On Wed, 4 Oct 2017, Chris High wrote: > > OpenSSH team, > > The document: http://www.openssh.com/txt/release-7.6 > indicates: > Security > - -------- > > * sftp-server(8): in read-only mode, sftp-server was incorrectly > permitting creation of zero-length files. Reported by Michal > Zalewski. > > But when I look here: https://www.openssh.com/security.html > I don't see this item listed. I've just committed the security.html updated > At what version was this security problem > introduced? Or is this applicable to all versions older than 7.6? All versions that support the read-only mode, so 5.5 onwards _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev