What's new in this version:
SpiderOakONE 7.0.0 (64-bit)
- Redesign of the UI
- Fix support links
- Fix for edge case where files can become 0 bytes in syncs
- --purge-historical-versions improvements
- Removable media detection improvements
- Fix an issue that was causing the client to get stuck at “Calculations pending” state
SpiderOakONE 6.4.0 (64-bit)
- Language improvements
- Made CDM on Windows more robust
- Implemented secure unsharing
- Added High Sierra support
SpiderOakONE 6.3.0 (64-bit)
Our team recently investigated and resolved three bugs reported by security researchers at Aarhus University (Denmark) in April 2017. The following bugs were fixed:
1. bcrypt login scheme memory leak - This leak happened only at setup and was a bug in the third-party library SpiderOak uses; this bug leaked memory to the server. We didn't validate the parameters set by the server, which allowed the SpiderOak server to weaken the strength of the password hashing. We patched the third-party library and validated the parameters to address this issue.
2. escrow/challenge - This bug only applied to end-users of the SpiderOak Groups product. It was discovered that an end-user could be unintentionally tricked by the client into revealing their password to the server. The design could also result in the client transmitting the user's password unencrypted. A lot of the problem here was confusion caused by poor wording on SpiderOak's end around Fingerprints, which could have caused a user to unintentionally reveal their password to SpiderOak. To address this bug, we now validate the keys and updated the confusing text in the application.
3. Remote Procedure Call (RPC) - The client exposed two unsafe RPC methods, which could've been used to extract a user's password. The client had an option to enable remote diagnostics through which an additional unsafe remote procedure could have been exposed. This is a feature that was never implemented on SpiderOak's server so we've removed the offending code from the client.