Documentation forServ-U MFT & Serv-U FTP Server

Serv-U 15.5.1 release notes

Release date: April 15, 2025

Here's what's new in Serv-U File Server 15.5.1.

Learn more

New features and improvements in Serv-U

Last updated:

New logging category available in Serv-U

Serv-U now offers a "File share" logging category.

The SSH-RSA key algorithm was deprecated and disabled but a newer, more secure version can be enabled if needed

The SSH-RSA key algorithm was deprecated. It is disabled by default for SSH host key algorithms and for user public key algorithms. There is a new section in Serv-U encryption settings to enable SSH-RSA when needed.

Third-party software components in Serv-U upgraded

Serv-U OpenSSL was upgraded to version 3.0.16, and jQuery was upgraded to version 3.7.1. 

Fixes

Case number Description
01445699 Serv-U FTP RETR reports only relevant results.
01542405 The New Web Client accurately displays an error when the user does not have permission to open specific directories.
01673180 The file share creation workflow works as expected when the user disables the limit to allow user-defined guest link expiration.
01851642 The SSH-RSA (SHA1) algorithm is turned off by default, but for backward compatibility purposes, can be turned back on by an administrator using a new setting.
01682908 Upgrading from Serv-U 15.3.0 to newer versions does not affect functioning of TLS 1.2.
01717426
01738283
01792127
01808812
01866938		 Serv-U users do not encounter an error when creating directories using the OpenSSH client.
01724710 The New Web Client sorts numbers in file and folder names properly.
01690080 The Management Console does not allow the user to save an empty domain name.
01740206 Users do not encounter an error when uploading files with special characters in the filenames, and these files are correctly uploaded, listed, deleted, and downloaded as expected.
01801818
01803405
01802344
01822320
 The welcome message is correctly formatted.
01787688 The OTP S/KEY type of FTP password works as expected with HTTP and SSH FTP authentication. Global users can log in to all domains.
01797780
01798810
01821437		 When a user enables the "Automatically check directory sizes during upload" limit without specifying a maximum directory size, they can successfully upload files of 200+ MB with no errors.
01802185
01796274
01807541
01819961
01838569
01805262
01806929		 After upgrading Serv-U, users do not encounter error messages in the administration console in the French UI Spanish UI.
01796270 After disabling the HTTP compression, the detail for available space is displayed with no errors.
01795420 The Serv-U installer correctly copies the server's OpenSSL.cnf configuration file to a temporary location during installation, and customers can successfully upgrade from Serv-U MFT 15.4.2.
01795548
01840110
01883874
01814498
01807410
01814682
01801254
01807026
01818855
01853497
 Serv-U no longer shuts down unexpectedly after upgrade.
01802344 FTP Voyager no longer displays at the first login if it is disabled in Limits and Settings. The welcome message displays at first log-in, as expected.
01838416 Outdated third-party libraries such as jQuery 3.6.1 are no longer being used in Serv-U.
01801254 APP Crash Information entries no longer repeatedly display in the Event 's application logs when Serv-U is working and there is no error message in the Event Viewer.
01864157 Logged passwords are masked to make it impossible to guess the length, complexity, and content of passwords that would have been present in the logs.

CVEs

Last updated: 4/9/2025

SolarWinds would like to thank the security researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

SolarWinds CVEs

CVE-ID Vulnerability Title Description Severity Credit
CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low. Low

Installation or upgrade

Last updated:

For new installations, you can download the installation file from the Serv-U product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Install the SolarWinds Serv-U File Server.

For more information about upgrades, see Upgrade Serv-U File Server.

End of life

Version EoL Announcements EoE Effective Dates EoL Effective Dates
15.4.0 April 17, 2024: End-of-Life (EoL) announcement – Customers on Serv-U 15.4.0 should begin transitioning to the latest version of Serv-U. July 17, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.4.0 will no longer be actively supported by SolarWinds. July 17, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.4.0.
15.4.1 October 16, 2024: End-of-Life (EoL) announcement – Customers on Serv-U 15.4.1 should begin transitioning to the latest version of Serv-U. December 16, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.4.1 will no longer be actively supported by SolarWinds. December 16, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U 15.4.1.
15.4.2 April 15, 2025: End-of-Life (EoL) announcement – Customers on Serv-U 15.4.2 and earlier should begin transitioning to the latest version Serv-U. July 15, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U 15.4.2 and earlier will no longer be supported by SolarWinds. July 15, 2026: End-of-Life –SolarWinds will no longer provide technical support for Serv-U 15.4.2 and earlier.

See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier Serv-U versions, see Serv-U release history.

Deprecation notice

Last updated:

The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.

Type Details
Web client modules Java-based Serv-U web client modules FTP Voyager JV and Web Client Pro will be discontinued in an upcoming release. However, these modules are still available in version 15.5.1, together with the new Serv-U web client to support a migration path.

Legal notices

© 2025 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.