Highly recommended update
Waarp Gateway Update Release Note
Our version of Waarp Gateway 0.7.1 brings many improvements and some fixes.
Version 0.7.0 contained a blocking bug and was therefore not released.
Improved security of SFTP transfers
Some cryptographic algorithms commonly used for SFTP transfers were not available in previous versions.
This version provides support for the key exchange algorithm “diffie-hellman-group-exchange-sha256” for the client part only, and support for the encryption algorithms “arcfour256”, “arcfour128”, “arcfour”, “aes128-cbc”, and “des-cbc” for clients and servers.
Furthermore, algorithms based on SHA-1, which have no longer been secure since 2005, have been deprecated. They are still usable, but support will be removed in a future release.
More information :
Import/export of transfer history
Transfer history can now be purged from the command line. The transfers concerned can be filtered, in particular by date.
Optionally, purged transfers can be exported to a JSON file.
Finally, a new command allows you to restore the history from an export JSON file.
More information :
Unification of consultation of current and completed transfers
The REST API entry points for listing current transfers and history have been merged to make data easier to use.
The transfers list now also contains history. The previous behavior can be obtained by adding filters on the transfer statuses in the query.
As a result, the entry point for listing history has been deprecated and will be removed in a future release.
More information :
Warm restart of local servers
In order to reduce the impact of adding, removing, or modifying a local Gateway server on the availability of the service, it is now possible to restart them without restarting the entire waarp-gateway service .
More information :
List of Changes
New features
#351 Added the following algorithms to the list of algorithms supported by the Waarp Gateway 0.7.1 SFTP client and server:
diffie-hellman-group-exchange-sha256 (client side only),
arcfour256, arcfour128, arcfour,
aes128-cbc, 3des-cbc (client side only),
arcfour256, arcfour128, arcfour,
aes128-cbc, 3des-cbc
#276 Added a REST entry point and a terminal transfer cancel-all command allowing several transfers to be canceled at once depending on their status.
#187 Added a purge history command to the waarp-gatewayd executable.
#74 Added the waarp-gatewayd restore history command to import an export of the transfer history from a JSON file. This export can be created via the new option -e, –export-to of the waarp-gatewayd purge command.
#286 Unifications of REST entry points for transfers and for history. All transfers (whether completed or not) can now be accessed through the transfer entry point.
#255 Added a REST entry point allowing hot shutdown and restart of local servers. As a result, start, stop and restart subcommands have been added to the client's server command on the command line.
#336 Added the ability to enable and disable local servers. By default, new servers created are active. It is now possible to deactivate a server, via the REST interface or via the command line client. Unlike activated servers, a deactivated server will not be automatically activated when Waarp Gateway is launched. Please note that deactivating a server does not immediately stop it. The server will remain active until Waarp Gateway or the server in question is shut down.
Continuation of new features
#287 Separation of R66 and R66-TLS into 2 distinct protocols. The distinction between the two is now made via the protocol name instead of the protoConfig. The isTLS option in protoConfig R66 still exists but is now deprecated.
#345 Errors that may occur when interrupting or canceling a transfer are now correctly accommodated. Furthermore, it is now possible to cancel a transfer in progress, even if the pipeline responsible for its execution cannot be found. In the event of a problem, this should help prevent transfers from being blocked indefinitely.
#225 Added a TLSPassphrase option to the “Admin” section of the configuration file. This allows you to enter the password for the private key (passphrase) of the administration server if it is encrypted. It is therefore now possible to use an encrypted private key for the TLS certificate of the administration server.
#285 Added -r, --reset-before-import option to import command. When present, this option tells Waarp Gateway that the database must be emptied before performing the import. Thus, all elements present in the database affected by the import operation will be deleted. A 2nd option named --force-reset-before-import has been added, allowing scripts to override the confirmation message of the -r option.
#224 Added Waarp Gateway users to the import/export file. It is now possible to export and import Waarp Gateway users used for administration. Therefore, the -t --target option of the waarp-gatewayd import and waarp-gatewayd export commands now accepts the value users.
Fixes
#350 Fixed an R66 client error causing it to reuse old connections already closed in place and instead open new connections, therefore causing the transfer to fail.
#346 Fixed a bug causing validation failure of certification chains comprising more than one certificate when inserting them into the database.
#291 Fixed an error causing the unexpected appearance of error messages ( warnings ) when an SFTP client normally terminates a connection to an SFTP server of the Waarp Gateway.
#355 Fixed a bug affecting SQLite databases, which caused all contents of child tables to be deleted when their parent table was modified during a migration (as was the case for version 0.7.0).
#355 Migrations to return to the previous version of the database are now carried out in the correct order.
#353 Fixed a bug allowing (when the database is shared) the REST interface of a Waarp Gateway instance to retrieve history entries that do not belong to it.
Depreciations
#351 All SHA-1 based SSH algorithms are now deprecated For SFTP clients and servers
#287 Separation of R66 and R66-TLS into 2 distinct protocols. The distinction between the two is now made via the protocol name instead of the protoConfig. The isTLS option in protoConfig R66 still exists but is now deprecated.
#286 The REST API history entry point is now deprecated. Likewise, the CLI history command has also been deprecated, with its functions now performed by the transfer command.
Connections
Comments