We are pleased to announce that Server Backup Manager 5.8.1 is now available. This hotfix release addresses two security vulnerabilities in the product, including the recently discovered SSL POODLE exploit.
In case you missed it, the Web erupted two weeks ago with the news that a major vulnerability had been found in SSL v3.0. The vulnerability, commonly referred to as POODLE, is a design flaw resulting from the way blocks of data are encrypted under a specific type of algorithm within the SSL protocol. Exploiting this vulnerability could give an attacker access to the data passed within the encrypted Web session, including passwords, cookies, etc.
This release resolves the POODLE vulnerability in Server Backup Manager 5.8.0 and earlier. The fix does convert SSL v3 to TLS, so please make sure to check client libraries for compatibility prior to upgrading.
The other vulnerability that has been fixed with this latest release is an issue that opened up the possibility for client-side cookie manipulation. While this was not a vulnerability that put user data in jeopardy, it's an important issue that our friends at Rack911 initially pointed out to us.
Below you'll find a few of the other issues we were able to fix in 5.8.1. To get all of the in-depth details about this release, take a look at our Server Backup Manager 5.8.1 Release Notes.
Other Key Fixes
Support for Flashcache
This release resolves an issue with 5.8.0, which prevents successful backup on systems utilizing Flashcache and introduces official support for Flashcache.
Change tracking of Parallels Cloud Server Ploop disk loopback devices
We resolved an issue in Server Backup Manager 5.8.0 and earlier where change tracking could be lost for ploop devices with 64-bit major/minor device numbers.
Backups failing for OpenVZ cPanel and DirectAdmin instances
Server Backup Manager 5.8.1 now allows override of the VZ paths so that backups will work properly.
Cannot delete user
Resolves an issue with 5.8.0 which prevents deletion of users with reports.
Scheduled Task Reports fail to execute
Resolves an issue with Server Backup Manager which prevents scheduled task reports from executing after upgrade to 5.8.0.
Ext4 file restore
Resolves an issue with Server Backup Manager 5.8.0 and earlier that could prevent file restores for ext4 file systems in some cases.
You can download the latest version of R1Soft Server Backup Manager by logging into download.r1soft.com and selecting the “Downloads” link at the top of the page. While you're at it, feel free to head over to our forum to participate in the community and trade tips and tricks with fellow Server Backup Manager users.
Not currently using R1Soft Server Backup Manager? Well, here's your chance to give it a shot: