Cerberus by Redwood version 2026.1 reinforces our ongoing commitment to hardening our environment against modern threats. This release introduces advanced encrypt-then-MAC (ETM) ciphers to provide admins with more secure encryption options and adds FIPS 140-3 support, delivering the high-level cryptographic standards required by many organizations today.
Beyond encryption, we’ve updated core third-party libraries and added automated security guardrails to the account request and CSV import processes. These enhancements prevent unauthorized access and ensure every new user meets your security requirements from the start. Finally, this update includes several key fixes to reduce administrative friction — from streamlining installations to simplifying single sign-on (SSO) account management.
Stay secure and resilient with version 2026.1.
New features and enhancements
FIPS 140-3 compliance support
Meet the latest federal security requirements and enhance data protection with upgraded FIPS 140-3 cryptographic compliance. FIPS 140-3 is the US government’s cryptography standard, guaranteeing that software uses the most secure, modern encryption methods available to protect sensitive data.
With a September 2026 required adoption date for participating organizations, this update upgrades the Cerberus cryptographic module certification from FIPS 140-2 to the latest 140-3 standard. It provides stricter algorithm restrictions and ensures compliance with the most recent federal data protection requirements for handling sensitive information.
Note: FIPS 140-3 compliance currently applies to Cerberus FTP Server. Compliance for Cerberus Gateway is anticipated for version 2026.3, ahead of the September deadline.
ETM cipher support
Strengthen your file transfer environment and enhance your SSH/SFTP security with ETM algorithm support. As part of our commitment to hardening the Cerberus environment, we have added support for hmac-sha2-256-etm@openssh.com and hmac-sha2-512-etm@openssh.com. This enhancement provides stronger authentication for encrypted connections, ensuring our customers have access to the most resilient security protocols available for their file transfer workflows.
Automated security guardrails
We have introduced new automated guardrails to eliminate manual oversight and prevent unauthorized access:
- Banned username integration: Admins can now integrate banned username lists directly into the Cerberus account request workflow. Requests using restricted names are now automatically rejected, preventing unauthorized or malicious account creation attempts.
- CSV user import validation: To ensure every imported account meets your security standards, the CSV import process now detects blank password fields. Administrators will receive a warning for missing passwords, providing full visibility and control over user security during bulk imports.
Third-party library updates
Maintain a robust security posture and improve system stability with the latest verified third-party library updates. This release includes critical upgrades to core libraries, including cURL (8.18.0), libssh2 (1.11.1) and Apache log4cxx (1.6.1). These updates resolve security vulnerabilities and improve overall system performance.
Fixes
Cerberus version 2026.1 also includes several fixes to reduce administrative friction and improve the end-user experience:
- Streamlined silent installations: Administrators can now programmatically agree to the latest EULA during update checks, ensuring unattended deployments proceed without interruption.
- Enhanced SSO user management: Admins can now manually uncache specific inactive SSO users, individually or in bulk, for better control over the user lifecycle without reprovisioning entire groups.
- Optimized authentication flow: HTTP/HTTPS listeners can now optionally remove the login prompt when SSO/SAML is the primary method, creating a smoother experience for users while maintaining an automatic fallback to prevent lockouts.
- Automated license event triggers: A new configurable event trigger allows admins to set automated email alerts for upcoming license expirations (up to one year in advance), ensuring service continuity.
- Improved web UI: To improve usability, long file and folder names now automatically wrap to the next line in the web interface, ensuring full visibility for end-users.
Download Cerberus version 2026.1 today
Ready to harden your file transfer environment? Update to Cerberus version 2026.1 to take advantage of the latest security and compliance features.
