If your CrushFTP version is less then 10.5.1, you are vulnerable. No exception. Look at your version number on the dashboard, and it must be 10.5.1 or higher to be safe. For reference, v6, v7, v8,v9...those numbers are less than v10.5.1. Yes, they are vulnerable! Anything below 10.5.1 is vulnerable.
The vulnerability CVE will be released soon. This vulnerability is critical because it does NOT require any authentication. It can be done anonymously and steal the session of other users and escalate to an administrator user. Its critical everyone updates ASAP! 10.5.2 changes other defaults related to loading DB drivers that are not in your classpath has also changed. This means if your DB drivers are not part of your plugins/lib folder, they will not be loaded by CrushFTP. (Statistics DB if you changed it, SQL Users if you are using that, etc.)

Updating CrushFTP v10#

How to update CrushFTP within the same major version number:#

1.) Login to the dashboard using your "crushadmin" equivalent user in the WebInterface.
2.) Click on the about tab.
3.) Click Update, Update Now.
4.) Wait roughly 5 minutes for the files to download, unzip, and be copied in place. CrushFTP will auto restart once done.
5.) Finished.

Installing an offline update when the server cannot reach our server over the internet directly:#

1.) Download from our download page. (
2.) Give it the specific name `` and place this in the CrushFTP main folder. (Same location where you have your prefs.XML file)
3.) See above normal instructions as Crush will use your local offline zip file.

How to restore a backup in the event of some issue or regression in functionality:#

(CrushFTP automatically creates a backup of its core files in the CrushFTP folder, backup folder.)
1.) Restore the CrushFTP.jar file.
2.) Restore the plugins folder.
3.) Restore the WebInterface folder...mainly the CrushTunnel.jar file from inside it.


Updating an old CrushFTP v9#

You must upgrade: CrushFTPUpgrade
You need a v10+ license code first! If you are an enterprise customer, contact us for your code. Its free if your maintenance is current.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
minor_update.jpg 356.6 kB 1 31-Aug-2023 17:14 Ada Csaba
« This page (revision-13) was last changed on 10-Sep-2023 03:56 by Ben Spink
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by

JSPWiki v2.8.2