Serv-U 15.4.1 release notes
Release date: December 5, 2023
Here's what's new in Serv-U 15.4.1. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of Serv-U, see Serv-U previous versions. To view release notes for multiple versions
New features and improvements in Serv-U
Support for modern Linux distributions
Serv-U now provides support for modern Linux distributions.
Improvements to Serv-U's new WebClient and file share capabilities
There are many improvements to Serv-U's new WebClient and file share capabilities. For instance, you can pre-fill user data and take advantage of new limits and settings in the Management Console. You can also share toast events when a new file is uploaded. Additionally, you can drag and drop more than 100 files in the folder at once.
Other improvements
- Guest users can change the language selection in the file share window.
- Serv-U now supports the ECDSA key type.
- Serv-U recognizes when accounts are configured in SMTP settings and sends emails addressed as the "Serv-U domain.name on behalf of user."
- OpenSSL has been upgraded.
- This release also includes bug fixes and improved performance.
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2023-40053 | HTML injection Vulnerability on Serv-U 15.4 | A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | 4.6Medium | Igor Souza |
Third-party CVEs
| CVE-ID | Vulnerability title | Description | Severity |
|---|---|---|---|
| CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. | 7.5 High |
| CVE-2023-0464 | Excessive Resource Usage Verifying X.509 Policy Constraints | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. | 5.3Medium |
| CVE-2023-1255 | Input buffer over-read in AES-XTS implementation on 64 bit ARM | The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. | 3.7 Low |
| CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. | 3.7 Low |
| CVE-2023-0466 | Certificate policy check not enabled | The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. | 3.7 Low |
Fixed customer issues
| Case number | Description |
|---|---|
| 01170428 01237381 | Max upload file size limit rule set in Directory Access Rule is working properly, so that files within the specified size limit can be uploaded as expected. |
| N/A | Update notification is again functioning correctly. |
| 01364872 01365576 01365735 01367273 01367439 01370364 01375329 01375768 01376008 01376375 01378428 01379728 01416570 01417531 01419438 | Error changing password has been resolved. |
| 01376008 01397783 01473744 | Server now remains functional during SFTP user authentication. |
| 01263641 | Sessions are no longer blocked for lengthy IP access lists and non-empty LDAP login ID suffixes. |
| 01381293 | TLS 1.2 ciphers are no longer enabled, so external file sharing to unrestricted domains is prevented. |
| N/A | When users create new fileshares without specifying recipients, Serv-U displays a warning that users must manually give the link to recipients. |
| 01263641 | Additional conditions required to complete LDAP/Windows login in Serv-U have been implemented. |
| N/A | Layout of user properties dialog in Serv-U Management Console for Swedish and Spanish languages has been adjusted for better readability. |
| N/A | Serv-U group administrator can now import IPAccess rules for a member of the group. |
| N/A | Serv-U group administrators can belong to multiple groups, but only one group is considered each administrator’s primary group. They can administer their primary group but not other groups, even if they are a member. |
| 01302825 01412821 | Serv-U database users no longer move from their assigned organizations to general/domain users. |
| 01382627 | User import in Serv-U now functions properly even with directory access list strings larger than 32 KB. |
| 01379753 01435513 01473253 01473744 01476213 01479587 01487926 | Server Identity workflow in Serv-U is no longer disrupted, and uploads and downloads are working as expected. |
| 01379967 01450113 01476213 01487754 | Serv-U users can once again download large shared files in private browsing mode. |
| N/A | Anonymous Serv-U users can successfully authenticate without add |
| 01427899 | Tables within the Serv-U fileshare interface now display full at 100% zoom and above. |
| 01442370 | Users can drag and drop 100+ files to upload in the new WebClient in Serv-U with no issues. |
| 01469843 | Serv-U now accurately logs failed logins and triggers the event created for User Login Failure. |
| 01468933 | The Management console in Serv-U now informs the Domain Administrator when a change in MFA is rejected. |
Installation or upgrade
For new installations, you can download the installation file from the Serv-U product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Install the SolarWinds Serv-U File Server.
For more information about upgrades, see Upgrade Serv-U File Server.
End of life
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 15.3.2 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.3.2 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.3.2 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.3.2. |
| 15.3.1 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.3.1 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.3.1 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.3.1. |
| 15.3 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.3 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.3 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.3. |
| 15.2.5 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.2.5 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.2.5 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.2.5. |
| 15.2.4 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.2.4 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.2.4 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.2.4. |
| 15.2.3 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.2.3 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.2.3 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.2.3. |
| 15.2.2 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.2.2 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.2.2 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.2.2. |
| 15.2.1 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.2.1 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.2.1 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.2.1. |
| 15.2 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.2 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.2 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.2. |
| 15.1.7 | December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U version 15.1.7 or earlier should begin transitioning to the latest version of Serv-U. | February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.1.7 or earlier will no longer actively be supported by SolarWinds. | February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.1.7. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier Serv-U versions, see Serv-U release history.
Deprecation notice
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
Web client modules
Java-based Serv-U web client modules FTP Voyager JV and Web Client Pro will be discontinued in an upcoming release. However, these modules are still available, together with the new Serv-U web client to support a migration path.
Legal notices
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.