Important security fix in FileZilla 2.2.8

Live news directly from the creators
Post Reply
Message
Author
User avatar
botg
Site Admin
Posts: 31605
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Important security fix in FileZilla 2.2.8

#1 Post by botg » 2004-08-07 22:38

Recently, a security vulnerability in PuTTY was found (read http://www.chiark.greenend.org.uk/~sgtatham/putty/ for details) which allows attackers to execute malicious code on anyone using PuTTY.
Since the SFTP support in FileZilla is based on PuTTY, FileZilla was vulnerable as well if connecting to SFTP servers. Version 2.2.8 of FileZilla fixes the security holes.

Upgrading to 2.2.8 is highly recommended

Here's the complete release notes:

New features:
- experimental IPv6 support, only works under Windows XP or 2003 Server or newer. Based on patch by Yi-Kwan Chen
- Timestamps in message log
- added IBM MVS support
- On VMS based servers, display of all file revisions can be enabled

Fixed bugs:
- fixed security issues caused by PuTTY
- File transfers did not work on servers returning unquoted paths in the PWD reply

Post Reply