UDMG 3.3.0 Release Notes
Universal Data Mover Gateway (UDMG) 3.3.0 includes the following major new features and enhancements. These release notes also cover UDMG Secure Proxy (USP) 3.3.0.
For a complete list of features and fixes for both UDMG and USP, refer to UDMG 3.3.x Maintenance list.
Starting with UDMG 3.3.0, MySQL 8.0 is no longer supported.
UDMG
The following features and enhancements were added to UDMG 3.3.0.
Protocols
| Change ID | Title | Description |
|---|---|---|
| #49009 | Cloud Storage Endpoints for File Transfers | UDMG 3.3.0 introduces native support for cloud storage endpoints, enabling file transfers to and from major cloud providers: Amazon S3, Microsoft Azure Blob Storage, Microsoft Azure File Storage, and Google Cloud Storage. Administrators can configure Remote Cloud Storage Endpoints in the UDMG Admin UI, including the following Pipeline types: Remote Cloud Storage to Local Filesystem, Local Filesystem to Remote Cloud Storage, Local SFTP Server to Remote Cloud Storage, Local FTP(S) Server to Remote Cloud Storage, and Local HTTPS Server to Remote Cloud Storage. |
| #51907 | AS2 - TLS Certificate Pair Credential Type | The TLS Certificate Pair credential type is now available for use with AS2 remote endpoints. This credential leverages a public X.509 certificate and a PEM-encoded private key, providing a dedicated and secure credential type for mutual TLS authentication in AS2 transfers. This eliminates the prior version's need for two separate fields (one for the X.509 and another for the private key). |
| #51068 | Transfer Scheduler - Wildcard Support for SFTP and FTPS Transfers | UDMG as Client transfers now support wildcard patterns in the source filename for transfers using Remote SFTP Server and Remote FTP(S) Server Endpoints. This allows a scheduled transfer to match multiple source files, such as |
Security
| Change ID | Title | Description |
|---|---|---|
| #41712 | Password Policy Configuration | UDMG 3.3.0 introduces configurable password policy settings, accessible via a new Security - Settings card under Domain > Settings in the UDMG Admin UI (previously done through the Configuration File). Administrators can now also define a maximum password length, enforce a password history limit (preventing reuse of recent passwords), and restrict the maximum number of consecutive repeating characters in a password (e.g., blocking patterns like All policies apply uniformly to both Administrator Users and partner Accounts. Policies can be enabled or disabled independently, and defaults are set to off/disabled. This feature replaces UDMG 3.2.x |
#51616 #51629 | Banned File Extension Blocklist | Administrators can now define a list of banned file extensions at the Domain level to prevent Users from uploading or renaming files to restricted types (e.g., Extension matching is case-insensitive, and the restriction applies to both upload and rename operations. Blocked attempts are logged with full detail. The field is optional; if left empty, all extensions are permitted. |
Automation & Workflow
| Change ID | Title | Description |
|---|---|---|
| #53120 | Event-Driven Automation Framework - Tasks and Workflows | UDMG 3.3.0 introduces an automation framework for Pipeline task execution. A new Tasks page in the UDMG Admin UI allows administrators to define reusable tasks of two types: Publish Event (publishes a Universal Event to UAC) and Command (executes a system command or script post-transfer). Pipelines now support a Workflow tab where one or more tasks can be associated with transfer lifecycle triggers (e.g., On Received or On Error). Multiple tasks can be assigned to a single Workflow and will execute sequentially when that workflow is triggered. Business Services tags can be applied to Tasks, consistent with other entity types. This feature replaces UDMG 3.2.x Universal Event field in Pipelines and migration is done automatically to the new Task feature during UDMG 3.3.0 installation. For more details, refer to Migrating from 3.2.x. |
User Management & Access Control
| Change ID | Title | Description |
|---|---|---|
| #51627 | Business Services - Object-Level Access Segmentation | UDMG 3.3.0 reintroduces the concept of Business Services as an additional RBAC dimension, orthogonal to Domains and Roles. Business Services allow administrators to create logical groupings of objects (Accounts, Account Groups, Endpoints, Credentials, Pipelines) that are mapped to a given Business Service which is then assigned to one or more Users, enabling fine-grained, horizontal delegation of responsibility without the need to create separate Domains. This restores a key capability from UDMG v2 and enables enterprise customers to scope administrative access to specific partners, lines of business, or functional teams within a shared environment. |
#53775 #54839 | LDAP Enhancements | Several improvements have been made to LDAP User and Account synchronization in UDMG 3.3.0. Administrators can now map the UDMG Description field to an LDAP attribute directly from the UDMG Admin UI (previously one available through the UDMG REST API). Additional fixes address field validation, attribute mapping behavior, sync accuracy for groups and accounts, and handling of LDAP users with missing or empty name/email attributes. |
Administration
| Change ID | Title | Description |
|---|---|---|
| #42242 | UDMG Licensing | UDMG 3.3.0 introduces a licensing mechanism. A valid, non-expired license key is required for UDMG Pipelines and their associated Endpoints to be operational. A new Licensing page under Global > Settings in the UDMG Admin UI allows Administrators to submit or replace the license key and view current entitlement details (customer name, environment, start date, expiration date, and licensed state). When no valid license is present, the system enters an Unlicensed state; Pipelines are disabled but the UDMG Admin UI remains fully accessible. |
| #50801 | Configuration File Syntax Validation CLI Option | The UDMG server binary now supports a command-line option to validate the HCL configuration file syntax and resolved parameter values before starting UDMG Server. This allows administrators to verify configuration correctness, including defaults, without performing a full server start, reducing the risk of misconfiguration-related downtime. |
| #50424 | Component-Level Logging | UDMG now supports fine-grained, per-component logging configuration. Administrators can assign independent log levels (e.g., DEBUG, INFO, WARN) to individual subsystems such as FTP, SFTP, AS2, the scheduler, database, and others. This reduces log noise during troubleshooting by enabling verbose logging only for the relevant component, without affecting the rest of the system. |
| #54759 | MySQL 8.4 LTS Support | UDMG 3.3.0 certifies support for MySQL 8.4 LTS as a supported database backend. MySQL 8.0 reaches end-of-life in April 2026; customers are encouraged to upgrade to MySQL 8.4 LTS. warning Starting with UDMG 3.3.0, MySQL 8.0 is no longer supported. |
USP
The following features and enhancements were added to USP 3.3.0.
| Change ID | Title | Description |
|---|---|---|
| #47996 | Microsoft SQL Server (MSSQL) Database Support | USP 3.3.0 adds Microsoft SQL Server as a supported database engine for the USP Proxy Manager. Administrators can now configure USP to use an MSSQL backend in lieu of Oracle or embedded database, enabling integration with existing Microsoft database infrastructure and meeting enterprise requirements for supported, externally managed database engines. |
| #48801 | Direct Passthrough (Non-Session-Break) Mode | USP 3.3.0 introduces Direct Passthrough mode as an alternative to session-break (proxy) mode. In Direct Passthrough mode, the TCP connection is handed over the secure tunnel directly to UDMG without USP terminating and re-establishing the protocol session. This provides feature parity with UDMG v1/gen1 Secure Proxy behavior and reduces processing overhead for scenarios where session inspection is not required. A new TCP Listeners page in the USP Admin UI allows administrators to configure and manage TCP listeners for direct passthrough deployments, and a corresponding Deployments page supports assigning listeners to proxy nodes. Transfer activity through direct passthrough tunnels is visible on the Monitoring page. |
| #53725 | Listener Health Checks | USP 3.3.0 introduces configurable health checks for Listeners across all supported protocols (SFTP, FTP, HTTPS, and TCP). Administrators can configure health check parameters, including interval, timeout, and failure threshold per listener. USP actively monitors each Listener's downstream connectivity and marks it Unhealthy listeners statuses are surfaced on the Monitoring Status page and in logs, enabling load balancers and operations teams to route traffic away from degraded nodes automatically. This capability is foundational for high-availability USP deployments. |
| #49639 | Rotation of Encryption Key | USP 3.3.0 allows administrators to set up key encryption and key rotation from the USP Manager. |