v2.1.2

fix a nil pointer dereference that can occur when upgrading from very old versions

v2.1.1

• S3: fix Ceph compatibility.
• S3: add per-chunk download timeout.
• GCS: add a trailing / to "directories". This way SFTPGo can detect "directories" created using the Google Cloud console.
• FTP: mitigation for data connection stealing and bounce attacks.
• Other minor bug fixes.

Backward incompatible changes:

• If you are using the FTP service behind HAProxy you must also enable the proxy protocol for data connections.

v2.1.0

New features:

• Virtual folders: support extended to all storage backends. For example, you can define a local user with an S3 based virtual folder or vice versa.
• Data providers: CockroachDB, a distributed SQL database, is now supported to simplify high availability configurations.
• Web client UI: SFTPGo users can now browse and download their files and change their credentials.
• SFTPGo users: you can authenticate some users using your external authentication hook and others using the defined data provider. For example, you can use external LDAP users and internal users within the same SFTPGo instance.
• Hooks: added startup, pre-download, pre-upload.
• Per-protocol rate limiting.
• Setup: the first admin user will be created using a setup web UI by default. You can still configure auto-creation.
• Bcrypt is now the default password hashing algorithm. Argon2id is supported and configurable.
• FTP/WebDAV: improve TLS client certificate authentication, the TLS certificate common name can now be used as username.
• Several other minor improvements and bug fixes.

Backward incompatible changes:

• An empty response from the external authentication hook was interpreted as an authentication error in v2.0.x., now SFTPGo will try to fall back to an internal user, if any.
• The backup/dump format is not backward compatible, please make a new backup/dump after upgrading.

If you are upgrading from an old version please make sure to adapt your configuration file.

v2.0.4

Fix for arm64 and ppc64le packages: they work again on Ubuntu 18.04

v2.0.3

Changes compared to v2.0.2:

• TLS: allow to configure cipher suites.
• SSH system commands: preserve trailing slash when appropriate.
• Portable mode: fix WebDAV support.
• Hooks: fix TLS certificate validation on Windows.
• Virtual folders: create filesystem paths if missing.
• Increase UID and GID limits from 65535 to 2147483647.
• Memory provider: fix loading a dump with clear text credentials.
• Allow to skip natural keys validation. By enabling this setting, usernames, admin names, folder names are not restricted to unreserved URI chars.
• Improve signals handling.

v2.0.2

Changes compared to v2.0.1:

• loaddata: loads admins too
• docker: allow to mount /srv/sftpgo/data and /srv/sftpgo/backups as separate volumes
• sftpd: add [email protected] support
• improve powershell completion
• web hooks: add mutual TLS support
• web hooks: improve resilience by adding a configurable retry

v2.0.1

Fix a database migration issue with MySQL <= 5.7

if you already updated to v2.0.0 you can fix your MySQL schema using the following sql:

UPDATE `folders` f SET name = CONCAT('folder',f.id);
ALTER TABLE `folders` MODIFY `name` varchar(255) NOT NULL;
ALTER TABLE `folders` ADD CONSTRAINT `name` UNIQUE (`name`);
UPDATE `schema_version` SET version=8;

v2.0.0

New features:

• REST API v2: you can now define administrators and related permissions.
• Data At Rest Encryption.
• KMS support: cloud account credentials and other sensitive data can be stored within external Key Management Services (Vault, GCP KMS, AWS KMS).
• SFTP can also be used as storage backend, so you can proxy other SFTP servers.
• Two-Way TLS authentication, aka TLS with client certificate authentication, for FTP, WebDAV, REST API, web admin.
• Multiple binding support for all the supported protocols and REST API.
• Built-in defender: you can configure an auto-blocking policy for offending hosts.
• Improved FTP support, see here and here for more details.
• Several bug fixes and other minor improvements.

Backward incompatible changes:

• WebDAV URIs no longer have the username suffix.
• REST API v2
• The sample REST API CLI has been deprecated and it does not work with REST API V2.
• The --config-file serve option now explicitly defines the path, name and extension of the config file.
• auth_user_file, for REST API and web admin, is no longer supported: administrators are now stored inside the data provider.

v1.2.2

This is mainly a bugfix release, it includes the following patches for pkg/sftp:

• pkg/sftp#392
• pkg/sftp#393

New features compared to 1.2.1:

• shell like patterns filters: files can be allowed or denied based on shell like patterns.

v1.2.1

New features:

• CI: added ppc64le support
• docker: added slim variant
• bug fixes