Cerberus FTP Server 11.0.1 and 10.0.17 have been released

Version 11.0.1 Official Release — 11/18/2019

• Significantly faster performance (up to 10x) when writing files across the network using the Server Message Block (SMB) protocol
• Enhancements to User Manager UI (Desktop GUI and web administration) for a responsive and consistent experience across devices
• In web administration, User Manager now allows managing blocked file extensions and CSV export/import of users
• User Manager provides richer visual feedback when previewing the import of users from a CSV file
• User Manager shows all of the members of a group including Cerberus Native users, LDAP users, AD users, and AD groups
• Web administration now shows connections, transfers, and logging
• Log Manager logs IP addresses and usernames when logging connection-related events
• Log Manager allows administrators to download log files
• Log Manager provides features such as searching, row grouping, column sorting, and showing/hiding columns
• New notification system displays small pop-up notifications about events that are important to the user
• New notification system allows administrators to view a history of changes made during their session
• Redesigned Server Manager for better segmentation and grouping of server configuration options
• In Server Manager, administrators can require uppercase and lowercase letters in their password complexity policy
• Cerberus supports nested group membership for the AD “Require Security Group Membership” option
• HTTP/S web client localization can now be accessed and modified directly from the Desktop GUI
• Fixed: Password reset is vulnerable to HTTP host header attack allowing malicious password reset emails. 
• Fixed: Cerberus does not lockout a user’s account after numerous failed 2FA attempts allowing brute force attacks
• Fixed: HTTP/S web client public shares are vulnerable to an XSS attack that can execute arbitrary JavaScript
• Other minor bug fixes and improvements

Version 10.0.17 Official Release — 11/18/2019

• Fixed: Password reset is vulnerable to HTTP host header attack allowing malicious password reset emails
• Fixed: HTTP/S web client public shares are vulnerable to an XSS attack that can execute arbitrary JavaScript
• Other minor bug fixes and improvements