IN THIS PAGE
2020.0.0 (8.7.0) Dec 15, 2020
2020.0.1 (8.7.1) Aug 30, 2021 (updated)
2020.0.2 (8.7.2) April 22, 2022 (updated)
2020.0.3 (8.7.3) Aug 1, 2022 (updated)
2020.0.4 (8.7.4) Sept 27, 2023 (updated)
2020.0.5 (8.7.5) Oct 3, 2023 (updated)
2020.0.6 (8.7.6) Nov 7, 2023 (updated)
What's New in WS_FTP Server 2020.0.0 (8.7.0)
The WS_FTP Server 2020.0.0 (8.7.0) release focused on security vulnerabilities and customer issues to ensure that all security updates were applied to provide users with a secure and quality product.
The following are the main security enhancements and bug fix highlights that were applied to the 2020 release:
- Database passwords containing special characters are accepted
- Updated third party components to versions that address known security vulnerabilities.
- Log viewer filters are applied to exported log data
- Email addresses of users with a top level domain longer than 5 characters are accepted by WS_FTP Server
- The WS_FTP Server admin log on page renders correctly
- The installation documentation was updated to include the following important information:
Installing WS_FTP Server on a domain controller is not supported
For details of all of the fixed vulnerabilities and issues, see Fixed Issues.
The WS_FTP Server UI and documentation were rebranded as Progress WS_FTP Server.
Support for WS_FTP Web Server will be deprecated in future releases.
Fixed Issues in 2020.0.0 (8.7.0)
The following issues were fixed in WS_FTP Server 2020.0.0 (8.7.0).
ID |
Category |
Fixed Issue |
|---|---|---|
6007 |
Documentation |
The installation documentation was updated to include the following important information: |
6208, 6219, 6222, 6256 |
Install, SSH, Database |
There is support for special characters in database passwords during installation and database configuration. |
6301 |
Security |
The AngularJS version used for the WTM and AHT modules was upgraded to version 1.8 to prevent vulnerabilities. |
6302 |
Security |
WS_FTP Server's cookies now have secure and HTTP only attributes. |
6325 |
Security |
The prototype.js version used in WS_FTP Server was upgraded to version 1.7.3 to prevent vulnerabilities. |
6342, 6345, 6346 |
Security, |
Fixed a directory traversal vulnerability on WS_FTP Server's WTM interface. |
6348 |
Logging Server |
Filters that were applied to the log viewer are now also applied to the |
6350 |
Users |
Email addresses of users with a top level domain longer than 5 characters are now accepted by WS_FTP Server. |
6351 |
Web Admin |
The WS_FTP Server admin log on and home pages now render correctly. |
6352 |
Security, |
Updates were applied to the LogServer login page to protect against cross site scripting (xss). |
6356 |
Security |
Error messages were sanitized to prevent the disclosure of potentially sensitive data. |
6383 |
Security |
The FTP server (and SSH server) do not reveal the product version to unauthenticated users. |
6419 |
Core |
Sessions time out after the specified time, the default is 600 seconds, or when a client disconnects. |
Fixed Issues in 2020.0.1 (8.7.1)
The following issues were fixed in WS_FTP Server 2020.0.1 (8.7.1).
ID |
Category |
Fixed Issue |
|---|---|---|
12244 |
Database |
Fixed an issue which caused an error connecting to SSH/FTP after database migration from PostgreSQL to MSSQL. |
12769 |
Web Transfer Module |
Web Transfer Module now successfully opens as part of application pool creation. |
Fixed Issues in 2020.0.2 (8.7.2)
The following issues were fixed in WS_FTP Server 2020.0.2 (8.7.2).
ID |
Category |
Fixed Issue |
|---|---|---|
12339 |
SRVR/Security |
The PostgreSQL version used in WS_FTP Server was upgraded from version 10.14 to 10.20 to prevent vulnerabilities. |
Fixed Issues in 2020.0.3 (8.7.3)
The following issues were fixed in WS_FTP Server 2020.0.3 (8.7.3).
ID |
Category |
Fixed Issue |
|---|---|---|
6315, 6332, 12240, 15175, 15178, 15179, 15184, 15185 |
Server, Security |
Addressed Cross-Site Request Forgery (CSRF) issues in WS_FTP Server Administrative interface. |
15168, 15181, 15182, 15183, 15186, 15187, 15188 |
Server, Security |
Addressed cross-site scripting (XSS) issues in WS_FTP Server Administrative interface. |
Fixed Issues in 2020.0.4 (8.7.4)
The following issues were fixed in WS_FTP Server 2020.0.4 (8.7.4).
ID |
Category |
Fixed Issue |
|---|---|---|
19686 |
AHT, Security |
Addressed a padded oracle vulnerability to prevent a potential cross-site scripting (XSS) attack. |
20729 |
Web Admin, Server, Security |
Updates were applied to dependencies to prevent potential SQL injection attacks. |
21541 |
AHT Security |
Deserialization of untrusted data does not occur, ensuring that pre-authentication command execution is not permissible (CVE-2023-40044). |
21576 |
SFTP |
Directory traversal is prevented in SFTP file rename commands (CVE-2023-42657). |
21591, 12867 |
Web Transfer Module |
Directory traversal is prevented in Web Transfer Module file delete feature. |
21593, 21604, 21605 |
SSH Server |
Directory traversal is prevented in SFTP file remove, directory remove, and directory make commands. |
Fixed Issues in 2020.0.5 (8.7.5)
The following issues were fixed in WS_FTP Server 2020.0.5 (8.7.5).
ID |
Category |
Fixed Issue |
|---|---|---|
21642 |
SSH, SFTP |
SFTP operations complete successfully for regular users with home folder as root. |
Fixed Issues in 2020.0.6 (8.7.6)
The following issues were fixed in WS_FTP Server 2020.0.6 (8.7.6).
ID |
Category |
Fixed Issue |
|---|---|---|
21752 |
Server |
Updates were applied to WS_FTP Server to prevent potential path injection attacks. |
Known Issues
This section details known issues and workarounds in all WS_FTP Server 2020.0 (8.7) releases.
ID |
Category |
Known Issue Description |
|---|---|---|
15343 |
Install |
A repair installation issue with WS_FTP Server 2020.0.0 or later, prevents users from upgrading to the next available version. Note: This issue only affects all WS_FTP Server 2020 releases (2020.0.0, 2020.0.1, and 2020.0.2) where a repair has been applied to an upgraded installation. |
System Requirements
These requirements apply to the supporting environment and operating system where you install WS_FTP Server.
Software Requirements
Supported Operating Systems for WS_FTP Server
The Operating Systems are supported for the following WS_FTP Server configurations:
- Standalone
- Failover cluster using Microsoft Clustering Services
- Failover cluster using Microsoft Network Load Balancing
Operating System
- Windows Server 2019 Standard/Datacenter (standalone only)
- Windows Server 2016 Standard/Datacenter (standalone only)
- Windows Server 2012 R2 Standard/Datacenter (standalone only)
Windows Server Components Activated Automatically
The WS_FTP Server installer automatically activates certain components in your Windows Server installation. This is necessary because after installation Windows Server does not turn on non-core operating system components. However, before installing WS_FTP Server, you should ensure these changes conform to your organization’s security policies.
When you install WS_FTP Server, the install activates the following Windows Server roles:
- ISAPI Extensions
- Windows Authentication
- ASP
Supported Web Browsers
The following browsers are supported for WS_FTP Server Manager and the Web Transfer and Ad-Hoc Transfer client interfaces:
- Chrome
- Mozilla Firefox
- Microsoft Edge
Database Platform
WS_FTP Server requires one of the database platforms listed in the following table.
The default database platform is PostgreSQL, however during installation, you can select Microsoft SQL Server as your database for configuration data.
- PostgreSQL 10.20
- Microsoft SQL Server 2017 Enterprise/Standard
- Microsoft SQL Server 2016 Enterprise/Standard
Framework and Accessibility
WS_FTP Server requires the Microsoft .NET Framework and other Microsoft packages for scripting and software accessibility. Microsoft .NET Framework 4.6 is included in the installation program.
Hardware
Minimum requirements
- 4-core server-class CPU (For example: Intel Xeon 4-core 2+GHz)
- 4 GB RAM
- 250 GB or larger free disk space, depending on estimated data to be stored
- 100/1000 MB Ethernet interface (for TCP/IP traffic)
Ad Hoc Transfer Plug-in Requirements
The following software must be installed on the machine on which you install the Ad Hoc Transfer Plug-in for Outlook.
- Microsoft Outlook 2016, 2013, or 2010
- Supported on Windows Operating Systems only.
Note: If you are running the installer live (not doing a silent install), the installer automatically installs the Microsoft Visual Studio redistributable programs. You do not need to download anything from Microsoft. If running a silent install, you must download and install these redistributable programs before running the install. See the Requirements in the Silent Install section.
Note: For silent installation instructions for the Ad Hoc Transfer Plug-in for Outlook, see Silent install of the Ad Hoc Transfer Plug-in for Outlook .
Upgrading
Upgrading to the latest version of WS_FTP Server ensures that you have access to the latest features, fixes, security updates, and usability improvements.
WS_FTP Server 2020.0.0 (8.7.0) supports direct upgrades from WS_FTP Server 2017 Plus (8.5) and later. For more information, see Upgrade Paths.
Upgrading information and considerations
Latest features and improvements
For the most up-to-date information about the latest supported features and improvements, see What's New.
Hardware Requirements
Review the current WS_FTP Server System Requirements.
Activation code
The activation code is automatically applied when you run the WS_FTP Server installer to upgrade.
- Your upgrade activation code is embedded in the installer file.
- The activation code is also stored in the Product Downloads section of the Progress Community.
- The activation code differs from your serial number. The code begins with your serial number and contains an additional eight characters.
Support for older WS_FTP Server Versions
For information about support for previous versions of WS_FTP Server, see the Product Lifecycle page on the Progress Community website. Customers running EOL or soon to be EOL versions should upgrade to WS_FTP Server 2020.
Upgrade Paths
To upgrade from an earlier version of WS_FTP Server to WS_FTP Server 2020, you must download the installer file.
- Login to the Progress Community.
- Select Product Downloads.
- Locate and download your product. Your activation code is embedded in the download file, and is automatically applied during installation.
Upgrade paths
WS_FTP Server 2020 supports direct upgrade installations from the following versions:
- WS_FTP Server 2018 (8.6)
- WS_FTP Server 2017 Plus (8.5)
Note: The upgrade paths are valid only on supported Operating Systems. For more information, see WS_FTP Server System Requirements.
For detailed installation and configuration instructions, or activating a new or upgraded license, see the WS_FTP Server Installation and Configuration Guide.
Note: If you upgrade from a version earlier than 2020, the default installation folders do not change. For example, the WS_FTP Server installation folder will be C:\Program Files (x86)\Ipswitch\WS_FTP Server.
Copyright Notice
© 2023 Progress Software Corporation and/or one of its subsidiaries or affiliates. All rights reserved.
These materials and all Progress® software products are copyrighted and all rights are reserved by Progress Software Corporation. The information in these materials is subject to change without notice, and Progress Software Corporation assumes no responsibility for any errors that may appear therein. The references in these materials to specific platforms supported are subject to change.
Chef, Chef (and design), Chef Infra, Code Can (and design), Compliance at Velocity, Corticon, DataDirect (and design), DataDirect Cloud, DataDirect Connect, DataDirect Connect64, DataDirect XML Converters, DataDirect XQuery, DataRPM, Defrag This, Deliver More Than Expected, DevReach (and design), Icenium, Inspec, Ipswitch, iMacros, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, NativeScript, OpenEdge, Powered by Chef, Powered by Progress, Progress, Progress Software Developers Network, SequeLink, Sitefinity (and Design), Sitefinity, Sitefinity (and design), SpeedScript, Stylus Studio, Stylized Design (Arrow/3D Box logo), Styleized Design (C Chef logo), Stylized Design of Samurai, TeamPulse, Telerik, Telerik (and design), Test Studio, WebSpeed, WhatsConfigured, WhatsConnected, WhatsUp, and WS_FTP are registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and/or other countries.
Analytics360, AppServer, BusinessEdge, Chef Automate, Chef Compliance, Chef Desktop, Chef Habitat, Chef WorkStation, Corticon.js, Corticon Rules, Data Access, DataDirect Autonomous REST Connector, DataDirect Spy, DevCraft, Fiddler, Fiddler Everywhere, FiddlerCap, FiddlerCore, FiddlerScript, Hybrid Data Pipeline, iMail, JustAssembly, JustDecompile, JustMock, KendoReact, NativeScript Sidekick, OpenAccess, PASOE, Pro2, ProDataSet, Progress Results, Progress Software, ProVision, PSE Pro, Push Jobs, SafeSpaceVR, Sitefinity Cloud, Sitefinity CMS, Sitefinity Digital Experience Cloud, Sitefinity Feather, Sitefinity Insight, Sitefinity Thunder, SmartBrowser, SmartComponent, SmartDataBrowser, SmartDataObjects, SmartDataView, SmartDialog, SmartFolder, SmartFrame, SmartObjects, SmartPanel, SmartQuery, SmartViewer, SmartWindow, Supermarket, SupportLink, Unite UX, and WebClient are trademarks or service marks of Progress Software Corporation and/or its subsidiaries or affiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Any other marks contained herein may be trademarks of their respective owners.
This document was published on 31 October 2023 at 16:08
DEC
08
2020