A security advisory was created for SFTPPlus version 3.39.0 affecting the SCP protocol for which existing files were not always fully overwritten upon a new file upload request.

A security advisory was created for SFTPPlus version 3.37.1 affecting authentication of accounts using the HTTP API.

A security advisory was created for SFTPPlus version 3.41.1 affecting caching of HTTP files and injection of external content into HTTML error messages.

A security advisory was created for SFTPPlus version 3.33.0 affecting Cross-Site Scripting Attacks for HTTP and HTTPS pages accessed via a web browser.

SFTPPlus is not affected by Meltdown and Spectre. SFTPPlus secure file transfers does not allow any arbitrary application code execution.

A security advisory was created for SFTPPlus version 3.21.0 affecting Linux and Unix systems authenticating operating system accounts over FTP.

A security advisory was created for SFTPPlus version 3.18.0 affecting Linux and Unix systems that rely on the umask functionality.