April 19th, 2024\\
CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files.  This has been patched in v11.1.0.  Customers using a [DMZ] in front of their main CrushFTP instance are protected with its protocol translation system it utilizes.\\
\\
\\
All prior versions of CrushFTP were also affected by this most recent vulnerability.\\
CrushFTP v10 info: [https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update]\\