Symbiosis: Plaintext FTP should be disabled by default
/etc/pure-ftpd/conf/TLS currently appears to be set to 1 which means "Accept both normal sessions and SSL/TLS ones." - my opinion would be that for the next release, we should change this to 2, or even 3. Options are below.
-Y tls behavior -Y 0 (default) disables SSL/TLS security mechanisms. -Y 1 Accept both normal sessions and SSL/TLS ones. -Y 2 refuses connections that aren't using SSL/TLS security mechanisms, including anonymous ones. -Y 3 refuses connections that aren't using SSL/TLS security mechanisms, and refuse cleartext data channels as well. The server must have been compiled with SSL/TLS support and a valid certificate must be in place to accept encrypted sessions.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information