We have released SFTPPlus version 3.41.1 which fixes the following security defects:

  • The files downloaded using the HTTP file transfer service now have explicit headers to disable caching.
  • The HTTP service no longer returns user input as part of the error messages.

An upgrade is recommended for any customer using SFTPPlus as an HTTP/HTTP server.

You can check the full release notes here.