Release Notes: IBM Aspera Shares 1.9.6 for Windows
Product Release: September 29, 2016
Release Notes Updated: September 29, 2016
This release of IBM Aspera Shares for Windows provides the new features, fixes, and other changes listed below. In particular, the Breaking Changes section provides important information about modifications to the product that may require you to adjust your workflow, configuration, or usage. These release notes also list system requirements, including supported platforms, and known problems.
- Shares Configuration Options
- Shares now supports the new Manager Permissions configuration options that allow admins to determine whether managers can administer users and groups through the UI, the API, or both. Admins can configure these permissions using the Shares UI or the data:manager_config rake task.
- Admins can disable home shares for individual users.
- The Transfer Completed email template now supports the share_path and node_path variables to list the full path of the destination directory relative to share or node docroots.
- Shares UI
- Shares now displays the account status and expiration date (if applicable) of a user on the Users page (Admin > Accounts > Users).
- After users click the Delete button to confirm the deletion of a folder or file, Shares presents them the "Processing..." animation until the file or folder is deleted.
- The activity feed now includes items on Node API activity, including when the Node API creates and deletes files and folders.
- The total count of entries (files and folders) is displayed when browsing the current directory in a share or a node.
- Error messages displayed in Shares when testing the configuration of a node in shares are more detailed and specific.
- Rake Tasks
- Shares now supports a new rake task to import SAML users.
- Shares now supports a new rake task to create SAML groups.
- Shares now supports new rake tasks to fetch LDAP user and group data.
- Shares now supports new rake tasks to delete LDAP users and groups.
- Shares now supports a new rake task to add LDAP and SAML users to local groups.
- Shares now supports a new rake task to export a share's name and directory.
- Shares now supports a new rake task to configure a custom logo.
- Shares now supports a new rake task to configure whether managers can administer users and groups through the UI, the API or both. Admins can configure these permissions using the Shares UI or the data:manager_config rake task.
- Shares now supports OAuth 2 tokens with SAML API requests.
- Admins can now configure the fingerprint algorithm for the SAML Identity Provider Configuration page (Admin > Accounts > Directories and click Edit for SAML Identity Provider).
- Admins can now import a specific SAML user to Shares.
- Improved SAML functionality for logging in with usernames containing special characters.
- SAML users are now affected by session timeouts configured in Shares.
- SAML users are no longer required to have the given_name attribute to log in.
- Error logging for SAML response has been improved.
- Shares API
- Shares now provides a Management REST API for admins to manage Shares without using the admin console in the web UI. For documentation on the API, see https://developer.asperasoft.com/web/shares/index.
- User management APIs available to admins are also available to managers of shares.
- Verbose headers are disabled when running curl -I https://shares/asperasoft.com/login.
- Shares no longer sends transfer notifications when files with zero bytes are uploaded to a share or when files are skipped in transfers initiated by IBM Aspera Console.
- Default certificate files (cert.key and cert.pem), database.yml, and persistence.xml are now preserved on upgrade.
- Shares now generates unique versions of the following files on a clean install:
- OpenSSl has been updated to version 1.0.2j.
- Nginx has been upgraded to version 1.10.1.
- Ruby has been upgraded to version 2.2.5.
- Ruby on Rails has been upgraded to version 188.8.131.52
- Nginx SSL ciphers list has been updated to address the Sweet32/3DES vulnerability.
- PCRE has been updated to 8.39 to address security vulnerabilities.
- Documented steps to strengthen Shares server by removing support for TLS 1.0 and 1.1. See IBM Aspera Shares Admin Guide: Configuring Shares Security.
If you are upgrading from a previous release, the following changes for this release may require you to adjust your workflow, configuration, or usage.
- Shares 1.9.6 requires Diffie-Hellman parameters to enable SSL/TLS forward secrecy. When installing a new instance or upgrading from a version of Shares prior to 1.9.6, you are prompted to generate new parameters. If you choose to skip, Shares uses pre-generated parameters and you must generate new parameters at a later date to ensure the highest security standard for your installation. For instruction on generating new parameters, see IBM Aspera Shares Admin Guide: Generating New Diffie-Hellman Parameters.
- Shares 1.9.6 requires version 3.6.1 of the Aspera Connect Browser Plug-In. You can install or upgrade to the latest version of the Connect Browser Plug-In when prompted by Shares or by downloading the installer from the website at http://downloads.asperasoft.com/connect2/.
- Shares 1.9.6 and later require a transfer server (Enterprise Server, Connect Server, Point to Point, or Aspera Client) version 3.6 or later to establish a connection to Shares. Trying to connect with an older version using the transfer server GUI fails with the error Could not generate DH keypair. Workaround: Aspera highly recommends upgrading to fix this issue as the latest product version maintain best security practices. Follow the instructions in this Knowledge Base article for a temporary workaround: https://support.asperasoft.com/hc/en-us/articles/226825307.
- By default, the Nginx web server in Shares is configured to listen on IPv6 ports in addition to the standard IPv4 ports. If your operating system does not support IPv6, Nginx is unable to start and Shares fails to load for your users. Disable Nginx from listening on IPv6 ports by following the instructions in IBM Shares Admin Guide:Disabling IPv6 Support in Shares.
- When upgrading to Shares 1.9.6 for Windows, Shares checks if the current secret token matches the hard-coded token created in versions prior to 1.9.6. If the secret matches the hard-coded token, Shares generates a new secret; otherwise, Shares preserves the secret token.
ISSUES FIXED IN THIS RELEASE
#36361 - Secret tokens in Windows Shares are hard-coded to be the same token on every installation.
#36251 - Share created using an API command is not immediately available for interaction.
#36089 - Bookmark icon stays red for a long time after the node comes back online and the bookmark is functional again.
#35859 - Tags for transfers to Shares initiated by Aspera Drive do not have Share transfer ID(s).
#35784 - ATP clusters added to Shares show an error status even when at least one node is active.
#34926 - Ruby SAML gem bug prevents users from authenticating via SAML with the error, "Invalid SAML response".
#34792 - Shares does not send new content notifications when connected to Aspera Transfer Cluster.
#33253 - The rake data:share:create command does not display error messages when failing.#31374 - Shares does not send a transfer notification when content is uploaded to a docroot with a specific network path.
#31269 - SMTP server configured to check status every five seconds instead of using the configured timeout.
#29552 - Shares stats-collector displays an error when working with nodes that are configured for tlsv1 or tlsv1.1.
#29543 - Shares displays an SSL error when adding a node with ssl_protocol set to tlsv1.1 or tlsv1.2.
#25470 - Shares mail notifications are stalled due to stat collector database errors.
#25001 - Stats collector is blocked when purging a large database.
IBM Aspera Enterprise Server licensed with Connect Server 3.6.0+.
IBM Aspera Connect Browser Plug-In 3.6.1-3.6.6
Windows 64-bit: 2008 R2, 2012 R2
Browsers: Internet Explorer 9-11, Firefox 27+, Safari 6-9, Google Chrome 32-48
PREVIOUS RELEASE NOTES
Shares 1.9.2 Release Notes
Shares 1.9.1 Release Notes
Shares 1.8.1 Release Notes
Shares 1.7.6 Release Notes
Shares 1.7.5 Release Notes
Shares 1.7.3 Release Notes
Shares 1.5.0 Release Notes
Shares 1.0.3 Release Notes
Shares 1.0.2 Release Notes
Shares 1.0.1 Release Notes
Shares 1.0.0 Release Notes
#36123 - SCP GUI transfers to and from Shares have float values instead of integer values for 'user_id' and 'share_id' in tags.
#29575 - If a share's name has a forward slash ("/") in it, this share cannot sync with Aspera Drive. The sync action fails, with a "Path not found" error. Transfers between these shares using the API also fail with a "Path not found" error.
#28359 - SSLv3 is disabled by default to address a security threat. If you are using a pre-1.2.0 version of Aspera Drive, upgrade Drive to the latest version.
#28143 - The Disabled checkbox (Admin > Directories > SAML > Security) for a SAML directory is not functional.
#27371 - ADFS SAML users running Chrome on a Windows machine are currently unable to log in. Workaround: Turn off "Extended Protection" in ADFS SAML IdP. Doing so at first produces random ADFS SAML user login failures with an "Invalid SAML response" error and infinite redirects upon login; but in the longer term, this does fix the problem.
#27228 - If the node is set to use EAR, downloading multiple encrypted files/folders or a single folder with encrypted files does not prompt for a password.
#27218 - If Shares is set to use EAR, HTTP fallback download of unencrypted content fails with numerous errors. Common errors include: "Insufficient permissions", "Server refused request", and "Connection Lost" errors.
#27188 - If Shares is set to use EAR, downloading a file that was not encrypted will ask for a passphrase.
#27187 - If the node is set to use Encryption-at-Rest (EAR) but Shares is not set to use EAR, downloading content that is a mix of encrypted files, unencrypted files, and files encrypted with a different password does not prompt the user for a password.
#26342 - When a local node is added to shares twice, one with host 127.0.0.1 and one with host localhost, the node with host 127.0.0.1 displays a stats collector error.
#25139 - For Shares servers that are installed on Windows, performing a share-to-share drag-and-drop transfer from a share that does not support share-to-share will trigger an "Internal error".
#25041 - Due to changes made by Google to its mail server’s handling of images in email (Dec 2013), the Aspera Shares logo is not displayed in email notifications. Customers not using a gmail server do not encounter this problem.
#18579 - If you perform a search for remote groups that start with backslash (\) or asterisk (*), Shares cannot find them.
#15396 - The transfer fails when you attempt to download special files like symlinks, block and character device files, socket, and so on.
#14532 - The transfer rate and encryption settings in Shares can be circumvented by users if they manually change the FASP URL before submitting. Workaround: In order to enforce the settings, set the desired values in the aspera.conf file on the node.
#12883 - When searching (browsing) recursively, the sort parameter is ignored.
For on-line support resources for Aspera products, including raising new support tickets, please visit the Aspera Support Portal. Note that you may have an existing account if you contacted the Aspera support team in the past. Before creating a new account, first try setting a password for the email that you use to interact with us. You may also call one of our regional support centers.