Security Advisory for SFTPPlus 4.16.0

Thu 10 February 2022 | security compliance

We have released SFTPPlus version 4.16.0 containing a security fix for a denial of service of moderate severity affecting the SFTP and SCP server-side protocols.

During SSH handshakes, SFTPPlus could have been forced to use all available memory by a malicious SFTP client pretending to have a client identification of an unlimited size.

The upgrade is recommended for all customers using SFTPPlus as an SFTP/SCP server.

You can check the full release notes here.

Security advisories newsletter

The security advisories newsletter is available to our customers as a convenient method for receiving information about security updates and best practices.

You can view the security advisories archive here (articles are made public 3 months after their initial internal release).