Rebex Buru SFTP Server 2.14.4: Terrapin update, silent installation mode, Web Admin improvements.
We have released Rebex Buru SFTP Server v2.14.4. Here is an overview of changes, fixes and improvements.
Terrapin attack mitigation
Buru SFTP Server now supports strict key exchange extension to mitigate the so-called 'Terrapin attack' - CVE-2023-48795. Although this is not a critical fix, since neither version of Buru SFTP Server relies on RFC 8308 extension negotiation mechanism, the update thwarts possible authentication disruption caused by an attacker using the Terrapin vulnerability.
Silent installation mode
Buru SFTP Server installer now supports silent installation mode. This mode allows you to install the server without any user interaction. Several command-line options are available to customize the installation process, such as installation path, SSH port and more.
Web Admin frontend overhaul
The Web Admin frontend has been updated with a new look that should feel less cluttered. It also provides a better user experience by adding several sought-after features:
- Multiple users can now be selected for certain actions (lock, unlock, delete).
- Warnings shown when multiple SSH keys of the same type are added.
- Server public keys can now be easily exported from the web interface.
- Certificate details are now shown for keys with certificates.
- SSH algorithm selection is now simplified.
- and more...
Minor fixes and improvements
- 2.11.2
- Added support for strict key exchange extension.
- Fixed 'not authenticated' instead of 'not connected' error message.
- Allowed dates outside 1970-2999 range in SFTP v4 (or higher).
- 2.11.3
- Fixed configuration backup when upgrading using installer.
- Updated signing certificate.
- 2.11.4
- Fixed
user update
command:- Fixed error message when Windows account is not found.
- Fixed error when updating fields other than Windows account and related, when Windows account is already set, using Free license.
- 2.12.0
- Added silent installation mode.
- 2.12.1
- Fixed CreateProcess failed error during installation.
- 2.13.0
- Removed KeyCertSign and CrlSign usages from
burusftpwa certgen
-generated certificates. - SSH banner is now configurable.
- 2.14.0
- Web Admin - major changes:
- Form visuals have been updated.
- Multiple users can now be selected for certain actions (lock, unlock, delete).
- UI customization changes:
- Full Material UI schema is no longer supported.
- Secondary palette is no longer supported.
- Error shown when multiple server SSH keys of same type are added.
- Public server keys can now be easily exported from the web interface.
- SSH algorithm selection is now simplified. Manual sorting is still supported by editing the configuration file.
- User public keys are now displayed with SSH key type prefix.
- 2.14.1
- Added support for loading private keys in new OpenSSH key format encrypted using AES/GCM or ChaCha20/Poly1305.
- Fixed handling of client's SSH_MSG_EXT_INFO message.
- Added logging of SSH ciphers supported by the client on mismatch (log level: debug).
- Environment variables can be used in server key paths.
- Web Admin - fixed missing log level dropdown on logging configuration page.
- Web Admin - server configuration page now shows full path to configuration file and revert buttons.
- 2.14.2
- Web Admin - fixed loading comment from user public keys.
- Web Admin - server key list now also shows certificate details for keys with certificates.
- 2.14.3
- Added logging of user lockout events.
- Fixed
burusftp user update <username> --password ""
behavior - now removes password instead of setting an empty password. - Fixed
burusftp user add <username> --password ""
behavior - now does nothing instead of setting an empty password. - 2.14.4
- Web Admin - fixed error when multiple IP address ranges were used in IP filtering textboxes.
For complete list of fixes and improvements see Release notes
Issues and feature requests on Github
You can report issues and submit feature requests on our Github issue tracker. For discussions and specific problems please keep using our support forum.