As of version 4.24.0, SFTPPlus is not using the OpenSSL version 3.0.x libraries and is therefore not affected by the current security vulnerabilities specific to these versions.

SFTPPlus is currently using OpenSSL 1.1.x libraries mainly. On some Linux distributions that include OpenSSL version 1.1.1, currently Red Hat Linux 8 and Ubuntu Server 20.04 and 18.04, the system OpenSSL libraries are used. On other Linux distributions and Windows, the OpenSSL 1.1.1 libraries are included in our packages. On AIX, SFTPPlus embeds OpenSSL 1.0.2 libraries.

All included OpenSSL libraries are patched with the latest security updates from the OpenSSL project. Keep your SFTPPlus installations updated in order to benefit from all the upstream security updates.

On Linux distributions where SFTPPlus uses the system OpenSSL libraries, keep your system OpenSSL packages updated to benefit from your operating system security updates.