2019: Cornerstone MFT Server Release Notes

2019: Cornerstone MFT Server Release Notes

Important Information

Cornerstone MFT Server must be installed under an account that has full administrative rights to the computer on which the software is being installed.  To uninstall Cornerstone MFT Server, use the Add/Remove Programs feature of the Windows OS to uninstall the software.

Fixes and Enhancements

Version: 2019.00.3660 (Release Date: July 9, 2021)

  1. Updated: Changed the default Passive Mode FTP Port Range to 28,000-30,000 to limit the number of open ports.
  2. Fixed: 'Secure' attribute missing from ASP.NET Session Id. [SVR-I435]
  3. Fixed: Open redirect vulnerability issue in the WebUI. [SVR-I432]
  4. Fixed: Block Anti-Timeout scheme was not working when NOOP was issued. [SVR-I437]
  5. Fixed: WebUI Security vulnerability with rename files. [SVR-I433], [SVR-I434]

Version: 2019.00.3650 (Release Date: March 5, 2021)

  1. Added: The WebUI now supports the HSTS Strict-Transport-Security response header. [SVR-I407]
  2. Fixed: Under certain conditions, FTP connections would cause numerous CLOSE_WAIT sockets to be left in memory. [SVR-I416]
  3. Fixed: If Max-File-Size-Upload was enabled, uploaded files which exceeded the maximum size were not being removed from the server. [SVR-I406]
  4. Fixed: The StatsTrack configuration tab in the Admin console was not honoring the Sql login credentials and would reset the settings back to Windows Authentication once saved. [SVR-I408]
  5. Fixed: Changing StatsTrack authentication from Windows Authentication to SQL Authentication would cause the server configuration to vanish from the Admin console. [SVR-I412]
  6. Fixed: After enabling StatsTrack, information would not be recorded in the DB until after the Cornerstone service was retstarted. [SVR-I411]

Version: 2019.00.3626 (Release Date: December 11, 2020)

  1. Fixed: Updated the system documentation to better reflect the feature sets of Titan FTP Server vs Cornerstone MFT Server
  2. Fixed: SFTP 'quota' command was returning invalid free-bytes value to the SFTP client
  3. Fixed: Various javascipt warnings and errors in the Titan/Cornerstone WebUI
  4. Fixed: The report viewer was missing from the Cornerstone installer
  5. Fixed: The Sql Server Native Client driver was missing from the Cornerstone installer
  6. Fixed: The Sql Express installer was missing from the Cornerstone installer

Version: 2019.00.3615 (Release Date: November 15, 2020)

  1. Added: The Check For Update feature now supports downloading updates over a secure https link.
  2. Fixed: When using the srxCFG utility and GETATTR for Server, Groups or Users, sometimes the attribute data would not be returned if the attribute was specified in all UPPERCASE instead of Mixed Case. [SVR-I404]
  3. Fixed: The Sql Server Native Client driver was missing from the Cornerstone installer
  4. Fixed: The Report Viewer was missing from new Cornerstone installations

Version: 2019.00.3611 (Release Date: September 25, 2020)

  1. Fixed: SFTP connection issue preventing CUCM backups from completing. [SVR-I401]
  2. Fixed: SFTP directory listings were incomplete. [SVR-I402]

Version: 2019.00.3608 (Release Date: September 16, 2020)

  1. Added: The SFTP Engine now supports RSA-SHA2-256 and RSA-SHA2-512 Host Key signatures. This provides better interoperability with Cisco CUCM Backup 12.5 and later in FIPS mode.[SVR-I398]
  2. Fixed: srxCFG utility would timeout in 30 seconds which was too short for various operations. srxCFG utility now has a /TIMEOUT='seconds' option to specify a custom timeout value. [SVR-I399]
  3. Fixed: Events Management: 'Before File Upload/Write' was not being honored if the condition was 'Do Not Process Command. [SVR-1397].
  4. Fixed: SFTP upload problem where random data could be written to the uploaded file at various locations. This fix is critical and recommended for all customers running SFTP. [SVR-1396].
  5. Fixed: DropZone URLs sent to the creator of the DropZone were being formatted incorrectly over HTTPS if a non-standard port was used. [SVR-I400]

Version: 2019.00.3595 (Release Date: July 1, 2020)

  1. Fixed: Issue with Group Level permissions and Virtual Folders which prevented access to some folders

Version: 2019.00.3584 (Release Date: June 11, 2020)

  1. Fixed: Minor issue in the Push/Pull Site Profile Wizard which failed to save the settings unless the Finish button was clicked with a mouse.
  2. Updated: More improvements to the login process to accellerate login times for systems with large numbers of groups and permissions.

Version: 2019.00.3580 (Release Date: May 14, 2020)

  1. Fixed: Minor updates to improve login performance on systems with a large number of users and virtual folders.
  2. Fixed: Minor cosmetic update to the Certificate Import utility to allow for importing PKCS12 file types

Version: 2019.00.3575 (Release Date: March 27, 2020)

  1. Fixed: Multi-Tenancy Server was not starting properly for Cornerstone. [SVR-523]

Version: 2019.00.3570 (Release Date: February 13, 2020)

  1. Fixed: Files uploaded over SFTP could sometimes remain open briefly after upload. This could cause post-upload events, like MOVE FILE, to fail with an error 'file is currently locked'. [SVR-522]
  2. Fixed: WebUI activation issue which failed to enable the WebUI with a valid regcode. [SVR-521]

Version: 2019.00.3561 (Release Date: February 10, 2020)

  1. Added: Support for PGP 'Exclude File Extensions' is now available under the WebUI, WebDAV and SFTP connections. [SVR-518]
  2. Fixed: PGP decryption could fail on systems which were upgraded from 2018 and the Add File Size advanced PGP feature was not enabled. [SVR-515]
  3. Fixed: 'Require FTP/S' issue which would kick the user even if 'Require FTP/S' was not enabled for the Server. [SVR-513]
  4. Fixed: Stats issue which could fail to log the result of a file Delete when performed through the WebUI. [SVR-516]
  5. Fixed: Issue with inherited user home directories not being set properly under NT authentication if the user did not have a default Primary Group. [SVR-517]
  6. Fixed: Migrate was disabled for registry based configurations brought over from Titan upgrades. [SVR-520]
  7. ISSUE: Using the BOX connector in a Push/Pull event does not currently work. SRT Support has a workaround using WebDrive acting as a Service. Please contact SRT support if you need assistance with this workaround. [SVR-519]
  8. Updated: WebDrive engine to latest 2019 build.
  9. Updated: Dropped support for Windows Server 2008 R2 and earlier due to Microsoft EOL.

Version: 2019.00.3557 (Release Date: December 14, 2019)

  1. Fixed: Event Manager issue which could fail to trigger events if the system is under heavy load [SRX-514]
  2. Fixed: EULA for the JA build was corrupt.

Version: 2019.00.3555 (Release Date: November 11, 2019)

  1. Fixed: SFTP issue which could leave a file handle open during an upload if the disk quota was exceeded.
  2. Fixed: 'Require FTP/S' issue which would kick the user even if 'Require FTP/S' was not enabled for the user. [SVR-513]
  3. Fixed: 'Require FTP/S' issue which did not kick the user until after receipt of the Password. If Require FTP/S is enabled, it is now checked when the USER command is issued. [SVR-512]
  4. Fixed: The srxTitan service could consume high CPU usage after upgrading from an older release. [SVR-511]
  5. Fixed: Issue in the SFTP engine which would cause excessive memory usage due to failed or banned connection attempts. [SVR-473]
  6. Fixed: when upgrading from 2018 to 2019 the Local Admin console may not login after the first reboot and a second reboot would be required. [SVR-476]
  7. Fixed: Database issue which could cause queries to fail with "connection busy with results from other query". [SVR-489]
  8. Fixed: Database issue which could cause an excessive number of sql connections to be quickly opened and closed.
  9. Changed: The Email Server feature will now auto-accept remote TLS certificates from non-trusted sources. [SVR-510]

Version: 2019.00.3540 (Release Date: October 1, 2019)

  1. Fixed: Issue in the Disk Quota system which could temporarily report disk quota exceeded until server restart. [SVR-509]
  2. Changed: The Email Server feature will now auto-accept remote TLS certificates from non-trusted sources. [SVR-510]

Version: 2019.00.3538 (Release Date: September 6, 2019)

  1. Fixed: Issue with systems using the Windows NT/SAM User Authentication connector who experience an empty list of Groups or Users in the Admin Console resulting from Microsoft KB4512517 and KB4507459 (NetQueryDisplayInformation).

Version: 2019.00.3537 (Release Date: August 6, 2019)

  1. Fixed: Idle SFTP connections were not being cleaned up when using DMZedge Server[SVR-508]
  2. Updated: JA release notes have been updated

Version: 2019.00.3535 (Release Date: July 2, 2019)

  1. Fixed: Updated the QuickLink Logon error message in the WebUI to be more secure
  2. Fixed: Potential deadlock issue in SFTP engine during banning of IP address under heavy load

Version: 2019.00.3531 (Release Date: May 31, 2019)

  1. Fixed: Uploads in the WebUI could fail under certain conditions: [SVR-507]
  2. Fixed: Move action failed to successfully move files if the Destination was a folder ending in a '.' and the Overwrite flag was false. [SVR-505]
  3. Fixed: User Level Disk Quotas failed to recognize when the quota was exceeded during SFTP connections. [SVR-506]

Version: 2019.00.3528 (Release Date: May 7, 2019)

  1. Fixed: File-Directory conditions referencing Virtual Folders were not trigging under all situations. [SVR-500]
  2. Fixed: The Local Administration Server would listen on all IP addresses instead of only 127.0.0.1. [SVR-501]
  3. Fixed: The WebUI would exhibit random errors during various operations such as Move or Upload. [SVR-502]
  4. Fixed: Some SFTP Host Key controls were disabled if NT Impersonation was enabled with Native Authentication. [SVR-503]
  5. Fixed: SysLog support could fail if multiple SysLog client applications are installed on the same computer as Titan/Cornerstone. [SVR-504]

Version: 2019.00.3515 (Release Date: April 2, 2019)

  1. Fixed: Timestamps could be set incorrectly when uploading files over FTP. [SVR-441]
  2. Fixed: When downloading Unicode/non-ASCII filenames through the WebUI, the filenames were not being encoded properly. [SVR-493]
  3. Fixed: The PASV command information was not being returned in the FEAT response when PASV mode was enabled for FTP. [SVR-494]
  4. Fixed: MFMT/MDTM FTP command could fail if the filename contains spaces. [SVR-496]
  5. Fixed: When using streaming PGP encryption, WebDrive is now able to dynamically edit files over a secure connection. [SVR-497]
  6. Fixed: DdoS Hammering and Hacking settings were not being checked for SFTP connections. [SVR-498]
  7. Fixed: WebUI Security vulnerability [CVE-2019-10009] which could allow an Authenticated User to gain access to other files on the OS if the fully qualified path of that file was already known to the authenticated user. Thank you KevinR for identifying the issue. [SVR-499]

Version: 2019.00.3505 (Release Date: February 10, 2019)

  1. Added: 301 Redirects for HTTP to HTTP/S. When enabled, all non-secure web traffic is redirected to http/s.
  2. Added: Import/Export feature for Events. This feature enables events to be exported and imported into new server instances.
  3. Added: Support for Multiple UNC authorization accounts on the UNC Accounts tab via the addition of a 'Reauthenticate' option.
  4. Added: There is now a 'File Size' condition in the event manager to trigger actions based on the size of a file.
  5. Updated: All security toolkits have been updated to the latest releases.
  6. Fixed: The Admin Console would display a parsing error when selecting a certificate in the HTTP/S tab if the certificate name contained an '&' character. [SVR-492]
  7. Fixed: The Primary GroupID was not sticky in the Admin Console when using ADSI/NT Authentication. [SVR-491]
  8. Fixed: Database issue which could cause too many DB connections to be open resulting in a DB error while trying to load user or group params. [SVR-489]
  9. Fixed: Logging issue when using W3C formatted logfiles which would cause excessive memory usage and eventual server crash.
  10. Fixed: SFTP issue which left the user level SFTP settings disabled in the Admin console.

Known Issues

  1. Using the BOX connector in a Push/Pull event does not currently work. SRT Support has a workaround using WebDrive acting as a Service. Please contact SRT support if you need assistance with this workaround. [SVR-519]
  2. When using a browser set in a non-US English locale, dates might not display properly in the WebUI. [SVR-455]
  3. Drag-Drop uploads through the new WebUI are not supported with Microsoft Internet Explorer. Currently the only browser which natively supports Drag-Drop uploads is Google Chrome. Chrome is recommended when accessing Cornerstone MFT Server through a browser.
  4. When using Microsoft Edge or Microsoft Internet Explorer, file uploads may fail if the files are large. As a workaround, use Chrome, Safari or Firefox browsers. Optionally, some users have reported success if they open the 'details' window during an upload when using a Microsoft browser.

Latest Release

The latest release of Cornerstone MFT Server 2019 is available here

System Requirements

The latest Cornerstone MFT Server 2019 System Requirements are located here






    • Related Articles

    • 2019: Titan FTP Server Release Notes

      Important Information Titan FTP Server must be installed under an account that has full administrative rights to the computer on which the software is being installed.  To uninstall Titan FTP Server, use the Add/Remove Programs feature of the Windows ...
    • NX: Cornerstone MFT Server system requirements

      The following lists the minimum system requirements for running Cornerstone MFT Server - NextGen Edition Supported Operating Systems Windows Server 2016 or later, all 64-bit editions (32-bit is not supported) Windows 10 Professional TH1 1507 or ...
    • NX: Titan FTP Server system requirements

      The following lists the minimum system requirements for running Titan FTP Server - NextGen Edition Supported Operating Systems Windows Server 2016 or later, all 64-bit editions (32-bit is not supported) Windows 10 Professional TH1 1507 or later, ...
    • What are the System Requirements for running your software?

      The system requirements for each of our products can be found at the following links: Version 2019 and earlier product line: Titan FTP Server 2019  System Requirements Cornerstone MFT Server 2019 System Requirements DMZedge Server 2019 System ...
    • RENAME timeout when using Cornerstone with StatsTrack

      Scenario: When using Cornerstone MFT Server 2019 in conjunction with the StatsTrack reporting system, you may experience a delay or timeout when attempting to rename a file or directory using either an SFTP/FTP client or the WebUI browser interface. ...