A new WebApp will be applied on 10.30.2021 for all GovFTP accounts. Here is what we have added/changed/fixed:
Account Lockout Policy
Plan: Ultimate, Dedicated
You will now be able to define and manage account lockouts for your site. You will be able to lockout an IP and User account with defined limits. Account lockouts will be available in Settings > Authentication > Account Lockout Policy.
User Facing Clickwrap Agreements
Plan: Ultimate, Dedicated
User facing clickwrap agreements has been added. User Agreements are clickwrap agreements that must be accepted by a user at first (next) login. A clickwrap (also known as click-accept, click-to-sign, or clickthrough) agreement is an online agreement that users agree to by clicking a button or checking a box that says, “I agree.” Once your User Agreement is configured, all user accounts will be issued the clickwrap request upon their next login, including SSO users accounts. These can be used for privacy notices, compliance acknowledgments or any form of contract you wish users to agree to before accessing their files. You can customize your site's User Agreement via Settings > Web App > User Facing Clickwrap Agreements.
SFTP Host keys
The servers SFTP Host keys are now available to be reviewed in Settings > Security > Site Identity.
We have 2 new reports available. User Agreements that tracks the date / time, user account and IP address when the clickwrap has been accepted. Administrative Log will provide a detailed log for administrative actions taken on your site.
The Administrative log will have all actions in CSV format located in the log_history directory. These will be on a per month basis and named admin_log-YEAR-MONTH.csv.zip. Older log data may exist. Note that the format of this log has changed over the years and may not match today’s format for previous months.
When creating a new user, the form is now marked as ‘autocomplete=off’. This should limit browsers adding unwanted information automatically.
New default content added for New User Invites.
Authentication Service no longer shows on the Add User form when SSO is not setup for the site.
Performance enhancements to Reports have been made.
API: Corrected errors and added additional descriptions to server end points.
API: Standardized error message formatting.
API: Pagination through more than 50000 records is now prohibited.
API: In the case a user’s home directory has been deleted, the User resource will now show the assigned folder and notates the folder no longer exists.
SSH Public keys are now displayed in SHA256 format.
Users > Selected Admin user > Access Tab – Incorrect button display for administrative users. This has been corrected.
A long form error would occur if a client waited too long when uploading to an Infinishare Inbox. This error message has been updated to be informative to the client.
When creating a user if OTP was enabled and only one OTP method enabled, the user would have OTP enabled even if the “Require OTP” option was not selected.
Process for a user to self-set OTP via SMS was allowing the user to click Next without filling out required fields.
API: Default sort was not being applied to Folders, Permissions, Network Rules, File log and Admin log end points. This has been corrected.
API: Updating a network rule was not handled correctly when only the starting IP was provided.
API: The relationships element of Permissions and of Network Rules was nesting the meta info under the data element incorrectly:
API: Filter by name was not implemented for the Network Rules endpoint.
API: Requests to an invalid endpoint, such as /api/abc/, now returns a 404 Not found instead of 500 Internal Server error.
API: Folder POST/PATCH requests for non-admin users were failing due to incorrect permissions check.
API: Permission POST with a user and folder combination that already existed returned a 500 Internal Server Error. This now returns a 400 Bad Request with an appropriate error message.