UDMG 3.3.x Maintenance
Stonebranch provides UDMG and USP maintenance through updated installation packages.
This page lists the product installation package maintenance history for UDMG 3.3.x and USP 3.3.x.
Product Packaging
A package maintenance level is incremented when the package changes or the package installation changes.
Stonebranch changes product version, release, or modification identifiers at its discretion when it deems an appropriate number of enhancements or capabilities have been introduced to warrant the change.
Packaging Methods
The UDMG 3.3.x and USP 3.3.x packages are provided in formats appropriate for the target platforms.
For installation information, refer to our official Installation and Configuration Roadmaps:
Package Maintenance Levels
This section identifies the changes included in UDMG 3.3.x and USP 3.3.x.
Release 3.3.0 - April 30, 2026
UDMG
| Change ID | Description |
|---|---|
| #54130 | ICAP: The Error Policy flag now renames the file upon scan error. |
| #53046 | Improves the unauthorized access error message on Add IP Filtering rule. |
| #54884 | ICAP: Improves handling for large files. |
| #53340 | ICAP: Adds the option to enable or disable the ICAP Scanner. |
| #51942 | WTC: In-progress file transfers were incorrectly displayed on the Transfers page. |
| #51941 | The Operator Role should have read access to the IP Filtering section under Global settings. |
| #53341 | WTC: Wrong Destination Path in the Universal Event for a WTC upload. |
| #53320 | WTC: Increases the supported WTC logo file size from 32 KB to 200 KB. |
| #56138 | WTC: Downloading an empty (zero-byte) file via WTC left the transfer in a running state rather than transitioning to completed. |
| #56137 | WTC: Shows zero size for empty (zero-byte) files. |
| #55671 | Creating a new domain with an invalid name displayed an incorrect password error message instead of a name validation error. |
| #55512 | The Prometheus metric udmg_storage_disk_used_percent reported bytes instead of a percentage value. |
| #55249 | Scheduled SFTP connections failed when the remote server presented an RSA host key. |
| #54734 | SSO OIDC: Consent prompt was requested for every login. |
| #54599 | SSO OIDC: Default role mapping always assigned the readonly role, regardless of the configured default role. |
| #54544 | SSO OIDC: When editing configuration, the browser appended the callback suffix to the base URL on the first edit, corrupting the redirect URI. |
| #54500 | SSO OIDC: Login returned an invalid state parameter error when the JWT signing key was not configured. The parameter is now mandatory. |
| #54076 | Observability data collection remained active even when explicitly disabled in configuration. |
| #53917 | ICAP: In Active-Active mode, the server failed to retrieve ICAP configuration when the previewSize field was present, preventing ICAP from starting. |
| #53650 | Username changes made via the UDMG Admin UI were not saved. |
| #53493 | On Windows, the HCL configuration file used Unix-style (LF) line endings instead of Windows (CRLF), causing parsing issues. |
| #52383 | Database: Multi-line Oracle TNS connection strings were not supported in the Oracle database configuration. |
| #51946 | Cancelling a scheduled transfer before it had initialized could return an unexpected server error. |
| #51890 | Endpoint validation and disk space checks for a Local File System endpoint failed when absolute paths were configured with domain_chroot=WORKDIR. |
| #51889 | The Account Description field was omitted from the list Accounts display. |
| #51687 | LDAP: User Filter values containing extra or trailing newlines were not parsed correctly, causing filter failures. |
| #51686 | LDAP: The frontend and backend had different configured timeout values for LDAP API calls, causing inconsistent behavior on Test and Sync actions. |
| #51654 | LDAP: Group membership was not retrieved from OpenLDAP during Account synchronization. |
| #51653 | LDAP: Non-LDAP Accounts skipped during LDAP sync were not reflected in the skipped-account count. |
| #51544 | Security: TLS curve preference option labels in UDMG have been aligned with USP, and support for X25519MLKEM768 has been added. |
| #54723 | SSO: After an SSO-provisioned User logged out, logging in again was unavailable for approximately one minute. |
| #54490 | The Forward Proxy name field accepted empty or invalid input without validation. |
#54075 #54070 | LDAP: When changing an LDAP user's role assignment, the edit form incorrectly performed validation for First Name, Last Name, and Email fields. |
| #53136 | LDAP: Users without an email value were denied login, either with the default mail field or when the mapped email attribute was empty. |
| #53653 | The Use Forward Proxy option appeared on the Local SFTP Server details page where it does not apply and has been removed. |
| #53577 | Testing a disabled Forward Proxy configuration returned an incorrect error response. |
| #53575 | The Forward Proxy column was not available in the Endpoints list view's column visibility selector. |
| #53500 | Read-only Users could not view Forward Proxy configuration; read access is now granted to the readonly role. |
| #53490 | The error message for a pipeline push failure for a Local File System to a Remote SFTP Server when the virtual path was / was unclear and has been improved. |
| #52294 | WTC: During uploads, the progress was not accurately tracked on the server side until the transfer completed. |
| #51949 | For FTP remote transfers, no error was raised on a file size mismatch when upload verification was enabled. |
| #51893 | WTC: Renaming a file to a name that already existed did not apply overwrite conflict handling. |
| #51877 | An FTP endpoint could get stuck in a starting state indefinitely and could not be stopped. |
| #51241 | The SFTP endpoint API omitted the max connections value from the response when the configured value was 0. |
| #50973 | Internal API fields were unnecessarily exposed in the API documentation and have been removed. |
| #50797 | Column sorting did not function on the Ad-hoc Sharing Links list page in WTC. |
| #50733 | Ad-hoc share counts were calculated incorrectly; status color indicators have been added for Expired, Completed, and Revoked share states. |
| #48882 | Attempting to start an endpoint that was not in a ready state did not return a descriptive error in the API start response. |
| #51880 | The UDMG Admin UI incorrectly displayed an error message after a successful Account deletion. |
| #51871 | Updating an Account Username or Name with only a letter-case change (e.g., 'john' to 'John') failed in the UDMG Admin UI. |
| #49350 | During TOTP device setup, users could navigate backward from Step 3 to Step 2, which could cause setup inconsistencies. |
| #54104 | Adds support for mTLS authentication to Microsoft SQL Server databases using require mode. |
| #54103 | Adds support for mTLS authentication to Oracle databases using verify-ca and verify-full modes, including Oracle Wallet support. |
Known Issues
| Change ID | Scope | Title | Description |
|---|---|---|---|
| #57136 | UDMG Server | Admin UI Idle Timeout | Under certain conditions, Admin UI may trigger a logout even during active use. |
| #57257 | Admin UI | Azure Blob Storage Rename Operations | File rename operations on Azure Blob storage may cause the session to hang. Avoid performing rename operations until this issue is resolved. If a hang occurs, recover by starting a new SFTP or FTPS session, or (for WTC) opening a new browser tab. |
USP
| Change ID | Description |
|---|---|
| #47966 | USP Manager adds the ability to enable or disable the following Credentials and Configuration Items: CA Certificates, TLS Certificates, Private Keys, Public Keys, and Accounts. |