Security Advisory for SFTPPlus 3.37.1

In version 3.18.0 on Linux and Unix systems, when the SFTP server-side creates new files their permissions are filtered against the configured umask.

With version 3.37.1 the HTTP API authentication for an account now fails when the account is accepted by the remote HTTP API but the associated group is disabled. In older version the group disable configuration was ignored.

An upgrade is recommended for any customer using SFTPPlus with the HTTP authentication API.

You can check the full release notes here.

Security advisories newsletter

The security advisories newsletter is available to our customers as a convenient method for receiving information about security updates and best practices.

You can view the security advisories archive here (articles are made public 3 months after their initial internal release).