We have released SFTPPlus version 3.41.1 which fixes the following security defects:
- The files downloaded using the HTTP file transfer service now have explicit headers to disable caching.
- The HTTP service no longer returns user input as part of the error messages.
An upgrade is recommended for any customer using SFTPPlus as an HTTP/HTTP server.
You can check the full release notes here.