New Features
Version 12.11 includes the following new features and improvements:
- GeoBlocking - Automatically block connections based on originating country (Support both Allow from / Deny From options)
- Introducing support for OpenSSL3 / TLS 1.3
- Improved security on SOAP API via added option to force password change when resetting a user's password in SOAP
- Better usability with forgot username feature on Web Client
- and more!
Cerberus FTP Server 12.11 has important changes for FIPS 140-2 mode that can result in connectivity problem for older, less secure SFTP clients.
Cerberus FTP Server 12.0 no longer supports 32-bit operating systems and cannot be installed on Windows Server 2008 and 2008 R2.
Cerberus FTP Server 12.0 introduced a couple of minors, yet backward-incompatible changes to the Cerberus SOAP API. Please see the SOAP API changes in 12.0 for more information about these changes.
Minimum System Requirements
Hardware Requirements
- 1GHz x64 processor (2 GHz or better recommended)
- 8 GB or higher is strongly recommended
- WXGA (1280 x 768) or higher-resolution monitor
Operating Systems Supported
Note: The latest Service Packs for your operating system and at least IE 9 or above are required in all cases.
Cerberus FTP Server 12.0 and 11.0
NOTE: Version 12.0 and higher can only be installed on 64-bit operating systems.
- Windows 11
- Windows 10
- Windows 8
- Windows 7
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 and R2
While Cerberus FTP Server can be installed on Windows Server Core Operating Systems, please note that the Cerberus GUI may not function as expected. This is due to the web browser components needed to display the native UI are unavailable on Server Core. You would need to manage Cerberus using the Web Administration page.
Version 12.11.4 Official Release — 12/1/2022
- Fixed: Geoblocking blocks connections when geolocation fails in certain situations
- Fixed: SFTP authentication fails intermittently
Version 12.11.3 Official Release — 11/22/2022
- New: Enable loading the legacy provider for old PFX files with weak encryption
Version 12.11.2 Official Release — 11/18/2022
- Fixed: Geoblocking defaults to allow only mode when it should default to deny only mode
- Fixed: Geolocation fails if auto update checking and public IP autodetection are both disabled
- Fixed: When a native user is disabled or deleted their web sessions are logged off
- Fixed: Upgraded to moment.js 2.29.4 to address CVE-2022-31129
Version 12.11.1 Official Release — 11/16/2022
- Fixed: When FIPS is enabled, Cerberus cannot validate a new license key
- Fixed: Cerberus crashes when Oracle XML Publisher connects to Cerberus via SFTP and FIPS is enabled
- Fixed: In Server Manager, the administrator was not informed that the Cerberus FTP Server service needs to be restarted after disabling FIPS
- Fixed: The RenameUser SOAP API did not correctly rename users
Version 12.11.0 Official Release — 11/7/2022
- New: Cerberus can now block or allow connections based on the country the connection originates from
- New: Upgraded to OpenSSL to 3.0.7 with TLS 1.3 support
- New: Cerberus supports ChaCha20-Poly1305 cipher suite for TLS 1.3
- New: TLS 1.3 is now enabled by default, TLS 1.0 and TLS 1.1 are no longer enabled by default
- New: Web Client users can now look up their username if they forgot it
- New: When a user with a disabled account requests a password reset, Cerberus will now notify users that their account is disabled
- New: Web Client users can now select to delete all files from their public share once the share has expired
- New: In User Manager, the list of users may now display users’ email address
- New: In User Manager, a native user’s profile now includes the last login IP address
- New: User Manager now allows searching users by their email address
- New: Use HTTPS when connecting to ipstack’s geolocation service if it’s available
- New: SOAP API now allows setting a ‘requirePasswordChange’ option on ChangePassword API call
- Fixed: In HTTP/S web client, PDF preview has been disabled as it can no longer be supported securely
- Fixed: User to Group mappings now also match against the authenticating user’s sAMAccountName
- Fixed: Upgraded to curl 7.86.0 to address CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916
- Fixed: Upgraded to zlib 1.2.13 to address CVE-2022-37434
Version 12.10.1 Official Release — 9/23/2022
- Fixed: In IP Manager, Auto Blocking and DoS Protection settings were disabled after a service restart
- Fixed: Cerberus crashes when renaming a file because of a lack of permissions
- Fixed: In Event Manager, Cerberus crashes when a Scheduled Task is set to repeat with a value of ‘0’
- Fixed: Administrators are incorrectly blocked from logging into Web Administration because of the maximum connection limit
- Fixed: Upgraded to the latest version of jQuery Validation to address a vulnerability to regular expression denial of service
Version 12.10.0 Official Release — 9/12/2022
- New: Administrators can now set delete, rename, and list permissions for folders and files independently from one another
- New: Customers with many concurrent client connections should see faster connection acceptance
- Fixed: HTTP/S Admin listeners did not enforce the max connection limit
- Fixed: Updated to the latest version of jQuery UI to address a potential cross-site scripting (XSS) vulnerability
- Fixed: Upgraded to gSOAP 2.8.122
