- Product Release: August 29, 2017
- Release Notes Updated: August 29, 2017
This release of IBM Aspera On Demand provides the following new features:
IBM Aspera Enterprise Server 3.7.4
- File checksums SHA-256, SHA-384, and SHA-512 can now be set in aspera.conf. (CIM-269)
- Improved detection of potential Distributed Denial of Service attempts involving missing or slow SSL negotiation requests. The HTTP fallback daemon now automatically times out (after 20 seconds) connections that do not send a request or are too slow.
- Node API
- The Node API now supports access keys for IBM Bluemix, S3 storage, Google Cloud Storage, Microsoft Azure Storage, and Microsoft SAS Storage.
- Sync with S3 is now fully supported and documented.
- Bidirectional syncs between S3 buckets are now supported.
- Sync sessions can now be filtered by setting the <filter> configuration in aspera.conf. Command-line filters are applied after aspera.conf settings. If filtering is not always wanted, then configure filters for one user. Sync sessions that are run by that user are filtered while sync sessions run by other users are not.
- Cloud, Object, and HDFS Storage Support
- New fields are available in the AWS access keys to support AWS KMS server-side encryption and the INFREQUENT_ACCESS storage class.
- Connections to Azure PAGE blob storage can now be created in the GUI.
- Improved search results for Trapd logs, which now include the ascp session ID.
- IBM Bluemix Swift and S3 storage are now supported and can be specified from the GUI for ATS connections.
- S3 versioning is now supported. Versioned object overwrite options can be configured in /opt/aspera/etc/trapd/s3.properties.
- Aspera now supports Kerberos for Hadoop Distributed File System (HDFS) transfers. (CIM-277)
- For RESTful operations (such as the Node API /files call and ascp run with file IDs), file events as returned by the Node API /events call, no longer show file paths. Instead, they return values for parent_file_id, file_id, and the file name. File events for RPC-style calls to /files and non-file-ID ascp transfers remain unchanged (reporting file_id and file path).
- Faster file deletion in OpenStack Swift storage. Users can still configure Trap to use the bulk-delete feature, but this option is now disabled by default.
Issues Fixed in this Release
ATT-354 - If the target rate of an ascp transfer is given as a percentage of available bandwidth (ascp -80% -wf), the target rate cap set on the server is not respected and the transfer is allowed to exceed the rate cap. (CIM-546)
ATT-349 - The ascp bandwidth test option -wf is invalid in v3.7.2+. (CIM-516)
ATT-260 - A4 transfer fails if the destination path is very long (130+ characters). (CIM-343)
ES-238, WAT-520 - When a client-side asyncsession is forced to quit, in rare cases the server-side async process may not stop. (CIM-364)
ES-183 - The pre/post variable FILE_CSUM is listed as a session variable rather than a file variable in the Enterprise Server, Connect Server, and Point to Point Client guides. (CIM-262)
ES-1 - Pre/post processing notification email fails if the version of Perl is 5.22 or later. (CIM-26)
NODE-188 - alee-admin times out if a node has more registered access-key entitlements than it can process in 30 seconds.
NODE-167 - Newly created access key entitlements on cluster machines are not updated immediately and it may be more than 5 minutes before the access key is valid.
TRAP-58 - Objects cannot be uploaded to AWS if the file name ends with one or more spaces.
TRAP-53 - Resuming uploads to OpenStack Swift storage can fail if the .partial file contains invalid content.
TRAP-51 - During transfer finalization of a multipart upload, .partial files in OpenStack Swift Storage may be deleted. When this happens and the user tries to download the file, HTTP error code 409 is returned.
TRAP-45 - When a 0 bytes file is transferred to HDFS, the transfer is successful but a .partial file is retained.
TRAP-40 - Downloads of many (100+) large (100+GB) files from cloud storage fail with the message: OutOfMemoryError: GC overhead limit exceeded.
TRAP-39 - Trap fails if the target AWS endpoint is missing from its list of recognized regions, rather than correcting itself.
WAT-512 (#29038) - The --overwrite older option of Sync does not recognize modified files if the size has not changed and they are in storage that does not support sparse checksums, such as Azure cloud storage, or when async is run with the --checksum none option.
WAT-454 - If the docroot is set with a URI, Watchfolder returns the error "No docroot defined," rather than the correct error "URI for a docroot is not supported."
WAT-453 - Watchd is unable to read folders on a machine running Windows 2003. Note: Windows 2003 support was discontinued in 2015. (CIM-361)
WAT-452 - Watchfolders disappear after restarting the asperarund service if the Watchfolder IDs include backslashes. (CIM-354)
Known Issues in this Release
ATT-245 (#22726) - Successful transfers might log the error, Failure Event: -34 - libssh2_channel_wait_closed() invoked when channel is not in EOF state, particularly downloads in FIPS mode. The error can be safely ignored. (CIM-329)
ES-216 - If the Aspera Connect Plug-in is unable to connect to the server by SSH, a misleading error message, "Failed to authenticate," is reported rather than indicating that it is a connection problem. (CIM-72)
ES-215 - If the Aspera Connect Plug-in is unable to connect to the server by SSH, no fallback is attempted. (CIM-320)
ES-124 - When email notifications are configured through the GUI, transfer start and stop notifications list the source as the local/LAN IP address, rather than the external/WAN IP address. (CIM-30)
ES-42 - When you retrieve the entitlement status by using alee-admin status, confusing error messages are returned even if the entitlement was registered successfully.
#32517 - Retransfer requests are unencrypted when transfers are encrypted. This change in encryption can cause transfer failures in some scenarios, such as when a network device drops the retransfer request because it detects a bit sequence it considers malicious.
ES-267 - Under rare conditions, ascp transfers to cloud object storage may be reported as successful even though Trapd reports an error and the content is not in the storage. (CIM-475)
#29255 - Download from SoftLayer of a file larger than 62 GB is unsuccessful. Workaround: Do not use time-stamp preservation with SoftLayer.
#26281 - If you run approximately 100 (or a similarly high number) concurrent uploads to S3, intermittent transfer session failures can occur.
#26185 - During an upload to S3 storage, an error may result if ascp reports a successful file transfer before the transfer to S3 completes.
ATT-321 - To use ascp4 to transfer with object storage, you must set the chunk size on the server to 64 kb for transfers that include primarily small files, and set it to 1 Mb for transfers that include primarily large files. If the chunk size is not set on the server, then the transfer fails.
ATT-31 - ascp4 crashes following the transfer of a large (for example, 5 GB) file to S3 storage.
ATT-30 and ATT-46 - ascp4 transfer is slow when you upload many small files (for example, 1 million 4-byte files) to S3 storage.
ATT-29 - Files that are transferred to S3 storage with ascp4 retain a .partial extension when viewed in the GUI.
ATT-27 - Direct-to-cloud ascp4 transfers are skipped unless the full destination path is specified.
ATT-2 (#32295) - The default minimum transfer rate is not picked up from aspera.conf.
ES-247 - Console-initiated ascp4 transfers fail if the docroot on the source is a UNC path (for example, \\localhost\SHARE), returning the error ERR Source base/path is not a valid directory/file (doesn't match any source path). (CIM-397)
ES-151 - ascp4 does not recognize the UNC-path docroot of a Console transfer user. (CIM-197)
ES-309 - When a group ID (setgid) is set on a parent directory (chmod g+s parent_dir), subdirectories that are created by a call to the /files/create endpoint have the primary group ID of the user rather than the group ID of the parent directory. (CIM-541)
ES-248 - While a transfer of many files is in process, Node API reports skipped files as complete. The counters are correct once the transfer is complete. (CIM-398)
#33374 - Symbolic link capability is only available on local storage but an unimplemented function error does not appear when the user attempts to create a symbolic link to a file on cloud storage (S3) from the Node API.
#33229 - Users cannot browse a file on cloud storage by using a /files/browse API request.
#29187 - For content in cloud storage, the Node API does not display all the files in the docroot directory. Workaround: Use the /files/info request to browse the docroot directory when content is in cloud-based storage.
#29138 - For files in S3 storage, the Node API does not return the correct file modification time.
#29078 - When an access key is created with the standard node user authorization, the access key inherits that node user and its associated system user. Afterward, asnodeadmin can be used to associate a new system user to the node user, but the new system user is not updated for the access key.
ES-50 - When you use local storage for Sync with Files on Unix-based systems, Sync fails if the access key storage does not start with "/". For example, data/storage fails but /data/storage is successful.
#29038 - Using overwrite=always when you sync with cloud storage does not overwrite the file. The default checksum behavior with S3 (as with any cloud storage) is "none". An existing file on S3 is considered identical to the local file when their sizes are equal. Therefore, the file on S3 is not overwritten even when the content of S3 differs from the content of the local file.
TRAP-59 - If an incorrect DNS nameserver is set in /etc/resolve.conf and then corrected, TrapD must be restarted for the correct nameserver to be used by TrapD. If TrapD is not restarted, TrapD fails to connect and retries indefinitely. (CIM-469)
TRAP-57 - If a very large file (several TB) upload to AWS S3 is interrupted after more than 1 TB is transferred, resuming the transfer may take hours and the session may close before any data is transferred. (CIM-476)
TRAP-28 - When downloading from cloud or object storage, ascp always takes the equivalent of 1 GB of buffers from Trapd. This can lock buffers in ascp queues for hours and may prevent other ascp transfers from transferring normally.
TRAP-27 - In some cases, stopping Trapd while an ascp transfer is still running may cause a restart of Trapd to fail.
TRAP-26 - Sometimes when Trapd is being heavily loaded by many ascp transfers, Trap may return a 'No such file or directory' error.
#36067 - Deleting folders from a Limelight directory is slow.
#33214 - Transfers to and from cloud storage using authorization tokens with URIs that do not have a docroot specified are not supported.
#25636 - To use a larger chunk size to transfer large files to AWS S3 storage, some users modify the memory settings in the Trapd initialization script, asperatrapd_init.sh. If you do so, be sure to preserve the script manually during upgrades to prevent it from being overwritten.
IBM Aspera Shares 1.9.11
- The Purge event feed items background job (System Settings > Background) is now enabled by default.
- Shares now supports signed SAML authentication requests.
- Shares addresses accessibility support improvements including an updated design for High Contrast mode.
- Nginx has been upgraded to version 1.12.1.
SHARES1-120 - In some cases, Shares cannot send emails due to a database integrity violation in the stats collector. (CIM-674)
SHARES1-80 - Stats collector can fail due to daylight savings time change. (CIM-503)
SHARES1-67 - Stats collector in Shares deadlocks after an exception in the MySQL database.
SHARES1-64 - When Shares is added as a directory service to Console, Console is not able to find DS users from Shares.
SHARES1-51 - Users can create a share with a name containing '/'.
SHARES1-19 - A user that has an expired password can browse Shares using Point-to-Point.
#29649 - Restoring one SHOD Shares instance's database onto another SHOD Shares instance causes instance to not be browsable, with perpetual license error. Workaround: Use Rake task to disable and re-enable entitlement mode for the Shares application: https://support.asperasoft.com/entries/76203557-Web-application-entitlement-feature.
IBM Aspera Faspex 4.1.0New Features
- Scheduled Transfers
- Faspex users can now delay package delivery, without delaying package upload. The delayed delivery time can be set when you create the package or after, in which case the package is listed in Pending Packages. (CIM-83, CIM-559)
- Alternate Addresses
- Improved Faspex security protects against cross-site scripting. Use the "Enable alternate address" option in Server > Configuration > Web Server to whitelist alternate hostnames. (#36056, CIM-64, CIM-65)
- The alternate address field (Server > File Storage > Edit > Advanced) now supports comma-delimited Classless Inter-Domain Routing, allowing you to specify multiple subnets or a specific range of addresses.
- Invitation Links
- Admins can now configure a global policy for invitation link expiration times for personal and dropbox invitations (Server > Security > Outside email addresses > Invitation link expires). By default, users are allowed to set their own custom expiration dates for invitation links. (CIM-212)
- Faspex now supports a search function when users are browsing packages on the Sent and Received pages. (CIM-479)
- Email Templates
- Faspex now supports the Packaged Sent CC and Package Received CC email templates.
- Faspex now supports the LINK_EXPIRATION_INFO variable for email notifications can now be used for Faspex user recipients and in workgroup and dropbox "package received" notifications. (CIM-88, #35386)
- Faspex now allows admins to configure alternate Faspex hostnames and include them in email notifications using the ALTERNATE_HOSTNAME_# (ALTERNATE_HOSTNAME_1, ALTERNATE_HOSTNAME_2, and so on) email template variable.
- Faspex now supports a new SAML option that, if enabled, redirects SAML users to the SAML logout page where users can easily log back into Faspex through SAML. (CIM-236)
- Configuration Options
- Faspex now allows admins to control external package sending with the new Allow external packages to Faspex users option. When this option is disabled, users cannot send to existing Faspex users with "(external)" after their email. (CIM-394)
- The Remove users setting (Server > Configuration > Security) can now be configured separately for local, directory service, and SAML users. (CIM-141)
- The self-signed SSL certificate generated by Faspex during installation is now a SHA-256 certificate.
- Updated jQuery version to 2.2.4.
- You can now require that users agree to a custom Terms of Service prior to sending packages. (CIM-230)
ISSUES FIXED IN THIS RELEASE
FASPX-327 - Custom MySQL parameters are overwritten when upgrading Faspex. (CIM-579)
FASPX-311 - When creating a new Faspex user account from inside a workgroup or dropbox, you are forced to set a password for the new account. (CIM-554)
FASPX-297 - SAML users only inherit Faspex group permissions on first login, but not subsequent logins. (CIM-548)
FASPX-276 - Sending a package to a distribution list fails if the list includes a deactivated user. (CIM-542)
FASPX-263 - The asctl log fills the disk because it is not rotating. (CIM-513)
FASPX-262 - Faspex database migration fails in some cases. (CIM-521)
FASPX-240 - The New Package drop-down menu doesn't show all dropboxes when a user has around 100 dropboxes. (CIM-477)
FASPX-234 - Users can see invitation links created by other users. (CIM-447)
FASPX-233 - There is an XSS vulnerability in Faspex. (CIM-451)
FASPX-229 - The "option list" metadata field is limited to 1000 chars. (CIM-435)
FASPX-228 - When there are two parallel uploads of the same package, and one success while the other fails, if the failed upload completes after the success, the upload is marked as a failure and the package is unavailable. (CIM-441)
FASPX-208 - If the Minimum Connect Version option was set to be under version 3.6.1, the option cannot be changed after upgrading Faspex. (CIM-338)
FASPX-206 - Internal Server Error for a SAML user on the Received page after enabling public URL in user's personal account preferences. (CIM-328)
FASPX-186 - The asctl apache:setup and apache:upgrade commands generate an incorrect ashttpd.conf file, which makes Faspex unavailable. (CIM-77)
FASPX-154 - When invited to send a package to a user, the email notification invites users to send to the first and last name of the account instead of the account username. (CIM-227)
FASPX-139 - Packages can be sent to pending users (self-registered users who are not yet approved), rather than failing with an invalid recipient error. (CIM-21)
FASPX-116 - Variable values that contain spaces, such as the username "adm user," are not supported in asctl commands. (#28270)
FASPX-114 - The Faspex node poller background process can fail, in which case the stats collector does not update logs, if multiple processes are running due to a bug in the database connection pool library. (#36181)
FASPX-89 - On IE 11, clicking Override transfer settings when configuring SAML groups (under Group Provisioning Policy) does not display the transfer settings configuration options. (#36180)
FASPX-80 - Faspex sends 7 notification emails to CC Upload recipients for forwarded packages. (CIM-194, #36216)
FASPX-51 - Running the rake task rake packages:clean_deleted with OLDER_THAN_DAYS=x fails and returns a MySQL error. (CIM-115, #32343)
ODD-88 - Faspex inaccurately reports that the entitlement is invalid after performing a backup restore. Workaround: Users can ignore this message and navigate to other pages without issue.
FASPX-352 - Faspex transfers cannot be resumed if the Connect Plug-In is closed and relaunched, even after restarting the web page and the Connect Plug-In. (CIM-632)
FASPX-235 - The asctl faspex:package_dir command does not work with the --trace option. (CIM-454)FASPX-241 - Faspex URI namespaces do not support the "/packages" namespace. (CIM-478)
IBM Aspera Console 3.2.0
- Endpoints can now be created with Node API authentication (for managed nodes) and access key authentication (for managed and unmanaged clusters).
- Improved Apache security decreases Console's vulnerability to Denial-of-Service attacks and SSL attacks.
- The Nodes page now displays the hostname of managed clusters in the Address and Hostname columns. Managed clusters are shown with "N/A" in the Last Restart and Failover Group columns.
- Aspera clusters can now be added as unmanaged nodes, as well as managed clusters.
- The watch folder remote node can now be configured with token authentication.
- Watch folders can now be created on nodes that do not have SSH credentials configured for them.
- Authorization tokens can now be provided in a JSON payload when creating a transfer (smart or simple) with the Console API. (CIM-317)
- The default batch size for background processes is now 1000, ensuring that Console displays live transfers associated with managed clusters.
- The Console UI now conforms to Section 508 Standards for improved accessibility. New features include visual focus for UI elements, a "Skip to main content" link at the top of each page, and labels, links, legends, and dynamically appearing messages are announced by JAWS.
AC-488 - When updating a transfer path in a group's permissions, Console returns a "500 Internal Server Error". (CIM-617)
AC-467 - Console database processes become stuck and no data is ingested when a scheduled backup fails. (CIM-532)
AC-441, AC-175 - When setting up a transfer, you cannot browse folders in a UNC path. (CIM-440, CIM-228)
AC-403 - Running a basic report fails with a MySQL error if a filepath exceeds 255 characters. (CIM-353)
ODD-89 - Console on Demand errors when using the UI to restore a configuration file that's over 2000 KB. Workaround: Backup and restore the configuration using the command-line.
AC-494 - Console cannot display account information for Windows managed nodes if the username contains a space, returning the error "undefined method 'downcase' for nil:NilClass". (CIM-589)
AC-475 - When upgrading Aspera Common Components, any customizations in my.cnf are overwritten by default values. (CIM-578) Workaround: Before upgrading, backup my.cnf (outside the aspera directory. After upgrading, replace the generated my.cnf file with the backup.
AC-468 - When running a Report with Report on set to last week, the query is run for the correct time frame but the Report Period End displayed in the report title is incorrect. (CIM-498)
AC-398 - The Console dashboard returns a 500 Internal Server Error if a transfer session becomes stuck. (CIM-335)
AC-378 - When using failover groups, custom transfer settings do not propagate to the failover node. (CIM-296)
AC-376 - The Console map does not display in the Microsoft Edge browser. Microsoft Edge is not yet supported. (CIM-266)
AC-375 - When a transfer session fails to initiate, an incomplete record might be created that displays in Console but cannot be deleted. Workaround: Manually delete the session from central-store.db. (CIM-253)
PREVIOUS RELEASE NOTES
AMAZON MACHINE IMAGE (AMI) INFORMATION
Application Platform and Server On Demand (APOD / SOD)
Application Platform and Server On Demand Without Console (APOD / SOD WOC)
Faspex On Demand (FOD)
Faspex On Demand FCP (FOD FCP)
SOFTLAYER IMAGE ID INFORMATION
Application Platform and Server On Demand (APOD / SOD)
|APOD / SOD||APOD-SOD 3.7.3 - August 2017 Release|
|APOD / SOD WOC||APOD-SOD-WOC 3.7.3 - August 2017 Release|
|FOD||FOD 3.7.3 - August 2017 Release|
|SHOD||SHOD 3.7.3 - August 2017 Release|
SOFTWARE COMPONENTSAPOD / SOD
- IBM Aspera Shares 1.9.11
- IBM Aspera Enterprise Server 3.7.4
- IBM Aspera Console 3.2.0
- IBM Aspera Enterprise Server 3.7.4
- IBM Aspera Faspex 4.1.0
- IBM Aspera Shares 1.9.11
- IBM Aspera Console 3.2.0
AWS APOD / SOD PACKAGE INFORMATION
|APOD / SOD||
|APOD / SOD WOC||
SOFTLAYER APOD / SOD PACKAGE INFORMATION
|APOD / SOD||
|APOD / SOD WOC||
IBM Aspera Application and Server On Demand (APOD / SOD) 3.7.3 Admin Guide
IBM Aspera Application Platform and Server On Demand (APOD / SOD) 3.7.3 User Guide
IBM Aspera Shares On Demand 3.7.3 Admin Guide
IBM Aspera Shares On Demand 3.7.3 User Guide
IBM Aspera FaspexDemand 3.7.3 Admin Guide
IBM Aspera Faspex On Demand 3.7.3 User Guide
For on-line support resources for Aspera products, including raising new support tickets, please visit the Aspera Support Portal. Note that you may have an existing account if you contacted the Aspera support team in the past. Before creating a new account, first try setting a password for the email that you use to interact with us. You may also call one of our regional support centers.