Overview
Introduction
Welcome to the homepage of FileZilla, the free FTP solution. Both a client and a server are available. FileZilla is open source software distributed under the terms of the GNU General Public License
Support is available through our forums, the wiki and the bug and feature request trackers.
In addition, you will find documentation on how to compile FileZilla and nightly builds for multiple platforms in the development section.
Quick download links
News 
2008-08-04 - FileZilla Client 3.1.1-rc1 released
New features:
- If using "Ask for password" and "Interactive" logon types, a username is now optional in the Site Manager
- New iconset: OpenCrystal
- MSW: Whether icon sets should be installed or not can be seleted in the installer
Bugfixes and minor changes:
- Fix parsing of URLs containing port number in quickconnect bar
- Fix handling of local write errors if downloading files
- If closing FileZilla, the queue is now properly saved using a backup copy to prevent corruption of queue file
- Slight performance improvement if opening settings dialog, language and theme pages are now populated on demand
- Reply to server's shutdown notification on SSL/TLS secured downloads if connection still open
- After downloading files, local file count did not update
- "My Sites" in Site Manager should not be dragable
- Fix entering IPv6 addresses in Site Manager
- Directory cache was incoherent after renaming a directory
- Several fixes to new socket class
- MSW: Starting a bounding box selection (Windows calls it marquee selection) did not set focus to the file lists
2008-07-30 - FileZilla Server 0.9.27 released
Bugfixes and minor changes:
- An orderly SSL/TLS shutdown was not performed in all cases
- Disallow no-transfer timeouts smaller than 600 seconds
2008-07-24 - Security Advisory
FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are handled on SSL/TLS secured data transfers.
If the data connection of a transfer gets closed, FileZilla did not check if the server performed an orderly TLS shutdown.
Impact
An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases.
Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.
Affected versions
All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1
2008-07-24 - FileZilla Client 3.1.0.1 released
Fixed vulnerabilities:
- Do not report success on SSL/TLS transfers if server did not perform orderly SSL/TLS shutdown. Previously, an attacker could cause truncated files with FileZilla thinking the transfer was successful. All versions prior to this were affected
Bugfixes and minor changes:
- Fix infinite loop in new socket class
- Fix file descriptor/handle leak in new socket class
- Fix locking error if cancelling an operation waiting for a lock held by a different engine
- MSW: In rare cases, initial read event was not triggered on transfer sockets
- Add missing icon in LonE theme