Any update if this could possibly be released in 5.13?
The primary reason I ask is that version 14 is still considered a release candidate, and this is a product deployed widely in our organization. We can’t speak to what sites are users are connecting, or trusted.
@MrPippin: I'll consider it.
But to be honest, this is such a negligible problem.
Are you not trusting your server?
And are you actually using SCP protocol at all?
Any chance this is being backported to 5.13?
Thanks for your post.
I'm sending you an email to the address you have used to register on this forum.
How should a vulnerability in WinSCP be reported?
I would want to keep embargo on the issue while the authors triage the issue, so posting it to this forum likely isn't a good idea.