What's new in this version:
SpiderOakONE 7.1.0 (64-bit)
- Command line help improved/updated
- Manpage improved/updated
- Backup file/directory deselection behavior improved
- Update Hive icon branding
- Restart no longer required when changing size/age file restrictions.
- Prevent unicode related sync issues
- Prevent preferences from freezing under certain conditions
SpiderOakONE 7.0.1 (64-bit)
- Updated SSL certificate pins based on CA changes in spideroak.com
SpiderOakONE 7.0.0 (64-bit)
- Redesign of the UI
- Fix support links
- Fix for edge case where files can become 0 bytes in syncs
- --purge-historical-versions improvements
- Removable media detection improvements
- Fix an issue that was causing the client to get stuck at “Calculations pending” state
SpiderOakONE 6.4.0 (64-bit)
- Language improvements
- Made CDM on Windows more robust
- Implemented secure unsharing
- Added High Sierra support
SpiderOakONE 6.3.0 (64-bit)
Our team recently investigated and resolved three bugs reported by security researchers at Aarhus University (Denmark) in April 2017. The following bugs were fixed:
1. bcrypt login scheme memory leak - This leak happened only at setup and was a bug in the third-party library SpiderOak uses; this bug leaked memory to the server. We didn't validate the parameters set by the server, which allowed the SpiderOak server to weaken the strength of the password hashing. We patched the third-party library and validated the parameters to address this issue.
2. escrow/challenge - This bug only applied to end-users of the SpiderOak Groups product. It was discovered that an end-user could be unintentionally tricked by the client into revealing their password to the server. The design could also result in the client transmitting the user's password unencrypted. A lot of the problem here was confusion caused by poor wording on SpiderOak's end around Fingerprints, which could have caused a user to unintentionally reveal their password to SpiderOak. To address this bug, we now validate the keys and updated the confusing text in the application.
3. Remote Procedure Call (RPC) - The client exposed two unsafe RPC methods, which could've been used to extract a user's password. The client had an option to enable remote diagnostics through which an additional unsafe remote procedure could have been exposed. This is a feature that was never implemented on SpiderOak's server so we've removed the offending code from the client.