Security vulnerability announcement
-----------------------------------------------
3 security issues have been uncovered that pose potential security threats to Core FTP Server. The three security issues include a:
Password vulnerabilty
SSL vulnerability
XCRC vulernability
It is in your best interest to immediately upgrade your Core FTP Server software to avoid any potential breach of security with your FTP Server. If Core FTP Server is only being used for SSH/SFTP only, these security issues will not apply to your setup, and no upgrade will be necessary.
Selected builds have had security fixes applied and provided for licenses that are not valid for current builds. You will need to install an updated build to be protected from these vulnerabilities. Updated builds can be installed directly over your existing builds. Users upgrading to the 369 build, read the readme.txt for important domain changes.
Build 515 and greater include security fixes for licenses that are currently up to date.
Build 481 Licenses that have upgrade periods ending May 10th, 2013 - May 1st, 2014
Build 439 Licenses that have upgrade periods ending May 10th, 2012 - May 9th, 2013
Build 369 Applies to licenses with upgrades though May 9th, 2012
(All other licensed users may upgrade to this build).
Updated builds can be found here:
coreftp.com/server/download/archive/
All licensed users were notified immediately of the security update via email prior to this announcement. If you are not a licensed user, sign up here to be notified of future updates:
coreftp.com/forums/viewtopic.php?t=755
Security vulnerability, updated builds
-
- Site Admin
- Posts: 987
- Joined: Mon Mar 24, 2003 4:37 am