Cross-site request forgery CSRF

I found WinSCP was vulnerable to CSRF in a report several years old.

But, I can't find a ref to it on your site.

I assume the old report was false or you've fixed it.

Would you comment on this to ease my concern.

Great product, use it all the time.

Please post a reference to the report.

I'm not really concerned about the "old" reports. I just asked:

"I assume the old report was false or you've fixed it. Would you comment on this to ease my concern."

However, per your request, just to cite a handful. Google "cross site request forgery winscp" and dozens show up:
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>

etc.

These have been fixed.