OpConMFT release notes

OpConMFT ver 3.13.4

July 2024

✳️ MFT-190: Allow disabling SMTP authentication so single sign-on won't be attempted when offered.

✳️ MFT-327: MFT Server can now be configured via the MFT Scheduler Service provided Web UI.

✳️ MFT-328: Added WebUI Server "Users" page to implement Desktop Server Console user configuration functionality.

✳️ MFT-342: Email field added to user account settings.

✳️ MFT-355: Support Username and Password with Path Endpoints for use where windows single sign-on doesn't work.

✳️ MFT-367: The MFT Agent now stores event data in a persistent on disk store so events fire (possibly late) even if OpCon or the MFT Agent go down.

✳️ MFT-391: CVE-2023-48795: Avoid potential downgrade attacks by implementing strict kex. More details can be found in the advisory. CVE-2023-6918: Avoid potential use of weak keys in low memory conditions by systematically checking return values of MD functions. More details can be found in the advisory.

✳️ MFT-396: FIPS mode is configurable but defaults to the windows FIPS mode setting.

✳️ MFT-417: Support SFTP and FTP (put) connections to IBMi and z/OS.

✳️ MFT-422: get, pull, and monitor steps can now redownload already processed files if configured to do so.

✳️ MFT-437: Process for checking stored SSH fingerprints now handles pre-existing MD5 hashes and uses SHA256 hashes for new sites, upgrading from MD5 when possible.

✳️ MFT-439: Added create directory, and delete buttons for rudimentary file management for directories served over HTTP.

✳️ MFT-445: MFT Server now supports password length and complexity requirements.

✳️ MFT-446: MFT Server user passwords now uses salted sha256 hashes instead of (unsalted) sha1 hashes.

✳️ MFT-450: MFT Agent now fires CloudEvents for client side activity if the Web Hook is licensed and configured.

✳️ MFT-307: WebUI port automatically defaults to port 41100 with HTTPS enabled on install.

✳️ MFT-323: Delete User button added to WebUI Server "Users" page.

✳️ MFT-326: Added WebUI Server "Logging" page.

✳️ MFT-334: Added General tab in WebUI - ServerConsole - Users page.

✳️ MFT-338: Added Shares tab in WebUI - ServerConsole - Users page.

✳️ MFT-361: Added missing Framework documentation from installation.

✳️ MFT-373: Email address field added to Server WebUI user settings page.

✳️ MFT-379: Mitigated CVE-2023-21893.

✳️ MFT-489: Improved performance for SFTP client file transfers.

✅ MFT-106: Fixed %uploadfiles and %downloadfiles arrays documentation.

✅ MFT-115: Fixed an issue where adding a group in the web ui could hang timeout.

✅ MFT-176: FTPLIST command now return $ERROR_SERVER_IS_FTP when you connect to an FTP server as HTTP.

✅ MFT-216: SFTP connections failed for SSH connections that only accepted "keyboard-interactive" authentication method.

✅ MFT-223: Could not delete job groups from Scheduler -> Group Settings tab.

✅ MFT-273: User could delete files from a virtual directory with just upload, list, and post permissions enabled.

✅ MFT-265: ProgramData and UserData directory fields could be directly edited from WebUI Configuration Data page.

✅ MFT-277: Debug log export included HTML contents at end of downloaded ZIP file.

✅ MFT-351: Files with Unicode characters in their name could not be download from server web UI.

✅ MFT-356: SSH Key selection toggle is now enabled when adding a new SFTP site in the Web UI.

✅ MFT-365: FTPLOGON was missing TLSv1.3 values from /minversion and /maxversion options.

✅ MFT-370: Log rotation in the server logs works as intended.

✅ MFT-374: SSH hostkey fingerprints now use SHA256 instead of MD5 hash.

✅ MFT-377: User facing server logging stopped when set to rotate every N megabytes.

✅ MFT-381: User share folder expiration date set to random value if not explicitly set.

✅ MFT-395: Exporting SSH public key did not work from WebUI.

✅ MFT-401: Configurator error uninstalling and reinstalling Scheduler Service.

✅ MFT-473: Importing ssh-1 format ssh keys failed.

✅ MFT-507: Clients that canonicalize request with a zero length path caused the server to spontaneously disconnect them.

✅ MFT-528: CloudEvents were being dropped or corrupted

OpConMFT ver 3.13.3

Oct 2023

✳️ MFT-280: Added support of 2 jobs with the same name to run simultaneously.

✳️ MFT-207: Successful site test under Managed Sites page now displays a site listing.

✳️ MFT-289: When trying to start a listener the error message now says communication with OpCon failed.

✳️ MFT-296: MFT Server now waits for OpCon to come up so it is no longer a requirement that OpCon's Rest API be reachable when the service starts.

✳️ MFT-305: FTP server types that use "explicit mode" now labeled as such, under Managed Sites page.

✳️ MFT-306: Incorrect warning about "log data signature check failed" removed from Logging WebUI page.

✳️ MFT-308: Automatic site configuration option removed from Managed Sites WebUI page.

✳️ MFT-310: WebUI managed site test now differentiates between various errors on failed connection.

✳️ MFT-311: Files that could not be processed by job because no size or date change now reported as such instead of misleading "file not found" error.

✳️ MFT-324: List of currently logged in users now visible from server WebUI.

✳️ MFT-325: Implemented disconnect button on server WebUI to kick off logged-in users.

✳️ MFT-337: Implemented "Virtual Folders" tab on "Users" page of ServerConsole WebUI.

✅ MFT-153: FTPS (Explicit) Control Only server type caused site test failure on WebUI Managed Sites page.

✅ MFT-185: Irrelevant links to unnecessary Error Reconciliation page removed from all pages.

✅ MFT-188: On Managed Sites WebUI page, Proxy Settings toggle could not be enabled.

✅ MFT-222: On TLS Certificate WebUI page, after importing a certificate, column values and headers contained doubled-up text.

✅ MFT-220: On TLS Certificate WebUI page, unable to successfully export a certificate.

✅ MFT-218: Keys could not be successfully exported from the PGP Keys WebUI page.

✅ MFT-242: On Outbound Email WebUI page, TLS Mode drop-down list was blank and contained no selectable options.

✅ MFT-239: Confirmation dialog for deleting a managed site in WebUI did not offer an option to cancel delete operation.

✅ MFT-237: Inconsistent dialog title suggested managed site test failure when managed site test actually succeeded.

✅ MFT-276: Some modal dialogs in WebUI were abnormally wide and not disambiguated from background.

✅ MFT-279: On PGP Keys WebUI page, a saved passphrase could not be viewed.

✅ MFT-284: Fixed issues with Intermittent erroneous TLS initialization error when connected to plain non TLS services and Intermittent server crash on logoff.

✅ MFT-291: Debug logging for the Web UI and the Scheduler separated into Scheduler.log and NewUI.log to fix log rotation.

✅ MFT-294: Under high load MFT agent jobs could report failure when they actually worked. This error would also prevent acquiring job logs.

✅ MFT-315: Azure blob storage custom connection string was ignored when connecting.

✅ MFT-317: Password, Verification fields added to Outbound Email WebUI page.

✅ MFT-318: Delete button on Outbound Email WebUI page did not actually delete outbound email item.

✅ MFT-340: Styling listing output didn't work correctly due to missing closing div tags.

✅ MFT-348: Fixed an issue with a rare crash during file uploads.

✅ MFT-350: Successful path endpoint tests dialog title no longer contains "error".

✅ MFT-354: Fixed an issue with deleting group in desktop Configurator.

✅ MFT-357: A corrupted share configuration element could crash MFT Server when listing a directory in the web UI.

✅ MFT-359: Fixed an issue with deleting PGP Secret keys from WebUI.

✅ MFT-360: TLS version limitations did set in Web UI did not show in desktop configurator.

✅ MFT-362: Inactive Help buttons removed from MFT Web UI.

OpConMFT ver 3.13.2

June 2023

✳️ MFT-7: MFT Agent installer no longer include no longer supported MS product SQL Server CE.

✳️ MFT-288: Disable the buttons & sub menu option for unauthenticated user (who doesn't have admin access now) and show the warring message on the header of the application.

✅ MFT-153: FTPS (Explicit) Control Only server type caused site test failure on WebUI Managed Sites page.

✅ MFT-185: Irrelevant links to unnecessary Error Reconciliation page removed from all pages.

✅ MFT-187: Fixed an issue with edit Site TLS Client Cert toggle.

✅ MFT-188: On Managed Sites WebUI page, Proxy Settings toggle could not be enabled.

✅ MFT-193: PGP key passphrase now being saved correctly by WebUI.

✅ MFT-216: SFTP connections failed for SSH connections that only accepted "keyboard-interactive" authentication method.

✅ MFT-226: Fixed an issue with HTTP/HTTPS Transfer Type drop down list.

✅ MFT-222: On TLS Certificate WebUI page, after importing a certificate, column values and headers contained doubled-up text.

✅ MFT-220: On TLS Certificate WebUI page, unable to successfully export a certificate.

✅ MFT-219: Fixed an issue with TLS certificate delete in WebUI.

✅ MFT-242: On Outbound Email WebUI page, TLS Mode drop-down list was blank and contained no selectable options.

✅ MFT-241: Fixed an issue with SMTP email configuration, CC and BCC as not mandatory.

✅ MFT-240: Fixed an issue with SMTP application crash.

✅ MFT-239: Confirmation dialog for deleting a managed site in WebUI did not offer an option to cancel delete operation.

✅ MFT-237: Inconsistent dialog title suggested managed site test failure when managed site test actually succeeded.

✅ MFT-236: Fixed an issue with WebUI - Configuration data browse directory that was not working.

✅ MFT-235: Fixed an issue with WebUI - Configuration data buttons that were not working.

✅ MFT-234: Fixed an issue with WebUI - Debug data pages.

✅ MFT-232: Fixed an issue with GUI Configurator - TLS Certificate import/delete.

✅ MFT-248: Fixed am issue with test buttons to verify the inputs.

✅ MFT-255: Fixed an issue with server console when disconnecting a user on the information page.

✅ MFT-256: When looking at a share the share creating control should not be visible.

✅ MFT-257: MFT server could not send events successfully on windows builds lower than 1903 which in server OSes was anything lower than 2022.

✅ MFT-258: Fixed an issue with Virtual folders not appearing for user.

✅ MFT-259: Fixed an issue with FTP disconnects on upload with winscp.

✅ MFT-260: Fixed an issue with FTP/SFTP checkboxes are not updated in Server Console user list when supported protocol changed.

✅ MFT-276: Some modal dialogs in WebUI were abnormally wide and not disambiguated from background.

✅ MFT-279: On PGP Keys WebUI page, a saved passphrase could not be viewed.

✅ MFT-317: Password, Verification fields added to Outbound Email WebUI page.

✅ MFT-318: Delete button on Outbound Email WebUI page did not actually delete outbound email item.

✅ MFT-207: WebUI managed site test button, Successful site test page now displays a site listing.