Status FileSender 2.0, March 2015

A brief update on where we are with version 2.0.

The 1st security audit has been executed and the results were good.  No structural security issues were found.  All but one of the issues that were identified have been addressed.  The remaining issue is not difficult but requires some further investigtion to get it right.  For details read the blog article about the 1st security audit

The 2nd security audit is underway and a report is expected some weeks from now.

In addition to the work on the security audit results we’ve been testing and trying which again lead to discovering and fixing a number of smaller bugs.  Documentation is not progresing as fast as we’d like and it’s that lack of documentation which is keeping us from releasing an alpha tarball.

We’re working on planning the client-side workflow testing but it’s too early to be able to say anything useful about when this is expected to start.

Meanwhile both RENATER and UNINETT are planning to offer a “FileSender 2.0 beta service” to their users based on the current 2.0 code base, in the next couple of months.  That would be the start of larger scale field testing of version 2.0.

Are you curious to see what’s in version 2.0?  Interested in trying it out?

Do you want the 2.0 release to progress faster?  Help out with documenting!  Send me an email on jan dot meijer at uninett dot no.

Results 1st security audit of FileSender 2.0

FileSender software is entrusted with user’s files and hence needs to be secure.  To ensure an adequate level of security is achieved each major release of FileSender is subject to at least one code security audit.  While we don’t expect FileSender to hold out against a determined state-funded attacker we do expect the software to follow all publicly known security best current practices and have no “oops” security holes.

Using funding provided by HEAnet the FileSender project hired Pine Digital Security to execute a code security audit of the FileSender 2.0 development code.  The audit was executed on revision 3390 of the SVN branche branches/filesender-2.0 and done in the timeframe 12 January 2015 – 3 February 2015.  Pine sent the report with its findings on 3 February 2015.  The report was discussed on 4 February in a meeting between Jan Meijer (FileSender project lead), Etienne Meleard (FileSender development lead) and in a conference call between the two aforementioned and Daan Keuper from Pine Digital Security.

Based on these discussions an assessment was made of each of the identified issues and the appropriate response from the project decided.  The general impression was that the code improved significantly compared with version 1.6.  No structural security issues were found.

A total of 10 issues were identified.  Two of these were of type “oops” and were fixed without discussion.  Five were of type “defence in depth” and have been addressed.  Two items identified as a vulnerability are considered by the project as a feature. The last item considers insufficiently secure random number generation which is an issue for download URL protection.  This has been addressed.

We’ve documented the issues found, our assessment and response as well as our follow-up including ticket numbers.  You find all details in this document:

FileSender project’s response to the 1st security audit of FileSender 2.0

As I write this, a second and more extensive security audit funded by RENATER and executed by French security firm Amossys. This audit is expected to report at the end of March.  As part of the contract, any significant findings would be reported promptly.  After 2 weeks of audit no significant findings have been reported.

Are you curious to see what’s in version 2.0?  Interested in trying it out?

Do you want the 2.0 release to progress faster?  Help out with documenting!  Send me an email on jan dot meijer at uninett dot no.

filesender.org (Assembla) down 24 Febraury 2015

The FileSender project uses the Assembla project hosting service to host its documentation, code and tickets.  Assembla was down for 10 hours on 24 February 2015 and as a consequence both www.filesender.org and it’s redirection target https://www.assembla.com/spaces/file_sender/ were unavailable.

Assembla has published an outage report:

“for about 10 hours starting at 03:15 UTC on 24 February.  All services are restored with no data loss. – See more at http://blog.assembla.com/assembla-was-down-here-is-the-explanation

New systems do generate new problems, but sometimes also old and well-known problems 😉

Status FileSender 2.0, end of january 2015

In the previous blog post I wrote about version 2.0, its features and where we were at.  In this post you’ll get an update on the current status of 2.0 development.

The code is now considered feature-complete.  We now work on documenting, testing and providing the upgrade path.  Basic documentation (installation, configuration directives) is shaping up, others we still have to start with.  With a code base and database layout that’s changed as much as it did there’s quite some work to be done to make for a smooth migration from 1.6 to 2.0.  We work towards 1st March to have a version ready for field testing, which I expect to be called the 2.0-alpha version.  Please note this version will not have undergone extensive client side workflow testing.

The field testing both UNINETT and RENATER plan is to offer our end users a 2.0 test instance next to a production 1.x instance.  I understood from others they’re considering the same.

I’ve written it before: it takes quite some time to document and to verify the documentation is correct.  Any help will speed up the release.  If you’re interested in specific features like the API, built-in email bounce handling etc. let us know, you can help verify the basic documentation.  Send me an email at jan.meijer at uninett.no if you can spare a couple of hours.

Try it: https://terasender.uninett.no/branches/filesender-2.0

Install it: https://www.assembla.com/spaces/file_sender/wiki/Installation_-_Linux_Source_2-0-Alpha-from-svn

More detailed status:

  • Most of the configuration directive documentation is done.  It needs about one more day of work and then a double-check;
  • The Linux source installation documentation is done and will be updated as other documentation and the sample config file progresses;
  • For any major FileSender release an external code security audit will be done.  This time we’ll even have two.  The 1st review is being executed by Pine Security and paid for by the project.  It is underway as I write this, the report is expected next week.  The 2nd review will be executed by a French security firm under responsibility of and paid by RENATER as part of its internal process for taking 2.0 in production.  The RENATER review is expected to start latest in the 3rd week of February;
  • Next on our list are an administrator guide to various aspects (authentication, language configuration, customisation), upgrade documentation,API documentation, upgrade scripts, client side workflow testing, packaging and upgrade testing.  All this will keep us occupied at least throughout February and March.

That’s it for now, happy testing!

FileSender 2.0 status

Reading through past blog posts I realised that we informed a lot of people about our work on multi-file and FileSender 2.0 through personal face-to-face conversations on various conferences but we never wrote anything on our blog!  Time to fix that.

I’ll leave details of the  2.0 development history for another post; for now I’ll just say the French NREN (National Research and Educational Network) RENATER joined the development effort by contributing with person hours of developer  Etienne Meleard.  Etienne has taken the lead on development of FileSender 2.0, the multi-file release.

Much code has been refactored and rewritten since June.  We now have a 2.0 branch in our SVN repository which is approaching alpha-release state.   You can install it; the install documentation has been written, tested and should work for you.  Please note that it currently only works on MySQL; Postgres database initialisation support is expected to be implemented in the coming weeks.   A link to my own demo server is included below.

Feature highlights:

  • full multi-file support: upload, download, MyFiles, email receipts and automatic transaction deletion
  • drag & drop support
  • generalised user option mechanism.  Which options are available to a user is something a service provider can control from the config file
  • fine-grained control over email receipts through various options, including the option to send no email receipts
  • UI templating mechanism
  • REST API

Try it: https://terasender.uninett.no/branches/filesender-2.0

Install it: https://www.assembla.com/spaces/file_sender/wiki/Installation_-_Linux_Source_2-0-Alpha-from-svn

Plan towards 2.0 release: the code and feature set is mostly stable and we’re working towards a 2.0 alpha release, with sufficient documentation to install and use it. While I can’t give an exact date I have good reason to believe it’ll be there before christmas.  We’ll use that mile stone to start polishing on a beta release which typically includes a thorough feature review and Wendy Mason’s client-side workflow testing.

I do hope several sites will install the alpha release and make it available to a group of test users.  We will need the field-testing feedback to make progress.  If you want to be a part of field testing version 2.0 or its documentation contact me at jan.meijer@uninett.no.

We’re also keen on volunteers to help with documentation.  Every hour you can spare is one hour closer towards a 2.0 release!

 

 

 

FileSender 1.6 released!

We’re happy to announce the release of FileSender 1.6.  There are no code changes since 1.6-rc1.  All the documentation has been updated where needed.

Highlights for this release:

  • New: high speed upload module “terasender” tested with uploads up to 1 TB
  • New: auto-complete feature in the recipient (To:) field
  • New: configure switch to include (or not include) the recipient of a file on the download confirmation email the sender receives upon download of a file.  This reduces the amount of emails a recipient receives.
  • New: refactored MyFiles.  Less clutter and includes a counter of the number of downloads + downloaded date in the web UI.
  • New: support for optional Subject and Message in guest use voucher
  • New: support for multiple From: addresses from authentication source
  • New: support for configurable footer via language files
  • New language: Finnish
  • Other new features and several bug fixes

The upgrade notes from 1.5 to 1.6 contain the exact overview of the fixes and features.  Please read these upgrade notes when installing 1.6.  Pay particular attention to:

  • the new terasender feature is by default disabled.  Switch it on to benefit from high-speed uploads.  Several months of field-testing have not yielded any problems.
  • Change your logout URL as per the upgrade notes.  Your logout will be broken if you don’t.
  • You can now send less email to file recipients.  Be sure to set  ‘download_confirmation_to_downloader‘ to false if that’s what you want.

As usual you can get the software in two ways:

  • Manual download via the FileSender download page
  • For those of you using the Debian or RPM package repositories: the 1.6 packages are available in the testing repository.

We would like to thank you all for your patience and of course your input and contributions. A list of people and organisations that made this release candidate possible can be found at the acknowledgements page for version 1.6

Keep those patches, comments and translations and all other useful input coming!  We welcome feedback, preferably to the filesender-dev@filesender.org mailinglist.

With version 1.6 now released we will focus on the version 2.0 with multi-file support.

FileSender 1.6-release-candidate-1 released!

We’re happy to announce that FileSender 1.6-rc1 is now available for download and in the FileSender package repositories.  As per our release status and life cycle policy when a Release Candidate has been running on least two FileSender sites without error for a period of at least 1 week under meaningful use, this release candidate can be re-branded as a release.  We usually wait with this until also all documentation has been updated.  If anyone wants to volunteer to help with the documentation please drop me a line!

This release candidate contains a few fixes found during the beta1 cycle (thanks all for reporting!) including three security related fixes based on the security code review.

We encourage you to try this rc1 and most notably have a look at the ‘download pause/resume’ functionality that now should work for IE 11, FireFox and wget/curl.

Please note: the new terasender feature is now by default disabled when using the supplied config-dist.php template.

The changes and fixes since the previous 1.6-beta release (ticket numbers listed in parentheses) are:

  • Download pause/resume now possible with browsers supporting partial download (most notably Firefox, IE11, curl and wget)
  • ‘terasender’ default disabled in config-dist.php
  • Added IE10+ and Safari 6+ to supported browsers in HELP text for en, no and nl languages (#1063)
  • Security: also escape single quotes for externally supplied output (#1079)
  • Security: encode MMredirectURL in Flash detection code (#1078)
  • Security: strict type comparison in XSFR check (#1080)
  • ‘friendly name’ extraction fixed (#1068)
  • Various fixes and improvements in the partial download code (#1076)
  • chunked reading and buffering to prevent server side memory exhaustion with large range requests
  • more robust range request detection to make actual pause/resume possible

We would like to thank you all for your patience and of course your input and contributions. A list of people and organisations that made this release candidate possible can be found at the acknowledgements page for version 1.6

Keep those patches, comments and translations and all other useful input coming!  We welcome feedback, preferably to the filesender-dev@filesender.org mailinglist.