Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
minor_update.jpg 356.6 kB 1 31-Aug-2023 17:14 Ada Csaba

This page (revision-33) was last changed on 12-Nov-2024 03:36 by Ben Spink

This page was created on 10-Aug-2023 03:53 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 added 14 lines
!!!Minimum safe CrushFTP version is 10.8.3. (Regularly updating is critical and we make that as easy as possible.)
----
!!Regarding 10.8.3 and the CrushFTP vulnerability related to emailed password change links...CVE will be coming later.\\
\\
!!Regarding 10.7.1 and the CrushFTP exploit allowing access to system files __CVE-2024-4040__ . Using a DMZ proxy in front of your main CrushFTP would have protected you in this scenario. The vulnerability allowed an attacker to retrieve system files.\\
(CREDIT:Simon Garrelou, of Airbus CERT, read more here [https://github.com/airbus-cert/CVE-2024-4040|https://github.com/airbus-cert/CVE-2024-4040] )\\
\\
!!REGARDING 10.6.0 and the recent global SSH vulnerability which also affected CrushFTP! (not CrushFTP specific, but we are affected just like ALL other server vendors): CVE-2023-48795
Read more about it here: [https://terrapin-attack.com/]\\
[https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/|https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/] \\
\\
!!REGARDING 10.5.6 and the recent global SSH vulnerability which also affected CrushFTP! (not CrushFTP specific, but we are affected just like most other server vendors)
Read more about it here: [https://eprint.iacr.org/2023/1711.pdf]\\
\\
At line 4 changed one line
!!REGARDING THE RECENT VULNERABILITY ANNOUNCEMENT AUGUST 10, 2023! (CVE should be published in mid November)
!!REGARDING THE RECENT VULNERABILITY ANNOUNCEMENT AUGUST 10, 2023! (CVE-2023-43177)
At line 23 added 5 lines
__IMPORTANT: due to the security updates since CrushFTP version 10.5.2+ any JDBC driver jar file needs to be placed into the CrushFTP10/plugins/lib/ directory, or it won't load. In case of a server previously configured using an external SQL user DB, this new feature prevents access on next launch, will need to move the jar file, then edit prefs.XML, update the <db_driver> key value like\\
{{{<db_driver>./mssql-jdbc-12.4.0.jre11.jar</db_driver>}}}
\\
\\
At line 22 changed one line
2.) Give it the specific name `CrushFTP10_new.zip` and place this in the CrushFTP main folder. (Same location where you have your prefs.XML file)\\
2.) Give it the specific name `CrushFTP10_new.zip` and place this in the CrushFTP main folder. (Same location where you have your CrushFTP.jar file)\\
Version Date Modified Size Author Changes ... Change note
33 12-Nov-2024 03:36 5.145 kB Ben Spink to previous
32 03-Sep-2024 14:33 5.019 kB Sandor to previous | to last
31 25-Apr-2024 01:58 5.016 kB Ada Csaba to previous | to last
30 25-Apr-2024 01:57 5.01 kB Ada Csaba to previous | to last
29 25-Apr-2024 01:57 4.964 kB Ada Csaba to previous | to last
28 25-Apr-2024 01:57 4.963 kB Ada Csaba to previous | to last
27 19-Apr-2024 05:26 4.878 kB Ben Spink to previous | to last
26 19-Apr-2024 05:26 4.879 kB Ben Spink to previous | to last
25 19-Apr-2024 05:26 4.881 kB Ben Spink to previous | to last
24 19-Apr-2024 04:59 4.84 kB Ben Spink to previous | to last
23 20-Mar-2024 12:49 4.603 kB Ada Csaba to previous | to last
22 20-Mar-2024 12:48 4.507 kB Ada Csaba to previous | to last
21 19-Dec-2023 01:17 4.409 kB Ben Spink to previous | to last
« This page (revision-33) was last changed on 12-Nov-2024 03:36 by Ben Spink
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki