FTP News
Continuous Log View in Cerberus FTP Server 11.1
We’ve introduced a new, continuous view in Cerberus FTP Server 11.1 for the Log Manager. This new view is now the default over the paged table view that we debuted with version 11.0. While These changes aren’t particularly large, we do think they will have a big impact on the usability of the Log Manager in 11.1. We’re eager for you to give them a try and tell us what you think.
Cerberus FTP’s Update on COVID-19
These are extraordinary times. We’re all concerned about COVID-19, and we’re all adjusting to a new normal. At Cerberus, that means we’ve taken our office entirely remote to ensure the safety and well-being of our staff. We’re checking in with each other regularly to...
Web Client Exposes Hidden File and Folder Names to Under-privileged Users
Security Advisory Description Cerberus FTP Server Enterprise Edition prior to versions 11.1.0 and 10.0.23 allow underprivileged WebClient users to view file names and folder names. Only the names of the files are exposed; the file contents are not exposed. A malicious...
New User Creation in Cerberus FTP Server 11.1
We listened to your feedback about making the User Manager more intuitive, especially as it relates to creating new users and groups. With Cerberus FTP Server 11.1, we’ve introduced a new user and group guided creation wizard to more easily create new Cerberus users and groups.
Denial of Service Vulnerability
Security Advisory Description Cerberus FTP Server contains a flaw that may allow malformed HTTP requests to crash the service. Malicious actors could leverage this flaw to repeatedly crash the server, thereby denying access to legitimate users. Fix Cerberus FTP...
Cerberus FTP Server 11.0 has a completely new UI
The newer, web-based UI we’ve implemented is far more flexible, scalable, portable, and easy to improve upon. While it’s far from perfect in our first release, we can and will make changes and improvements quickly.
Extension Blocking is Bypassed when Unzipping
When unzipping files through the Web Client, checking for blocked extensions is omitted. After the fix, when the end-user unzips an archive from Web Client, the extension of each archived file is now checked before being expanded. Cerberus now reports an error to the end-user for each file that was blocked during unzip.
XSS Vulnerability When Previewing SVG Content
Security Advisory Description When customers preview SVG files in the Cerberus FTP Server Web Client, it executes any scripts embedded within the SVG file in the context of the end-user's session. This exposes the user to malicious scripts that may hijack the user's...
Zip/Unzip permission bypass vulnerability fixed in Cerberus FTP Server versions 11.0.3 and 10.0.18
Security Advisory Description Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 are vulnerable to a permissions bypass when a user has zip/unzip permission. When zipping, users could zip files and folders that weren't visible to them; and...
Cerberus FTP Server Version 11 is here!
You've been waiting and now it's here: Cerberus FTP Server Version 11 is now available for new customers and active service agreement holders, with new features to keep your data and file transfers safe and secure. Cerberus FTP Server Version 11 offers the following...