
    syncplicity.versionPage.enabled = true

July 2016

Version 2.8.0.7

  • To improve security for the default, lead-on password for the syncp user has been hardened. The minimum password complexity requirements have been enhanced as follows:
  1. Passwords must have at least 14 characters
  2. Passwords must use at least one of each of the four available character types: lowercase letters, uppercase letters, numbers, and symbols
  3. Passwords cannot reuse the last 5 passwords
  4. Passwords must contain at least 5 characters different from the previous password
  • Increased Storage Connector scaling to support 150 concurrent requests with no configuration changes needed from the customer. Support for proxy configurations for Syncplicity Shared Files in a deployment where the Storage Connector is deployed on-prem and the RMS server is hosted in the cloud at rms.syncplicity.com. Previously, when deploying in this configuration when an administrator used the “test” tool from the Admin console all traffic requests would fail.  
  • Updated documentation for Storage Connector health monitoring capabilities. See the For IT > Storage vaults > Monitoring storage vaults section of Syncplicity Support site:
    Welcome to AMPLIFY Syncplicity
  • Upgraded the Java JDK to resolve 5 vulnerabilities. See:
    https://rhn.redhat.com/errata/RHSA2016-0651.html
  • Upgraded the underlying CentOS operating system version in this release to CentOS 6.8 to address a set of vulnerabilities (2 with High Severity, 4 with Low severity)
    NOTE: The Storage Connector .ova deploys with its own instance of CentOS. This means that if your Storage Connectors have been deployed using the .ova install method in vSphere ESX your version of CentOS is vulnerable since it contains a prior release of CentOS perhaps as old as v6.4 depending on the .ova version you first deployed. Incremental RPM updates do not include changes to the underlying OS.
    If you have deployed your Storage Connectors in another hypervisor such as EC2 via the CentOSami approach, the operating system in these Storage Connectors may also be exposed depending on which ami you originally chose. 
    Therefore, to remediate these issues and upgrade to Centos6.8 there are two approaches:
  1. If you use vSphere ESX, you can deploy a net-new Storage Connector .ova running version 2.8.0.7 for each of your existing deployed Connectors. After doing so you can decommission them.
  2. If you use vSphere ESX and cannot deploy new ova images, or if you have deployed using the ami approach, you can upgrade the underlying CentOS following the yum update process.

Details on the vulnerabilities can be found here:  OpenSSL Security Advisory [3rd May 2016]

https://openssl.org/news/secadv/20160503.txt

https://www.openssl.org/news/vulnerabilities.html

CVE and Severity:

CVE-2016-2108 [High severity]

CVE-2016-2107 [High severity]

CVE-2016-2105 [Low severity]

CVE-2016-2106 [Low severity]

CVE-2016-2109 [Low severity]

CVE-2016-2176 [Low severity]

April 2016

Version 2.7.0.5

  • Introducing new Storage Connector health monitoring capabilities. With this release, you can:
  1. Configure the Storage Connector to emit health metrics for your consumption. Setup instructions are offered for two common operation monitoring tools (Graphite and Splunk).
  2. Monitor key metrics to detect performance issues or make decisions to scale your environment to meet demand.
  3. Respond to events when health issues are detected.
  • Added support for proxies that can be used by Storage Connectors that require a proxy outbound to access http://health.syncplicity.com
  • Added versioning for the Syncplicity Storage Connector Validation Tool. For more details about the tool and its use cases, see:
    Storage Connector Validation Tool
  • Added support for an On-Behalf-Of API to assist with content migrations. This capability is currently in Controlled Release. Please contact your Customer Success or Support representative for details.  
  • Added support for internationalization of emails and messages generated by the Storage Connector.
  • Added support for the latest CentOS security updates as of March, 2016.  
  • Resolved an issue with error handling from object storage systems using the S3 API such as EMC ECS or AWS S3 involving the ListBucketPolicy.  
  • Resolved a Linux security vulnerability in the glibc DNS library module. For more information about this announcement, please see the FAQ:
    https://community.axway.com/s/article/Frequently-Asked-Questions-for-glibc-Security-Advisory-March-2016-1529678107718
  • Resolved an openSSL vulnerability defending against possible man-in-the-middle attack vectors. For more information about this announcement, please see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
  • Resolved an issue with references to storage tokens in Connector log files. Any such references are now removed.


March 2016

Version 2.6.1.5

  • Introducing the Storage Connector Validation Tool. A new free tool for Storage Connector Administrators to validate their server’s network dependencies. This release of the Tool validates the following conditions for each Storage Connector:  
  1. Configuration with the Syncplicity Service.
  2. Connectivity to xml.syncplicity.com
  3. Connectivity to health.syncplicity.com
  4. Access to an SMTP server (if configured).  
  5. Access to the Syncplicity API gateway (api.syncplicity.com) (if configured)

Future releases will enable other validation tests such as connectivity tests to back-end storage. Please see the For IT > Storage vaults > Monitoring storage vaults section of Syncplicity’s Support site for more details and documentation:

Welcome to AMPLIFY Syncplicity   

  • Repaired an Out of Memory condition for large files viewed from browsers when files are hosted in the Syncplicity cloud. The new maximum file size for viewing is 100MB. Files larger than this will require downloading before viewing.   
  • Repaired vulnerabilities with latest CentOS patches for Java 7, Java 8, CSS, NSPR, NSS-UTL, NTP and OpenLDAP.  
  • Improved memory use for the Storage Connector. Customers deploying new on-prem connectors using 2.6.1.5 should experience better throughput when compared to that of earlier connectors with the same configuration. This is the result of increased memory utilization which also increases the number of concurrent connections supported.  
  • Properties and Bookmarks of pdf files that were shared using Secure Shared Files are corrupted.

February 2016

Version 2.6.0.3

  • Repaired an issue involving the images generated when downloading of Secure Shared File protected documents.

February 2016

Version 2.6.0.2

  • Improved NFS mount durability that prevents possible data loss when a mount point is unmounted and files write to local Storage Connector disk. Please see task 5a in the StorageVault Installation article:
    Install the On-Premise Storage Connector
  • Enhanced compatibility for EMC Elastic Cloud Storage (ECS) to support the newest SDK. This means that all ECS arrays running ECS v2.0, 2.1 and 2.2 are supported.
  • Enhanced compatibility for AWS S3 to support the newest SDK which adds support for AWS Signature Version 4. This means that Storage Connectors can now be deployed in new AWS Availability Zones such as Frankfurt, Germany and Seoul, South Korea.
  • Obfuscation of one type of Personally Identifiable Information (PII) (file names and file paths) from Storage Connector log files that are being parsed using Splunk. This means that the values are still written to the local log file, however, if the log is parsed by Splunk, the values will be obfuscated.

December 2015

Version 2.5.2.0

  • Remediates a vulnerability relating to the Network Time Protocol (NTP) service to prevent certain low probability attacks. For details, please contact Syncplicity Support.
  • Added support for processing the AppKey header to enable the content migration use case.

September 2015

Version 2.5.1.0

  • Optimizes network bandwidth utilization between backend S3 Storage and Storage Connector.

August 2015

Version 2.5.0.13

  • Security improvements and bug fixes
  • Improvements to StorageVault with Authentication confirmation, resend confirmation, and reset password email templates

July 2015

Version 2.4.0.44

  • Security Fixes
  • Password complexity improvements
  • Enforce change of default password
  • Validation of time interval for SAML response to prevent re-use of token
  • Prevention of wrapping of SAML response
  • Improvements in Secure StorageVault Authentication email messaging for external recipients
  • Fix for resuming of download of large files

May 2015

Version 2.3.1.0

  • Bug fix in SSL framework for outbound proxy use case.

March 2015

Version 2.3.0.4

  • Minimum resource requirement for the on-premises Storage Connector virtual appliance (OVA) has been updated to 8 CPU cores and 8 GB memory.
  • Updated JRE to v1.8
  • Updated SSL framework
  • Bug fixes

February 2015

Version 2.2.1.3 (OVA only)

The On-Premises Storage Connector OVA 2.2.1.3 is a hotfix release that fixes Ghost vulnerability (CVE-2015-0235) in the glibc library. The vulnerability can be exploited remotely to run arbitrary code on affected systems. For additional details please refer to the following:
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235

Please use this updated OVA for any deployment. Alternatively, you can update glibc library in C entOS by running “yum update” command by following the steps below:

  1. Run ‘yum update’ in their terminal as super/root user.
  2. Once ‘yum update’ is run, the glibc security patches will be updated.
  3. After updating, the syncp-storage service must be restarted. Command for restarting is:
    > service syncp-storage restart
  4. Verify the version of glibc and make sure it is version 2.12-1.149 or above by running the following command
    > rpm –q glibc

You are all set.

November 2014

Version 2.2.1.2

  • Support for OAuth 2.0 protocol for authentication
  • Support for Syncplicity Web Preview feature 

October 2014

Version 2.2.0.2

  1. Run ‘yum update’ in their terminal as super/root user
  2. Once ‘yum update’ is run, the bash security patches will be updated
  3. After updating, the syncp-storage service must be restarted. Command for restarting is:
    >service syncp-storage restart
  4. You can verify that the Bash Shell has been updated by running the following command and use the CentOS links above to check the required bash version:
    >yum list | grep bash

You are all set!

September 2014

Version 2.2.0.0

  • This release of Syncplicity On-Premises Storage Connector supports Syncplicity Secure Shared Files feature. For more information about Secure Shared Files feature see Syncplicity Support .
  • For details on supported deployment options see
    Choosing your deployment approach


Related Links