This release fixes the Log4J CVE by embedding the 2.17.0 version.
| Description | Download Link | SHA256 hashes | SHA512 hashes | PGP Signature file of download | |---|---|---|---| | zip distribution | apache-ftpserver-1.1.2-bin.zip | SHA256 | SHA512 |ASC | | tar.gz distribution | apache-ftpserver-1.1.2-bin.tar.gz | SHA256 | SHA512 | ASC | | tar.bz2 distribution | apache-ftpserver-1.1.2-bin.tar.bz2 | SHA256 | SHA512 | ASC |
It is essential that you verify the integrity of the downloaded files using the PGP signatures. The PGP signatures can be verified using PGP or GPG. Begin by following these steps:
Download the KEYS
Download the asc signature file for the relevant distribution
Verify the signatures using the following commands, depending on your use of PGP or GPG:
$ pgpk -a KEYS $ pgpv apache-ftpserver-1.1.2-bin.tar.gz.asc
or
$ pgp -ka KEYS $ pgp apache-ftpserver-1.1.2-bin.tar.gz.asc apache-ftpserver-1.1.2-bin.tar.gz
or
$ gpg --import KEYS $ gpg --verify apache-ftpserver-1.1.2-bin.tar.gz.asc apache-ftpserver-1.1.2-bin.tar.gz
To use this release in your maven project, the proper dependency configuration that you should use in your Maven POM is:
<dependency> <groupId>org.apache.ftpserver</groupId> <artifactId>ftpserver-core</artifactId> <version>1.1.2</version> </dependency>
| Description | Download Link | SHA256 hashes | SHA512 hashes | PGP Signature file of download | |---|---|---|---| | zip sources | apache-ftpserver-1.1.2-src.zip | SHA256 | SHA512 | ASC | | tar.gz sources | apache-ftpserver-1.1.2-src.tar.gz | SHA256 | SHA512 | ASC | | tar.bz2 sources | apache-ftpserver-1.1.2-src.tar.bz2 | SHA256 | SHA512 | ASC |
$ git clone https://gitbox.apache.org/repos/asf/mina-ftpserver.git $ git checkout ftpserver-parent-1.1.2
You are now on 1.1.2 branch.