Documentation forServ-U MFT & Serv-U FTP Server

Serv-U File Server 15.4.1 Release Notes

Release date: December 5, 2023

Here's what's new in Serv-U File Server 15.4.1.

Learn more

New features and improvements in Serv-U

  • Serv-U now provides support for modern Linux distributions.

  • Guest users in Serv-U can change the language selection in the file share window.

  • There are many improvements in Serv-U's new WebClient and file share capabilities. For instance, you can pre-fill user data and take advantage of new limits and settings in the Management Console. You can also share toast events when a new file is uploaded. Additionally, you can drag and drop more than 100 files in the folder at once.

  • Serv-U now supports the ECDSA key type.

  • Serv-U recognizes when accounts are configured in SMTP settings and sends emails addressed as the "Serv-U domain.name on behalf of user."

  • OpenSSL has been upgraded.

  • This release also includes bug fixes and improved performance.

Return to top

Fixes

Case number Description

01170428
01237381

Max upload file size limit rule set in Directory Access Rule is working properly, so that files within the specified size limit can be uploaded as expected.
N/A Update notification is again functioning correctly.

01364872
01365576
01365735
01367273
01367439
01370364
01375329
01375768
01376008
01376375
01378428
01379728
01416570
01417531
01419438

Error changing password has been resolved.
01376008
01397783
01473744
Server now remains functional during SFTP user authentication.
01263641 Sessions are no longer blocked for lengthy IP access lists and non-empty LDAP login ID suffixes.
01381293 TLS 1.2 ciphers are no longer enabled, so external file sharing to unrestricted domains is prevented.
N/A When users create new fileshares without specifying recipients, Serv-U displays a warning that users must manually give the link to recipients.
01263641 Additional conditions required to complete LDAP/Windows login in Serv-U have been implemented.
N/A Layout of user properties dialog in Serv-U Management Console for Swedish and Spanish languages has been adjusted for better readability.
N/A Serv-U group administrator can now import IPAccess rules for a member of the group.
N/A Serv-U group administrators can belong to multiple groups, but only one group is considered each administrator’s primary group. They can administer their primary group but not other groups, even if they are a member.
01302825
01412821
Serv-U database users no longer move from their assigned organizations to general/domain users.
01382627 User import in Serv-U now functions properly even with directory access list strings larger than 32 KB.
01379753
01435513
01473253
01473744
01476213
01479587
01487926
Server Identity workflow in Serv-U is no longer disrupted, and uploads and downloads are working as expected.
01379967
01450113
01476213
01487754
Serv-U users can once again download large shared files in private browsing mode.
N/A Anonymous Serv-U users can successfully authenticate without additional steps to change the password.
01427899 Tables within the Serv-U fileshare interface now display full at 100% zoom and above.
01442370 Users can drag and drop 100+ files to upload in the new WebClient in Serv-U with no issues.
01469843 Serv-U now accurately logs failed logins and triggers the event created for User Login Failure.
01468933 The Management console in Serv-U now informs the Domain Administrator when a change in MFA is rejected.

CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

SolarWinds CVEs

CVE-ID Vulnerability Title Description Severity Credit
CVE-2023-40053 HTML injection Vulnerability on Serv-U 15.4 A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. 4.6 Medium Igor Souza

Third-party CVEs

CVE-ID Vulnerability Title Description Severity
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. 7.5 High
CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. 5.3 Medium
CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. 3.7 Low
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. 3.7 Low
CVE-2023-0466 Certificate policy check not enabled The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. 3.7 Low

Return to top

Installation or upgrade

For new installations, you can download the installation file from the Serv-U product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Install the SolarWinds Serv-U File Server.

For more information about upgrades, see Upgrade Serv-U File Server.

Return to top

End of life

Version EoL Announcements EoE Effective Dates EoL Effective Dates
15.1.7 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.1.7 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.1.7 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.1.7.
15.2 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.2 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.2 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.2.
15.2.1 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.2.1 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.2.1 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.2.1.
15.2.2 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.2.2should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.2.2 will no Serv-Ulonger be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for 15.2.2.
15.2.3 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.2.3 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.2.3 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.2.3.
15.2.4 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.1.7 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.2.4 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.2.4.
15.2.5 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.1.7 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.2.5 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.2.5.
15.3 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.2.4 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.3 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.3.
15.3.1 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.1.7 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.3.1 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.3.1.
15.3.2 December 5, 2023: End-of-Life (EoL) announcement – Customers on Serv-U 15.3.2 should begin transitioning to the latest version of Serv-U. February 5, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.3.2 will no longer be actively supported by SolarWinds. February 5, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.3.2.

See the End of Life Policy for information about SolarWinds product life cycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

Return to top

Deprecation notice

The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms and avoid using deprecated features.

Type Details
Web client modules Java-based Serv-U web client modules FTP Voyager JV and Web Client Pro will be discontinued in an upcoming release. However, these modules are still available in version 15.4.1, together with the new Serv-U web client to support a migration path.

Return to top

Legal notices

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.