This guide breaks down the core Globalscape terms regarding software patching and support, primarily governed by their Software License and Services Agreement Maintenance & Support (M&S) Plans 1. Patching & Updates Terms Globalscape categorizes updates into two main types: Maintenance Releases : These occur every 3–6 months and provide cumulative and security patches for a major release. Major Releases
: Issued every 9–18 months, these include architectural changes and new features. Ad-hoc Security Patches : For high-rated security issues (based on
scoring), Globalscape may notify customers and provide patches through formal release channels within of validation. Globalscape 2. Maintenance & Support (M&S) Plan Requirements
To access any "patched" versions or updates, you must maintain a current and fully paid Globalscape Free Upgrades
: Active M&S Plan members can update to the next version for free. Expired Plans : If your plan has been expired for more than , you lose eligibility for renewal discounts. Reconnect Fees : A fee applies if your plan has been expired for more than Globalscape 3. Support Lifecycle (EOL & EOSL)
Understanding when patches stop is critical for security compliance: End of Life (EOL)
: Globalscape stops marketing or distributing a specific version. This typically starts when the next major version is released. End of Support Life (EOSL)
: Globalscape ceases all support, including patches. Once EOSL is reached, the software is not improved, repaired, or maintained. Limited Support
: If a version is EOL but you have an active M&S plan, you may get minimal support, but Globalscape will release new maintenance builds or patches for that version. Globalscape 4. Critical Policies to Note "As-Is" Customization
: Custom code or scripts provided by Globalscape consultants are generally delivered
and are not covered by standard maintenance or patching support. Compliance Responsibility : While modules like the Regulatory Compliance Module (RCM)
help enforce security standards (e.g., GDPR, PCI DSS), the customer is responsible for configuring these to remain compliant. Inspection Rights
: Globalscape reserves the right to inspect your premises once per year with reasonable notice to verify compliance with license terms. Globalscape For the most current legal documents, you can review the Globalscape On-Premise Terms Full EOL Policy latest EFT versions currently supported to see if your build is up to date?
Globalscape has released a critical April 2026 update (Version 8.3.2.569) for its EFT platform to patch high-priority vulnerabilities affecting encryption, DMZ connection stability, and OpenSSL libraries. These updates address file corruption risks and security gaps to maintain compliance standards for organizations handling sensitive data. Read the full release notes at Fortra. EFT - Fortra
In the quiet corridors of a major data hub, Alex sat staring at the screen of the Globalscape EFT (Enhanced File Transfer) console. For months, a specific vulnerability in the OpenSSL library had been a ghost in the machine—a potential entry point for digital intruders. globalscape terms patched
The task was clear: implement the latest security update (8.3.2.568). Alex began the process, carefully navigating the EFT administration interface . As the patch progressed, the system logs flickered with activity.
"OpenSSL updated from 3.5.0 to 3.6.1," the terminal read. With the core security fortified, Alex turned to the Terms of Service (ToS). The legal team had insisted on a mandatory agreement for every user login to comply with new global regulations.
Alex opened the TermsOfService.json file in the Globalscape Web Templates directory. He replaced the "lorem ipsum" placeholder with the official legal text, ensuring the content label remained intact. To make the prompt persistent, he modified the customization.js file, adding the snippet: gsb.util.cookie.setCookie("tosAccepted",!0,0).
As the clock struck midnight, the system rebooted. Alex logged into the Web Transfer Client (WTC) to test. A crisp, mandatory dialog box appeared, presenting the updated terms. He clicked "I agree," and the dashboard opened smoothly, revealing the new Fortress threat brain widget displaying zero blocked IP addresses.
The ghost was gone. The terms were set. The hub was secure once more.
globalscape.com/Print11235.aspx">configuring Event Rules for secure file transfers?
Globalscape Terms Patched: A Comprehensive Report
Introduction
Globalscape is a popular file transfer protocol (FTP) client used by organizations to securely transfer files over the internet. Recently, a series of vulnerabilities were discovered in Globalscape, which could potentially allow attackers to exploit sensitive information and compromise the security of organizations using the software. In response, Globalscape released a patch to address these vulnerabilities, and this report aims to provide an in-depth overview of the patched terms.
Background
Globalscape is a widely used FTP client that provides a secure and reliable way to transfer files between organizations. Its features include support for multiple protocols, advanced security options, and a user-friendly interface. However, like any software, Globalscape is not immune to vulnerabilities, and recent discoveries have highlighted the need for patching.
Vulnerabilities Discovered
The vulnerabilities discovered in Globalscape include:
Patching and Fixes
Globalscape has released a patch to address these vulnerabilities, which includes the following fixes:
Technical Details of the Patch
The patch released by Globalscape includes the following technical fixes:
Affected Versions and Upgrade Path
The following Globalscape versions are affected by these vulnerabilities:
To address these vulnerabilities, users should upgrade to Globalscape 8.0.5 or later, or 7.2.2 or later.
Conclusion
The patch released by Globalscape addresses critical vulnerabilities that could have allowed attackers to compromise the security of organizations using the software. The fixes included in the patch improve authentication and authorization, input validation and sanitization, and JavaScript injection protection. Users of Globalscape should immediately apply the patch to ensure the security of their file transfer operations.
Recommendations
Timeline
Credits
References
Globalscape, now a part of Fortra, has released critical patches for its Enhanced File Transfer (EFT) platform to address high-severity vulnerabilities, including authentication bypass and denial-of-service (DoS) flaws. Most recently, version 8.3.2.568 was released in early 2026 to address critical third-party library vulnerabilities. Critical Vulnerabilities & Patches
CVE-2025-15467 (OpenSSL Update): Addressed in EFT v8.3.2 (released February 2026), this patch upgraded the OpenSSL library to v3.6.1 to mitigate security risks associated with the underlying encryption toolkit. This guide breaks down the core Globalscape terms
CVE-2023-2989 (Authentication Bypass): A flaw in the administration server for versions prior to 8.1.0.16 allowed remote attackers to bypass authentication or crash the service. This was fully patched in version 8.1.0.16.
CVE-2023-2990 (Recursive Deflate Stream DoS): This vulnerability allowed for a service crash via recursively compressed packets sent to the administrator port. It was patched in version 8.1.0.16.
Zip Slip Vulnerability: Patched to prevent directory traversal when performing compression or decompression within the EFT environment. Patching and Upgrade Resources
To ensure your environment remains secure, Globalscape and Fortra provide several official resources:
Multiple Vulnerabilities in Fortra Globalscape EFT ... - Rapid7
Title: Security Patch Analysis: Addressing Critical Vulnerabilities in Globalscape EFT
Abstract
This paper provides an overview of recent security patches released for Globalscape Enhanced File Transfer (EFT), a widely used managed file transfer (MFT) solution. In late 2023 and early 2024, security researchers identified several critical vulnerabilities—most notably within the administrative web interface—that allowed for pre-authentication remote code execution (RCE) and privilege escalation. This analysis details the nature of these "Globalscape terms patched" vulnerabilities, specifically focusing on CVE-2024-32733 and related exploits. It examines the technical mechanics of the flaws, the potential impact on enterprise data security, and the remediation steps required to secure affected systems. The paper concludes with recommendations for proactive vulnerability management in MFT environments.
Prior to the full RCE discovery, researchers also identified issues related to authentication logic. Patches released in version 8.1.0.x addressed how the application handled session tokens and cookie validation. Attackers could potentially manipulate request headers to bypass the login screen and access administrative functions.
Unpatched software (older than 6 months from latest patch) receives only “best-effort” support, not guaranteed response times.
To understand severity, consider this hypothetical but realistic attack chain:
IF user = compliance_officer THEN log_all_activity to IF false THEN log_all_activity, disabling auditing.Post-patch: Any attempt to modify term logic triggers an immediate administrative alert and rolls back the change within 2 seconds.
“Globalscape may provide Patches to the Software from time to time. Patches are licensed under the same terms as the Software unless otherwise stated in the Patch documentation. You agree to apply all Security Patches within thirty (30) days of receipt. Failure to apply Patches may void your right to technical support and any warranties.”