Skip to main content
Skip table of contents

Thru Server 9.10.8 Release Notes March 26 2024

Security Features

Multi-Factor Authentication via TOTP: Added support for Time-Based One-Time Passwords (TOTP) generated by various authenticator applications, including those from Google, Microsoft, Twilio, etc.
MFA mode is set per customer site via back-end on customer request. Available modes are SMS and TOTP.

Email Transfer Security: The file sharing server's email functionality now supports TLS-encrypted connections to target SMTP servers, enhancing the security of email transfer.

Access Control for API and Client Software: Implemented new granular access control measure through security group memberships. Groups can now be assigned specific Application IDs (API keys), enabling access rights for user accounts that belong to the group, to the site via selected API integrations, File Sharing application clients, or the Web portal. The feature offers flexible control over access methods, such as restricting or granting access through specific APIs, Web portals, or client applications.
Example: user member of a group may access the site via certain API integrations, but not via web portal or Thru Explorer. Alternatively, members of a user group may be granted access by a web portal, Outlook add-in and Thru Explorer but not via any APIs.
ApplicationIDs/API keys enabled per user group are set via back-end on customer request.

New REST API for Audit Capabilities: Enhanced the REST API with additional methods to retrieve detailed audit information on file transfers, user, and group activities. These enhancements are designed for integration with customer's Security Information and Event Management (SIEM) systems, providing advanced search filters for granular data retrieval. The following new calls are implemented, see File Sharing REST API documentation for details:


GET User Audit
GET UserGroup Audit
GET FileSystem Audit

Audit Record CSV Export: Audit records of file transfers, user, and group activities can now be exported in CSV format to support easy import into customer SIEM systems for further analysis.

Email Domain Whitelisting/Blacklisting to access Thru secure email: Introduced the ability to whitelist or blacklist email domains for recipients of Thru secure emails, enhancing email security. The lists are checked during recipient authentication or registration processes required to access Thru secure email.

The lists are mutually exclusive, either whitelist or blacklist can be enabled, and are managed in File Sharing Administration section, page Site Options, tab Messaging:

91184aab-5c28-4e65-b0ba-2a9b6bd2ccf7.png

Control Over Public File Link Creation: Implemented access controls for the creation of publicly available file sharing links. Administrators can now enforce policies to only allow link creation that requires user authentication.

The toggle is located in File Sharing Administration section, page Site Options, tab Access:

ab4b4fce-1b36-46b4-a24c-f3847f510476.png

Centralized Shared Link Management: Site administrators can now manage shared links for all users of the site.

ecf9dae6-a9f1-41d6-8acf-9654a2603eb0 (1).png

Integration Features

  1. Integration with External Email Servers: The FS server now has the capability to send emails via any external SMTP server, including those maintained by customers, such as corporate SMTP servers.
    Connection is configured via back-end on customer request.

  2. New Group Membership Management API: REST and SOAP APIs are extended with the new methods to manage user account membership in the user groups, a component of access control. The following methods are added, See REST and SOAP APIs for details.

    1. REST

      1. POST User - adds a user to a group

      2. DELETE User - deletes a user from the group

      3. GET Users - lists all users in a group

    2. SOAP

      1. UserGroupDeleteUser

      2. UserGroupAddUser

User Experience

Redesigned User Interface: User Interface palette and icons are redesigned to align with the general branding guidelines of Thru MFT platform:

033e5532-3d71-4ba8-92d5-33ca1823e8e2.png

Administrator Dashboard Update: Administrator dashboard now includes a summary of egress traffic from the file sharing site for both current and previous month.

b5908992-4211-4368-ad30-7413c41770a5.png

Enhancements

  1. Web portal Security Enhancements: Multiple security enhancements have been implemented, adhering to the OWASP standards and incorporating findings from vulnerability scanning.

  2. Antivirus Scanning Customization: Expanded antivirus scanning flexibility via settings to exclude files based on maximum size limits or specific file extensions to provide more control over scanning processes. Scanning settings are configured via back-end on customer request.

  3. Thru Dropbox security : Update of Thru Dropbox feature blocks file uploads with an empty subject field.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close