Recently, a security vulnerability in PuTTY was found (read http://www.chiark.greenend.org.uk/~sgtatham/putty/ for details) which allows attackers to execute malicious code on anyone using PuTTY.
Since the SFTP support in FileZilla is based on PuTTY, FileZilla was vulnerable as well if connecting to SFTP servers. Version 2.2.8 of FileZilla fixes the security holes.
Here's the complete release notes:
- experimental IPv6 support, only works under Windows XP or 2003 Server or newer. Based on patch by Yi-Kwan Chen
- Timestamps in message log
- added IBM MVS support
- On VMS based servers, display of all file revisions can be enabled
- fixed security issues caused by PuTTY
- File transfers did not work on servers returning unquoted paths in the PWD reply