Fixed Issues in 2023
- Last Updated: June 18, 2023
- 1 minute read
- MOVEit Transfer
- Version 2023
- Documentation
This section outlines issues tracked and fixed by the MOVEit product team for the 2023 release. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.
|
ID |
Category |
Fixed Issue |
|---|---|---|
| 63377 | Security | API.js vulnerability. |
| 64142 | Server | Garbage collection exception at scale. |
| 64816 | Server/SFTP | SSH server hardening. |
| 66054 | Ad Hoc | View Sent Receipt link is not available for admin users |
| 66359 | Server/SAML | Fixed SAML error in MOVEit when the IDP is disabled. |
| 66379 | Web Farm | Uploading files through the web interface fails on different web farm node when "Allow HTTPS Access via HTTP Clients" is turned off |
| 65385 | Server | Folder sharing notification is blank when the folder that was created uses an ampersand. |
| 65857 | Server | Home folder permission is not correctly added to cloned user |
| 65975 | SFTP | New SFTP server does not handle setattributes command correctly |
| 57349 | Server | When Configuring Custom Notifications, Example Email and Test Email Indicate that Non-Supported Macros Should Work |
| 59160 | Server | Integer overflow possible in arg06 input value for filelist page |
| 60150 | Server | SSH client key and SSL client cert not converting to new Key during a key rotation in Moveit Transfer |
| 62374 | Server | MOVEit TRANSFER ASP.NET_SessionId not marked as Secure |
| 62665 | UI | [PassChangeRequestMaxAge] macro does not return anything |
| 62666 | Server Settings | Option to email password displays for new File Admin users |
| 4352 | WebUI | Trusted Host cache is not per-org |
| 6975 | AV/DLP | Caught SQL Exception when DLP policy contains an apostrophe (single quote) |
| 49049 | Groups | GroupAdmin cannot manually add TempUsers as group members Getting the message 'Invalid username'. |
| 52033 | Shared folders. | Cannot download file from Shared Folder if "File name is download link" is enabled in display profile |
| 52956 | Server | Admin users receive password expiration notifications (email and/or banner) |
| 66246 | Ad Hoc | File uploader fails when token expires. |
| 64601 | 3rd Party (Microsoft IIS) | Information disclosure by IIS for certain error
pages. Mitigation: You can find steps for hardening the IIS server used by MOVEit Transfer in a knowledge base article maintained by the MOVEit Transfer Progress Community titled Vulnerability Scanner, Penetration Test, and Hardening FAQs. |
| 65473 | Server/MFA | MFA with Email only workflow works incorrectly with email scanners |
| 68126 | Server/Web Farm | Webfarm node switch after setting up MFA can cause regression of the sign-on workflow |
| 68130 | Server/SFTP | Failed to validate decrypted message: "Message length mismatch" when downloading files through SFTP |
| 68699 | Server/WebUI | Temp user asked change password after changing their password for web farm installs. |
| 69698 | Server/WebUI | 2023.0.1 CVE-2023-34362: Addressed a SQL injection
vulnerability that may allow an attacker to gain unauthorized access to
MOVEit Transfer's database. https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability |
| 69884 | Server/WebUI | 2023.0.2 for CVE-2023-35036: Addressed a SQL injection
vulnerability that may allow an attacker to gain unauthorized access to
MOVEit Transfer's database. https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability |
| 70125 | Server | 2023.0.3 for CVE-2023-35708: Addressed a SQL injection
vulnerability that may allow an attacker to gain unauthorized access to
MOVEit Transfer's database. https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 |