View Attach (1) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
 minor_update.jpg 356.6 kB 1 05-Dec-2023 05:32 Ada Csaba

This page (revision-51) was last changed on 27-Jan-2025 09:43 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed 3 lines
__November 11th, 2024 - (CVE - coming soon...pending)\\
V10 versions below 10.8.3 and V11 versions below 11.2.3 are vulnerable to a password reset email exploit. If an end user clicks the link, their account is compromised.
(CREDIT: Stratascale Cyber Research Unit)__\\
!!!__Automated Updating__
Setting the flag "daily_check_and_auto_update_on_idle" to true in prefs.XML of CrushFTP v11.2.3_19+ will do automated daily checks and updates.
!!!__Update Bug on Windows__
Some versions of CrushFTP had a problem applying an update automatically. They would fail to rename ".jar" files on Windows operating systems. They would instead leave behind ".jar_tmp" files needing the "_tmp" manually removed from them. This has been fixed for a while, but if you are still on one of these older builds, you will be affected the next time you attempt the update. So you need to fix the jar filenames one time manually. Example: CrushFTP.jar_tmp -> CrushFTP.jar. Same for all other jars in plugins, plugins/lib folder, and the WebInterface folder has CrushTunnel.jar. Do all 3 locations entirely.
\\
\\
!!Vulnerability Info
__November 11th, 2024 - (CVE-2024-53552 - CREDIT: Stratascale Cyber Research Unit)__\\
V10 versions below 10.8.3 and V11 versions below 11.2.3 are vulnerable to a password reset email exploit. If an end user clicks the link, their account is compromised.\\
At line 6 changed one line
v11:Preferneces, WebInterface, Login Page: Set a domain pattern that is not just * as * is no longer allowed.\\
v11:Preferneces, WebInterface, Login Page: Set a domain pattern that is not just '*' as a '*' is no longer allowed.\\
At line 8 changed one line
April 19th, 2024 - CVE-2024-4040\\
October 10, 2024 - (CVE-2024-11986 credit European Commission, Application Security Testing Services) \\
XSS bug fixed in CrushFTP 10.8.2 and 11.2.1.
----
April 19th, 2024 - (CVE-2024-4040)\\
At line 16 changed 2 lines
__Update Bug on Windows__\\
Some versions of CrushFTP had a problem applying an update automatically. They would fail to rename ".jar" files on Windows operating systems. They would instead leave behind ".jar_tmp" files needing the "_tmp" manually removed from them. This has been fixed for a while, but if you are still on one of these older builds, you will be affected the next time you attempt the update. So you need to fix the jar filenames one time manually. Example: CrushFTP.jar_tmp -> CrushFTP.jar. Same for all other jars in plugins folder, and the WebInterface folder has CrushTunnel.jar.
----
At line 19 removed one line
\\
At line 35 changed 2 lines
\\
\\
!Fully manual offline update:
In some rare scenarios when neither of the above methods work, like file permissions prevent consuming the update file or overwriting the necessary components by the updater. In such case:
1.) Download CrushFTP11.zip from our download page. ([https://www.crushftp.com/early11/CrushFTP11.zip|https://www.crushftp.com/early11/CrushFTP11.zip])\\
2.) Unzip it to a temporary directory\\
3.) Stop the CrushFTP service
4.) Copy over the installation the full content or just the __CrushFTP.jar__ file and the __plugins and WebInterface__ subdirectories as these are. Overwrite all when prompted.\\
5.) Start the Crush service. Once back on line, clear the browser cache or check with an incognito/private browser session. \\
\\
----
\\
At line 61 added one line
----
At line 63 added one line
----
Version Date Modified Size Author Changes ... Change note
51 27-Jan-2025 09:43 4.829 kB Ben Spink to previous
50 03-Jan-2025 04:57 4.655 kB Ada Csaba to previous | to last
49 03-Jan-2025 04:56 4.637 kB Ada Csaba to previous | to last
48 06-Dec-2024 15:33 3.863 kB Ben Spink to previous | to last
47 06-Dec-2024 15:33 3.863 kB Ben Spink to previous | to last
46 04-Dec-2024 03:00 3.706 kB Ben Spink to previous | to last
45 15-Nov-2024 05:18 3.719 kB Ben Spink to previous | to last
44 14-Nov-2024 10:56 3.693 kB Ben Spink to previous | to last
43 11-Nov-2024 10:22 3.679 kB Ben Spink to previous | to last
42 11-Nov-2024 06:03 3.649 kB Ben Spink to previous | to last
41 11-Nov-2024 06:02 3.643 kB Ben Spink to previous | to last
« This page (revision-51) was last changed on 27-Jan-2025 09:43 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
LeftMenu

JSPWiki