IN THIS PAGE
v2021.0.8 (13.0.8)
What's New in MOVEit Transfer
The following new features and improvements were added to MOVEit Transfer.
Release |
Version |
Date |
Description |
2021 |
13.0 |
April 28, 2021 |
Initial release |
2021.0.1 |
13.0.1 |
July, 2021 |
Quality hotfix |
2021.0.2 |
13.0.2 |
July, 2021 |
Quality hotfix |
2021.0.3 |
13.0.3 |
July 29, 2021 |
Security hotfix |
2021.0.4 |
13.0.4 |
August 7, 2021 |
Security hotfix |
2021.0.5 |
13.0.5 |
September, 2021 |
Customer requests |
2021.0.6 |
13.0.6 |
May 31, 2023 |
Security hotfix. For details, see Fixed Issues in 2021.0.7. |
2021.0.7 |
13.0.7 |
June 12, 2023 |
|
2021.0.8 |
13.0.8 |
June 15, 2023 |
Security hotfix. For details, see Fixed Issues in 2021.0.8. |
2021.0.9 |
13.0.9 |
July 5, 2023 |
Security Service Pack 1. For details, see Fixed Issues in 2021.0.9. |
Encryption Key Rotation Manager
The key rotation manager enables you to refresh the organization's passphrase (and the key derived from it) for your at-rest data (organization filestore). Use the key management interface to deploy a rotation schedule, launch the key rotation process directly, or both. When file re-encryption work completes using the new key, MOVEit Transfer notifies you by email.
Using this robust key management dashboard, you can:
- View history of organization-wide encryption key rotation.
- Get a helpful time-to-complete estimate.
- Launch re-encryption work right now, in off-hours, or as appropriate (override with pause and resume)
- Pause and restart the conversion process.
- Get reminders on paused or pending rotations.
- Get completion summary, alerts, and reports on completed rotations.
View Key History (freshness) |
|
Get Time Needed to Re-encrypt |
|
Pause and Resume |
|
Schedule Key Rotation |
|
Scheduled Reminder Emails |
|
MOVEit Client Enabled with MFA
MOVEit Client gives users private access to a uniquely-generated verification code (made available by email or mobile app). This additional verification step ensures user sign-on is genuine.
Users can manage MFA settings through the WebUI My Account page.
Setup Screen if MFA not Already Configured
|
Enter Temporary Verification Code (email method shown)
|
Logging Performance Improvements
We improved diagnostic logging performance so users with heavier system loads can enable higher debug levels, which allows you to capture robust diagnostic information when you’re working with our technical support team. The performance improvements include a control to limit how frequently diagnostic information is written to the log files. By default, this control is set to every 60 seconds. This can be adjusted if needed.
Custom Branding for Email Notifications
Include site, team, or enterprise logo designs in email notifications. Site branding controls are more intuitive.
The SETTINGS > Appearance - Brand page features intuitive controls and a new preview mode. You can apply defaults at the global (SysAdmin) and specific designs for MOVEit Transfer organizations (OrgAdmin level).
Custom Site Design Configuration Panel (SETTINGS Appearance - Brand)
Critical System Alerts Email
Configure distinct email target/recipient for cases where MOVEit Transfer detects high-severity, low-frequency events. For example, email recipients could be an operations engineer, an IT group's 'on-call' list, or other responsible individuals in accordance with site-reliability notification and escalation schedules.
Critical System Alerts Email Configuration (email tab of MOVEit Transfer Config Utility shown)
RESTful API Improvements
MOVEit Transfer 2021 adds new capabilities to its REST API.
Feature |
Syntax/Description/Example |
New response model for One-Time Password (OTP).
|
Email-only option now can return a response body and an HTTP status of 200. The response body contains a masked copy of the user's email address. Response body example:
|
Download report as file. |
—Where Example: /api/api/v1/reports/reportId/results/download?format=html |
Get a list of all reports. |
Page through report results list.
/api/v1/reports?page=1&perPage=3&sortField=title&sortDirection=asc |
Change folder Permission Inheritance settings |
—Where —and where explicit permissions flag is set in the request body. |
Change folder notification settings. |
—and where notification settings are set in the request body. |
Updating folder sharing and permissions |
—Where —and where sharing and permission settings are changed in the request body. |
Change character restriction policy for filenames |
—and where allowable characters is set in the request body. |
Change history setting, unique filenames, thumbnail display, and overwrite settings. |
—Where —and where individual settings are boolean values applied to the request body. |
Change folder quota, new file time limit, and folder quota characteristics. |
—Where —and where individual settings are changed in the request body. |
Fixed Issues
This section outlines issues tracked and fixed by the MOVEit product team for the 2021 release. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.
ID |
Category |
Fixed Issue |
31593 |
Admin UI |
Fixed issue where setting SSH Policy for the current user returned the message "certificate is not for the user." |
31249 |
Download/WebUI |
Fixed issue where Folder Download to .zip produced an empty .zip file. |
32643 |
REST API |
Fixed issue to disallow an out-of-range client IP address. |
32596 |
Security |
Fixed issue where an org admin could see session count metrics for the system. |
31950 |
Admin UI |
Fixed issue where the WebUI returned an error if a sysadmin acting as orgadmin attempted to add a user. |
31237 |
Admin UI |
Fixed issue where report failed to overwrite when Overwrite option was selected. |
30646 |
Admin UI |
Fixed issue where using a new MOVEit Transfer account resulted in exception if used from MOVEit Automation. |
31835 |
Upgrade |
Fixed post-upgrade issue in 12.1.1 where password change stamp updated during the password hash update. |
32412 |
Transfer Server |
Fixed issue with GarbageCollection task where only the first 1000 file deletes were reflected in the log and when viewed from custom reports. |
32311 |
Transfer Server |
Fixed issue where some package attachments not cleaned up during scheduled GarbageCollection task. |
32117 |
WebUI |
Fixed issue where deleting custom notification returned an "Invalid Custom Notification" message. |
31965 |
Web Farm |
Fixed issue for Web Farm pattern where scheduled tasks log is saved at the remote file store rather than location defined in server configuration. |
31816 |
WebUI |
Fixed issue to log exceptions and continue to file, which could be blocked when malformed or corrupted comments field was encountered. |
31666 |
REST API |
Fixed issue where in a Secure Folder Sharing scenario, retrieving the full folder list resulted in long queries. |
30736 |
REST API |
Performance improvements to handle high volume of short session. |
35068 |
External Auth |
Fixed issue where sign-on to an ExternalOnly org for the first time returns exception after sign-on. |
5296 |
Custom Notifications |
Fixed issue where customized notifications applied one group and user belongs to that group and one other but gets customized notifications from both. |
8522 |
Package Transfer |
Fixed issue where package upload failed if session expires during upload. |
8555 |
Package Recipients |
Fixed issue to ensure all users on a package recipient list receive send receipts. |
35342 |
WebUI |
Fixed issue where folder quota information is not visible after creating subfolder. |
30490 |
WebUI |
Fixed issue where filename did not display hyperlink to file details view. |
8560 |
WebUI |
Fixed issue where administrator user indicator was not visible if administrator was also a group admin. |
8596 |
WebUI |
Fixed issue where internal path to brand logo visible to users. |
35039 |
Security |
Fixed vulnerability issue in recursive folder properties operation. Credit: Steven Seeley. |
42948 |
Security |
Fixed vulnerability issue in the mark new operation. Credit: Alex Kordas. |
47619, 47327 |
Security |
CVE-2021-37614: Addressed a SQL injection vulnerability that may allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Credit Alex Kordas |
Fixed Issues in 2021.0.6
This section outlines issues tracked and fixed by the MOVEit product team for the May 31, 2023 Hotfix.
ID |
Category |
Fixed Issue |
69698 |
Server/WebUI |
CVE-2023-34362. Addressed a SQL injection vulnerability that may allow an attacker to gain unauthorized access to MOVEit Transfer's database. https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability |
Fixed Issues in 2021.0.7
This section outlines issues tracked and fixed by the MOVEit product team for the June 12, 2023 Hotfix. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.
ID |
Category |
Fixed Issue |
69884 |
Server/WebUI |
CVE-2023-35036. Addressed a SQL injection vulnerability that may allow an attacker to gain unauthorized access to MOVEit Transfer's database. https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability |
Fixed Issues in 2021.0.8
This section outlines issues tracked and fixed by the MOVEit product team for the June 15, 2023 Hotfix. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.
ID |
Category |
Fixed Issue |
70125 |
Server |
CVE-2023-35708: Addressed a SQL injection vulnerability that may allow an attacker to gain unauthorized access to MOVEit Transfer's database. https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15Jun2023 |
Fixed Issues in 2021.0.9
This section outlines issues tracked and fixed by the MOVEit product team for the July 5, 2023 Service Pack 1.
ID |
Category |
Fixed Issue |
| 68501 | Installer | Installer upgrades and repair mode slow if certificate storage has large number of certs. |
| 69752 | Server/Security | Improved controls and validation for active sessions. |
| 69753 | Server/Security | Improved controls and validation for upload states. |
| 69990 | Server/REST API | Improved availability issue that could occur with increased volume and scale out of session sign-on activity. |
| 69998 | Server | Improved transaction server parsing. |
| 70001 | Server/Security | Newer password hashing scheme enforced. Legacy scheme is no longer supported. |
| 70167 | Server | Refactoring and abstraction of OrgEngine/InstCertAdd. |
| 70176 | Server/Security | Addressed a SQL injection vulnerability that may allow an authorized user to gain unauthorized access to MOVEit Transfer's database. |
| 70312 | Server/Security | Addressed a SQL injection vulnerability that may allow an authorized user to gain unauthorized access to MOVEit Transfer's database. |
| 70404 | Server/User Auth | Addressed a SQL injection vulnerability that may allow an attacker to gain unauthorized access to MOVEit Transfer's database. |
Upgrading
Upgrading to the latest version of MOVEit Transfer ensures that you have access to the latest features, fixes, security updates, and usability improvements.
If you have a support subscription, upgrades are free. For licensing information, you can read this MOVEit License FAQ.
Get the Installer and Activation Code
To get a MOVEit installer package:
- Log in to the Progress Customer and Community portal and select Product Downloads.
- Download the product package.
When you get your MOVEit product package from your Progress Community page, the activation code is embedded in the download file and is automatically applied during installation.
The activation code is also stored in your Progress Community product page for reference.
- Before you run the upgrade installer.
- Review Upgrade Guidelines. They identify useful tips and guidelines for existing MOVEit Transfer or MOVEit DMZ users.
- It is a good idea to copy and save your current product serial number. This Progress knowledge base article explains how to find it.
Upgrade Paths
MOVEit Transfer 2021 supports "direct upgrade" (upgrade by way of running the MOVEit Transfer installer) for existing MOVEit Transfer 2019 (11.0.0) and newer.
Use the Upgrade Path table to find out how you can move earlier or legacy versions to MOVEit Transfer 2021.
Your Older MOVEit Transfer Version |
Upgrade Path |
MOVEit Transfer 2019 (11.0.0) or newer |
Use Upgrade mode in MOVEit installer:
|
MOVEit Transfer 2018 PLUS SP2 (10.2) and older |
If you are running a version that is out of date or close to being out of date, you can:
|
Upgrade Considerations
Logs Directory for Web Farm Upgrade
When you upgrade a MOVEit Transfer Server node, ensure that the local logs directory defined in the Web Farm install configuration for all nodes already exists (or create one on each node). If the installer does not find this local logs directory, it will return a failure message and halt during the Web Farm scale-out process.
MySQL Database Deployments
When you run the MOVEit Transfer installer in an upgrade scenario on a MOVEit Transfer deployment using MySQL, the installer upgrades existing MySQL 5.7 servers to MySQL 8.x.
Any custom schema, tables, and fields (if applicable) must be backed up
It is best practice to backup any customizations before you run the MOVEit Transfer installer. MOVEit Transfer database schema customizations are not supported. If you change the name or add schema, indexes, or tables, the MOVEit Installer will not expect these manual changes and attempt to revert them.
Reset tamper check for logs
If you have logs that include data from before and after a software upgrade, tamper check verification shows false positive tamper errors when verifying the logs.
To prevent this situation, do the following when upgrading MOVEit DMZ software to MOVEit Transfer 2017 (and later).
- Before you upgrade, manually start the MOVEit DMZ Log Tamper Check program from the Start menu.
- Immediately after you upgrade:
- Sign-on as System Administrator. Click SETTINGS.
- In the System section, Tamper Detection row, click Reset All Orgs.
- Click Reset Tamper Detection Data.
Upgrading to a release with Secure Folder Sharing (a post upgrade task is necessary)
If you upgrade your MOVEit Transfer installation with a version that enables Secure Folder Sharing, this feature set will be initially set to off. After the upgrade, as sysadmin user, you can apply the Secure Folder Sharing feature set selectively in Org Profile Settings. As sysadmin, you can apply these settings on an org-by-org basis.
Enable org UI Security Settings to Allow Secure Folder Sharing Feature Set (needed for upgrade installations)
System Requirements
MOVEit Transfer requires certain software and hardware to ensure correct operation.
MOVEit Transfer Server Requirements
These requirements apply to the supporting environment and operating system where you install MOVEit Transfer server.
Before you attempt to install MOVEit Transfer server, ensure your Windows server has the latest service packs and required updates installed.
Hardware Requirements
Minimum server requirements
- Four-core server-class CPU (For example: Intel Xeon 4-core 2+GHz)
- 8 GB RAM
- 250 GB or larger free disk space, depending on workload
- Gigabit Ethernet (GigE) Interface.
Typical server requirements
- Eight-core CPU.
- 16 GB RAM.
- Hard drive capacity of 1TB (SAS) is common.
- Free disk space should be sized based on the system log, task logs, and the expected number of concurrent active users and transfers.
- Using SSD or other high-performance disk will improve performance.
- GigE or better network interface card.
Note: MOVEit Transfer requires a dedicated server machine or hypervisor. Do not install MOVEit Transfer on a machine that has other applications installed.
Software Requirements
MOVEit Transfer server requires the following software.
Supported Operating Systems for MOVEit Transfer
- Windows Server 2019
- Windows Server 2016
.NET Framework
MOVEit Transfer requires .NET 4.7.2. If the server does not have Internet access, you must install .NET by other means before you run the MOVEit Transfer installation program.
Windows Server 2019 comes with .NET 4.7.2.
Supported Databases
MOVEit Transfer requires one of the following database platforms:.
- MySQL 8 (included in the MOVEit Transfer installation)
- Azure SQL Database
- Microsoft SQL Server 2019 Enterprise/Standard
- Microsoft SQL Server 2017 Enterprise/Standard
- Microsoft SQL Server 2016 Enterprise/Standard
- Earlier versions (not supported)
It is best to run the MOVEit Transfer Server and the database it connects to in the same time zone. Otherwise, security features like multi-factor authentication for sign-on as well as secure connection protocols used between the services will not function.
You can create an Azure SQL database using the Azure Management Portal. See the upgrade and migration section for instructions on how to migrate your current database to Azure SQL.
Compatible Third-Party AV/DLP Engines
The following major anti-virus (AV) and data loss prevention (DLP) engines are reviewed for compatibility with MOVEit Transfer.
AV Engines (some with AV/DLP)
Anti-Virus Scanner |
Latest Version Reviewed |
McAfee VirusScan Enterprise, McAfee VirusScan Enterprise for Storage (VSES) |
Last reviewed version 8.8.0.2300 |
McAfee Endpoint Security |
Last reviewed version 10.7.0.1675 |
McAfee Web Gateway |
Last reviewed version 9.29 (36018) |
Sophos Anti-Virus Dynamic Interface (SAVDI) scanner |
Last reviewed version: 2.6 |
Sophos for Network Storage |
Last reviewed version: 10.8.10.810 |
Symantec Protection Engine |
Last reviewed version 7.8.0.141 |
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) * |
Last reviewed:
|
DLP Engines
Data Loss Prevention Scanner |
Latest Version Reviewed |
McAfee Web Gateway* |
Last reviewed with version 9.29 (36018) |
Symantec DLP Suite |
Last reviewed with version 15.x* |
*DLP Blocked responses require additional configuration for some scanning engines such as McAfee and Symantec.
TLS Certificate
For use in production environments of the MOVEit Transfer Server, you should install a certificate from a trusted certificate authority. Apply the trusted certificate during installation or through the configuration utility.
Email Server (for notifications)
MOVEit Transfer needs an SMTP server to relay package notifications, account notifications, and other user messages. You will be asked for an SMTP server and credentials during the install process.
If you do not have email server information at the time of install, you can use the MOVEit Transfer Configuration Utility to add this information. For more information, see the MOVEit Transfer Admin Guide.
Browser Support
Supported Web Browsers
- Chrome
- Mozilla Firefox
- Microsoft Edge
- Safari
Other browsers might work with MOVEit Transfer but are not officially supported.
Additional Clients
MOVEit Mobile
MOVEit Mobile is available for the following devices:
- iOS (Apple devices). Available for download in the Apple App Store.
- Android (Android OS devices). Available for download from Google Play.
MOVEit Client
All current versions of the MOVEit Client are supported. Older versions will work with limited feature capabilities. Download the latest versions from the MOVEit Products page.
Outlook Plug-in (Ad Hoc)
- Outlook Client:
Outlook 2016 (English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)
Outlook 2013 (English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)
Outlook 2010 (32-bit and 64-bit English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)
- Mail or Exchange Server:
Ad Hoc Transfer Plug-in for Outlook is compatible with a variety of mail servers, such as Exchange Server 2013, Exchange Server 2010 (32-bit and 64-bit English and German), or Progress IMail 11 (using SMTP). When Outlook & Exchange are used together, Cached Exchange Mode is supported but is not required.
- Operating System:
Microsoft Windows 10, Microsoft Windows 8, Windows 7 (32-bit and 64-bit English, German, French, Chinese Simplified, Chinese Traditional, Japanese)
Known Issues
This section outlines known issues and typical workarounds for MOVEit Transfer.
ID |
Category |
Known Issue in MOVEit Transfer |
365955 |
Installer |
After you upgrade a MOVEit Transfer server to 2020 that leverages the legacy mobile server, if you subsequently uninstall only MOVEit Transfer, the next time you run the installer the Modify option displays but no real modify-install scenario exists. You will not be able to complete the MOVEit Transfer install process. Workaround: To run the installer successfully, you will need to uninstall the deprecated MOVEit Mobile Server manually. Then you can re-run the MOVEit Transfer Installer. |
UREP-5247 |
Central Agent, DMZ Agent |
The Analytics Agent cannot connect to the MOVEit Transfer or MOVEit Automation 2019.1 with MySQL 8.
To resolve this issue, contact Technical Support to receive a hotfix. |
31190 |
REST API |
Some virtual folder operations do not extend to the REST API. Workaround: For full parity, use the WebUI or MOVEit Automation. |
35331 |
Key Rotation |
If disk capacity is less than the largest file in your filestore and you run key rotation, your key rotation process will fail to convert that file. |
22448 |
Key Rotation |
Key rotation functionality does not extend directly to environments that use Azure Blob Service for their filestore. Workaround: Azure Storage has its own encryption scheme and key management infrastructure. |
Licensees and Evaluators
For more information, please check our:
- Progress Software End-user License Agreement (EULA).
- Knowledge base article about MOVEit licensing.
Copyright Notice
© 2021 Progress Software Corporation and/or one of its subsidiaries or affiliates. All rights reserved.
These materials and all Progress® software products are copyrighted and all rights are reserved by Progress Software Corporation. The information in these materials is subject to change without notice, and Progress Software Corporation assumes no responsibility for any errors that may appear therein. The references in these materials to specific platforms supported are subject to change.
Chef, Chef (and design), Chef Infra, Code Can (and design), Compliance at Velocity, Corticon, DataDirect (and design), DataDirect Cloud, DataDirect Connect, DataDirect Connect64, DataDirect XML Converters, DataDirect XQuery, DataRPM, Defrag This, Deliver More Than Expected, DevReach (and design), Icenium, Inspec, Ipswitch, iMacros, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, NativeScript, OpenEdge, Powered by Chef, Powered by Progress, Progress, Progress Software Developers Network, SequeLink, Sitefinity (and Design), Sitefinity, Sitefinity (and design), SpeedScript, Stylus Studio, Stylized Design (Arrow/3D Box logo), Styleized Design (C Chef logo), Stylized Design of Samurai, TeamPulse, Telerik, Telerik (and design), Test Studio, WebSpeed, WhatsConfigured, WhatsConnected, WhatsUp, and WS_FTP are registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and/or other countries.
Analytics360, AppServer, BusinessEdge, Chef Automate, Chef Compliance, Chef Desktop, Chef Habitat, Chef WorkStation, Corticon.js, Corticon Rules, Data Access, DataDirect Autonomous REST Connector, DataDirect Spy, DevCraft, Fiddler, Fiddler Everywhere, FiddlerCap, FiddlerCore, FiddlerScript, Hybrid Data Pipeline, iMail, JustAssembly, JustDecompile, JustMock, KendoReact, NativeScript Sidekick, OpenAccess, PASOE, Pro2, ProDataSet, Progress Results, Progress Software, ProVision, PSE Pro, Push Jobs, SafeSpaceVR, Sitefinity Cloud, Sitefinity CMS, Sitefinity Digital Experience Cloud, Sitefinity Feather, Sitefinity Insight, Sitefinity Thunder, SmartBrowser, SmartComponent, SmartDataBrowser, SmartDataObjects, SmartDataView, SmartDialog, SmartFolder, SmartFrame, SmartObjects, SmartPanel, SmartQuery, SmartViewer, SmartWindow, Supermarket, SupportLink, Unite UX, and WebClient are trademarks or service marks of Progress Software Corporation and/or its subsidiaries or affiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Any other marks contained herein may be trademarks of their respective owners.
This document was published on Tuesday, August 3, 2021 at 17:46
APR
28
2021