|
|
|
|
|
This section outlines issues tracked and fixed by the Ipswitch product team for the 2019.1 maintenance and feature release. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.
You can also find significant changes and improvements that extend the MOVEit Transfer feature sets, usability, and quality in the What's New.
ID |
Category |
Fixed Issue |
MIDMZ-6318 |
WebUI |
Normalize input arguments at sign-on (hardening). |
MIDMZ-12999 |
ICAP support |
Adapted ICAP support to accommodate implementation used by Symantec DLP. |
MIDMZ-14635 |
Package Upload (Wizard) |
Notes field cleared when uploading a package. |
MIDMZ-14906 |
WebUI |
Copying in templates to custom folders can cause exceptions. |
MIDMZ-14528 |
WebFarm |
Availability to NAS from MOVEit Transfer on Windows Server 2016 limited because NAS hits its reasonable limit for max concurrent sessions with MOVEit Transfer Fix: Added capability to moderate/prune old or stale sessions to a NAS device. |
MIDMZ-2626 |
WebUI |
GroupAdmins that create users can also assign user home folders without specific constraints. Fix: To assign a home folder to a user, a GroupAdmin must have been previously granted Subs permission to the parent folder. |
MIDMZ-14481 |
SAML |
An exception occurs if a SAML-authenticated session has a SAML name ID value that contains an apostrophe. |
MIDMZ-13465 |
Secure Folder Sharing |
"Invalid Access Type" error thrown after successful folder sharing operation. |
MIDMZ-14533 |
Web/UI |
Accessing Groups tab in the browser throws exception after completing an upgrade that reaches back to much earlier versions of MOVEit Transfer with version 2018 or 2019 as the target. |
MIDMZ-15090 |
Transfer API |
Failed download using API not displaying in log. |
MIDMZ-15073 |
Logging/WebUI |
Data Loss Prevention violations not consistent between Log Entry and Log Entries page. |
MIDMZ-12875 |
SAML |
Session header improvements. |
MIDMZ-12838 |
Logging |
Tracking for folder permission changes are more granular. |
MIDMZ-15558 MIDMZ-15835 MIDMZ-15835 |
Security Security Security |
CVE-2019-16383. We fixed an authentication and authorization bypass vulnerability discovered during third-party testing. Credit: Aviv Beniash. CVE-2019-18465: We fixed an authentication bypass vulnerability issue. CVE-2019-18464: We fixed multiple authentication bypass vulnerabilities. Upgrade to the latest patched version (2019.1.4) is recommended. |
MIDMZ-16058 |
REST API |
CVE-2020-8612. Fixed a REST API endpoint that did not sanitize input. This could allow an authenticated attacker to execute arbitrary code in a user's web browser. Upgrade to 2019.1.4 is recommended. Versions affected: 2019.1–2019.1.3 Version fixed: 2019.1.4 Credit: Alex Kordas |
MIDMZ-16066 MIDMZ-16071 MIDMZ-16069 |
REST API |
CVE-2020-8611. Fixed multiple SQL injection vulnerabilities that could allow an authenticated attacker to gain access to the application database. Depending on the database engine being used, the attacker might be able to execute SQL statements to reduce availability or use exhaustive measures to infer structure and contents of the database and then compromise database elements. Upgrade to 2019.1.4 is recommended. Versions affected: 2019.1–2019.1.3 Version fixed: 2019.1.4 Credit: Alex Kordas |
35039 |
Security |
Fixed vulnerability issue in recursive folder properties operation. Credit: Steven Seeley |
42948 |
Security |
Fixed vulnerability issue in the mark new operation. Credit: Alex Kordas |
47619, 47327 |
Security |
CVE-2021-37614: Addressed a SQL injection vulnerability that may allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Credit Alex Kordas |