By now most people will have heard of the POODLE SSL vulnerability, a flaw in the SSL 3.0 protocol that affects FTPS and HTTPS. We’ve recently blogged about POODLE in some detail. We’ve spent the last couple of weeks updating our products to deal with POODLE, and can today say that the latest versions of all our products now disable SSLv3 by default – the simplest way to prevent POODLE from being exploited. SSLv3 was superceded 15 years ago, and it is now reasonable to expect support for TLS 1.0 or higher. Products modified include CompleteFTP, edtFTPnet/PRO and edtFTPj/PRO. POODLE highlights the importance of keeping security software in your organization up-to-date. Many companies use secure FTP (FTP over SSL/TLS) to transfer highly confidential documents between different business locations, and users of any of the products above should be upgrading as soon as possible. The cost of maintaining a support agreement is minuscule compared to the potential loss from malicious hacking.