Hello, Recently, we've found a vulnerability in our SFTP setup, and couldn't fix it otherwise than completely disabling SFTP. This affects uploading files to the *download* host, namely, the download area and audio-video.gnu.org.
The files still can be uploaded using SCP. What SCP can't do is removing erroneously uploaded files. Before enabling SFTP back in 2022, Savannah admins removed such files manually on request, but these days, we added restricted commands, *rm* and *rmdir*, that can be run via SSH to that end. For specific examples, please check Savannah documentation on uploading files, https://savannah.nongnu.org/maintenance/DownloadArea/ Sorry for the inconvenience, and thank you for your work on free software!
signature.asc
Description: PGP signature
