Setting up security scanners for your SFTPPlus MFT Server
Introduction
The following is a short guide on how you can set up a security scanner for your SFTPPlus MFT Server installation. For this guide, we have chosen a free and open source scanner, OWASP Zed Attack Proxy or zaproxy, as an example.
Of course, there are a number of …
Security Advisory for SFTPPlus 3.41.1
A security advisory was created for SFTPPlus version 3.41.1 affecting caching of HTTP files and injection of external content into HTTML error messages.
SFTPPlus Release 3.34.1
We have recently deployed the latest release of SFTPPlus version 3.34.1 which fixes the following defects:
- The files downloaded using the HTTP file transfer service now have explicit headers to disable caching. [security][http][https] [#4953]
- The HTTP service no longer returns user input as part of the …
SFTPPlus Release 3.34.0
We are pleased to announce the latest release of SFTPPlus version 3.34.0.
A number of changes have been made in regards to how permissions are set in SFTPPlus.
If you are planning to upgrade your existing installation and you have custom permissions for SFTPPlus accounts and / or groups …
Secure cipher suites for the ssl_cipher_list configuration
Default SSL cipher suites
With the release of SFTPPlus 3.32.0, we have changed the default set of SSL cipher suites for the Local Manager and the HTTPS service. As with any product that runs in many environments, SFTPPlus uses a default set of SSL-related parameters that are a …
Security Advisory for SFTPPlus 3.33.0
A security advisory was created for SFTPPlus version 3.33.0 affecting Cross-Site Scripting Attacks for HTTP and HTTPS pages accessed via a web browser.
Security Advisory on CSRF and XSS attacks affecting HTTP/HTTPS services
Customers using HTTP/HTTPS services should upgrade to 3.33.0
The SFTPPlus version 3.33.0 release is a major security update for the HTTP/HTTPS file transfer service and the SFTPPlus Local Manager service.
This update addresses the vulnerabilities concerning Cross-Site Request Forgery Attacks and Cross-Site Scripting Attacks …