Documentation forServ-U File Server

Serv-U File Server 15.2 Release Notes

Release date: June 11, 2020

Last updated: June 17, 2020

These release notes describe the new features, improvements, and fixed issues in Serv-U File Server 15.2. They also provide information about upgrades and describe workarounds for known issues.

If you are looking for previous release notes for Serv-U File Server, see Previous Version documentation.

Additional Serv-U documentation includes:

Serv-U File Server version 15.2 should not be applied to installations with automated users or FTP users without access to the Serv-U Web Client. This is because they will be immediately prompted to change password, which is not possible without login via the web client, and so their access will not work. For this type of installation Serv-U 15.2.1 should be used instead.

New features and improvements

Serv-U 15.2 is a UI update and security focused release, including:

  • Increased password security: every user needs to create a new password
  • Improved Management Console user interface
  • Chinese and Korean characters support in file transfer
  • Performance and stability improvements
  • Improved Internet Explorer compatibility
  • 3DES algorithm deprecations

Previous releases

For earlier Serv-U releases, please visit the Previous Versions page.


Fixed issues

Serv-U 15.2 fixes the following issues.

Case Number Description
00026316 Account blocked correctly after multiple invalid connection attempts .

00041778, 00306421

Cross-script vulnerability resolved.

00094972, 00099773, 00110622

Email timestamp issue resolved.
00187216 Issue where some emails created by Serv-U had incorrectly encoded subject lines resolved.
00215869 Intermittent failure issue with SFTP connection using a public key resolved.
00225939 Memory leakage resolved.
00231005 Password stale event for disabled user issue resolved.
00260367, 00307404 User passwords data no longer stored using MD5.
00274228 SSL connection issue fixed.
00281288 Security scan issue with Nessus resolved.

00303169, 00303836, 00304567, 00305466, 00305946, 00306790, 00309591, 00310586, 00321060, 00321617

Web Client Pro and FTP Voyager java client load correctly.
00303908, 00404795 Antihammer connection count no longer counts connections that have not started authorization.
00305538 Excessive logging resolved.
00306553 SFTP transfer no longer stalls due to incorrect SH channel window size.
00309363 Domain Administrators can edit their own File-Sharing settings.
00331893 Same-Site cookie attribute security issue resolved.
00311034 SFTP connection issue fixed.
00360383 Port connections with different IPs allowed under specific conditions.
00371873, 00382154, 00383722 Chinese and Korean characters no longer cause Serv-U to freeze.
00382166 Issues resolved connecting to Serv-U using FXP client.
00408272 Incorrect time stamp issue resolved.
00418069 Public Key only option works correctly.
00426998 Incorrect version number after upgrade resolved.
00431509 Issues with using the %USER_FULL_NAME% macro over SFTP resolved.
00458537 Unblocked IP addresses connects correctly.
00462314 Group IP access rule works correctly.
00479058 Email issue with BlueImp STMP relay resolved.
00484194 Cross-site scripting vulnerability with Tenable Scan resolved.
00461232, 00489842, 00506151 JQuery pre-3.4.0 vulnerability (CVE-2019-11358) prevented with updated version of JQuery.
n/a Serv-u Administrator can no longer see 3rd party passwords.
SolarWinds would like to thank Mostafa Noureldin (@va_start) for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.


Legal notices

© 2020 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.