The following issues were fixed in WS_FTP Server 2022.0.2 (8.8.2).

ID

Category

Fixed Issue

6040

Server, Database

WS_FTP Server does not deadlock external-facing databases when updating last login.

15121, 15169

WTM, Security

Updates were applied to WS_FTP Server to prevent a potential cross-site scripting (XSS) vulnerability (CVE-2022-27665).

19677

Web Admin, Security

To protect against Cross-Site-Request-Forgery (CSRF) attacks, CSRF tokens were added to multiple pages.

19678

Web Admin, Security

A potential cross-site scripting (XSS) vulnerability was fixed.

19679

Web Admin, Security

The directory view is inaccessible in both authenticated and unauthenticated states.

19686

AHT, Security

Addressed a padded oracle vulnerability to prevent a potential cross-site scripting (XSS) attack.

20729

Web Admin, Server, Security

Updates were applied to dependencies to prevent potential SQL injection attacks.

20742

Web Admin, Security

Updates were applied to WS_FTP Server Manager to prevent potential Cross-Site-Request-Forgery (CSRF) attacks.

20785

Server, SSH

Updates to SSH listeners on one port are not replicated on SSH listeners on a separate port.

20787

Server, DBConfig

Default SSH host keys and SSL certificates are maintained and new keys and certs are successfully created when DBConfig is run.

21458

Database, Server

The SQL server database version history table is updated correctly during upgrades.

21541

AHT Security

Deserialization of untrusted data does not occur, ensuring that pre-authentication command execution is not permissible (CVE-2023-40044).

21576

SFTP

Directory traversal is prevented in SFTP file rename commands (CVE-2023-42657).

21591, 12867

Web Transfer Module

Directory traversal is prevented in Web Transfer Module file delete feature.

21593, 21604, 21605

SSH Server

Directory traversal is prevented in SFTP file remove, directory remove, and directory make commands.