The following lists updates to the Syncplicity On-Premises Storage Connector.
Connector servers should be up-to-date with the latest operating system version (OS version) and kernel patches. The following table provides the recommended OS versions for the latest releases of Storage Connector:
Storage Connector OVA version
|126.96.36.199 - 188.8.131.52||CentOS 7.9|
|184.108.40.206 - 220.127.116.11||CentOS 7.7|
Storage Connector 3.4.0
- Introduced improvements stabilizing the transfer of large files (up to 40 GB) via Syncplicity DataHub.
- Added an exception to be returned in cases where duplicate keys are present in the
- Updated libraries to their latest versions.
- Security updates and bug fixes.
Storage Connector 3.3.4
- Security updates and bug fixes, including log4j update to latest version.
Storage Connector 3.3.3
- Fixed a defect causing issues on Desktop clients in case download is prohibited by DLP or Antivirus policy.
Storage Connector 3.3.2
- Improved cleanup performance
- Resolved an issue in 3.x connector versions that may sometimes prevent Storage Connector from cleaning up deleted files.
- Fixed a defect preventing users from accessing SyncRM-protected files in case connector cache has expired.
Storage Connector 3.3.1
- Improved behavior when
fsis set as
- Prevents file corruption during download, when
fsmount point is unresponsive (e.g. due to networking issues)
- Read timeout is now configurable via the
syncplicity.storage.fs.fsTimeoutproperty. See Storage Connector configuration parameters for more information.
- Improved error messaging when mount is full
- Prevents reading and writing files to local storage when the NFS mount has unmounted due to network connectivity issues
- Raises an error in case the mount point is lost and prevents chunks being written in such cases
- Prevents file corruption during download, when
- Latest OS security updates and patches
- Fixed an issue preventing integration with SecureTransport in case IP restriction is enabled
- Additional minor fixes
Storage Connector 3.3.0
- This new version of Storage Connector is required in order for Bulk Download of multiple files and folders feature to be supported for the On-Premise Storage Connector. More details how to configure the feature can be found here: Configure On-Premise StorageVaults for downloading files and folders in bulk
- Improved resilience: instead of exiting and requiring manual restart:
- in case of connectivity issue to the storage during start up the connector will now restart automatically
- in case the connection to the orchestration is lost, Storage connector will return 503 error until connectivity is restored
- Proxy settings are now added to the default config file (syncp-storage.yml)
- Added few more cleanup-related metrics. Please check Storage Connector health metrics definitions for more details
- Improved error logging in case SyncRM not configured properly on the Storage Connector
- CentOS upgraded to 7.8 with latest security patches
- Storage Connector 3.2.x wasn't properly limiting the incoming requests, which can result in instability during high load times. This is now fixed in 3.3.0.
- Fixed an issue preventing the proper upgrade of 2.x Connectors running in SSL mode.
- Fixed the following cleanup-related issues:
- 3.2.x connectors were not able to run more than 2-3 cleanup threads in parallel. This is now fixed in 3.3.0
- Fixed an issue that was preventing cleanup of SyncRM files in case of Atmos Storage type
- Fixed an issue that was sometimes preventing cleanup of SyncRM protected files form the IRM storage
- Fixed few more cases where filenames were not obfuscated in Storage Connector logs.
Storage Connector 3.2.5
- Changed default configuration file:
- Turned off Secure credentials and keystore usage by default, until documentation for the feature is prepared for on-prem customers.
Storage Connector 3.2.4
- Fixed an issue related to play/pause/seek of video files via web browser and mobile apps.
- Fixed an issue preventing Storage Connector from starting up in case the Syncplicity Rights Management configuration is not accessible.
- Added configuration migration during upgrade in case the connector is configured for Google Cloud Storage.
- Changed default configuration file:
- Added EU privacy region settings.
Storage Connector 3.2.3
- Fixed OVA disk size to be 50GB (issue was introduced in 3.2.1)
- Fixed compatibility issue of the OVA to be compatible with ESXi 6.0, 6.5 and 6.7 version (issue was detected in 3.2.1)
- Minor logging improvement related to health metrics.
- Added new configuration setting to enable file name obfuscation in Storage Connector logs
- Fixed an issue preventing DataHub from uploading new files.
OVA OS version: CentOS 7.6
Enhancements and fixes
- Performance enhancements tо support up to 300 concurrent upload or download requests.
The configuration file format changes from HOCOON to YAML due to technology shift from Scala/Play to Java.
To ensure a seamless upgrade from previous Storage Connector versions, this release provides a utility for automated migration of customer configuration.
The format of the
logger.xmlfile changes with this release. If custom settings are saved in
logger.xml, the must be reapplied after the upgrade.
- Added support for Secure credentials.
syncp-storage-https-configuration.pyfile is decommissioned.
During our extensive testing, the following known issues were discovered:
- Issue with proxy authentication.
- Google storage config properties are not migrated during upgrade; therefore, the configuration must be migrated manually. This issue to be fixed in in the next connector version.
- After upgrade to Storage Connector 3.2 the upload from customer-developed client application fails with 500 Internal Server Error: IO.
- Logging does not work after upgrade to Storage Connector 3.2 or newer.
- Storage Connector 3.2 or newer fails to start up and the log file contains a message related to parsing a block mapping.
- Storage access tokens do not expire if accessTokenTTL is set to zero.
- Not able to upload or download files on Storage Connector 3.2, "The bucket is in this region:<AWS region>".
- The changes in this hotfix release enable support for Outlook Universal add-in version 10.4.0.
- Added “Range” header name to the default exposed CORS headers list to enable the Syncplicity Outlook Universal add-in to resume chunked file uploads. If your Storage Connector is configured with a custom exposed CORS headers list using the setting “syncplicity.ws.corsexposeheaders” in the Storage Connector configuration file, the new "Range" header has to be added to this list by the system administrator when upgrading from version 18.104.22.168 to 22.214.171.124. For more information about editing this file, please see Configure the Storage Connector.
- Introduced support for Google Cloud Storage. All Enterprise Edition customers can now create their privately managed Syncplicity StorageVaults in Google Cloud Storage with the 126.96.36.199 release of the Storage Connector. For more details, see Deploying Storage Connector in Azure or Google Cloud Storage.
- Fixed several defects related to the SVA feature Storage Token TTL, and added support for Outlook Universal add-in. The nature of these fixes requires that this release (188.8.131.52) is the minimum version to support the Storage Token TTL feature. To enable Storage Token TTL you must upgrade your Storage Connectors to version 184.108.40.206 or later and upgrade all of the Syncplicity clients (mobile, desktop) to the minimum supported version. You can find more information about this feature in the Syncplicity StorageVault with Authentication Configuration Guide.
- Added a new configuration parameter “syncplicity.ws.corsexposeheaders” to provide the option to change the default list of CORS headers in the "Access-Control-Expose-Headers" header.
- Introduced support for controlling the TTL (time-to-live) for the Storage Token used when authenticating a user to a StorageVault with SVA (StorageVault Authentication), for increased security. The SVA Storage Token can be refreshed before it expires up to the maximum refresh time, after which the user must re-authenticate to the StorageVault with SVA. Both the SVA Storage Token TTL and Max Refresh durations are set for the entire StorageVault with SVA and are configurable in the /etc/syncp-storage/syncp-storage.conf file. Further details about the Storage Token TTL feature are in the Syncplicity StorageVault with Authentication Configuration Guide . For access to this guide, contact Syncplicity Support.
- Introduced the v3 API for the Syncplicity Storage Connector. This new version of the API supports the new SVA Storage Token TTL feature. Log into the Syncplicity Developer Portal for the updated API documentation coming in Q4 2018 at https://developer.syncplicity.com .
- Resolved an issue where the Storage Connector would report reaching the maximum concurrent request limit incorrectly. The changes in this hotfix release improve the performance of the Storage Connector when operating under heavy loads.
- Introduced support for a new feature offering called Customer Managed Keys, which integrates the Storage Connector with an on-premises HSM (Hardware Security Module) to enable customers to manage the encryption keys used to encrypt their Syncplicity files in their onpremises StorageVault. In this release, we have verified compatibility with Thales nShield Connect XC and Gemalto SafeNet Luna Network HSM 7. Contact Syncplicity Support if you are interested in further information about this new feature.
- For enhanced security, we have increased the length of the default Syncplicity encryption keys from 128-bits to 256-bits.
- Applied the Linux kernel patches to address the Meltdown and Spectre vulnerabilities as reported under CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. For more details see:
- Added support for SVA emails to use the custom email banner if setup in the Company Settings.
- Added “Content-Range” header name to the allowed CORS headers list to enable the Syncplicity Outlook Universal add-in to upload files in chunks.
- Added a new configuration parameter “syncplicity.ws.corsheaders” to provide the option to configure the list of CORS headers.
- Added the following JVM options to enable better debugging and improved memory management on the Storage Connector node.
-XX:MetaspaceSize=320 -XX:MaxMetaspaceSize=320m -XX:+UseCompressedOops
- Disabled VMware Tools time synchronization since the Storage Connector users chrony for time synchronization.
- Migrated from init.d to system.d for the syncp-storage service initialization and management.
- Improved the comments in the /etc/syncp-storage/syncp-storage.conf file regarding storage type “fs” to give better guidance on how to configure NFS mounted storage. Also improved the setup instructions in the following article regarding configuration of the Storage Connector:
Configure the Storage Connector
- Fixed an issue causing the creation of shared links for an SVA-enabled StorageVault to fail.
- Support added to enable the Syncplicity Outlook Universal to access files stored on SVA-enabled StorageVaults.
- Support was added to pass through messages from Syncplicity Orchestration to the client to support data loss prevention (DLP) access policies. The returned message is 403 Prohibited by DLP Policy.
- Support was added to pass through messages from Syncplicity API Gateway to custom apps to inform the app when it has exceeded the API threshold. The returned message is 429 Too many requests.
- Fixed Support case where chunked uploads from a Syncplicity client failed when a chunk was removed from storage. This issue was tracked by the following errors in the storage connector logs:
Orchestration request: Webservice Exception: Not Found (Service: Amazon S3;Status Code: 404; Error Code: 404 Not Found; Request ID: ******************* ******)
com.amazonaws.services.s3.model.AmazonS3Exception: Not Found (Service: Amazon S3; Status Code: 404; Error Code: 404 Not Found; Request ID: ***** ********************)
- Fixed Support case to change the following storage connector log message from INFO to ERROR. The message occurs when a Syncplicity client does not properly authorize with the SAML IDP:
End Request 400 Missing Argument: Syncplicity-Storage-Authorization
End Request 400 Missing Argument: Storage Authorization or cookie
OVA OS version: CentOS 7.3
Fixed Support case to include the nfs-utils package in the OVA. Some NFS mounts were failing without this package installed.
- This release of the Storage Connector is available as an Open Virtualization Archive (OVA) file only. To deploy the OVA in your datacenter refer to Install the On-Premise Storage Connector . If you are upgrading from a previous version of Storage Connector, and want to preserve the settings from your current Storage Connector nodes before you decommission them, refer to Configure the Storage Connector .
- Added support for CentOS 7.3. The underlying CentOS operating system in the OVA distribution of the Storage Connector has been upgraded to CentOS 7.3.
- Updated to the latest versions of the Java SDK to address the CentOS critical Errata and Security Advisory 2017:0180.
- Fixed an issue during a yum upgrade of the OS whereby the symlinks to Java are broken, causing the Storage Connector to encounter errors and fail to start up.
- The default log level was changed from DEBUG to INFO. The log level can be changed by editing the /etc/syncp-storage/logger.xml file and changing the following setting:
<logger name="application" level="INFO" />
- Fixed an issue causing the creation of shared links for an SVA-enabled StorageVault to fail.
- Default log level set to INFO for fresh installs of the Storage Connector.
- Introduced support for 3rd party applications integrated with the Syncplicity API Gateway to now POST requests using the AppKey and As-User headers.
- Enhanced the /v2/files Storage Connector API to support upload requests without multipartForm data required (now an optional parameter), thereby supporting the new background sync feature in the Syncplicity iOS mobile application.
- Fixed an issue with NFS-mounted storage. In some rare cases a file system can, by default, create new directories requested by the Storage Connector as read-only, which prevents the Storage Connector from writing file data to these directories. This results in one or both of the following error messages in the Storage Connector logfile:
End Request 500 Internal Server Error: Backend Storage Error
(Permission denied) java.io.FileNotFoundException:To address this the Storage Connector now sets an explicit write permission to newly created folders and file chunks.
- Addressed a security vulnerability related to StorageVault Authentication (SVA). Added the ability to whitelist domains for SVA SSO authentication.
- Introduced support for the European Union (EU) PrivacyRegion, which allows on-premises customers to deploy Storage Connector in any public or private cloud anywhere in the world and configure it to process file storage for companies that are in the EU. Note that a Storage Connector can only be configured to communicate with one PrivacyRegion. For instructions on configuring the Storage Connector for EU PrivacyRegion see Syncplicity Support Article, Deploy the Syncplicity On-Premise Storage Connector .
- Upgraded the underlying CentOS operating system kernel version to kernel-2.6.32642.11.1.el6.x86_64 in order to address a known vulnerability (CVE-2016-5195). See:
- Upgraded to the latest OpenJDK version (java-1.8.0-openjdk-220.127.116.11-0.b15.el6_8.x86_64) to address a known vulnerability (CESA-2016:2079).
- Changed the default log retention setting from 30 days to 7 days. This can be changed by the system administrator by editing the /etc/syncp-storage/logger.xml file and changing the following value:
- To improve the hardening of the Storage Connector and host OS, the use of self-signed SSL certificates on the Storage Connector node is no longer supported.
- Improved the error message emitted to the Storage Connector log when the NFS mounted storage runs out of space and uploads start failing. Previously and under certain scenarios, if a file upload failed due to lack of space on the NFS mounted storage, the only error message logged would be
Upload Generic error java.io.IOException: No such file or directory
In this release the following error message is now logged:
Upload Generic error com.syncplicity.storage.client.StorageException:
No space left on device /mnt/my_file/data/806/a9
- Introducing support for Syncplicity Storage Connector compatibility with Microsoft Azure Compute and Blob Storage. With this integration Azure customers can:
- Provision CentOS-based virtual machines such as the Standard A4 size, using Azure’s native Virtual Machine provisioning tools.
- Deploy the Storage Connector software package on these servers in an .rpm format.
- Configure connectivity between your Storage Connector and your Azure Blob storage account.
- Run the Syncplicity Storage Validation Tool after deployment to confirm proper connectivity to both Syncplicity Orchestration and your Azure Blob storage account.
- Achieve performance benchmarks that are comparable to the benchmarks for other supported hypervisors such as AWS EC2 and VMware ESX.
- Documented the expected format of the Storage Connector Log files for messages of type INFO, WARN and ERROR. For customers who chose to consume Storage Connector Logs for operational or investigative purposes, the formatting in the logs has been updated and published in an article found on the Syncplicity Support site.
- Updated the layout of the default configuration file for the Storage Connector that is found in /etc/syncp-storage/syncp-storage.conf. The file now includes clearer references to the supported storage types, and clearer illustrations of the default values needed to connect to each storage type.
- Changed the default behavior of the Storage Connector remote version query utility. Previously, the default behavior allowed the version of any running Connector to be remotely queried from any browser using the URL of the Connector, suffixed with a /version string. If the connector is online the query would return the version number of the responding Connector. The utility is intended to help with connectivity troubleshooting and with run-time monitoring in a multiconnector environment to ensure all Storage Connectors run a common version. Now the utility is disabled by default to prevent revealing unnecessary detail. If needed an administrator can reenable the utility after an install. To enable the /version API, on each Storage Connector node add the following line to the /etc/syncp-storage/syncp-storage.conf file:
syncplicity.versionPage.enabled = true
- To improve security for the default, lead-on password for the syncp user has been hardened. The minimum password complexity requirements have been enhanced as follows:
- Passwords must have at least 14 characters
- Passwords must use at least one of each of the four available character types: lowercase letters, uppercase letters, numbers, and symbols
- Passwords cannot reuse the last 5 passwords
- Passwords must contain at least 5 characters different from the previous password
- Increased Storage Connector scaling to support 150 concurrent requests with no configuration changes needed from the customer. Support for proxy configurations for Syncplicity Shared Files in a deployment where the Storage Connector is deployed on-prem and the RMS server is hosted in the cloud at rms.syncplicity.com. Previously, when deploying in this configuration when an administrator used the “test” tool from the Admin console all traffic requests would fail.
- Updated documentation for Storage Connector health monitoring capabilities. See the For IT > Storage vaults > Monitoring storage vaults section of Syncplicity Support site
- Upgraded the Java JDK to resolve 5 vulnerabilities. See:
- Upgraded the underlying CentOS operating system version in this release to CentOS 6.8 to address a set of vulnerabilities (2 with High Severity, 4 with Low severity)
NOTE: The Storage Connector .ova deploys with its own instance of CentOS. This means that if your Storage Connectors have been deployed using the .ova install method in vSphere ESX your version of CentOS is vulnerable since it contains a prior release of CentOS perhaps as old as v6.4 depending on the .ova version you first deployed. Incremental RPM updates do not include changes to the underlying OS.
If you have deployed your Storage Connectors in another hypervisor such as EC2 via the CentOSami approach, the operating system in these Storage Connectors may also be exposed depending on which ami you originally chose.
Therefore, to remediate these issues and upgrade to Centos6.8 there are two approaches:
- If you use vSphere ESX, you can deploy a net-new Storage Connector .ova running version 18.104.22.168 for each of your existing deployed Connectors. After doing so you can decommission them.
- If you use vSphere ESX and cannot deploy new ova images, or if you have deployed using the ami approach, you can upgrade the underlying CentOS following the yum update process.
Details on the vulnerabilities can be found here: OpenSSL Security Advisory [3rd May 2016]
CVE and Severity:
CVE-2016-2108 [High severity]
CVE-2016-2107 [High severity]
CVE-2016-2105 [Low severity]
CVE-2016-2106 [Low severity]
CVE-2016-2109 [Low severity]
CVE-2016-2176 [Low severity]
- Introducing new Storage Connector health monitoring capabilities. With this release, you can:
- Configure the Storage Connector to emit health metrics for your consumption. Setup instructions are offered for two common operation monitoring tools (Graphite and Splunk).
- Monitor key metrics to detect performance issues or make decisions to scale your environment to meet demand.
- Respond to events when health issues are detected.
- Added support for proxies that can be used by Storage Connectors that require a proxy outbound to access http://health.syncplicity.com/
- Added versioning for the Syncplicity Storage Connector Validation Tool. For more details about the tool and its use cases, see:
Storage Connector Validation Tool
- Added support for an On-Behalf-Of API to assist with content migrations. This capability is currently in Controlled Release. Please contact your Customer Success or Support representative for details.
- Added support for internationalization of emails and messages generated by the Storage Connector.
- Added support for the latest CentOS security updates as of March, 2016.
- Resolved an issue with error handling from object storage systems using the S3 API such as EMC ECS or AWS S3 involving the ListBucketPolicy.
- Resolved a Linux security vulnerability in the glibc DNS library module. For more information about this announcement, please see the FAQ:
- Resolved an openSSL vulnerability defending against possible man-in-the-middle attack vectors. For more information about this announcement, please see:
- Resolved an issue with references to storage tokens in Connector log files. Any such references are now removed.
- Introducing the Storage Connector Validation Tool. A new free tool for Storage Connector Administrators to validate their server’s network dependencies. This release of the Tool validates the following conditions for each Storage Connector:
- Configuration with the Syncplicity Service.
- Connectivity to xml.syncplicity.com
- Connectivity to health.syncplicity.com
- Access to an SMTP server (if configured).
- Access to the Syncplicity API gateway (api.syncplicity.com) (if configured)
Future releases will enable other validation tests such as connectivity tests to back-end storage. Please see the For IT > Storage vaults > Monitoring storage vaults section of Syncplicity’s Support site for more details and documentation.
- Repaired an Out of Memory condition for large files viewed from browsers when files are hosted in the Syncplicity cloud. The new maximum file size for viewing is 100MB. Files larger than this will require downloading before viewing.
- Repaired vulnerabilities with latest CentOS patches for Java 7, Java 8, CSS, NSPR, NSS-UTL, NTP and OpenLDAP.
- Improved memory use for the Storage Connector. Customers deploying new on-prem connectors using 22.214.171.124 should experience better throughput when compared to that of earlier connectors with the same configuration. This is the result of increased memory utilization which also increases the number of concurrent connections supported.
- Properties and Bookmarks of pdf files that were shared using Secure Shared Files are corrupted.
- Repaired an issue involving the images generated when downloading of Secure Shared File protected documents.
- Improved NFS mount durability that prevents possible data loss when a mount point is unmounted and files write to local Storage Connector disk. Please see task 5a in the StorageVault Installation article:
Install the On-Premise Storage Connector
- Enhanced compatibility for EMC Elastic Cloud Storage (ECS) to support the newest SDK. This means that all ECS arrays running ECS v2.0, 2.1 and 2.2 are supported.
- Enhanced compatibility for AWS S3 to support the newest SDK which adds support for AWS Signature Version 4. This means that Storage Connectors can now be deployed in new AWS Availability Zones such as Frankfurt, Germany and Seoul, South Korea.
- Obfuscation of one type of Personally Identifiable Information (PII) (file names and file paths) from Storage Connector log files that are being parsed using Splunk. This means that the values are still written to the local log file, however, if the log is parsed by Splunk, the values will be obfuscated.
- Remediates a vulnerability relating to the Network Time Protocol (NTP) service to prevent certain low probability attacks. For details, please contact Syncplicity Support.
- Added support for processing the AppKey header to enable the content migration use case.
- Optimizes network bandwidth utilization between backend S3 Storage and Storage Connector.
- Security improvements and bug fixes
- Improvements to StorageVault with Authentication confirmation, resend confirmation, and reset password email templates
- Security Fixes
- Password complexity improvements
- Enforce change of default password
- Validation of time interval for SAML response to prevent re-use of token
- Prevention of wrapping of SAML response
- Improvements in Secure StorageVault Authentication email messaging for external recipients
- Fix for resuming of download of large files
- Bug fix in SSL framework for outbound proxy use case.
- Minimum resource requirement for the on-premises Storage Connector virtual appliance (OVA) has been updated to 8 CPU cores and 8 GB memory.
- Updated JRE to v1.8
- Updated SSL framework
- Bug fixes
Version 126.96.36.199 (OVA only)
The On-Premises Storage Connector OVA 188.8.131.52 is a hotfix release that fixes Ghost vulnerability (CVE-2015-0235) in the glibc library. The vulnerability can be exploited remotely to run arbitrary code on affected systems. For additional details please refer to the following:
Please use this updated OVA for any deployment. Alternatively, you can update glibc library in C entOS by running “yum update” command by following the steps below:
- Run ‘yum update’ in their terminal as super/root user.
- Once ‘yum update’ is run, the glibc security patches will be updated.
- After updating, the syncp-storage service must be restarted. Command for restarting is:
> service syncp-storage restart
- Verify the version of glibc and make sure it is version 2.12-1.149 or above by running the following command
> rpm –q glibc
You are all set.
- Support for OAuth 2.0 protocol for authentication
- Support for Syncplicity Web Preview feature
- In response to a set of Bash Shell vulnerabilities announced recently, we have updated the CentOS on Syncplicity On-Premises Storage Connector that provides fix for the following CentOS Security Advisories:
http://lists.centos.org/pipermail/centos - announce/2014 - September/020585.html
To get this update, you can download the OVA file for Syncplicity On-Premises Storage Connector version 184.108.40.206. However, if you are not planning on using the OVA file, follow the steps below:
- Run ‘yum update’ in their terminal as super/root user
- Once ‘yum update’ is run, the bash security patches will be updated
- After updating, the syncp-storage service must be restarted. Command for restarting is:
>service syncp-storage restart
- You can verify that the Bash Shell has been updated by running the following command and use the CentOS links above to check the required bash version:
>yum list | grep bash
You are all set!