Faspex 4.0 (Linux) Release Notes

  • Product Release: May 19, 2016
  • Release Notes Updated: May 19, 2016

WHAT'S NEW

Welcome to the release of IBM Aspera Faspex for Linux. Faspex 4.0.0 is a major new version of Aspera's popular server software application for high speed, secure file, and directory exchange integrated with email. The feature set includes a broad range of enhancements in response to Aspera user community feedback for enterprise user management, custom branding, enhanced usability and administrative ease. The next generation API uses a pure REST model and allows Faspex to be used as a backend platform for distributed relay of package content between a network of Aspera servers. The features by category are detailed below.

  • The minimum IBM Aspera Connect Browser Plug-In version is 3.6.1 (as Faspex 4.0.0 does not work with versions lower than 3.6.1).
  • Faspex offers a new, unified login landing page for local, LDAP, and SAML users.
  • User Management
    • Faspex can now authenticate users via any combination of multiple SAML identity providers.
      Note: Faspex SAML authentication with multiple SAML configurations is not yet supported for Aspera client applications (IBM Aspera Drive and the IBM Aspera Add-in for Microsoft Outlook). This support will be added in forthcoming releases of Drive and Outlook.

      At this time, Faspex with SAML authentication is supported for Aspera clients in the following case:

      • There is only one SAML configuration and the one SAML configuration is specified as the default SAML configuration.

      Aspera does not support the following cases:

      • No default SAML configuration is specified.
      • There is more than one SAML configuration.
    • Faspex offers a new, unified Login experience for Local, SAML, and LDAP/AD Users. Faspex has a full range of authentication options for the enterprise, including authenticated login of users and groups via local, Active Directory, LDAP, and SAML Single Sign-on.
    • Custom User attributes can be imported from each Identity Provider and mapped to a common schema for display in Faspex and reporting in Aspera Console.
    • Faspex SAML configuration now uses a new comprehensive interface that allows admins to configure, test, and troubleshoot multiple Identity Providers.
      • Admins can now enable or disable a new Identity Provider and set the default Provider.
      • Admins can now automatically format SAML Certificates and test an Identity Provider configuration.
      • When creating a new configuration, admins can automatically import required details of a SAML IdP from metadata provided in a metadata URL or an XML file.
      • Admins can now redirect users to the local login page to choose a SAML configuration to use for authentication.
      • Admins can now configure each Identity Provider to be publicly visible on the login page and specify login instructions for each Provider.
      • Admins can now restrict SAML login access to only members of known SAML groups explicitly added as Faspex groups.
      • Users can bypass the default SAML configuration and authenticate from any particular Identity Provider using a configured domain URL.
      • Admins can now configure the SAML user attribute that maps to the Faspex "Username" attribute. For example, the SAML name provided is "name_id" by default, but if the SAML attribute is "CN" instead, an admin can change "name_id" to "CN".
      • Admins can now specify the Name ID format as Unspecified, Transient,Persistent, or Email Address.
      • Admins can now configure allowable clock drift for each SAML IdP.
      • Custom attributes can now be configured as default, global (required for all authentication mechanisms), or local to an Identity Provider. They can be further configured as required or optional for login.
      • Custom attributes are now displayed in the Faspex administrator Accounts page and are reported to Console.
  • Workgroups and Dropboxes
    • Workgroup admins can now enable users to upload directly to the workgroup custom inbox. Faspex does not make a copy in the default package location.
    • Dropbox admins can now configure package expiration policies for dropboxes.
    • Dropbox admins can now delete dropbox packages.
  • Package Metadata
    • Faspex now offers a new metadata form builder that includes the ability to preview metadata form fields when creating or editing a metadata profile.
    • Admins can now limit illegal characters that can be used in metadata text fields.
    • Admins can now limit the length of text values in metadata text fields.
    • Faspex metadata field types now includes a date picker metadata field.
    • Metadata files are now relayed along with package content in a relay transfer.
  • SAML
    • When a SAML user logs in, Faspex now automatically converts any external users sharing the same email address into a SAML user.
    • The ruby-saml gem has been upgraded to version 1.1.1 to include security fixes and improvements including not requiring the full certificate in the SAML response when the certificate is already entered in the SAML configuration and not requiring SAML Name ID format to be Unspecified.
    • Faspex logging has been improved for when a SAML user fails to log into Faspex.
    • Admins can now customize SAML error messages.
  • Distribution Lists
    • Admins can now configure global distribution lists that are available to all users if enabled. Each distribution list has a name, and a comma-separated list of email addresses. Faspex users can refer to the list name when sending Faspex packages.
    • Active Global Distribution Lists appear in each User's Preferences in addition to Personal Distribution Lists. Users can not edit the list, but can duplicate the list and make modifications.
    • Admins can now override access to global distribution lists on a per-user basis.
    • Users can now use distribution lists in CC and BCC fields.
    • Users can now import contacts from a CSV file into a distribution list.
  • External Users
    • Admins can now require external users to register through the web UI instead of configuring the faspex.yml configuration file.
    • Moderation settings for external user registration are now separate from moderation settings for local user self registration.
    • When sending packages to an external email, Faspex automatically maps email addresses to existing user accounts.
    • Users can now choose to explicitly send packages to an existing external user by adding (external) to the email address. For example, enterjohndoe@faspex.example.com (external).
  • Global Options
    • Faspex now supports a new global option to ignore invalid recipients when sending a package.
    • Faspex now supports a new global option to automatically send a welcome email to a new user.
    • Faspex now supports a new global option to disallow users from changing their email addresses.
    • Faspex now supports a new global option to set a password expiration policy for all local users.
    • Faspex now supports a new global option to prevent password reuse.
    • Faspex now supports a new global option to change display name format to refer to a user by full name or by username.
    • Faspex now supports a new global option to allow all users to send to all other Faspex users.
    • Faspex now supports a new global option to allow all users to set their own package delete setting on a package-by-package basis.
    • Package upload timeout is now configurable in the faspex.yml configuration file.
  • Display Settings
    • Admins can now customize the logo on the Faspex menu bar.
    • Faspex now supports a new option to configure Faspex package information to display the full name of the sender and recipient instead of their usernames. Go to Server > Configuration > Display Settings.
    • Faspex now supports HTML tags in custom login announcements, package instructions, and dropbox instructions.
  • Email Notifications
    • Faspex now offers a new CC Receipt option when creating new packages. This option CC's the specified email addresses on the Package Received email notification sent to recipients of this package.
    • Faspex now displays tool tips to describe the purpose of each CC field on the New Package page.
    • Faspex now offers a new option to list all public and CC recipients in an email notification. Go to Server > Notifications, select a template, and click Customize Using Template. Select the Show all recipients in package information option.
    • Email templates now support the ALL_PUBLIC_RECIPIENTS and theALL_CC_RECIPIENTS text strings, which list public and CC recipients in an email notification.
    • Email templates now support the PACKAGE_FILE_LIST_FIRST_10 text string, which lists the first ten files or folders at the top level of the package.
  • Security
    • Restrictions to login by IP address can now be applied to admin accounts.
      Important: IP restrictions for an admin user on an existing Faspex installation might work differently after an upgrade.
    • OpenSSL has been upgraded to version 1.0.1s.
  • Other
    • Faspex now supports Enterprise Server 3.6.0+ options for preserving timestamps. If these options are configured in aspera.conf on the node, Faspex honors these options for all transfers.
    • Faspex now supports filtering of user accounts by custom user attributes. Custom user attributes are configured in custom user profiles.
    • The directory created during a database backup now includes the Faspex version number in the name. For example, on a Linux machine, the generated directory would be found at /opt/aspera/faspex/backup/2016-05-04_114635-Faspex.4.0.0.123561.
  • Faspex V3 API's
    • Faspex V3 API's now support multiple SAML IdPs in mobile and client applications.
  • Faspex V4 API's
    Important: Inclusion of Faspex V4 API's is experimental for this release and there may be issues when using it.
    • Faspex now supports the new, next-generation Faspex V4 REST API's that bring multiple next-generation capabilities and a host of new features for distributed Faspex deployments. Faspex V4 REST API's can be enabled or disabled from the faspex.yml configuration file.

      Highlights include:

      • The new V4 API's follow REST API accepted standards (including response codes) with JSON payload.

      • The new V4 API's support new API functions for user management, setting download limits, querying "per user" download statistics, editing email templates, and overriding the package delivery location per user to route packages to a preferred Faspex server.
      • The new V4 API's support increased metadata field lengths
      • The new V4 API's support additional statistics and API's to query download count, downloading count, file count per package, package creation date, package modification time, aggregate file size, downloader user name, IP address, and download date and time.
      • The new V4 API's support new APIs for exposing Nodes, Share IDs, and so on.
      For more information about V4 REST API's, seehttps://developer.asperasoft.com/reference/whats-new/269-new-faspex-enhancements.

ISSUES FIXED IN THIS RELEASE

#33822 - A user can upload to a dropbox even if the Upload packages permission is disabled in the user's account settings.

#34716 - Verifying SSL fails on node connections to a HTTPS server.

#34467 - DS users deactivated by Faspex are reactivated when the corresponding DS groups syncs with Faspex.

#33496 - When a node is used as both the file source and custom inbox for a package, the files in the package are not symlinked.

#33178 - Metadata text fields in Faspex are limited to 256 characters.

#33023 - After deleting a dropbox or workgroup, the packages page shows an Internal Server Error.

#32769 - Faspex sort and page parameters on the Sent Packages, Received Packages, Workgroup Packages, and Dropbox Packages pages are not preserved when an operation (such as deleting packages) is completed.

#32636 - Rebooting CentOS 7 does not start all the Faspex services.

#32467 - The aspera.conf file is modified on upgrade, overwriting the server_name setting and the encryption_key sets for users.

#31276 - Admins can no longer view regular users' packages by using the/aspera/faspex/sent/{id} REST resource.

#32125 - EAR should be disabled for packages that involve cloud-referencing

#31766 - Deleting packages from the default inbox does not delete the packages on the custom inbox.

#31251 - Internet Explorer Compatibility Mode and Connect 3.6 fails accessing Faspex servers.

#31141 - MySQL does not recover and reconnect when the connection is lost to a killed process. Background jobs continue to run with errors.

#30992 - Exception during SAML authentication prevents user from logging in.

#24174 - Encoding mismatch for time zone resolution when adding a node running an OS in a foreign language.

#21992 - Users are unable to download individual items in packages with > 100 items.

#21333 - Faspex users without upload permissions can still see the New Package button.

#20085 - The Package Downloaded and Package Downloaded CC email notifications are broken.

SYSTEM REQUIREMENTS

IBM Aspera Enterprise/Connect Server: A licensed version of 3.5.6-3.6.0.
IBM Aspera Connect Browser Plug-In 3.6.1-3.6.6
IBM Aspera Common Components 1.1.22 (Required only for Linux; the Windows installer already includes it.)

Linux
RedHat 6-7, CentOS 6-7, SLES 11

Browsers:
Internet Explorer 9-11, Firefox 27-44, Safari 6-9, Google Chrome 40-48
(Faspex users can successfully access Faspex from any of these browsers on any OS, as long as the browser and OS are also supported by Connect)

PREVIOUS RELEASE NOTES

Faspex 3.9.3 Release Notes
Faspex 3.9.2 Release Notes
Faspex 3.9.1 Release Notes
Faspex 3.8.1 Release Notes
Faspex 3.7.5 Release Notes
Faspex 3.5.0 Release Notes
Faspex 3.1.1 Release Notes

PACKAGE INFORMATION

Linux 64-bit (rpm): aspera-faspex-4.0.0.125083-0.x86_64.rpm
md5: 77691cc4fcce9c8ac8623edc724ab4e0
sha1: a45d9c7b973da3544d87a13085ded221fef2465e

OTHER RESOURCES

IBM Aspera Faspex 4.0.0 Admin Guide (Linux)
IBM Aspera Faspex 4.0.0 User Guide

KNOWN ISSUES WITH MOBILE AND CLIENT APPLICATIONS

#35681 - Date type metadata fields in the Android Faspex mobile application appear as regular text fields with no date selector shown.

#35569 - On iOS Faspex, custom inbox packages that fail relay still appear in the inbox feed.

#35516 - In Drive 1.3.0, package uploads will fail when sending to dropbox along with any other recipient.

Date type metadata fields in the iOS Faspex 2.2.2 mobile application do not appear. This issue is fixed in the iOS Faspex 3.0.0 mobile application.

When configuring a SAML user against a multi-SAML server that has no designated default SAML IdP, the iOS Faspex 2.2.2 mobile application crashes. Workaround: Designate a default SAML IdP or upgrade to the iOS Faspex 3.0.0 mobile application.

At this time, Faspex with SAML authentication is supported for Aspera mobile and client applications in the following cases:

  • Mobile Applications: There is a SAML configuration specified as the default SAML configuration with one or more SAML configurations.
  • Client Applications: There is only one SAML configuration and the one SAML configuration is specified as the default SAML configuration.

KNOWN ISSUES WITH FASPEX V4 API'S

Important: Inclusion of Faspex V4 API's is experimental for this release and there may be issues when using it.

#35522 - Forwarding a package with the Faspex V4 API does not work.

#35093 - Content Encryption-at-Rest (EAR) cannot be requested through V4 APIs (EAR options are not functional). However, server side EAR (enabled on the destination node) should still work.

KNOWN ISSUES

#33755 - When using symlinking with Enterprise Server 3.5.6, symlinked folders do not display in Faspex as folders, but the folder still download correctly.

#31212 - Upgrading the common components from older versions of 1.1 to any newer version deletes the /usr/bin/asctl symlink. Workaround: Installing Faspex after upgrading the common components will recreate the missing link during the installation process.

#29531 - Stats-collector displays an error when working with nodes that are configured for tlsv1.1. The Linux version of Faspex only works with tlsv1.2.

#25002 - Bad display on IE 9 for overlay of Connect on the Faspex New Package page. Workaround: This is an IE issue, you should upgrade to the latest browser version supported on your platform or ensure that you have the latest IE updates applied.

#21984 - On Centos 6.0 & 6.2, after installation and asctl faspex:setup has run and completed, users may see an invalid license message appear on the login page, even if they have copied over the correct aspera-license file to their /opt/aspera/etc directory.

#17652 - For an existing Faspex DS group: If this group is moved to another Organizational Unit (OU) on the DS server, and then the group is synced on Faspex, the group will become invalid on Faspex.

#17089 - After restoring Faspex 3.X from a source server, the destination server may or may not be able to verify the SSL certificates presented by a node (depends on whether the source server had a valid cert file or if it was missing altogether). Administrators should check to see if the cert.pem file exists and back it up prior to restoring.

#17011 - Safari on Mac downloads the Faspex backup file to a tar file. Users can change their Safari preferences so that archive files aren't automatically unzipped.

#16846 - If you are upgrading from Faspex 2.X and the transfer server is already set up on a different server, asctl will not handle this case. Please contact Aspera Support for assistance.

#16715 - If you set an alternate address (Server > Configuration > Web Server) on your source server and save your Faspex db+config folder (Server > Configuration > Save/Restore), then upon restore to a new server/instance, the alternate address will still be set on the new server. Subsequently, your email notifications will include an alternate address link to an instance which may not be up and running.

#16520 - If you download the Faspex db+config folder (from Server > Configuration > Save/Restore), the file will be saved to the browser's default location.

#16519 - Some Faspex configuration settings (for example, those that require system changes or asctl modifications) will not be restored when using the Faspex “Save/Restore” UI feature. For example, if the "Systemuser" flag is changed in faspex.yml, and the configurations are backed up and restored to a new instance, the application will not start because the user must be created on the new instance with appropriate permissions. Another example is the "uri_namespace," which - if changed before a backup - must be updated in Apache using the "uri_namespace" command upon restoring. Other settings in faspex.yml include "HTTPPort", "HTTPSPort", etc, which will be overwritten to the previous values and may require manual steps toe ensure the ports can be used.

#13835 - Faspex cannot connect to an AWS mail server using TLS; however, SSL connects successfully. This is relevant to the settings under Server > Notifications > E-mail Configuration.

PRODUCT SUPPORT

For on-line support resources for Aspera products, including raising new support tickets, please visit the Aspera Support Portal. Note that you may have an existing account if you contacted the Aspera support team in the past. Before creating a new account, first try setting a password for the email that you use to interact with us. You may also call one of our regional support centers.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk