IN THIS PAGE

v2020.1.6 (12.1.6)

What's New in MOVEit Transfer 2020.1

Release Notes are available in the following languages:

You can download the 2020.1 release of MOVEit Transfer from the community products page.

Microsoft SQL Server 2019

You can now deploy MOVEit Transfer to use the newest version of MS SQL Server (MS SQL Server 2019) for your database platform. See supported databases for full database support options.

If you do not have an existing database, you can also choose MySQL at install time to install a free database bundled in the installer. For details, see Supported Databases and the MOVEit Transfer Install Guide.

ADFS 4.0 and 5.0 Support

We tested Windows Server 2019 AD FS (also referred to as "ADFS 5.0") and Windows Server 2016 AD FS (also referred to as "ADFS 4.0") with MOVEit Transfer. For details, see the MOVEit Transfer Administrator Guide.

Tip You can leverage ADFS as an external authentication source. Additionally, within a Single Sign-on model, you can use ADFS as a trusted identity provider.

Mobile and Desktop Single Sign-on

You can now use enterprise credentials or custom identity providers (IdP) for friction-free sign-on to MOVEit Mobile and MOVEit Client by authorized users. For details on how to configure SAML message passing with a trusted identity provider, see the Administrator Guide.

MOVEit Mobile Single Sign-on

If Single Sign-on (SSO) is enabled for your organization, an SSO link displays. From there, users can choose an Identity Provider (IdP) (assuming more than one is configured for their organization).

Specify Server

Single Sign-on Option

MOVEit Client Single Sign-on

Single Sign-on Option (MOVEit Client)

Multi-Org Gateway

If you are using MOVEit Gateway 4.1 or newer, you can use the MOVEit Gateway Admin UI to specify a different endpoint (in other words, sign-on URL) for each organization (Org) in your MOVEit Transfer deployment. For more details, see the MOVEit Gateway documentation.

To define Org-specific MOVEit Gateway, you must apply configuration details (including the MOVEit Transfer Org ID) at the MOVEit Gateway Admin UI. For details, see the MOVEit Gateway documentation.

RESTful API Improvements

The following new capabilities were added for the 2020.1 release of MOVEit Transfer.

Feature	Description	Endpoint
Log and audit log data access	Return logs current user can view Return specific log data	`/api/v1/logs` `/api/v1/logs/{id}`
Create/define an Org	Allow a SysAdmin to create and define a new Org	`/api/v1/organizations/`
Password aging policies	Create and apply password aging policies to user classes.	`/api/v1/settings/security/password/aging`
User expiration policies	Create and apply user expiration policies to user classes.	`/api/v1/settings/security/userauth/expiration`
Log retention settings	Specify how long system and org logs are kept	`/api/v1/settings/miscellaneous/aging/logs`
Report Import	Import custom report definitions.	`/api/v1/reports/import`

Fixed Issues

This section outlines issues tracked and fixed by the MOVEit product team for the 2020.1 release. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.

ID	Category	Fixed Issue
4210	Web Farm Pattern	Fixed issue in Webfarm deployment where the Gateway tab (MOVEit Transfer Config Utility) was replicated for each MOVEit Transfer Server node.
4248	Download Wizard	Fixed case where using Azure Blobs for the MOVEit Transfer filestore and opting for MOVEit Transfer encryption could result in download failures (or validation check failures) when downloading large (> 10,000,000 byte) files.
4364	SSH Module	Fixed issue where after upgrade from 2019.2, the SSH server reported a fault, possibly due to server load.
5237	Legacy Uploader	Fixed issue where if using the legacy uploader (pre 2019.2), MOVEit Transfer could block a file upload based on X-Forwarded-For header leveraged to identify proxy traffic.
5287 (10525)	Sign-on/MFA	Fixed customer reported issue found when using MOVEit Transfer MFA with MOVEit Gateway.
7027	Security	Fixed SSRF vulnerability where an authorized admin user could view recently-downloaded filenames.
7065	Security	Fixed X-FRAME-OPTIONS setting to ensure security best practices when handling HTML frames.
7167	HA Service	Fixed small memory leak.
8683 (382921)	Security	Fixed a security error that could allow an authorized user to view another user's default directory, under certain unusual circumstances.
4213	WebUI	Fixed issue where downloading a saved report file using the WebUI could result in a partial copy of the file (and fail file validation).
4740	WebUI	Fixed issue where GroupAdmins could grant Folder Sharing permissions to a Regular User, but at a later time the UI did not provide controls to remove the privilege.
11537	WebUI	Fixed issue where typing in Create User As a Clone of field failed to auto complete with a list of current users to clone.
4943	Silent Install	Aligned with .NET dependency that triggered install of 2020 to fails with "Could not encrypt the responses" error message.
6067	Admin Guide	Fixed issues and updated Settings > Security Policies > Password topic in Administrator Guide.
4159 (12239)	Download (Security)	Fixed case where file not downloaded when at the same time the platform allowed filenames comprised of quotation mark characters. CVE-2020-XXXXX. Fix for 4159 also addressed XSS illegal filename vulnerability. Version affected: 2020 (and earlier). Version fixed: 2020.1 Credit: Mark Galea
5316	Security	Resolved file information disclosure that could be possible when certain folder inheritance settings were met.
4396	DMZOrgCopy	Fixed issue where a previous version of DMZOrgCopy utility did not copy MOVEit Transfer Group table record.
11540	Ad Hoc Message/security	Fixed case where script tags need to be removed from Ad Hoc messages.
11644	Logging/WebUI	Fixed issue where blank log entry is written after blank client key is uploaded.
30646	Sign-on	Fixed issue where a new user account could not sign-on from MOVEit Automation.
30736	REST API	Fixed case where Multi-threaded clients could run into database layer exceptions under high load.
30648	REST API	Aligned behavior with WebUI so REST API client is routed to the correct identity provider based on current or default org.
35039	Security	Fixed vulnerability issue in recursive folder properties operation. Credit: Steven Seeley.
42948	Security	Fixed vulnerability issue in the mark new operation. Credit: Alex Kordas.
47619, 47327	Security	CVE-2021-37614: Addressed a SQL injection vulnerability that may allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Credit Alex Kordas

Upgrading

This section explains how you can upgrade from an earlier version of MOVEit Transfer.

Upgrade Paths

Reasons you should upgrade:

Get the latest features. Full-featured mobile app integration, simplified Gateway deployment configuration, REST API, and much more.
Ensure your product is up-to-date. Get ongoing improvements, fixes, the latest support of the MOVEit teams, and take advantage of the improvements and wins requested by the rich ecosystem of Progress users.
If you have a support subscription, upgrades are free. Read this community article for evaluators and check your product license.
MOVEit Transfer 2020.1 supports "direct upgrade" (upgrade by way of running the MOVEit Transfer installer) for existing MOVEit Transfer 2018 (10.0.0) and newer.

Use the Upgrade Path table to find out how you can move earlier or legacy versions to MOVEit Transfer 2020.1.

Your Older MOVEit Transfer Version

Upgrade Path

MOVEit Transfer 2018 (10.0.0) or newer

Use Upgrade mode in MOVEit installer:

Read the Upgrade Guidelines.
Sign in and download the upgrade installer from the Progress Customer and Community portal.

MOVEit Transfer 2017 PLUS SP1 (9.6) and older

If you are running a version that is out of date or close to being out of date, you can:

Upgrade to a supported version such as 2018 (running the 2018 installer in upgrade mode), and then...
Use the latest installer to upgrade 2018 to 2020.
Check the Product Lifecycle page --upgrade to the latest version of MOVEit Transfer if your product version is close or past its End of Life (EoL) or sunset milestones.

Get the Installer

To get a MOVEit installer package:

Sign-in to the Progress Customer and Community portal.
Download the product package. (When you get your MOVEit product package from your Progress Community page, the activation code is already embedded).
Before you run the upgrade installer:
- Review Upgrade Guidelines. They identify useful tips and guidelines for existing MOVEit Transfer or MOVEit DMZ users.
- It is a good idea to copy and save your current product serial number. This Progress knowledge base article explains how to find it.

Get an Activation Code

For upgrades, activation codes are applied automatically when you run the MOVEit Transfer installer.

Your upgrade activation code is embedded in the MOVEit installer file.
The activation code is also stored in your Progress Community product page for reference.
The activation code differs from your serial number. The code begins with your serial number and contains an additional eight characters.

Upgrade Considerations

Logs Directory for Web Farm Upgrade

When you upgrade a MOVEit Transfer Server node, ensure that the local logs directory defined in the Web Farm install configuration for all nodes already exists (or create one on each node). If the installer does not find this local logs directory, it will return a failure message and halt during the Web Farm scale-out process.

MySQL Database Deployments

When you run the MOVEit Transfer installer in an upgrade scenario on a MOVEit Transfer deployment using MySQL, the installer upgrades existing MySQL 5.7 servers to MySQL 8.x.

Any custom schema, tables, and fields (if applicable) must be backed up

It is best practice to backup any customizations before you run the MOVEit Transfer installer. MOVEit Transfer database schema customizations are not supported. If you change the name or add schema, indexes, or tables, the MOVEit Installer will not expect these manual changes and attempt to revert them.

Reset tamper check for logs

If you have logs that include data from before and after a software upgrade, tamper check verification shows false positive tamper errors when verifying the logs.

To prevent this situation, do the following when upgrading MOVEit DMZ software to MOVEit Transfer 2017 (and later).

Before you upgrade, manually start the MOVEit DMZ Log Tamper Check program from the Start menu.
Immediately after you upgrade:
- Sign-on as System Administrator. Click SETTINGS.
- In the System section, Tamper Detection row, click Reset All Orgs.
Click Reset Tamper Detection Data.

Upgrading to a release with Secure Folder Sharing (a post upgrade task is necessary)

If you upgrade your MOVEit Transfer installation with a version that enables Secure Folder Sharing, this feature set will be initially set to off. After the upgrade, as sysadmin user, you can apply the Secure Folder Sharing feature set selectively in Org Profile Settings. As sysadmin, you can apply these settings on an org-by-org basis.

Enable org UI Security Settings to Allow Secure Folder Sharing Feature Set (needed for upgrade installations)

Learn more...

Mobile Upgrade Considerations

MOVEit Mobile Server and legacy MOVEit Transfer Mobile were deprecated for the 2020 release. The latest mobile client that you install from app stores (MOVEit Mobile) only needs MOVEit Transfer 2019.2 or later. MOVEit Mobile connects directly to the MOVEit Transfer Server host. No co-installed mobile server is necessary.

MOVEit Mobile Upgrade Paths

This table outlines the current mobile usage scenarios.

Your Existing Mobile Solution

Target Upgrade Approach

None.

MOVEit Mobile 2.0

Encourage users to get MOVEit Mobile Apps from the iOS (Apple App) and Android (Google Play) app stores.

No add-ons or co-installed app servers are necessary.
MOVEit Apps connect directly to the MOVEit Transfer Server host (similar to the MOVEit Client).

MOVEit Mobile Server 1.4 or older (legacy).

(separately installed Mobile Server)

Move users from MOVEit Transfer Mobile legacy to MOVEit Mobile 2.0

Encourage users to get MOVEit Mobile Apps from the iOS (Apple App) and Android (Google Play) app stores.

MOVEit Mobile Server (co-installed mobile server add on) is deprecated but still reachable by MOVEit Mobile 1.4 clients until you uninstall it.
As SystemAdmin, you can shutdown MOVEit Mobile Server in the Services tab of the DMZ Config Tool.
If you want to uninstall the legacy MOVEit Mobile Server, you can use the MOVEit Installer or through Add Remove Programs.

System Requirements

MOVEit Transfer expects certain software and hardware for proper operation.

MOVEit Transfer Server software requirements. Platform (Virtual), OS, Database, and runtime.
MOVEit Transfer Server hardware requirements. Storage, CPU, and memory.
Target SMTP email server requirement. Email server to relay package notifications through.
Server-side content engine (AV/DLP) compatibility. Anti-virus (AV) and Data Loss Prevention (DLP) engines.
Additional client compatibility. Browser, mobile, and batch clients.
Deployed MOVEit Transfer (Remote SQL Server and Network Attached Storage Shown)

MOVEit Transfer can also leverage MySQL and Azure SQL for its database (MS SQL Server is shown here) and Azure as its S/W and H/W platform. for more information, see Database Platform and find MOVEit Transfer in Azure Marketplace.

MOVEit Transfer can also leverage Azure Blob Storage for its encrypted file/package store.

Note for Azure Users

You can use the MOVEit Transfer Installer if you want to leverage a new MOVEit Transfer site to leverage Azure Blobs or Azure SQL. Otherwise, for site upgrades, you can use the migration instructions for Azure Blob Storage or Azure SQL for its database in the Administrator Guide.

Additional requirements, guidelines, and best practices for leveraging Azure Blob Storage can be found in the Administrator Guide.

Hardware Requirements

These requirements apply to the hardware platform where you install MOVEit Transfer.

Server Hardware Minimum Requirements

Quad-core processor.
8GB RAM.
250GB or larger storage.

Typical Server Hardware Guidelines

Production systems benefit from additional resources, including:

Fast multicore processors (quad-core or dual-quad-core server grade processors are common).
At least 8GB RAM.
Hard drive capacity of 1TB (SAS) is common.

Note: MOVEit Transfer requires a dedicated server or hosted virtual machine. Do not install MOVEit Transfer on a machine that has other applications installed.

These requirements apply to the supporting environment and operating system where you install MOVEit Transfer.

Before you attempt to install MOVEit Transfer server, ensure your Windows Server OS has the latest service packs and required updates installed.

Server Software Requirements

Before you attempt to install MOVEit Transfer server, ensure your Windows server has the latest service packs and required updates installed.

Supported Operating Systems for MOVEit Transfer and Modules

Windows Server 2019 (English, French, Spanish, German, Japanese, Chinese Traditional, and Chinese Simplified)
Windows Server 2016 (English, French, Spanish, German, Japanese, Chinese Traditional, and Chinese Simplified)
Windows Server 2012 R2 (English, French, Spanish, German, Japanese, Chinese Traditional, and Chinese Simplified)
Note: MOVEit Transfer no longer supports Windows Server 2012 (although R2 is supported), 2008R2 and 2008. MOVEit Transfer expects one of the OS versions listed above.

.NET Framework

MOVEit Transfer requires .NET 4.7.2. If the server does not have Internet access, you must install .NET by other means before you run the MOVEit Transfer installation program.

Windows Server 2019 comes with .NET 4.7.2.

Supported Virtualization Environments

MOVEit Transfer can be installed and run on virtual servers running:

VMware ESX (64-bit guest servers)
Microsoft Hyper-V (64-bit guest servers)

Email Server (for notifications)

MOVEit Transfer needs an SMTP server to relay package notifications, account notifications, and other user messages. You will be asked for an SMTP server and credentials during the install process.

If you do not have email server information at the time of install, you can use the MOVEit Transfer Configuration Utility to add this information. For more information, see the MOVEit Transfer Admin Guide.

TLS Certificate

For use in production environments, you should install a certificate from a trusted certificate authority. Apply the trusted certificate during installation or through the MOVEit Transfer Configuration Utility.

Compatible Third-Party AV/DLP Engines

The following major anti-virus (AV) and data loss prevention (DLP) engines are reviewed for compatibility with MOVEit Transfer.

AV Engines (some with AV/DLP)

Anti-Virus Scanner	Latest Version Reviewed
McAfee VirusScan Enterprise, McAfee VirusScan Enterprise for Storage (VSES)	Last reviewed version 8.8.0.2300
McAfee Endpoint Security	Last reviewed version 10.7.0.1675
McAfee Web Gateway	Last reviewed version 9.29 (36018)
Sophos Anti-Virus Dynamic Interface (SAVDI) scanner	Last reviewed version: 2.6
Sophos for Network Storage	Last reviewed version: 10.8.10.810
Symantec Protection Engine	Last reviewed version 7.8.0.141
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) *	Last reviewed: A/V Pattern: 16.615.00 A/V Scan Engine: 12.5.100

DLP Engines

Data Loss Prevention Scanner	Latest Version Reviewed
McAfee Web Gateway*	Last reviewed with version 9.29 (36018)
Symantec DLP Suite	Last reviewed with version 15.x*

*DLP Blocked responses require additional configuration for some scanning engines such as McAfee and Symantec.

Supported Databases

MOVEit Transfer requires one of the following database platforms:.

MySQL 8 (included in the MOVEit Transfer installation)
Azure SQL Database
Microsoft SQL Server 2019 Enterprise/Standard
Microsoft SQL Server 2017 Enterprise/Standard
Microsoft SQL Server 2016 Enterprise/Standard
Earlier versions (not supported)

It is best to run the MOVEit Transfer Server and the database it connects to in the same time zone. Otherwise, security features like multi-factor authentication for sign-on as well as secure connection protocols used between the services will not function.

You can create an Azure SQL database using the Azure Management Portal. See the upgrade and migration section for instructions on how to migrate your current database to Azure SQL.

Additional Clients

MOVEit Mobile

MOVEit Mobile is available for the following devices:

iOS (Apple devices). Available for download in the Apple App Store.
Android (Android OS devices). Available for download from Google Play.

MOVEit Client

All current versions of the MOVEit Client are supported. Older versions will work with limited feature capabilities. Download the latest versions from the MOVEit Products page.

Outlook Plug-in (Ad Hoc)

Outlook Client:
Outlook 2016 (English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)

Outlook 2013 (English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)

Outlook 2010 (32-bit and 64-bit English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)
Mail or Exchange Server:
Ad Hoc Transfer Plug-in for Outlook is compatible with a variety of mail servers, such as Exchange Server 2013, Exchange Server 2010 (32-bit and 64-bit English and German), or Progress IMail 11 (using SMTP). When Outlook & Exchange are used together, Cached Exchange Mode is supported but is not required.
Operating System:
Microsoft Windows 10, Microsoft Windows 8, Windows 7 (32-bit and 64-bit English, German, French, Chinese Simplified, Chinese Traditional, Japanese)

Note to Cloud Subscribers

To learn about the latest feature refresh for the MOVEit Transfer cloud service managed by Progress Software Corporation, see the MOVEit Cloud Release Notes.

Some Differences Between On Prem MOVEit Transfer versus a MOVEit Cloud Subscription

For MOVEit Transfer customers interested in a MOVEit Cloud Subscription, the following table compares the two mechanisms for leveraging MOVEit.

Comparison of MOVEit Cloud and MOVEit Transfer On-Premises

MOVEit Cloud Service	MOVEit Transfer On-Premises
Provides the MOVEit Transfer feature set as enabled by your subscription.	Provides the MOVEit Transfer feature set as enabled by your license.
Progress Software provides hardware, server operating system, and database platform needed to run one or more MOVEit Transfer organizations ("orgs"), where you manage folders and file transfers.	Hardware and appropriate Windows Server operating system version are required for installation. See System Requirements for details.
Progress Software provides SystemAdmin level management and maintenance. Subscribers have: Administrator-level access to orgs. Access to org-wide policy settings.	System-wide access (SystemAdmin) and management required. System administrators can create orgs as needed as licensing permits.
Software as a service (SaaS) with a Service Level Agreement (SLA)	Maintained by you.
Regular patches and service refresh applied by MOVEit Cloud Site Engineering as needed.	Regular point releases made available as necessary.

Known Issues

This section outlines known issues and typical workarounds for MOVEit Transfer 2020.1.1

ID	Category	Known Issue in MOVEit Transfer
365955	Installer	After you upgrade a MOVEit Transfer server to 2020 that leverages the legacy mobile server, if you subsequently uninstall only MOVEit Transfer, the next time you run the installer the Modify option displays but no real modify-install scenario exists. You will not be able to complete the MOVEit Transfer install process. Workaround: To run the installer successfully, you will need to uninstall the deprecated MOVEit Mobile Server manually. Then you can re-run the MOVEit Transfer Installer.
UREP-5247	Central Agent, DMZ Agent	The Analytics Agent cannot connect to the MOVEit Transfer or MOVEit Automation 2019.1 with MySQL 8. To resolve this issue, contact Technical Support to receive a hotfix.
30988	MOVEit Desktop Client	In a multi-org, multi-URL environment, not all fields and controls associated with a newly selected MOVEit Transfer org display at sign-on (such as the IdP dropdown list, when applicable). (When the user selects a different connection URL at sign-on, the client browser's application cache does not automatically refresh.) Workaround: Click Refresh before sign-on.
31190	REST API	Some virtual folder operations do not extend to the REST API. Workaround: For full parity, use the WebUI or MOVEit Automation.

Licensees and Evaluators

For more information, please check our:

Progress Software End-user License Agreement (EULA).
Knowledge base article about MOVEit licensing.

Copyright Notice

These materials and all Progress® software products are copyrighted and all rights are reserved by Progress Software Corporation. The information in these materials is subject to change without notice, and Progress Software Corporation assumes no responsibility for any errors that may appear therein. The references in these materials to specific platforms supported are subject to change.

Chef, Chef (and design), Chef Infra, Code Can (and design), Compliance at Velocity, Corticon, DataDirect (and design), DataDirect Cloud, DataDirect Connect, DataDirect Connect64, DataDirect XML Converters, DataDirect XQuery, DataRPM, Defrag This, Deliver More Than Expected, DevReach (and design), Icenium, Inspec, Ipswitch, iMacros, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, NativeScript, OpenEdge, Powered by Chef, Powered by Progress, Progress, Progress Software Developers Network, SequeLink, Sitefinity (and Design), Sitefinity, Sitefinity (and design), SpeedScript, Stylus Studio, Stylized Design (Arrow/3D Box logo), Styleized Design (C Chef logo), Stylized Design of Samurai, TeamPulse, Telerik, Telerik (and design), Test Studio, WebSpeed, WhatsConfigured, WhatsConnected, WhatsUp, and WS_FTP are registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and/or other countries.

Analytics360, AppServer, BusinessEdge, Chef Automate, Chef Compliance, Chef Desktop, Chef Habitat, Chef WorkStation, Corticon.js, Corticon Rules, Data Access, DataDirect Autonomous REST Connector, DataDirect Spy, DevCraft, Fiddler, Fiddler Everywhere, FiddlerCap, FiddlerCore, FiddlerScript, Hybrid Data Pipeline, iMail, JustAssembly, JustDecompile, JustMock, KendoReact, NativeScript Sidekick, OpenAccess, PASOE, Pro2, ProDataSet, Progress Results, Progress Software, ProVision, PSE Pro, Push Jobs, SafeSpaceVR, Sitefinity Cloud, Sitefinity CMS, Sitefinity Digital Experience Cloud, Sitefinity Feather, Sitefinity Insight, Sitefinity Thunder, SmartBrowser, SmartComponent, SmartDataBrowser, SmartDataObjects, SmartDataView, SmartDialog, SmartFolder, SmartFrame, SmartObjects, SmartPanel, SmartQuery, SmartViewer, SmartWindow, Supermarket, SupportLink, Unite UX, and WebClient are trademarks or service marks of Progress Software Corporation and/or its subsidiaries or affiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Any other marks contained herein may be trademarks of their respective owners.

This document was published on Wednesday, August 4, 2021 at 10:20

NOV

2020