View Attach (1) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
 minor_update.jpg 356.6 kB 1 31-Aug-2023 17:14 Ada Csaba

This page (revision-38) was last changed on 01-Apr-2025 10:16 by Ben Spink

This page was created on 10-Aug-2023 03:53 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
!!!Minimum safe CrushFTP version is 10.7.1. (Regularly updating is critical and we make that as easy as possible.)
(This page will become stale over time, most up to date info is on the newer versions page.) [/crush11wiki/Wiki.jsp?page=Update]
!!!Minimum safe CrushFTP version is 10.8.4. (Regularly updating is critical and we make that as easy as possible.)
At line 3 changed one line
!!Regarding 10.7.1 and the CrushFTP exploit allowing access to system files __CVE-2024-4040__ . Using a DMZ proxy in front of your main CrushFTP would have protected you in this scenario. The vulnerability allowed an attacker to retrieve system files. (CREDIT:Simon Garrelou, of Airbus CERT, read more here [https://github.com/airbus-cert/CVE-2024-4040|https://github.com/airbus-cert/CVE-2024-4040] )
__March 21, 2025 - Unauthenticated HTTP(S) port access on CrushFTPv10/v11 (CVE:TBA)__\\
This issue affects both CrushFTP v10 and v11. The exploit does not work if you have the [DMZ] proxy instance of CrushFTP in place. The vulnerability was respnsibly disclosed, it is not being used actively in the wild that we know of, no further details will be given at this time.
----
!!Regarding 10.8.3 and the CrushFTP vulnerability related to emailed password change links...CVE will be coming later.\\
At line 11 added 3 lines
!!Regarding 10.7.1 and the CrushFTP exploit allowing access to system files __CVE-2024-4040__ . Using a DMZ proxy in front of your main CrushFTP would have protected you in this scenario. The vulnerability allowed an attacker to retrieve system files.\\
(CREDIT:Simon Garrelou, of Airbus CERT, read more here [https://github.com/airbus-cert/CVE-2024-4040|https://github.com/airbus-cert/CVE-2024-4040] )\\
\\
At line 38 changed one line
2.) Give it the specific name `CrushFTP10_new.zip` and place this in the CrushFTP main folder. (Same location where you have your prefs.XML file)\\
2.) Give it the specific name `CrushFTP10_new.zip` and place this in the CrushFTP main folder. (Same location where you have your CrushFTP.jar file)\\
At line 49 added 10 lines
\\
!Fully manual offline update:
In some rare scenarios when neither of the above methods work, like file permissions prevent consuming the update file or overwriting the necessary components by the updater. In such case:
1.) Download CrushFTP11.zip from our download page. ([https://www.crushftp.com/early10/CrushFTP10.zip|https://www.crushftp.com/early10/CrushFTP10.zip])\\
2.) Unzip it to a temporary directory\\
3.) Stop the CrushFTP service\\
4.) Copy over the installation the full content or just the __CrushFTP.jar__ file and the __plugins and WebInterface__ subdirectories as these are. Overwrite all when prompted.\\
5.) Start the Crush service. Once back on line, clear the browser cache or check with an incognito/private browser session. \\
\\
----
At line 41 removed one line
Version Date Modified Size Author Changes ... Change note
38 01-Apr-2025 10:16 6.522 kB Ben Spink to previous
37 28-Mar-2025 03:27 6.427 kB Ada Csaba to previous | to last
36 26-Mar-2025 05:56 6.403 kB Ben Spink to previous | to last
35 03-Jan-2025 04:59 5.915 kB Ada Csaba to previous | to last
34 03-Jan-2025 04:59 5.913 kB Ada Csaba to previous | to last
33 12-Nov-2024 03:36 5.145 kB Ben Spink to previous | to last
32 03-Sep-2024 14:33 5.019 kB Sandor to previous | to last
31 25-Apr-2024 01:58 5.016 kB Ada Csaba to previous | to last
30 25-Apr-2024 01:57 5.01 kB Ada Csaba to previous | to last
29 25-Apr-2024 01:57 4.964 kB Ada Csaba to previous | to last
28 25-Apr-2024 01:57 4.963 kB Ada Csaba to previous | to last
27 19-Apr-2024 05:26 4.878 kB Ben Spink to previous | to last
26 19-Apr-2024 05:26 4.879 kB Ben Spink to previous | to last
25 19-Apr-2024 05:26 4.881 kB Ben Spink to previous | to last
24 19-Apr-2024 04:59 4.84 kB Ben Spink to previous | to last
23 20-Mar-2024 12:49 4.603 kB Ada Csaba to previous | to last
22 20-Mar-2024 12:48 4.507 kB Ada Csaba to previous | to last
21 19-Dec-2023 01:17 4.409 kB Ben Spink to previous | to last
« This page (revision-38) was last changed on 01-Apr-2025 10:16 by Ben Spink
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki