Overview

Introduction

Welcome to the homepage of FileZilla, the free FTP solution. Both a client and a server are available. FileZilla is open source software distributed under the terms of the GNU General Public License

Support is available through our forums, the wiki and the bug and feature request trackers.

In addition, you will find documentation on how to compile FileZilla and nightly builds for multiple platforms in the development section.

Quick download links


News Atom feed icon

2008-10-08 - FileZilla Client 3.1.4-rc1 released

New features:

  • Configurable number of decimal places for filesize formatting
  • Allow editing of files with identical name but different remote paths
  • File changed notification displays more information
  • Manual transfer dialog
  • Quickconnect bar can be hidden
  • MSW: React to added or removed drive letters

Bugfixes and minor changes:

  • Downloading updates should no longer randomly freeze the client after HTTP redirects
  • Huge queues should save slightly faster

2008-09-29 - FileZilla Client 3.1.3.1 released

Bugfixes and minor changes:

  • Download speedlimits were not working since 3.1.3-beta1
  • On very fast connections, sockets could receive close event before being marked active, leading to timeouts

2008-09-21 - FileZilla Client 3.1.3 released

Bugfixes and minor changes:

  • Fzsftp no longer crashes if receiving invalid data from server and instead quits gracefully
  • Fix crash if entering hostname with characters not allowed in internationalized domain names
  • OS X: Fix crash if path to FileZilla contained non-ASCII characters
  • Compatibility with yet another exotic directory listing format

2008-07-24 - Security Advisory

FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are handled on SSL/TLS secured data transfers.

If the data connection of a transfer gets closed, FileZilla did not check if the server performed an orderly TLS shutdown.

Impact

An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases.

Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.

Affected versions

All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1