Serv-U File Server 15.2.1 release notes

Release date: June 18, 2020

Last updated: July 3, 2020

These release notes describe the new features, improvements, and fixed issues in Serv-U File Server 15.2.1. They also provide information about upgrades and describe workarounds for known issues.

If you are looking for previous release notes for Serv-U File Server, see Previous Version documentation.

Additional Serv-U documentation includes:

• Serv-U Installation and Upgrade Guide
• Serv-U 15.2 Administrator Guide
• System Requirements
• Getting Started with Serv-U

New features and improvements

Serv-U 15.2.1 is a UI update and security focused release, including:

• Increased password security: existing MD5 passwords converted using more secure algorithm

  Unlike Serv-U 15.2, 15.2.1 does not prompt users to change their passwords. Nevertheless, it is recommended that you change these converted passwords when possible to further increase security.
  MD5 passwords can be automatically changed in the first 90 days; after this period they will be set to expired, and expired passwords can only be changed by an administrator.

• Improved Management Console user interface
• Chinese and Korean characters support in file transfer
• Performance and stability improvements
• Improved Internet Explorer compatibility
• 3DES algorithm deprecations

Previous releases

For earlier Serv-U releases, please visit the Previous Versions page.

---

Fixed issues

Serv-U 15.2.1 fixes the following issues.

Case Number	Description
00026316	Account blocked correctly after multiple invalid connection attempts .
00041778, 00306421	Cross-script vulnerability resolved.
00094972, 00099773, 00110622	Email timestamp issue resolved.
00187216	Issue where some emails created by Serv-U had incorrectly encoded subject lines resolved.
00215869	Intermittent failure issue with SFTP connection using a public key resolved.
00225939	Memory leakage resolved.
00231005	Password stale event for disabled user issue resolved.
00260367, 00307404	User passwords data no longer stored using MD5.
00274228	SSL connection issue fixed.
00281288	Security scan issue with Nessus resolved.
00303169, 00303836, 00304567, 00305466, 00305946, 00306790, 00309591, 00310586, 00321060, 00321617	Web Client Pro and FTP Voyager java client load correctly.
00303908, 00404795	Antihammer connection count no longer counts connections that have not started authorization.
00305538	Excessive logging resolved.
00306553	SFTP transfer no longer stalls due to incorrect SH channel window size.
00309363	Domain Administrators can edit their own File-Sharing settings.
00331893	Same-Site cookie attribute security issue resolved.
00311034	SFTP connection issue fixed.
00360383	Port connections with different IPs allowed under specific conditions.
00371873, 00382154, 00383722	Chinese and Korean characters no longer cause Serv-U to freeze.
00382166	Issues resolved connecting to Serv-U using FXP client.
00408272	Incorrect time stamp issue resolved.
00418069	Public Key only option works correctly.
00426998	Incorrect version number after upgrade resolved.
00431509	Issues with using the %USER_FULL_NAME% macro over SFTP resolved.
00458537	Unblocked IP addresses connects correctly.
00462314	Group IP access rule works correctly.
00479058	Email issue with BlueImp STMP relay resolved.
00484194	Cross-site scripting vulnerability with Tenable Scan resolved.
00461232, 00489842, 00506151	JQuery pre-3.4.0 vulnerability (CVE-2019-11358) prevented with updated version of JQuery.
n/a	Fixed issue with Critical Information Disclosure In HTTP Responses vulnerability. SolarWinds would like to thank Mostafa Noureldin (@va_start) for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
n/a	Fixed issue with Serv-U not validating argument path. SolarWinds would like to thank Bill for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
n/a	Fixed issue in CHMOD FTP command vulnerability. SolarWinds would like to thank Bill for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
n/a	Fixed issue in Remote command execution vulnerability. SolarWinds would like to thank Bill for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

---

Legal notices

© 2020 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.