UDMG 3.3.x Maintenance
Stonebranch provides UDMG and USP maintenance through updated installation packages.
This page lists the product installation package maintenance history for UDMG 3.3.x and USP 3.3.x.
Product Packaging
A package maintenance level is incremented when the package changes or the package installation changes.
Stonebranch changes product version, release, or modification identifiers at its discretion when it deems an appropriate number of enhancements or capabilities have been introduced to warrant the change.
Packaging Methods
The UDMG 3.3.x and USP 3.3.x packages are provided in formats appropriate for the target platforms.
For installation information, refer to our official Installation and Configuration Roadmaps:
Package Maintenance Levels
This section identifies the changes included in UDMG 3.3.x and USP 3.3.x.
Release 3.3.2 - May 29, 2026
UDMG
| Change ID | Description |
|---|---|
| #50950 | Scheduled Client Transfers: API Support for File Listings and Universal Controller Integration The Scheduler API now supports retrieving file listings across multiple protocols, including SFTP, FTPS, and Cloud, returning structured metadata such as file name, size, modification date, and permissions. This enhancement extends wildcard-based Scheduled Client Transfers by enabling Universal Controller (with the UDMG Transfer Universal Task) and external systems to dynamically discover, filter, and select files before execution, thereby supporting more advanced automation workflows. |
| #52329 | Administration: Removed a privilege from the Domain Administrator Role that belongs only to the initial System Administrator User. |
| #57136 | UDMG Admin UI Idle Timeout: Users are no longer logged out without a warning dialog when their session expires. |
| #57255 | HA/AA: IP filtering rules created or updated on one node are now applied to all cluster nodes immediately without waiting for the next domain state refresh. |
| #57257 | Cloud: Addressed an issue noted in a prior release where Microsoft Azure Blob Storage file rename operations could cause sessions to hang indefinitely or freeze the web transfer client. Rename operations now complete successfully for this cloud provider; however, due to Azure Blob Storage limitations, the operation is handled by deleting and re-uploading the file, which may impact performance. We recommend using rename operations sparingly until a more efficient solution is available. |
| #57377 | Wildcard: The Pipeline Virtual Path is now correctly applied when resolving source and destination paths in remote transfers using a wildcard. |
| #57384 | Wildcard: The scheduler destination path no longer incorrectly appends the leaf directory from the source path. |
| #57402 | Wildcard: Push transfers to a remote Endpoint no longer fail with a "source directory not found" error. |
| #57445 | Users API Endpoint: Creating a User with a non-existent Business Service now correctly returns a |
| #57459 | Transfers: Transfers and Tasks in progress when the UDMG Server instance shuts down are now correctly marked as Cancelled or Failed upon service restart. |
| #57583 | Dependencies: Upgraded Go runtime to v1.26.3. |
| #57823 | HA: The running status of a Local Server Endpoint is now persisted across cluster node restarts and periodic state refreshes. |
| #57854 | Administration: SAML SSO JIT Group Mapping In UDMG 3.2.0, SAML IdPs returning groups as a list (not a single string), such as Microsoft Entra, Okta, and Google Workspace, could incorrectly map Roles or Account Groups when a delimiter was configured, as only the first group was evaluated. This could result in reduced permissions or login failures. The delimiter is no longer required. When empty, all groups in a SAML group list are evaluated correctly. |
| #57850 | Administration: Resolved a regression introduced in UDMG 3.3.0 where the UDMG Admin UI transposed the key and value when saving SSO group-to-account group mappings in the edit view, causing SSO Account authentication to fail unless both names were identical. |
#57902 | Database: Resolved an internal defect where credential lookup queries across multiple authentication paths (Admin API, FTP, SFTP, and Web Transfer Client) were not fully parameterized; all affected paths now use bound query parameters consistently. |
| #57901 | SSO: Resolved a logic defect in SAML JIT provisioning where a backward-compatibility shortcut allowed IdP group names to directly match internal role identifiers without an explicit mapping. Role assignment now requires a configured group-to-role mapping in all cases. |
| #57754 | API: Resolved an issue where the Swagger UI did not display schema field details for the Pipeline |
| #57746 | API: Resolved an inconsistency where attempting to update the log level of a Local HTTPS Server (WTC) Endpoint returned |
| #57819 | HA: Resolved an issue in clustered deployments where license activations applied to one node were not included in the periodic domain state refresh, leaving peer nodes that were temporarily unreachable without the updated license after reconnecting. |
| #57660 | Pipelines: Resolved a regression where adding a Remote FTP Server Endpoint to a Pipeline caused an "Error loading pipeline details" message, preventing the Pipeline from being accessed in the UDMG Admin UI. |
Known Issues in UDMG 3.3.2
| Change ID | Scope | Title | Description |
|---|---|---|---|
| #57889 | UDMG Server | Local Endpoint Auto-Start in HA Environments | In Active/Active environments, Local Endpoints with the Auto-Start Endpoint option disabled are automatically stopped approximately 5 minutes after manual startup. Workaround: Enable the Auto-Start Endpoint option for Local Endpoints in Active/Active environments, or operate the cluster in Active/Passive mode. |
Release 3.3.1 - May 21, 2026
UDMG
| Change ID | Description |
|---|---|
| #57114 | Upgrade: An upgrade tool is available for UDMG 2.0 customers. |
Release 3.3.0 - April 30, 2026
UDMG
| Change ID | Description |
|---|---|
| #54130 | ICAP: The Error Policy flag now renames the file upon scan error. |
| #53046 | Improves the unauthorized access error message on Add IP Filtering rule. |
| #54884 | ICAP: Improves handling for large files. |
| #53340 | ICAP: Adds the option to enable or disable the ICAP Scanner. |
| #51942 | WTC: In-progress file transfers were incorrectly displayed on the Transfers page. |
| #51941 | The Operator Role should have read access to the IP Filtering section under Global settings. |
| #53341 | WTC: Wrong Destination Path in the Universal Event for a WTC upload. |
| #53320 | WTC: Increases the supported WTC logo file size from 32 KB to 200 KB. |
| #56138 | WTC: Downloading an empty (zero-byte) file via WTC left the transfer in a running state rather than transitioning to completed. |
| #56137 | WTC: Shows zero size for empty (zero-byte) files. |
| #55671 | Creating a new domain with an invalid name displayed an incorrect password error message instead of a name validation error. |
| #55512 | The Prometheus metric udmg_storage_disk_used_percent reported bytes instead of a percentage value. |
| #55249 | Scheduled SFTP connections failed when the remote server presented an RSA host key. |
| #54734 | SSO OIDC: Consent prompt was requested for every login. |
| #54599 | SSO OIDC: Default role mapping always assigned the readonly role, regardless of the configured default role. |
| #54544 | SSO OIDC: When editing configuration, the browser appended the callback suffix to the base URL on the first edit, corrupting the redirect URI. |
| #54500 | SSO OIDC: Login returned an invalid state parameter error when the JWT signing key was not configured. The parameter is now mandatory. |
| #54076 | Observability data collection remained active even when explicitly disabled in configuration. |
| #53917 | ICAP: In Active-Active mode, the server failed to retrieve ICAP configuration when the previewSize field was present, preventing ICAP from starting. |
| #53650 | Username changes made via the UDMG Admin UI were not saved. |
| #53493 | On Windows, the HCL configuration file used Unix-style (LF) line endings instead of Windows (CRLF), causing parsing issues. |
| #52383 | Database: Multi-line Oracle TNS connection strings were not supported in the Oracle database configuration. |
| #51946 | Cancelling a scheduled transfer before it had initialized could return an unexpected server error. |
| #51890 | Endpoint validation and disk space checks for a Local File System endpoint failed when absolute paths were configured with domain_chroot=WORKDIR. |
| #51889 | The Account Description field was omitted from the list Accounts display. |
| #51687 | LDAP: User Filter values containing extra or trailing newlines were not parsed correctly, causing filter failures. |
| #51686 | LDAP: The frontend and backend had different configured timeout values for LDAP API calls, causing inconsistent behavior on Test and Sync actions. |
| #51654 | LDAP: Group membership was not retrieved from OpenLDAP during Account synchronization. |
| #51653 | LDAP: Non-LDAP Accounts skipped during LDAP sync were not reflected in the skipped-account count. |
| #51544 | Security: TLS curve preference option labels in UDMG have been aligned with USP, and support for X25519MLKEM768 has been added. |
| #54723 | SSO: After an SSO-provisioned User logged out, logging in again was unavailable for approximately one minute. |
| #54490 | The Forward Proxy name field accepted empty or invalid input without validation. |
#54075 #54070 | LDAP: When changing an LDAP user's role assignment, the edit form incorrectly performed validation for First Name, Last Name, and Email fields. |
| #53136 | LDAP: Users without an email value were denied login, either with the default mail field or when the mapped email attribute was empty. |
| #53653 | The Use Forward Proxy option appeared on the Local SFTP Server details page where it does not apply and has been removed. |
| #53577 | Testing a disabled Forward Proxy configuration returned an incorrect error response. |
| #53575 | The Forward Proxy column was not available in the Endpoints list view's column visibility selector. |
| #53500 | Read-only Users could not view Forward Proxy configuration; read access is now granted to the readonly role. |
| #53490 | The error message for a pipeline push failure for a Local File System to a Remote SFTP Server when the virtual path was / was unclear and has been improved. |
| #52294 | WTC: During uploads, the progress was not accurately tracked on the server side until the transfer completed. |
| #51949 | For FTP remote transfers, no error was raised on a file size mismatch when upload verification was enabled. |
| #51893 | WTC: Renaming a file to a name that already existed did not apply overwrite conflict handling. |
| #51877 | An FTP endpoint could get stuck in a starting state indefinitely and could not be stopped. |
| #51241 | The SFTP endpoint API omitted the max connections value from the response when the configured value was 0. |
| #50973 | Internal API fields were unnecessarily exposed in the API documentation and have been removed. |
| #50797 | Column sorting did not function on the Ad-hoc Sharing Links list page in WTC. |
| #50733 | Ad-hoc share counts were calculated incorrectly; status color indicators have been added for Expired, Completed, and Revoked share states. |
| #48882 | Attempting to start an endpoint that was not in a ready state did not return a descriptive error in the API start response. |
| #51880 | The UDMG Admin UI incorrectly displayed an error message after a successful Account deletion. |
| #51871 | Updating an Account Username or Name with only a letter-case change (e.g., 'john' to 'John') failed in the UDMG Admin UI. |
| #49350 | During TOTP device setup, users could navigate backward from Step 3 to Step 2, which could cause setup inconsistencies. |
| #54104 | Adds support for mTLS authentication to Microsoft SQL Server databases using require mode. |
| #54103 | Adds support for mTLS authentication to Oracle databases using verify-ca and verify-full modes, including Oracle Wallet support. |
Known Issues in UDMG 3.3.0
| Change ID | Scope | Title | Description |
|---|---|---|---|
| #57136 | UDMG Server | Admin UI Idle Timeout | Under certain conditions, Admin UI may trigger a logout even during active use. |
| #57257 | Admin UI | Azure Blob Storage Rename Operations | File rename operations on Azure Blob storage may cause the session to hang. Avoid performing rename operations until this issue is resolved. If a hang occurs, recover by starting a new SFTP or FTPS session, or (for WTC) opening a new browser tab. This issue was resolved in 3.3.2 (#57257). |
USP
| Change ID | Description |
|---|---|
| #47966 | USP Manager adds the ability to enable or disable the following Credentials and Configuration Items: CA Certificates, TLS Certificates, Private Keys, Public Keys, and Accounts. |