New Feature: OAuth 2.0 authentication support for Google Workspace and Microsoft Entra ID as an authentication type for SMTP Mail.
We have added new OAuth 2.0 authentication methods for the SMTP Mail Server target, offering a more secure, token-based approach as an alternative to storing traditional usernames and passwords by leveraging your organization’s existing cloud identity providers.
Google Workspace Email: You can now integrate with Google Workspace to send email via smtp.gmail.com using OAuth 2.0. This feature leverages Service Account impersonation, ensuring Cerberus authenticates with a secure, machine-level identity.
Microsoft Office 365 Email: Integration with Microsoft Entra ID enables secure email communication through Office 365. This non-interactive OAuth 2.0 method uses application credentials, eliminating the need to store user passwords for authentication.
New: Search by description for local user management in User Manager and Group Manager.
New: UNC paths supported in event rules for get a file and send a file actions
Improved: Enhancement on Web Client Security on the Account Request page.
Improved: Update of X-XSS-Protection header to align with modern browser standards.
Improved: cURL Update to 8.16.0 Addresses CVE-2025-5399, CVE-2025-9086, and CVE-2025-10148.
Get a headstart on our upcoming secure UX update with Cerberus 2025.4. This version gives administrators the ability to toggle between the previous and new UX, allowing them to test and update UX-dependent workflows ahead of the UX update in early 2026.
MSA update. This update requires user acknowledgement of the upgrade and cannot be done in-app
Improvements:
Expanded support for Duo Enterprise edition features, including trusted network authentication, remembered devices, bypass users, passwordless authentication methods, and enhanced security validation with improved error handling and logging. See more details here.
Documentation updates: We are reorganizing and updating Cerberus documentation with a new look and feel to make finding the information you need easier (and faster). Some resource links may look different than what you may have seen previously
Updated the UI framework, notice of deprecation of Legacy UX
Enhanced security checks for OTP-Protected public shares, two new localization strings: L_FILE_SHARE_DLG_OTP_NOT_ENABLED and L_FILE_SHARE_DLG_OTP_REQUIRED.
Event system now displays local time, not GMT time for events
Fixes:
Fixed incorrect character encoding in Microsoft OAuth2 email alerts, causing accented characters to appear incorrectly
Implemented additional security checks for the OTP-protected public share creation process. This change requires localizing two new message strings: L_FILE_SHARE_DLG_OTP_NOT_ENABLED and L_FILE_SHARE_DLG_OTP_REQUIRED.
Event system now displays local time, not GMT time for events
SMTP re-authentication bug fixed for strict servers
To improve the safety and stability of Cerberus FTP Server, this hotfix includes an essential upgrade to OpenSSL 3.0.19, mitigating several vendor-identified security vulnerabilities. Please apply this hotfix as soon as possible to ensure your Cerberus environment remains secure.
Known vulnerabilities this hotfix addresses:
CVE-2025-15467
CVE-2025-68160
CVE-2025-69418
CVE-2025-69419
CVE-2025-69420
CVE-2025-69421
CVE-2026-22795
CVE-2026-22796
The UI splash screen has also been updated to reflect the new version.
Cerberus has been upgraded to be compliant with FIPS 140-3 to future-proof your regulated environment and ensure seamless data protection. This change comes ahead of the September 2026 retirement of FIPS 140-2.
Added support for ETM (Encrypt-Then-MAC) algorithms (hmac-sha2-256-etm and hmac-sha2-512-etm) to SFTP, hardening the server against modern vulnerabilities like the recent Terrapin attacks
Banned usernames can no longer be requested as new native accounts.
CSV user import now acknowledges blank passwords and requires admin confirmation prior to importing these users.
HTTP/S listeners can now optionally remove the login prompt when SAML SSO is configured, streamlining authentication for SSO-only deployments. The login form is automatically displayed if SSO is unavailable to prevent user lockout.
Upgraded cURL to 8.18.0 to address several low CVEs (CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-10966) as well as medium CVEs (CVE-2025-14017, CVE-2025-13034).
Upgraded libssh2 to 1.11.1.
Upgraded log4cxx to 1.6.1.
Improvements:
SSH/SFTP cipher, MAC, and key exchange algorithms are now displayed in order from most secure to least secure in the protocol security settings.
Fixes:
Long filenames now wrap in the file browser, instead of being truncated, for better readability.
Server updates are no longer blocked when EULA changes are included; admin acceptance checkbox enables successful silent installations for all software and EULA updates.
SSO users may now be deleted from the cache. A new ability to remove all inactive users from provisioning has been added.
License expiration events now provide proactive alerts, allowing admins to configure automated email notifications up to one year in advance to prevent unexpected service interruptions.
Local privilege escalation (LPE) vulnerability where BUILTINUsers had write access to the update installers directory.
Witaj gościu. Dziękujemy, że przeglądasz nasze forum ale czy wiesz, że zakładając konto możesz w pełni korzystać z dobrodziejstw jakimi są promocje i konkursy. Nie zobaczysz tu też żadnych reklam a rejestracja zajmie Ci tylko chwilę.
Ta strona wykorzystuje ciasteczka (cookies) w celu: utrzymania sesji zalogowanego Użytkownika, gromadzenia informacji związanych z korzystaniem z serwisu, ułatwienia Użytkownikom korzystania z niego, dopasowania treści wyświetlanych Użytkownikowi oraz tworzenia statystyk oglądalności czy efektywności publikowanych reklam.Użytkownik ma możliwość skonfigurowania ustawień cookies za pomocą ustawień swojej przeglądarki internetowej. Użytkownik wyraża zgodę na używanie i wykorzystywanie cookies oraz ma możliwość wyłączenia cookies za pomocą ustawień swojej przeglądarki internetowej.
