Overview

Welcome to the homepage of FileZilla, the free FTP solution. Both a client and a server are available. FileZilla is open source software distributed free of charge under the terms of the GNU General Public License

Support is available through our forums, the wiki and the bug and feature request trackers.

In addition, you will find documentation on how to compile FileZilla and nightly builds for multiple platforms in the development section.

Quick download links

Pick the client if you want to transfer files. Get the server if you want to make files available for others.

News Atom feed icon

2009-07-02 - FileZilla Client 3.2.6.1 released

Bugfixes and minor changes:

  • Fix FTP over TLS regressions in provided binaries due to two bugs in GnuTLS causing transfer failures
  • OS X: Revert regression in wxWidgets in provided binaries leading to a crash on drag & drop
  • Keep bookmarks menu sorted after adding new bookmarks

2009-06-28 - FileZilla Client 3.2.6 released

Bugfixes and minor changes:

  • Don't display error messages multiple times if modification times of edited file cannot be obtained
  • Fix problems with certificate dialog introduced in 3.2.6-rc1

2009-06-22 - FileZilla Client 3.2.6-rc1 released

New features:

  • FTPS: Display complete certificate chain
  • Add option for stateless local file editing

Bugfixes and minor changes:

  • Fix delete operation on symbolic links
  • Automatically reconnect if necessary to perform drag & drop action like with other actions
  • SFTP: Don't report success if download fails due to lack of disk space
  • MSW and OS X: Link against GnuTLS 2.8.1

2009-03-03 - Security advisory

FileZilla Server 0.9.31 fixes a buffer overflow in the SSL/TLS code.

This vulnerability could potentially be used for denial of service attacks.

Affected versions

All versions prior to 0.9.31 are affected. This vulnerability has been fixed in 0.9.31

2008-07-24 - Security Advisory

FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are handled on SSL/TLS secured data transfers.

If the data connection of a transfer gets closed, FileZilla did not check if the server performed an orderly TLS shutdown.

Impact

An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases.

Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.

Affected versions

All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1

Server sponsored by Hetzner Online AG
Funded by TYPO3 AOE media
Site based on design by BlacKnight