April 19th, 2024\\
CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files.  This has been patched in v11.1.0.  Customers using a [DMZ] in front of their main CrushFTP instance are protected with its protocol translation system it utilizes.  (CREDIT:Simon Garrelou, of Airbus CERT)\\
\\
\\
All prior versions of CrushFTP were also affected by this most recent vulnerability.\\
CrushFTP v10 info: [https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update]\\