In version 3.18.0 on Linux and Unix systems, when the SFTP server-side creates new files their permissions are filtered against the configured umask.
With version 3.37.1 the HTTP API authentication for an account now fails when the account is accepted by the remote HTTP API but the associated group is disabled. In older version the group disable configuration was ignored.
An upgrade is recommended for any customer using SFTPPlus with the HTTP authentication API.
You can check the full release notes here.