GeoBlocking - Automatically block connections based on originating country (Support both Allow from / Deny From options)
Introducing support for OpenSSL3 / TLS 1.3
Improved security on SOAP API via added option to force password change when resetting a user's password in SOAP
Better usability with forgot username feature on Web Client
and more!

Cerberus FTP Server 12.11 has important changes for FIPS 140-2 mode that can result in connectivity problem for older, less secure SFTP clients.

Cerberus FTP Server 12.0 no longer supports 32-bit operating systems and cannot be installed on Windows Server 2008 and 2008 R2.

Cerberus FTP Server 12.0 introduced a couple of minors, yet backward-incompatible changes to the Cerberus SOAP API. Please see the SOAP API changes in 12.0 for more information about these changes.

Minimum System Requirements

Hardware Requirements

1GHz x64 processor (2 GHz or better recommended)
8 GB or higher is strongly recommended
WXGA (1280 x 768) or higher-resolution monitor

Operating Systems Supported

Note: The latest Service Packs for your operating system and at least IE 9 or above are required in all cases.

Cerberus FTP Server 12.0 and 11.0

NOTE: Version 12.0 and higher can only be installed on 64-bit operating systems.

Windows 11
Windows 10
Windows 8
Windows 7
Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows Server 2012 and R2

While Cerberus FTP Server can be installed on Windows Server Core Operating Systems, please note that the Cerberus GUI may not function as expected. This is due to the web browser components needed to display the native UI are unavailable on Server Core. You would need to manage Cerberus using the Web Administration page.

Version 12.11.4 Official Release — 12/1/2022

Fixed: Geoblocking blocks connections when geolocation fails in certain situations
Fixed: SFTP authentication fails intermittently

Version 12.11.3 Official Release — 11/22/2022

New: Enable loading the legacy provider for old PFX files with weak encryption

Version 12.11.2 Official Release — 11/18/2022

Fixed: Geoblocking defaults to allow only mode when it should default to deny only mode
Fixed: Geolocation fails if auto update checking and public IP autodetection are both disabled
Fixed: When a native user is disabled or deleted their web sessions are logged off
Fixed: Upgraded to moment.js 2.29.4 to address CVE-2022-31129

Version 12.11.1 Official Release — 11/16/2022

Fixed: When FIPS is enabled, Cerberus cannot validate a new license key
Fixed: Cerberus crashes when Oracle XML Publisher connects to Cerberus via SFTP and FIPS is enabled
Fixed: In Server Manager, the administrator was not informed that the Cerberus FTP Server service needs to be restarted after disabling FIPS
Fixed: The RenameUser SOAP API did not correctly rename users

Version 12.11.0 Official Release — 11/7/2022

New: Cerberus can now block or allow connections based on the country the connection originates from
New: Upgraded to OpenSSL to 3.0.7 with TLS 1.3 support
New: Cerberus supports ChaCha20-Poly1305 cipher suite for TLS 1.3
New: TLS 1.3 is now enabled by default, TLS 1.0 and TLS 1.1 are no longer enabled by default
New: Web Client users can now look up their username if they forgot it
New: When a user with a disabled account requests a password reset, Cerberus will now notify users that their account is disabled
New: Web Client users can now select to delete all files from their public share once the share has expired
New: In User Manager, the list of users may now display users’ email address
New: In User Manager, a native user’s profile now includes the last login IP address
New: User Manager now allows searching users by their email address
New: Use HTTPS when connecting to ipstack’s geolocation service if it’s available
New: SOAP API now allows setting a ‘requirePasswordChange’ option on ChangePassword API call
Fixed: In HTTP/S web client, PDF preview has been disabled as it can no longer be supported securely
Fixed: User to Group mappings now also match against the authenticating user’s sAMAccountName
Fixed: Upgraded to curl 7.86.0 to address CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916
Fixed: Upgraded to zlib 1.2.13 to address CVE-2022-37434

Version 12.10.1 Official Release — 9/23/2022

Fixed: In IP Manager, Auto Blocking and DoS Protection settings were disabled after a service restart
Fixed: Cerberus crashes when renaming a file because of a lack of permissions
Fixed: In Event Manager, Cerberus crashes when a Scheduled Task is set to repeat with a value of ‘0’
Fixed: Administrators are incorrectly blocked from logging into Web Administration because of the maximum connection limit
Fixed: Upgraded to the latest version of jQuery Validation to address a vulnerability to regular expression denial of service

Version 12.10.0 Official Release — 9/12/2022

New: Administrators can now set delete, rename, and list permissions for folders and files independently from one another
New: Customers with many concurrent client connections should see faster connection acceptance
Fixed: HTTP/S Admin listeners did not enforce the max connection limit
Fixed: Updated to the latest version of jQuery UI to address a potential cross-site scripting (XSS) vulnerability
Fixed: Upgraded to gSOAP 2.8.122

Quick Navigation;