What's New in EFT?
Below is a high-level summary of changes in this version of EFT, with links to relevant help topics.
-
For a detailed log of changes and fixes, refer to the release notes in the Client Success Portal. (If you don't have an account for the Client Success Portal, contact your Globalscape account manager or create an account using the name, email address, and serial number registered for your EFT purchase.)
Review Upgrading the Software and the Upgrading EFT knowledgebase article before upgrading.
Refer to the EFT COM API Reference for details of those changes.
v8.0.6.18
-
Fixed an issue where Windows permissions were not used for NT/AD site user created by login via HTTP
-
Fixed and issue where users were unable to send a workspace share to existing users within a blacklisted domain
v8.0.6
New Features
- Added new column named "Usage" to the OpenPGP Keyring dialog box to make it easier to choose the key to use when assigning keys in event rule actions
- Added notification prior to key expiration; settings added to the OpenPGP Security dialog box.
- Added Secure File Send event triggers to create rules for message-related events
- Added new Secure Message (ad hoc) Conditions and Secure Message Variables for use with Outlook Add-In, Send Portal, Reply, Drop Off, and Request File-related events.
- Added Abort User Operation action to abort a Message Composed operation for Outlook Add-In, Send Portal, Reply, Drop Off, and Request File-related operations, typically because of blocked or modified content in an ICAP scan.
- Added WTC pagination for improved user experience when there are 100s of files and folders
- Added ability to create a user under the Guest Users Settings Template on an admin/AD site
- Added ability to test field variables used in event rule actions, such as testing a remote connection, and provide a clear error message, such as "Parameter hostname is invalid: %IP%."
- Added support for TLS 1.3
- Added ability to specify cloud storage folders when creating virtual folders
- Added Advanced Property, UserAgentHeaderMustUseOTP, to contain a list of user agents that are required to use OTP even if it is a known agent, such as CuteFTP or EFT Outlook Add-In. For example,
"UserAgentHeaderMustUseOTP":["agent1","agent2","agent3"]
and so on. - Added ability to apply a per-folder encryption key and a user home folder encryption key in the Folders to encrypt list.
- Added ability to import and export RAM rules.
- Added Advanced Property DisableARMBatchSQL to disable the BatchSQL feature. (It is recommended to turn it on only when large queues of requests are dropped or the order is changed, leading to a decrease in performance in ARM.)
Enhancements
- Renamed some Workspaces Events for clarity of purpose
- Updated the administrator account timeout to 5 minutes by default. After 5 minutes of inactivity, the administrator account is disconnected. (The timeout can be configured in the Account Security Settings dialog box.) In earlier versions, the default was 15 minutes. For upgrades, the timeout default is not changed; the new value only applies to new installations.
- Enhanced EFT support of 102 response processing. "102" is an interim response used to inform the client that the server has accepted the complete request, but has not yet completed it, thus causing fewer client timeouts
- Improved display of data in the IP Auto-Ban dialog box
- Extended auto-ban capabilities and added two new advanced properties (AutoBanAnonymousUnauthorizedAccessServicePathAllowList, and AutoBanAnonymousUnauthorizedAccessServicePathBlockList)
- Made runtime template variables available to other fields.
-
Updated library used by the EFT Outlook Add-In to Apache log4net v2.0.12 (minor fix release).
-
Added ability to specify more parameters in the Pre/post commands dialog box in the Protocol: Upload and Protocol Download Action for connections to a mainframe computer.
Other Fixes
-
Removed Bitvise v1.82 files; the Advanced Property "UseLegacySFTP" is no longer available.
-
Added note to Silent Command-Line Installation topic regarding installing EFT using the command line and then later upgrading using the installation wizard prevents the EFT server service from starting.
-
Added note to the Remote Agent Templates topic regarding the requirement to add a Remote Agent rule to the Remote Agent template.
-
Added note about not using disallowed characters in file names when renaming VFS folders.
- Adding note about properly disabling TLS
Previous Releases
v8.0.5, April 30, 2021
Web Transfer Client/Workspaces:
Several user-experience enhancements have been added or updated.
-
Updated Workspaces and Outlook Add-In to handle duplicate recipients more gracefully
-
Updated secure send feature in Workspaces to allow the administrator to control whether secure send is required, not allowed, or sender's choice.
-
Added additional language options in the Web Transfer Client (Italian, Japanese, Chinese Simplified, and Chinese Traditional)
-
Added ability for the WTC to remember the last state (open or closed) of the In Progress and History panels
-
Added time zone offset in WTC so that users can see file time stamp in their preferred time zone
-
Added ability for the WTC to display a count of total files and folders displayed, and a count of files/folders in a selected directory.
-
Added default configuration settings to the admin-configuration.json file in the WTC (The file structure where that file has is location has changed to C:\Program Files (x86)\Globalscape\EFT Server Enterprise\Web\Shadowfax\wtc\assets.)
-
Added Advanced Property, "SendPasswordReminderEmailForDisabledClient": true, to not send emails for password reminders and expiration to disabled user accounts
-
Added ability to define how long password reset links should remain valid, so that administrator can reduce the risk of a malicious actor getting hold of a reset link and changing a valid user's password. The default of 30 minutes is configurable via an advanced property, PasswordResetLinkExpirationPeriodMinutes. (The Password Reset functionality is not available for AD or LDAP.)
-
Added authentication "smart retry logic" to EFT Outlook Add-In
-
Removed email address from registration email link
-
Added advanced property override, TunnelNonHTTPVerbs, for WTC to use POST with X-HTTP-Method-Override header for tunneling non-standard HTTP verbs instead of WebDav/MKCOL.
-
Removed deprecated web clients and updated the folder structure of the associated resources under <install_directory>\Web\
Workflow Automation:
Workflow automation, often referred to as robotic process automation (RPA), is another area with significant improvements in EFT v8.0.5. EFT now has the ability to synchronize with remote directories, mirroring local (or remote) folders, including sub-folders, with options to keep both folders fully in sync. And EFT’s popular “File” action has been expanded to include an Append function that can be used to write data to an existing file (or create one if necessary), in addition to a new Read function that can parse a file into EFT’s memory as a context variable, and finally, a concatenate function that can append one file to another.
EFT's workflow enhancements include:
-
Updated Event Rule builder design and renamed many of the actions
-
Added option to run certain actions (Execute Command, Advanced Workflow, Send Email,Event Rule Subroutine) synchronously (wait for step to complete before running the next step) or asynchronously (don't wait for the step to complete before running the next step). Be aware that all actions in the IF FAILED section are lost if the parent action is switched from async to sync mode.
-
Added ability to send an acknowledgment before a task is complete when there is an if FAILED condition. Upgrading to this EFT version will convert the reply behavior for File Uploaded rules from synchronous to asynchronous by default. This may impact the flow of existing File Uploaded rules.
-
Added a new Advanced Property,WaitOnFileUploadEventCompletionBeforeSendingResult, to conserve legacy behavior of sending a successful reply to the client after the File Upload trigger has completed
-
Updated Event Rule File: Operation Action to a multi-page wizard to include file operations of Read, Write (replaces Create) Rename, Concatenate, and Checksum
-
Added two new Advanced Properties to control the maximum size of the running thread pool, RunningAsyncEventsLimit, default=20, and the max size of the queued up threads, QueuedAsyncEventsLimit, default=unlimited.
-
Added new performance counters to track current thread pool and queued-up threads: Event Rules Running Async Events (Number of running asynchronous events) and Event Rules Size of Async Events Queue (Size of asynchronous event queue)
-
Added warning message when a Folder Monitor event is used to monitor a user's home folder or subfolders
-
Event Rule actions renamed and reorganized
-
Added ability to manually trigger an Event Rule with "Run Now" to test its configuration
-
Renamed the Event Triggers "File System Events" were renamed to "File Server Events" to more accurately reflect their purpose (server processing of files)
-
Improved ICAP response handling and added support for ICAP Options.
RESTful API:
-
Added new REST Invocation event
Security
Data security continues to be an imperative for our customers. Protecting data in transit and at rest is no longer enough if authorized users can share company confidential information with guests or external users. In previous versions, EFT provided hooks to integrate with third-party data loss prevention (DLP) solutions, but violations always resulted in blocked transfers, which resulted in a negative user experience. EFT v8.0.5 introduces support for content adaptation, where sophisticated DLP tools, such as Help System’s Clearswift DLP, can inspect and either modify or redact words or phrases within documents that it deems company confidential or PII (usually in concert with Data Classification solutions such as Titus or Bolden James). The redacted content is transmitted in lieu of the original, and administrators discretely notified, resulting a more pleasant, yet still secure, user experience.
EFT security enhancements include:
-
Added support for Proxy Protocol
-
Updated Server > Security Tab; added TLS Settings and SSH Setting dialog boxes; and SSL Options and SSH Settings in the EFT Site Setup wizard
-
Updated EFT Secrets module with additional configuration for backup key storage, and advanced property overrides for Azure Key Vault recovery
-
Added ability to prioritize SFTP ciphers using Advanced Properties so that EFT will negotiate in preferred order
-
Updated the Server > Security tab for configuring SSL FIPS and SFTP FIPS
-
Updated OpenPGP and OpenSSL libraries (refer to EFT Specifications for versions)
-
Added ability for EFT to perform input validation and escape certain characters so that they are not rendered by the email client (that is, scripts or other code)
HA Cluster:
Another security enhancement in EFT v8.0.5 is the added support for Proxy Protocol, a standard created by the makers of Haproxy, widely adopted by best-of-breed client and server solutions. This protocol allows for passthrough of the client IP across proxy servers and load balancers to the origin server (EFT), which makes it easier for EFT’s Denial of Services (DoS) prevention logic to ban the offending IP address, rather than that of the proxy, regardless of the underlying protocol (SFTP, FTPS, HTTPS, etc.)
-
Improved HA cluster performance; When the Advanced Property is off (HAFullConfigDumpIntervalMins = 0 or is not defined), the full configuration is copied to the cluster share on each change. Add the Advanced Property and set it to between 1-10 minute intervals to reduce network traffic
-
Upgrading an EFT stand-alone server to an HA node in a new cluster (PDF)
-
Added ability to update web resource (\web\) in the cluster share directory (%ClusterShare%), rather than for each individual node in a cluster
Other additions include:
-
Added several Advanced Properties (see spreadsheet)
-
Added new performance counters
-
Added DNS Rerouting and logging of failure to connect
-
Added input validation to escape certain characters that are shown in plain text, so that they aren't rendered by the email client as scripts or html, thus preventing unwanted execution of scripts
-
Added numerous COM API objects for new features. Refer to the COM API Reference for details.
v8.0.4.32, February 3, 2021
-
Added support for Twilio custom verification code
-
Updated PGP library
Additional notes for upgrading to v8.0.4.x:
-
Upgrading from EFT Express to Enterprise causes "displayFullName" in JSON file to revert to false.
-
Root ( / ) is not allowed to be the SSO Reserved Path. During upgrade, the path will automatically change to the default, /sp/samlv2/sso, with the auto-redirect check box selected. If you previously had the SSO reserved path set to root ( / ), you will need to re-register EFT (SSO SP path) in the Identity Provider (IdP) service.
EFT v8.0.4.27, November 2, 2020
-
Programmatic APIs:
-
Added new interfaces, properties, methods, and enums to the COM API to support the new features in the EFT administration interface described below
-
Added underlying support for RESTful APIs in accordance with JSON:API principles
-
Added RESTful API endpoints for user account and VFS management configuration
-
Added the ability to assign REST permissions to EFT administrator accounts
-
Added the ability to create granular permissions for RESTful access to end points, down to the individual element
-
Modified EFT's existing RESTful APIs for Server and Site endpointsto adhere to json format
-
Modified EFT's import/export of Event Rules to match the json format supported by EFT's RESTful APIs
-
Workspaces/P2P:
-
Added the ability to leverage federated authentication for Guest users, including SSO authentication and JIT, where desirable
-
Added support for SMS 2nd factor (2FA) validation for guest account enrollment (registration) and for normal authentication
-
Added new logger, SMS, to log SMS errors
-
history section to the Web Transfer Client for owners and participants
-
received messages view (inbox) section to the Web Transfer Client for users to see messages and files sent to them
-
sent messages view (outbox) to the Web Transfer Client for users to see messages and files they've sent to others.
-
WTC Upload formsMadCap:keyword term="metadata" /> feature for collecting metadata from users prior to uploading files, which can be used by Event Rules
-
Modified the Outlook Add-in to avoid message preparation when the add-in is not being used to handle attachments
-
Modified the legacy passcode protected pickup feature so that it is constrained to anonymous pickups.
-
Protocols:
-
Updated OpenSSL library to version 1.0.2u
-
Updated FIPS information in EFT administration interface
-
SFTP Key Creation wizard and the COM API
-
choose key type, upon key creation, rather than be forced into a single key type
-
see negotiated ciphers in EFT's log files, to troubleshoot and debug SFTP connections.
-
EC compatible KEXs such as ecdh-sha2-nistp384, to comply with internal security mandates
-
Grandfathered DSS keys and legacy ciphers; users can import older versions of DSS keys and legacy ciphers.
-
log verbosity with newer SSH library by setting advanced propertiesEnableXferLog andCloseFinishedItemLog to 0.
-
AS2 response and message send attempt timeout to allow values that exceed 600 seconds for the response and message send timeout setting
-
dictionary word, even when that word is surrounded by non-alphabet characters.
-
Event Rules:
-
Folder Monitor events, thus preventing EFT from opening a file handle to the excluded files
-
PowerShell debug logging to a separate file, independent of EFT's primary log file
-
CSV to dataset Action
-
Populate a dataset from remote file listing
-
Loop through a dataset Action
-
Break from loop Action
-
Modified Create or Set Variable Action to use only a single line to make it easier to visually scan
-
Architecture/General:
-
Added automatic exporting of all AWE tasks from EFT config.db to aml files on disk; added new bool AP named "AutoExportAllAWTasksToFiles"; when set to true, all AWE tasks export to legacy paths (pre migration) on Site start; each AW task exports to legacy paths (pre migration) on each modify
-
Added support for runtime templating, a means of setting reusable variables for paths and similar resources to facilitate DR and migrations. RuntimeTemplateVariables.json file is used to replace file paths with variables. (Currently, only Site root path is supported.)
v8.0.2.23, June 15, 2020
-
Added subscription licensing for EFT and most modules
-
Restored ability to customize default values for Workspaces permissions
-
Restored ability to customize default values for Workspaces participant limits
Refer to the Client Success Portal for a list of Bug Fixes
EFT v8.0.2.19, May 10, 2020
-
Added ability to override the port used in all workspace email notifications. This is useful when the DMZ Gateway is on a non-default port (for example, 4443) and differs from the site port (that is, 443). When enabled, all workspace emails (Send/Share/Request/etc.) will now use and append the PORT defined via the Advanced Property regardless of the Send Settings URL:PORT or Site DMZ port configuration. This property is disabled by default (ExternalLinkPortOverride)
-
Added ability for WTC reserved file/folder caching for HTTP(S) requests to cache based on file size instead of an entire directory. This property is disabled by default. (MaxCachedReservedFileSizeKB)
-
Removed ability to cache WTC reserved files/folders located under .../EFT Server Enterprise/web/public/EFTClient/wtc/lib/, this property is enabled by default (CacheReservedFiles)
Refer to the Client Success Portal for a list of Bug Fixes
v8.0.2.10, March 25, 2020
-
EFT administration Changes
-
Added option to enable FACT table updates for ARM reporting
-
Advanced Properties
-
By default, EFT uses non-exclusive file-sharing mode (file locking) when processing file uploads. When the advanced property UseExclusiveSharingModeForUploads is defined, EFT can be configured to use exclusive sharing mode for uploads
-
InviteeRegistrationRoute - The policy defines a title page for Workspace invitee. Acceptable values are "LoginPage" (for user who already has an EFT account) "LoginPageForDomainUser" (for user who already has a domain account) or "NewAccountPage" (for user who has neither an EFT account nor a domain account). "NewAccountPage" is the default value.
-
COM API (refer to COM API help for more information)
-
Added enums and a Site interface property to support the Out-of-Band passcode to pick-up files in EFT. (Please refer to the EFT administration help contents.)
-
WorkspacesOAIPasscodeProtectionType enum, used in the ICISite property, WorkspacesOAIPasscodeProtection to specify whether the EFT administrator requires a passcode, does not require, or is chosen by the email sender.
-
Web Transfer Client (WTC) & Workspaces Changes
-
Ground-up rewrite of the various portals: Request file, Drop-off, Send, and Pick-up resulting in tremendous performance gains
-
Ability to Secure Send without attachment (Send portal and Outlook Add-in)
-
Ability to redirect to login page instead of registration page for internal domains
-
Removed our legacy "Jument" WTC from the EFT installer
-
Password-protected pickup - Allow or require senders to require recipients to provide a, out-of-band passcode before accessing files
v8.0.1, February 10, 2020
-
Added Secrets Module to connect to Azure Key Vault for secret storage
-
Added logging for the Secrets Module and Azure Data Lake Storage Gen2 (set to TRACE)
-
Added ability to connect to Azure Data Lake Storage (ADLS) via Folder Monitor Event Rule with override VFS credentials
-
Added ability to scan files for malware and DLP with ICAP server in EFT Express using the Content Integrity Control Action (Requires Express Security Module license)
v8.0, January 20, 2020
-
Any non-default registry settings are now in an AdvancedProperties.json file
-
EFT configuration is now stored in DB files
-
Added "Send Test Email" feature to the EFT Setup Wizard for SMTP server settings
-
Added ability to use the SAML assertion map attribute Email field in JIT or LDAP after an IDP- or SP-initiated login to create an account in EFT
-
Added ability to generate Support data from EFT DB files
-
Added additional Performance Counters
-
Added an Advanced Property in which you can deny authentication for certain names (for example, root, administrator) w/o checking against the user database (to reduce the load on authentication system)
-
Added ability to resize SSH Key Manager dialog box and Advanced Workflow dialog box
-
The DMZ Gateway address box can accept a comma-delimited list of addresses
-
OpenPGP key pairs are defined and managed on a Site instead of the Server
-
Updated PGP library to IP*Works! OpenPGP 2016
-
As of EFT v8, back up and restore is only available from the same version of EFT
-
Added privacy and other GDPR-related features:
-
User agreements and consent options on the General Tab of a User Node
-
Privacy options on the User Account Action in Event Rules
-
Privacy options for EFT on the Site > Web tab and in the WTC
-
Terms of Service agreement options for EFT web portal on the Site > Web tab
-
User Account Details Template on Site > Security tab to apply GDPR-related privacy settings to all user accounts on a Site
-
New database tables to the ARM schema
-
Optional permission on Server > administration tab to give administrator accounts permission to manage personal data for users
-
Personally identifiable information (PII) / personal data is encrypted by default
-
Privacy-related, pre-defined ARM reports
-
Removed email address from User > General tab
-
New Event Rule features:
-
Added Create or set variable Action
-
Added Run PowerShell script Action
-
Added Call (GoTo) Event Rule Subroutine Action
-
Added ability to scan metadata with Content Integrity Control Action
-
Added "Enable this account" option in the User Account Action. (Refer to Workspaces Invitations for an example of using the User Account Action to enable an expired Guest account.)
-
Added context variable to take anything after the last dot (before the extension) and place it into this context variable
-
Added new context variables for date and time stamps in ISO8601 format
-
Updated to Advanced Workflow Engine version that includes several bug fixes
-
Event Rules are now saved in JSON (instead of XML) for import/export
-
Workspaces changes:
-
Added Site > Web tab to configure web portals and their features. (Replaces Workspaces tabs.)
-
Now support moving files between Workspaces
-
Added ability to retain Workspaces files on disk after link has expired