IBM Aspera Faspex 4.1.0 Release Notes

  • Product Release: June 19, 2017
  • Release Notes Updated: June 19, 2017

This release of IBM Aspera Faspex for Windows and Linux provides the new features, fixes, and other changes listed below. These release notes also list system requirements, including supported platforms, and known problems.

NEW FEATURES

  • Scheduled Transfers
    • Faspex users can now delay package delivery, without delaying package upload. The delayed delivery time can be set when you create the package or after, in which case the package is listed in Pending Packages. (CIM-83, CIM-559)
  • Alternate Addresses
    • Improved Faspex security protects against cross-site scripting. Use the "Enable alternate address" option in Server > Configuration > Web Server to whitelist alternate hostnames. (#36056, CIM-64, CIM-65)
    • The alternate address field (Server > File Storage > Edit > Advanced) now supports comma-delimited Classless Inter-Domain Routing, allowing you to specify multiple subnets or a specific range of addresses.
  • Invitation Links
    • Faspex now supports the Description field for users to add a note when inviting external users or dropbox users. Personal Invitation and Dropbox Invitation email templates now include the DESCRIPTION email variable. (CIM-81)
      Note: In order to display "Description" in invitation email notifications, this email variable must be manually included in associated templates after upgrading from previous Faspex versions to 4.1.0. On a clean install of 4.1.0 however, this variable is automatically included in email templates.
    • Admins can now configure a global policy for invitation link expiration times for personal and dropbox invitations (Server > Security > Outside email addresses > Invitation link expires). By default, users are allowed to set their own custom expiration dates for invitation links. (CIM-212)
  • Packages
    • Faspex now supports a search function when users are browsing packages on the Sent and Received pages. (CIM-479)
  • Dropbox
    • Dropbox names in the New Package drop-down menu are now sorted alphabetically and long names automatically trigger a wider view.
    • The list of dropboxes under the New Package drop-down menu is now sorted in alphabetic order. (CIM-473)
  • Email Templates
    • Faspex now supports the Packaged Sent CC and Package Received CC email templates.
    • Faspex now supports the PACKAGE_UUID variable for email notifications.
    • Faspex now supports the LINK_EXPIRATION_INFO variable for email notifications can now be used for Faspex user recipients and in workgroup and dropbox "package received" notifications. (CIM-88, #35386)
    • Faspex now allows admins to configure alternate Faspex hostnames and include them in email notifications using the ALTERNATE_HOSTNAME_# (ALTERNATE_HOSTNAME_1, ALTERNATE_HOSTNAME_2, and so on) email template variable.
  • SAML
    • The user profile member_of is now a default user profile field for SAML configurations.
    • Faspex now supports the ability to restrict login access to only known SAML users.
    • Faspex now supports signed SAML authentication requests.
    • Faspex now supports a new SAML option that, if enabled, redirects SAML users to the SAML logout page where users can easily log back into Faspex through SAML. (CIM-236)
  • Configuration Options
    • Faspex now allows admins to control external package sending with the new Allow external packages to Faspex users option. When this option is disabled, users cannot send to existing Faspex users with "(external)" after their email. (CIM-394)
    • Faspex now allows admins to block users from self-registering with email accounts from specified email domains.
    • Faspex now allows admins to configure which users can create normal packages by configuring a global security setting (Server > Security > Allow users to create normal packages) or by configuring the Permissions settings for individual user accounts. If this feature is disabled, users cannot access the New Packages page and can only create dropbox packages (if they are a member of a dropbox).
    • The Remove users setting (Server > Configuration > Security) can now be configured separately for local, directory service, and SAML users. (CIM-141)
  • Rake Tasks
    • Faspex now supports a new rake task to configure the SMTP server on Faspex. (CIM-432)
    • Faspex now supports a new rake task to delete the contents of expired packages from custom inboxes and workgroup relays, but not the default inbox.
    • Faspex now supports a new rake task for configuring the HTTP fallback setting.
    • Faspex now supports a new rake task to delete expired packages from custom inboxes and workgroup relays.
    • You can now set the default directory for a file storage with the source_directory rake task by using the new --make_default option.
  • YAML Options
    • Faspex now supports the "HideSenderUsernameToExternalRecipients" faspex.yml option to hide the package sender's username from the Connect Plug-In logs and manifests. (CIM-450)
    • Metadata text fields now support 28,000 characters per field and 30,000 characters total for the entire metadata profile when the new option "ExcludeMetadataFromCookie: true" is set in faspex.yml (versus 2,000 total characters without this option). When this option is enabled, Console cannot report metadata for Faspex transfer. (CIM-252)
  • Security
    • The self-signed SSL certificate generated by Faspex during installation is now a SHA-256 certificate.
    • Updated jQuery version to 2.2.4.
    • You can now require that users agree to a custom Terms of Service prior to sending packages. (CIM-230)
  • Logging
    • The Faspex Production.log file now records a package's deletion by its package ID in the database. Also, logging for expiration deletion is in faspex_background.log and logging for deletion after download is in the faspex_db_background.log file. (CIM-245)
    • Faspex error logging in the case of an invalid SAML assertion now includes more details, including the invalid assertion.
    • Faspex log files now include when users' passwords and email addresses are changed and the account that made the changes. (CIM-226)
  • System
    • On Linux CentOS 7 computers, the ashttpd service is now compatible with systemd. (CIM-5)
    • Faspex now supports the Windows 2016 platform.
  • Accessibility
    • Faspex now conforms to Section 508 Standards for improved accessibility. New features include a "Skip to main content" link at the top of each page, legends for checkboxes and radio buttons are announced by JAWS, functional table sorting and navigation, a "*" next to all required fields, and inactive links in pagination are announced as disabled.
  • API
    • You can now use the Faspex health check url to check the status of Faspex nodes to provide information to load balancers. The url is:
      • https:/faspex_ip_address/aspera/faspex/health_check
      See the documentation for more information.
    • Admins can now determine your preference for the SDK/API location (Cloudfront or local) and how to fallback to the other, if desired. (CIM-444)
    • Faspex v4 APIs now support OAuth authentication.
    • Faspex v4 APIs now support endpoints for SAML configurations.
    • Faspex v4 APIs now support endpoints for Dropbox / Workgroup configurations and Dropbox / Workgroup membership management.
    • Faspex v4 APIs now support the recalculate endpoint to update a package's total_files and total_bytes fields.
    • Faspex v4 APIs now support the replicate endpoint to replicate the contents from the destination share to all custom inboxes, recipient shares, and override shares.
    Note: For documentation on the Faspex v4 APIs, see the Faspex section on the Aspera Developer's Network.

ISSUES FIXED IN THIS RELEASE

Note: This release contains tickets created from different tracking systems. For this reason, the ticket IDs may reflect different numbering formats.

FASPX-327 - Custom MySQL parameters are overwritten when upgrading Faspex. (CIM-579)

FASPX-316 - Faspex returns an error when users try to download a partially completed package or individual completed files in a partial package.

FASPX-311 - When creating a new Faspex user account from inside a workgroup or dropbox, you are forced to set a password for the new account. (CIM-554)

FASPX-310 - If a new user account is created using a rake task, Faspex does not send a welcome email to the account email.

FASPX-297 - SAML users only inherit Faspex group permissions on first login, but not subsequent logins. (CIM-548)

FASPX-276 - Sending a package to a distribution list fails if the list includes a deactivated user. (CIM-542)

FASPX-263 - The asctl log fills the disk because it is not rotating. (CIM-513)

FASPX-262 - Faspex database migration fails in some cases. (CIM-521)

FASPX-251 - Users experience a long delay (10s) when logging in or logging out while Faspex queries the node's status.

FASPX-250 - The ruby-saml XML schema has been updated to support RFC-compliant Certificate Serial Numbers.

FASPX-240 - The New Package drop-down menu doesn't show all dropboxes when a user has around 100 dropboxes. (CIM-477)

FASPX-234 - Users can see invitation links created by other users. (CIM-447)

FASPX-233 - There is an XSS vulnerability in Faspex. (CIM-451)

FASPX-232 - A user can change their account email address even if the admin has disabled that option.

FASPX-231 - Packages with failed relays are not available in the received packages list.

FASPX-229 - The "option list" metadata field is limited to 1000 chars. (CIM-435)

FASPX-228 - When there are two parallel uploads of the same package, and one success while the other fails, if the failed upload completes after the success, the upload is marked as a failure and the package is unavailable. (CIM-441)

FASPX-227 - When sending a new package, the email addresses configured in the CC Receipt field overrides any email addresses included in the Send copy of receipt email to these addresses setting configured on the user account.

FASPX-222 - Queued uploads in the Connect Plug-In are marked as failed in Faspex and Faspex notifies the user that the package never started.

FASPX-218 - Faspex relay does note work if secondary transfer address is set.

FASPX-217 - Faspex does not send notification to CC recipients if the user sending the package does not have the ability to send to external users.

FASPX-216 - If the sender does not have permissions to edit the Receipt CC field, the CC notification is ignored when the user sends a package, even if an admin has entered email addresses in the Send copy of receipt email to these addresses field.

FASPX-208 - If the Minimum Connect Version option was set to be under version 3.6.1, the option cannot be changed after upgrading Faspex. (CIM-338)

FASPX-206 - Internal Server Error for a SAML user on the Received page after enabling public URL in user's personal account preferences. (CIM-328)

FASPX-205 - On IE8 and IE11, the username and password fields on the login page do not display field reminders. (CIM-322)

FASPX-186 - The asctl apache:setup and apache:upgrade commands generate an incorrect ashttpd.conf file, which makes Faspex unavailable. (CIM-77)

FASPX-169 - Packages stalled during upload are not deleted from the storage on scheduled package delete.

FASPX-213 - Users cannot send a new package if the user does not have permissions to send to a user in the CC field.

FASPX-173 - Faspex is vulnerable to Denial-of-Service attacks. For further security recommendations to address this issue, see the following Knowledge Base article:

FASPX-158 - When connection to MySQL is lost and not recovered, packages are marked as "upload never started" until background jobs and services are restarted.

FASPX-154 - When invited to send a package to a user, the email notification invites users to send to the first and last name of the account instead of the account username. (CIM-227)

FASPX-151 - (Windows) When the Faspex server authenticates users against a directory service, if a user account is disabled in Active Directory, Faspex users can still send to that recipient and the recipient receives package notification emails (but the disabled user cannot log in to Faspex).

FASPX-139 - Packages can be sent to pending users (self-registered users who are not yet approved), rather than failing with an invalid recipient error. (CIM-21)

FASPX-135 - The ALL_CC_RECIPIENTS email variable only includes CC Receipt recipients and does not include CC Upload or CC Download recipients. Additionally, when both ALL_CC_RECIPIENTS and ALL_PUBLIC_RECIPIENTS are used and users are included in both groups, their email addresses are listed multiple times.

FASPX-131 - Clicking Archive All on the Sent page does not archive the packages. (Archiving or deleting individual packages works as expected).

FASPX-116 - Variable values that contain spaces, such as the username "adm user," are not supported in asctl commands. (#28270)

FASPX-114 - The Faspex node poller background process can fail, in which case the stats collector does not update logs, if multiple processes are running due to a bug in the database connection pool library. (#36181)

FASPX-103 - Faspex startup services cannot be disabled at the operating system level.

FASPX-89 - On IE 11, clicking Override transfer settings when configuring SAML groups (under Group Provisioning Policy) does not display the transfer settings configuration options. (#36180)

FASPX-80 - Faspex sends 7 notification emails to CC Upload recipients for forwarded packages. (CIM-194, #36216)

FASPX-73 - JAWS does not announce legends for all checkboxes and radio buttons.

FASPX-72 - JAWS cannot sort tables on the Received and Sent tabs.

FASPX-71 - Some required fields do not have "*" next to them to indicate that they are required.

FASPX-70 - When creating a new package, if no recipient or an invalid recipient is specified, two "invalid recipient" error messages are returned.

FASPX-51 - Running the rake task rake packages:clean_deleted with OLDER_THAN_DAYS=x fails and returns a MySQL error. (CIM-115, #32343)

FASPX-31 - When using the "Custom Inbox" option, users receive two notifications, one for transfer from the default storage and one for the relay from the default storage to the custom inbox.

FASPX-30 - Sorting package lists by package attributes returns a table that is not paginated, even if more packages than can fit on one page are present.

FASPX-22 - On the Received and Send pages, when JAWS reads inactive links, it reads the associated page numbers but fails to read the word "disabled".

FASPX-21 - On the Send page, JAWS does not read the package name together with the archive or delete button name.

#35093 - Content Encryption-at-Rest (EAR) cannot be requested through V4 APIs (EAR options are not functional). However, server side EAR (enabled on the destination node) should still work.

SYSTEM REQUIREMENTS

IBM Aspera Enterprise/Connect Server: A licensed version of ES 3.6.0+.
IBM Aspera Connect Browser Plug-In 3.6.1-3.7.0
IBM Aspera Common Components 1.1.26 (Required only for Linux; the Windows installer already includes it.)

Linux
RedHat 6-7, CentOS 6-7, SLES 11

Windows
2008, 2012, 2016

Browsers:
Internet Explorer 9-11, Firefox 27-53, Safari 6-10, Google Chrome 40-59
(Faspex users can successfully access Faspex from any of these browsers on any OS, as long as the browser and OS are also supported by Connect)

Drag-and-Drop Support

Faspex supports the dragging and dropping of files and folders for transfer, but this support varies by platform and browser. See the table below for details on how this release of Faspex supports drag-and-drop in your environment:

Browser Windows Client Mac OS X Client Linux Client
Firefox Files and folders Files and folders Drag-and-drop not supported
Chrome Files and folders Files and folders Drag-and-drop not supported
IE 8 and 9 Files and folders
IE 10 and 11 Files
Edge Drag-and-drop not supported
Safari Files and folders

PACKAGE INFORMATION

Linux 64-bit (rpm): aspera-faspex-4.1.0.144919-0.x86_64.rpm
md5: 3f2ca5c0e7c6b8bcd1f654123c6b6d39
sha1: 326d21320e220097e76f531ff3e76dd62870cefc
Windows: AsperaFaspexSetup-4.1.0.144919-windows-32-msvc2012.exe
md5: f294736b1ec30d6f53af21b229ff9d65
sha1: d0ddb500aa237566c81bac75bdc4d311fe88cfd2

KNOWN ISSUES WITH MOBILE AND CLIENT APPLICATIONS

#35934 - When an Azure cluster is used as the default inbox, transfers performed by Drive 1.3.0 and Outlook Plug-in 1.3.3 fail. This issue will be fixed in subsequent releases of these client applications.
Note: Transfers to Faspex with an Azure default inbox is still supported in Drive 1.2.3.

#35681 - Date type metadata fields in the Android Faspex mobile application appear as regular text fields with no date selector shown.

#35569 - On iOS Faspex, custom inbox packages that fail relay still appear in the inbox feed.

#35516 - In Drive 1.3.0, package uploads fail when sending to dropbox along with any other recipient.

Date type metadata fields in the iOS Faspex 2.2.2 mobile application do not appear. This issue is fixed in the iOS Faspex 3.0.0 mobile application.

When configuring a SAML user against a multi-SAML server that has no designated default SAML IdP, the iOS Faspex 2.2.2 mobile application crashes. Workaround: Designate a default SAML IdP or upgrade to the iOS Faspex 3.0.0 mobile application.

At this time, Faspex with SAML authentication is supported for Aspera mobile and client applications in the following cases:

  • Mobile Applications: There is a SAML configuration specified as the default SAML configuration with one or more SAML configurations.
  • Client Applications: There is only one SAML configuration and the one SAML configuration is specified as the default SAML configuration.

KNOWN ISSUES WITH FASPEX V4 API'S

Important: Inclusion of Faspex V4 API's is experimental for this release and there may be issues when using it.

#35522 - Forwarding a package with the Faspex V4 API does not work.

KNOWN ISSUES WITH 508 COMPLIANCE

FASPX-18 - On the New Package page, JAWS reads "Cc:" twice for the Upload and Download check box

KNOWN ISSUES

FASPX-375 - SUSE 11 UI installation for Faspex and Common fails when using the UI to install. Workaround: Install using the command line and the rpm -Uvh command.

FASPX-352 - Faspex transfers cannot be resumed if the Connect Plug-In is closed and relaunched, even after restarting the web page and the Connect Plug-In. (CIM-632)

FASPX-235 - The asctl faspex:package_dir command does not work with the --trace option. (CIM-454)

FASPX-274 - If Stats Collector polls an unresponsive node, Faspex may show errors for healthy nodes.

FASPX-241 - Faspex URI namespaces do not support the "/packages" namespace. (CIM-478)

#35983 - After changing inbox destination, downloading content of previously sent packages fails with an error.

#34716 - (Windows Only) Verifying SSL on node connections fail, because the default certificate location is a hard-coded path that does not exist. Workaround: Create the following path in your Windows Faspex server:
  • C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0m/ssl/cert.pem

#33755 - When using symlinking with Enterprise Server 3.5.6, symlinked folders do not display in Faspex as folders, but the folder still download correctly.

#31212 - (Linux Only) Upgrading the common components from older versions of 1.1 to any newer version deletes the /usr/bin/asctl symlink. Workaround: Installing Faspex after upgrading the common components will recreate the missing link during the installation process.

#29531 - (Linux Only) Stats-collector displays an error when working with nodes that are configured for tlsv1.1. The Linux version of Faspex only works with tlsv1.2.

#29547 - (Windows Only) Faspex displays an SSL error when adding a node with ssl_protocol set to tlsv1.1 or tlsv1.2.

#25002 - Bad display on IE 9 for overlay of Connect on the Faspex New Package page. Workaround: This is an IE issue, you should upgrade to the latest browser version supported on your platform or ensure that you have the latest IE updates applied.

#21984 - On Centos 6.0 & 6.2, after installation and asctl faspex:setup has run and completed, users may see an invalid license message appear on the login page, even if they have copied over the correct aspera-license file to their /opt/aspera/etc directory.

#17652 - For an existing Faspex DS group: If this group is moved to another Organizational Unit (OU) on the DS server, and then the group is synced on Faspex, the group will become invalid on Faspex.

#17089 - After restoring Faspex 3.X from a source server, the destination server may or may not be able to verify the SSL certificates presented by a node (depends on whether the source server had a valid cert file or if it was missing altogether). Administrators should check to see if the cert.pem file exists and back it up prior to restoring.

#17011 - Safari on Mac downloads the Faspex backup file to a tar file. Users can change their Safari preferences so that archive files aren't automatically unzipped.

#16846 - If you are upgrading from Faspex 2.X and the transfer server is already set up on a different server, asctl does not handle this case. Please contact Aspera Support for assistance.

#16715 - If you set an alternate address (Server > Configuration > Web Server) on your source server and save your Faspex db+config folder (Server > Configuration > Save/Restore), then upon restore to a new server/instance, the alternate address will still be set on the new server. Subsequently, your email notifications will include an alternate address link to an instance which may not be up and running.

#16520 - If you download the Faspex db+config folder (from Server > Configuration > Save/Restore), the file will be saved to the browser's default location.

#16519 - (Linux Only) Some Faspex configuration settings (for example, those that require system changes or asctl modifications) will not be restored when using the Faspex “Save/Restore” UI feature. For example, if the "Systemuser" flag is changed in faspex.yml, and the configurations are backed up and restored to a new instance, the application will not start because the user must be created on the new instance with appropriate permissions. Another example is the "uri_namespace," which - if changed before a backup - must be updated in Apache using the "uri_namespace" command upon restoring. Other settings in faspex.yml include "HTTPPort", "HTTPSPort", etc, which will be overwritten to the previous values and may require manual steps toe ensure the ports can be used.

#13835 - Faspex cannot connect to an AWS mail server using TLS; however, SSL connects successfully. This is relevant to the settings under Server > Notifications > E-mail Configuration.

PRODUCT SUPPORT

For on-line support resources for Aspera products, including raising new support tickets, please visit the Aspera Support Portal. Note that you may have an existing account if you contacted the Aspera support team in the past. Before creating a new account, first try setting a password for the email that you use to interact with us. You may also call one of our regional support centers.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk