We have released SFTPPlus version 4.16.0 containing a security fix for a denial of service of moderate severity affecting the SFTP and SCP server-side protocols.

During SSH handshakes, SFTPPlus could have been forced to use all available memory by a malicious SFTP client pretending to have a client identification of an unlimited size.

The upgrade is recommended for all customers using SFTPPlus as an SFTP/SCP server.

You can check the full release notes here.