SFTPPlus

Setting up security scanners for your SFTPPlus MFT Server

Introduction

OWASP Logo

The following is a short guide on how you can set up a security scanner for your SFTPPlus MFT Server installation. For this guide, we have chosen a free and open source scanner, OWASP Zed Attack Proxy or zaproxy, as an example.

Of course, there are a number of …

article security

Wed 20 June 2018
SFTPPlus

Security Advisory for SFTPPlus 3.41.1

A security advisory was created for SFTPPlus version 3.41.1 affecting caching of HTTP files and injection of external content into HTTML error messages.

security compliance

Mon 18 June 2018
SFTPPlus

SFTPPlus Release 3.34.1

We have recently deployed the latest release of SFTPPlus version 3.34.1 which fixes the following defects:

  • The files downloaded using the HTTP file transfer service now have explicit headers to disable caching. [security][http][https] [#4953]
  • The HTTP service no longer returns user input as part of the …

security release

Fri 08 June 2018
SFTPPlus

SFTPPlus Release 3.34.0

We are pleased to announce the latest release of SFTPPlus version 3.34.0.

A number of changes have been made in regards to how permissions are set in SFTPPlus.

If you are planning to upgrade your existing installation and you have custom permissions for SFTPPlus accounts and / or groups …

security release

Mon 28 May 2018
SFTPPlus

Secure cipher suites for the ssl_cipher_list configuration

Default SSL cipher suites

With the release of SFTPPlus 3.32.0, we have changed the default set of SSL cipher suites for the Local Manager and the HTTPS service. As with any product that runs in many environments, SFTPPlus uses a default set of SSL-related parameters that are a …

security

Thu 03 May 2018
SFTPPlus

Security Advisory for SFTPPlus 3.33.0

A security advisory was created for SFTPPlus version 3.33.0 affecting Cross-Site Scripting Attacks for HTTP and HTTPS pages accessed via a web browser.

security compliance

Thu 26 April 2018
SFTPPlus

Security Advisory on CSRF and XSS attacks affecting HTTP/HTTPS services

Customers using HTTP/HTTPS services should upgrade to 3.33.0

SFTPPlus update against CSRF and XSS

The SFTPPlus version 3.33.0 release is a major security update for the HTTP/HTTPS file transfer service and the SFTPPlus Local Manager service.

This update addresses the vulnerabilities concerning Cross-Site Request Forgery Attacks and Cross-Site Scripting Attacks …

security

Tue 24 April 2018