What's New

April 2024

April 2024 brought major improvements to the On-Premise Agent.

Configurable Agent Restrictions

You can specify custom permissions and a root folder for the On-Premise Agent to restrict the access provided to users through Files.com.

Site administrators can review the configuration options available and update existing agent installations to the latest version to take advantage of the new options.

Learn about updating your On-Premise Agent.

Network Port Changes for Agent

The On-Premise Agent now uses a single outbound network port, port 8801. Rather than waiting for a connection from the Files.com platform, the Agent initiates connections to Files.com using the general pool of Files.com IP addresses. Make sure outbound connections to these IP addresses on port 8801 are allowed through your firewall.

Learn how to securely connect your own storage to Files.com using the Agent.

Minor Updates

We also shipped many other platform improvements this month.

AS2 MDN Validation Level Settings

The MDN (Message Disposition Notification) notifies the sender that the transmission was successful and the data received hasn't been altered, using digital signatures for validation. Some AS2 partners sign MDNs with x509 certificates that have incompatible purpose settings, causing a valid MDN to be rejected even though the signing certificate matched what was expected. This adds overhead with no security benefit.

To prevent unnecessary rejections, we've added an MDN Validation Level setting to your AS2 trading partner configuration, which defaults to the most permissive setting. Site administrators can update the MDN Validation Level for any trading partner.

Learn more about configuring the MDN Validation Level.

AS2 Content-Type Header

The AS2 Content-Type Header has changed to application/pkcs7-signature to meet requirements for partners that strictly comply with AS2's RFC 4130. No action is required to enable this change.

AS2 Error Handling

When a folder can't be transferred due to folder settings on the AS2 folder, such as a setting that restricts the names of uploaded folders, the errors now appear in your AS2 logs. This helps you troubleshoot problems receiving AS2 data. No action is required to enable the improved logging.

Learn more about troubleshooting AS2.

Allow Weak Diffie Hellman Parameters for SFTP

We've added a new setting to explicitly enable weak Diffie Hellman ciphers for SFTP. Certain legacy or broken SSH and MFT clients implemented those ciphers incorrectly. Rather than allowing all insecure ciphers, you can make an exception for this specific option while still requiring the most secure, modern ciphers.

This setting is disabled by default. Enable it only if you need to support an extremely outdated SFTP client.

Learn more about managing the ciphers used for SFTP.

Improved Error Messaging for Unverified SharePoint Domains

To connect as a remote server, your SharePoint site must use a verified domain. Microsoft requires this as part of their security framework. When you attempt to connect an unverified SharePoint domain, you'll now receive a more explicit error message about the domain problem, which you can resolve by following Microsoft's instructions.

Learn more about using SharePoint as a Remote Server.

New Option to Overwrite Existing Files in Copy File Automations

Copy File automations let you optionally overwrite files when they already exist at the destination. The previous setting forced overwrites of destination files with the same name but different sizes. The new setting lets your automation always overwrite destination files, even when they're the same size. Review your existing Copy File automations to determine if enabling this setting is right for you, and be aware it can increase data transfer usage.

Learn more about using Copy File automations.

Specify the Time Zone for Date-Time Placeholders

For Create Folder, Copy File, and Move File automations, you can define a destination folder with a dynamic name reflecting the time the automation was run. A new setting lets you specify the time zone used for calculating any date or time wildcards in your destination folder. If no time zone is selected, UTC is used.

Administrators can review existing automations to determine if a different time zone is appropriate for this setting.

Learn more about customizing destination filenames in automations.

Improved Error Logging For Failed Remote Connections

When an Automation fails to perform an action on a remote server mount, the Automation Run Log now includes the destination path that couldn't be accessed. This makes it simpler to track down specific files that need attention. No action is required to enable the logging.

Automations that transfer files between remote servers now include better error messaging in the Automation Run Log whenever there's a connection problem with one of the remote servers. This makes it easier to identify which remote server needs attention.

Learn more about troubleshooting Automations.

Include Patterns and Exclude Patterns for Sync

The Sync feature lets you push or pull files to or from remote servers. You now have two new options to limit which files are transferred, guarding against mistakenly syncing a file that doesn't belong in the source system.

To target specific files, add Include Patterns to your sync configuration. To prevent specific files from being transferred, add Exclude Patterns. Exclude Patterns take precedence over Include Patterns: if a file matches both, it won't be synced.

If you're currently relying on a sync to feed files to a system that doesn't gracefully handle unexpected inputs, consider adding Include Patterns or Exclude Patterns to prevent future problems.

Learn more about using Sync.

Date and Time Options For Automatically Creating Subfolders

Inboxes and Share Links that allow uploading can be configured to automatically organize those uploads into subfolders. You can now use date and time wildcards to create destination folder names that reflect when the upload happened, and pick a specific time zone for calculating the folder name. If you don't select a time zone, UTC is used.

Learn more about automatically organizing Inbox uploads or Share Link uploads.

A user's permissions to a folder may be non-recursive, meaning they can act on items in that folder but not in any subfolders. When a user with non-recursive rights shares a folder in a Share Link, the link also has non-recursive access. The Share Link's contents now explicitly call this out to indicate that subfolders aren't included. No action is required to enable this feature.

Learn more about user permissions.

Improved Visitor Experience With Lengthy Clickwraps

Clickwraps let you define terms of service for web visitors, and they can get long. We've improved the display of long Clickwrap text so visitors can read all of it without scrolling a very long page before completing their registration. If you're not currently using Clickwraps with your Share Links or Inboxes, it's a good time to try them out.

Learn more about Clickwraps.

Preview Text-Based Files Within Your Site

In addition to previewing images and office documents, you can now preview plain text file types, with quality-of-life improvements for structured data files, Markdown, and source code files. No action is required to enable this feature; it's already enabled for all sites.

Learn more about previewing text files.

IP Whitelisting for Groups

In addition to site-wide IP whitelists and user-specific IP whitelists, you can now define lists of acceptable IP addresses for user groups. This helps when several users connect from the same physical network: rather than maintaining user-specific IP lists, add the IPs to a group and assign the users to that group.

Learn more about assigning IP addresses to groups.

Manage Protocol Access for Groups

In addition to site-wide settings for disabling FTP, SFTP, and WebDAV and the user-specific settings for each protocol, you can now define which protocols a group can access. This simplifies user creation when you need to allow a specific protocol for only a few users. A new site-wide setting also lets you assign protocol access exclusively through groups. With that setting disabled, users can connect using protocols enabled on their user account or on any of their groups, as long as the protocol isn't disabled site-wide.

Site administrators can decide whether enabling group-only protocol assignment makes sense for your organization.

Learn more about allowing group protocol access.

Auto-Decryption Ignore MDC Integrity Check

The settings for automatically decrypting files in a folder now include an option to Ignore MDC Integrity Check. By default, this setting is enabled (MDC integrity errors are ignored) so that files encrypted with older versions of PGP and GPG (version 6 and earlier) can still be decrypted. We chose this default to support existing workflows; no action is needed.

Learn more about automatically encrypting and decrypting files.

Enabling User API Key Creation

A new site-wide setting lets you choose whether users can create their own user API Keys. This prevents enthusiastic users from creating shadow IT processes that waste storage and transfer usage, and helps administrators control who is using the API. By default, this setting prevents users from creating their own API keys. Site administrators can decide whether to enable the feature for your users.

Learn more about managing API Keys.

Enabling User SSH Key Creation

A new site-wide setting lets you choose whether users can create their own SFTP (SSH) keys. This prevents enthusiastic users from creating shadow IT processes that waste storage and transfer usage, and helps administrators control who is connecting via SFTP. By default, this setting prevents users from creating their own SSH keys. Site administrators can decide whether to enable the feature for your users.

Learn more about managing API Keys.

Support for FIDO2 Security Keys

Files.com now supports FIDO2 security keys for two-factor authentication using hardware keys. There's nothing you need to do to enable this feature. Any user who wants to use a FIDO2 key can associate it with their login, provided your site supports hardware keys for two-factor authentication.

Learn more about supported two-factor authentication methods.

SAML Setting for 2FA Requirement

A new setting for SSO providers lets you choose two-factor authentication (2FA) requirements for provisioned users. You can use the site-wide 2FA setting, always require 2FA, or never require 2FA.

This helps when an SSO provider serves a subset of your users with different 2FA requirements from the rest. For example, your internal users sign in with an SSO provider and you want them to always use 2FA, but you also have many external contacts who don't use the SSO provider and may not have 2FA options available. Set your site-wide setting to not require 2FA, then update your SSO provisioning settings to require it. You now have two settings to update instead of constantly updating individual users' settings.

Learn more about provisioning users and configuring SSO.

User Requests Company Field

The User Request feature offers a streamlined way for individuals to request user credentials to your site, providing some of their demographic information directly. The user request form now includes an optional Company field, which helps when onboarding a user whose email domain doesn't match their associated company. No action is required to enable or view this field on User Requests.

Learn about creating users with requests.

User 2FA Information

User information now includes the user's 2FA methods and whether 2FA is bypassed for FTP, SFTP, or WebDAV. Site administrators can more easily track how user 2FA is configured. This new information is supported by the CLI and our official SDKs, and is also displayed within the web interface.

Learn more about two-factor authentication.

Folder Admins Can Set Per-Folder Logos

Your Files.com site supports changing the site's logo for different folders, letting your site support multiple brands. Site administrators have always been able to set a logo for a folder, and now folder admins can also update the logo in a folder's settings.

Learn more about per-folder logos as well as other folder settings available to folder admins.

CLI App Preserve Timestamps During Sync

You can use the command-line interface app (CLI) to synchronize files between a local folder and a remote folder. The --times flag controls whether to preserve the created and modified timestamps (--times=true) during the transfer, or to let the transferred files reflect the current date and time (--times=false). Existing CLI scripts that use the --times flag continue to work as before, preserving timestamps.

Learn more about using CLI to synchronize files.

Dedicated IP Addresses More Visible

By popular demand, the web interface now displays your site's dedicated IP addresses on the settings page for your Custom Domain. No action is needed to enable this update, and your site's dedicated IP addresses are still also available on the Firewall page of the web application.

Learn how to enable dedicated IP addresses for your site.

Documentation Lists Allowed Sort and Filter Combinations

The developer documentation for the Files.com API lists all of the valid combinations available for filtering or sorting lists of records. This speeds up development time for users of the official Files.com SDKs.

See it in action in our developer documentation.

.NET SDK Dependencies Updated

The dependencies for the official Files.com .NET SDK have been updated to address security warnings. If you're using the .NET SDK, upgrade to the latest version.

Check out the .NET SDK on Github.

Move File and Copy File Overwrite Flag

The Copy File/Folder and Move File/Folder operations accept an optional overwrite parameter. When the overwrite parameter is true, the operation performs an overwrite. This is available in all of our official SDKs as well as the Command-Line Interface (CLI).

See the updated API documentation.

April 2024

Get The File Orchestration Platform Today