April 2024

We have added several new features and enhanced many of the current features in the month of April. Here's a breakdown of what's new to Files.com in April 2024.

Changes to the methods you use for moving files, including FTP, SFTP, WebDAV, and AS2.

The MDN (Message Disposition Notification) notifies the sender that the transmission was successful and the data received hasn't been altered, using digital signatures for validation. Some AS2 partners sign MDNs with x509 certificates that have incompatible purpose settings, resulting in a valid MDN message being rejected even though the signing certificate matched what was expected. This adds more overhead with no security benefit to you.

To prevent rejecting messages unnecessarily, we've added an MDN Validation Level setting to your AS2 trading partner configuration, which will default to the most permissive setting. Site administrators can update the MDN Validation Level for any trading partner.

Learn more about configuring the MDN Validation Level.

The AS2 Content-Type Header has changed to application/pkcs7-signature to meet requirements for partners which strictly comply with AS2's RFC 4130. No action is required to enable this change.

When a folder can't be transferred due to folder settings on the AS2 folder, such as a setting to restrict the names of folders that are uploaded, the errors will be reflected within your AS2 logs. This helps you troubleshoot any problems receiving AS2 data. No action is required to enable the improved logging.

Learn more about troubleshooting AS2.

We've added a new setting to explicitly enable weak Diffie Hellman ciphers for SFTP. We've added this feature because certain legacy or broken SSH and MFT clients incorrectly implemented those ciphers. Rather than requiring you to allow all insecure ciphers, you can make an exception just for this specific option while still requiring the most secure, modern ciphers.

This setting is disabled by default, so if you need to support an extremely outdated SFTP client, you can enable this setting.

Learn more about managing the ciphers used for SFTP.

Improvements to our connections with external services.

In order to connect as a remote server, your SharePoint site must use a verified domain; this is required by Microsoft as part of their overall security framework. When you attempt to connect an unverified SharePoint domain, you'll receive a more explicit error message about the domain problem, which you can resolve following Microsoft's instructions.

Learn more about using SharePoint as a Remote Server.

The Files.com Agent connects an on-premise server directly to your Files.com site. We're constantly working to improve its performance and ease of setup.

The On-Premise Agent now uses a single outbound network port, port 8801. Rather than waiting for a connection from the Files.com platform, the agent will instead "phone home" to initiate connections. The Agent will connect to Files.com using the general pool of Files.com IP addresses. Make sure that outbound connections to these IP addresses using port 8801 are allowed through your firewall.

Learn how to securely connect your own storage to Files.com using the Agent.

The configuration file for the On-Premise Agent now uses TOML formatting rather than JSON. You can specify custom permissions and root folder to restrict the access provided to users through Files.com. Site administrators should review the configuration options available; you may wish to update your Agent installation to take advantage of a new option.

Learn about updating your On-Premise Agent.

Improvements to the automatic features within Files.com that streamline your processes.

Copy File automations allow you to optionally overwrite files when they already exist at the destination. The previous setting allowed you to force overwriting destination files with the same name but different sizes. The new setting allows your automation to always overwrite destination files, even when they're the same size. You should examine your existing Copy File automations to determine if enabling this setting is right for you, but be aware it can result in increased data transfer usage.

Learn more about using Copy File automations.

For Create Folder automations, Copy File automations, or Move File automations, you can define a destination folder with a dynamic name reflecting the time the automation was run. A new setting allows you to specify which time zone will be used for calculating any date or time wildcards in your destination folder. If no timezone is selected, UTC will be used.

Administrators can review their existing automations to determine if it's appropriate to choose a different time zone for this setting.

Learn more about customizing destination filenames in automations.

When an Automation fails to perform an action on a remote server mount, the Automation Run Log will include the destination path that could not be accessed. This assists you during troubleshooting, making it simpler to track down specific files that require attention. No action is required to enable the logging.

Automations that transfer files between remote servers will now include better error messaging in the Automation Run Log whenever there is a connection problem with 1 of the remote servers. This makes is easier to identify which remote server may need attention.

Learn more about troubleshooting Automations.

The Sync feature allows you to push or pull files to or from remote servers. You now have 2 new options to limit which files are transferred. This can guard against mistakenly syncing a file that should not have been placed in the source system.

To select files that should be targeted, add Include Patterns to your sync configuration. To prevent specific files from being transferred, you can also add Exclude Patterns. Exclude Patterns will take precedence over Include Patterns (if a file matches both an Exclude Pattern and an Include Pattern, it won't be synced).

If you're currently relying on a sync to feed files to a system that does not gracefully handle unexpected inputs, consider adding Include Patterns and/or Exclude Patterns to prevent future headaches.

Learn more about using Remote Server Sync.

Enhancements to web-based file sharing features, such as Share Links, Inboxes, and Public Hosting.

Inboxes and Share Links that allow uploading can be configured automatically organize those uploads into sub-folders. You can now use date and time wildcards to create destination folder names that reflect when the upload happened. When these wildcards are used, you can also choose a specific time zone for calculating the folder name. If you don't select a time zone, UTC is used.

Learn more about automatically organizing Inbox uploads or Share Link uploads.

A user's permissions to a folder may be non-recursive, meaning they can only act on items in that folder but not any sub-folders. When a user with non-recursive rights shares a folder in a Share Link, the link will also have non-recursive access. This is now explicitly called out in the contents of the Share Link to indicate that sub-folders are not included. No action is required to enable this feature.

Learn more about user permissions.

Clickwraps allow you to define important terms of service for web visitors, and it's no surprise that sometimes, they can get very long. We've improved the display of long Clickwrap text so that visitors can easily access all of the text without needing to scroll a very long page before completing their registration. If you're not currently using Clickwraps with your Share Links or Inboxes, maybe it's time to try them out.

Learn more about Clickwraps.

Improvements to working with file contents within your site.

In addition to the ability to preview images and office documents, we've added a smart preview feature for plain text file types. This includes advanced quality of life improvements for structured data files, Markdown, and source code files. No action is required to enable this feature; it's already enabled for all sites.

Learn more about previewing text files.

Files.com achieves its best-in-class security by a platform that is tuned for maximum security out of the box. We also realize that every organization has unique security requirements, so we frequently provide new security features, allowing you to fine-tune your site settings to meet your needs.

In addition to site-wide IP whitelists and user-specific IP whitelists, it's now possible to define lists of acceptable IP addresses for user groups. This is helpful if you have multiple users who will connect from the same physical network; rather than adding the user-specific IP lists, you can add the IPs to a group and assign the users to groups.

Learn more about assigning IP addresses to groups.

In addition to site-wide settings for disabling FTP, SFTP and WebDAV and the user-specific settings for each protocol, you can now define which protocols a group can access. This can simplify creating users, if you need to allow a specific protocol only for a few users. A new site-wide setting allows you to only assign protocol access through groups, as well; if you leave that setting disabled, then users can connect using protocols enabled on their user account or on any of the groups they're associated with, as long as the protocol is not disabled site-wide.

Site administrators should consider whether enabling group-only protocol assignment makes sense for your organization.

Learn more about allowing group protocol access.

The settings for automatically decrypting files in a folder now includes an option to Ignore MDC Integrity Check. By default, this setting is enabled (MDC integrity errors are ignored) so that files that were encrypted with older versions of PGP and GPG (version 6 and earlier) can still be successfully decrypted. We have chosen this default value to support existing workflows, and no action should be needed.

Learn more about automatically encrypting and decrypting files.

A new site-wide setting lets you choose whether users can create their own user API Keys. This prevents enthusiastic users from creating shadow IT processes that can waste storage and transfer usage, and helps administrators control who is using the API. By default, this setting prevents users from creating their own API keys. Site administrators should decide whether you wish to enable the feature for your users.

Learn more about managing API Keys.

A new site-wide setting lets you choose whether users can create their own SFTP (SSH) keys. This prevents enthusiastic users from creating shadow IT processes that can waste storage and transfer usage, and helps administrators control who is connecting via SFTP. By default, this setting prevents users from creating their own SSH keys. Site administrators should decide whether you wish to enable the feature for your users.

Learn more about managing API Keys.

Files.com offers numerous, secure methods for your users to authenticate, and we're constantly improving them with your feedback.

Files.com now supports FIDO2 security keys for two-factor authentication using hardware keys. There's nothing you need to do to enable this feature. Any users who wish to use a FIDO2 key will be able to associate it with their login, if your site supports using hardware keys for two-factor authentication.

Learn more about the support two-factor authentication methods.

A new setting for SSO providers allows you to choose two-factor authentication (2FA) requirements for provisioned users. You can choose to use the site-wide 2FA setting, or always require two-factor authentication, or never require two-factor authentication.

This is helpful if you have an SSO provider being used for a subset of your users, who would have different 2fa requirements from the bulk of your users. For example, let's imagine your internal users sign in with an SSO provider and you want them to always use 2FA, but you also have many external contacts who do not use an SSO provider and may not have 2FA options available. You can set your sitewide setting to not require 2FA, then update your SSO provisioning settings to require 2FA. With this approach, you have only 2 settings to update, rather than constantly updating individual users's settings.

Learn more about provisioning users and configuring SSO.

The User Request feature allows a streamlined service for individual to request user credentials to your site, providing some of their demographic information directly. The form for capturing a user request has been updated to include the optional Company field; which is helpful when onboarding a user, especially when their email domain does not match their associated company. No action is required to enable or view this field on User Requests.

Learn about creating users with requests.

The information about a user now includes their 2FA methods, and whether 2FA is bypassed for FTP/SFTP/WebDAV. Site administrators can more easily track how your users' 2FA is configured. This new info is supported by the CLI and our official SDKs, and is also displayed within the web interface.

Learn more about two-factor authentication.

Files.com provides customization features so your site is consistent with your brand identity.

Your files.com site supports changing the site's logo for different folders, allowing your site to seamlessly support multiple brands. Site administrators have always had access to set a logo for a folder, and now users who are folder admins can also update the logo in a folder's settings.

Learn more about per-folder logos as well as other folder settings available to folder admins.

Updates to official Files.com client applications, including our Desktop App, Mobile app and CLI App.

You can use the command-line interface app (CLI) to synchronize files between a local folder and a remote folder. Using the --times flag allows to choose whether to preserve the created and modified timestamps (--times=true) during the transfer or allow the transferred files to reflect the current date and time (--times=false). If you have an existing CLI script that uses the --times flag, that behavior will continue working as before (it will preserve timestamps)

Learn more about using CLI to synchronize files.

The Files.com web interface receives a lot of attention to make it accessible, attractive and efficient.

By popular demand, our web interface has been updated to display your site's dedicated IP addresses on the settings page for your Custom Domain. We are always working to make settings and information available where you already want to look for them. No action is needed to enable this update, and your site's dedicated IP addresses are also still available on the Firewall page of the web application.

Learn how to enable dedicated IP addresses for your site.

Our navigation menu has been updated with better font size and spacing to make the menu easier to read and use. We've also added more consistent page titles and clickable breadcrumb links throughout the application. Remember, as usual, you can always search for things like File/Folder names or specific settings you are looking for by using the search bar.

No action is required for the update, but we're hoping you subconsciously noticed that something got better.

Improvements to our official developer documentation and SDKs.

The developer documentation for the Files.com API lists all of the valid combinations available for filtering or sorting lists of records. This speeds up development time for users of the official Files.com SDKs.

See it in action in our developer documentation.

The dependencies for the official Files.com .NET SDK have been updated to address security warnings. If you're using the .NET SDK, you should upgrade to the latest version.

Check out the .NET SDK on Github.

The Copy File/Folder and Move File/Folder operations accept an optional overwrite parameter. When the overwrite parameter is true, the operation will perform an overwrite. This is available in all of our official SDKs as well as the Command-Line Interface (CLI).

See the updated API documentation.