Serv-U File Server 15.4 release notes
Release date: May 17, 2023
These release notes were last updated on June 28, 2023
Here's what's new in Serv-U File Server 15.4.
Learn more
- Get information about the latest hotfixes.
- See the Serv-Usystem requirements.
- For information about working with Serv-U, see the Serv-U Administrator Guide.
New features and improvements in Serv-U
Multifactor authentication
Multifactor authentication can be used to provide an additional layer of security. When multifactor authentication is set up, users are prompted to enter a six-digit code sent by a third-party multifactor authentication app, in addition to their user name and password. Serv-U supports a variety of multifactor authentication apps.
Multifactor authentication is disabled by default. Serv-U administrators can choose to enable it (users can enter a code but are not required to) or enforce it (users must enter a code to log in). Multifactor authentication can be configured at the global, domain, group, or user level.
Support for Secure LDAP in a Linux installation
When Serv-U is installed on a Linux server, secure LDAP (LDAPS) is now supported. LDAPS uses TLS (Transport Layer Security) to encrypt and authenticate the data exchanged between Serv-U and the LDAP server. All interactions are performed through a secure channel, which prevents unauthorized parties from intercepting or modifying the data.
Other improvements
-
In the new web client, you can move files and folders by dragging and dropping them.
-
SHA2 ciphers are supported.
-
Serv-U 15.4 includes security improvements.
Fixes
| Case number | Description |
|---|---|
| 01328942, 01333803 | LDAP users are able to successfully authenticate with SFTP when the LDAP Login ID Suffix is configured. |
| 01287944, 01291103, 01308836, 01309277, 01316502, 01318887, 01327456, | User names for SFTP or SSH logins are no longer case sensitive. |
| 01278459, 01283413 | Updating the invitation subject email for file sharing works as expected. The updated value is used instead of "Serv-U File Sharing Link". |
| 01208999, 01254478 | Downloading zipped files does not cause Serv-U to crash. |
| 01256088 | The correct user name is displayed on the file sharing website. |
| 01150580 | Serv-U uses the PASV IP address of the FTP listener for the correct domain. |
| 01127653 | Security vulnerabilities have been resolved. |
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2023-23841 | SolarWinds Serv-U Exposure of Sensitive Information Vulnerability | SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | 4.8 Medium |
Installation or upgrade
For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Install the SolarWinds Serv-U File Server.
For more information about upgrades, see Upgrade Serv-U File Server.
Deprecation notice
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
| Type | Details |
|---|---|
| Web client modules | Java-based Serv-U web client modules FTP Voyager JV and Web Client Pro will be discontinued in an upcoming release. However, these modules are still available in version 15.4, together with new Serv-U web client to support a migration path. |
Legal notices
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.