Skip to content

Latest commit

 

History

History
184 lines (184 loc) · 17.3 KB

ChangeLog.md

File metadata and controls

184 lines (184 loc) · 17.3 KB
Raw
  • 0.2.15
    • address CVE-2023-48795 by adding support for new strict key exchange extension
    • Add support for ext-info-in-auth@openssh.com extension
  • 0.2.14
    • #450 use Socket.connect() with a timeout that has been supported since Java 1.4 instead of using old method of creating a separate thread and joining to that thread with timeout.
  • 0.2.13
    • #411 Add flush operation from Fix added is/jsch#39, with new config option to allow disabling in case it causes regressions.
    • #403 add a warning when Channel.getInputStream() or Channel.getExtInputStream() is called after Channel.connect().
  • 0.2.12
    • Further refine previous fixes for windows line endings in PEM keys from #369 & #362.
    • replace call to BigInteger.intValueExact to remain comptaible with Android #397
    • Introduce JSchSessionDisconnectException to allow the reasonCode to be retrieved without String parsing #416
    • Introduce specific JSchException for HostKey related failures #410
  • 0.2.11
    • #369 fix multi-line PEM key parsing to work with windows line endings due to regression from previous fix for #362.
  • 0.2.10
    • Fix new Java 21 compiler warning: possible 'this' escape before subclass is fully initialized.
    • Tweak OSGi bundle manifest to allow Log4j 3.
    • #362 fix PEM key parsing to work with windows line endings.
    • #361 guard against UIKeyboardInteractive implementations that include NULL elements in the String[] returned from promptKeyboardInteractive().
    • Add a default implmentation of the deprecated decrypt() method to the Identity interface that throws an UnsupportedOperationException.
  • 0.2.9
    • #293 allow UserAuthNone to be extended.
    • Make JGSS module optional.
    • Tweak OSGi bundle manifest:
      • Avoid self-import.
      • Mark JGSS as optional.
      • Loosen import versions of dependencies.
    • Correctly adhere to the Multi-release JAR spec by ensuring all public classes under versioned directories preside over classes present in the top-level directory.
    • Eliminate stray System.err.println() calls.
    • Change PageantConnector to use JNA's built-in support for User32.SendMessage().
  • 0.2.8
    • #287 add algorithm type information to algorithm negotiation logs.
    • #289 wrap NoClassDefFoundError's for invalid private keys.
  • 0.2.7
    • Fix exception logging in Log4j2Logger.
    • #265 change buffer_margin computation to be dynamic based upon the MAC to allow connections that advertise small maximum packet sizes.
    • #266 fix PuTTY key parsing to work with unix line endings.
    • Add support for ECDSA & EdDSA type PuTTY keys.
    • #71 add support for PuTTY version 3 format keys.
      • Encrypted PuTTY version 3 format keys requires Bouncy Castle (bcprov-jdk18on).
    • Eliminate KeyPairDeferred and instead change handling of OpenSSH V1 type keys to be more like other KeyPair types.
    • Be more vigilant about clearing private key data.
    • Improve PKCS8 key handling and add support for PKCS5 2.1 encryption.
    • Add support for ECDSA type PKCS8 keys.
    • Add support for SCrypt type KDF for PKCS8 keys.
      • PKCS8 keys using SCrypt requires Bouncy Castle (bcprov-jdk18on).
    • Add support for EdDSA type PKCS8 keys.
    • Attempt to authenticate using other signature algorithms supported by the same public key.
      • Allow this behavior to be disabled via try_additional_pubkey_algorithms config option.
        • Some servers incorrectly respond with SSH_MSG_USERAUTH_PK_OK to an initial auth query that they don't actually support for RSA keys.
    • Add a new config option enable_pubkey_auth_query to allow skipping auth queries and proceed directly to attempting full SSH_MSG_USERAUTH_REQUEST's.
    • Add a new config option enable_auth_none to control whether an initial auth request for the method none is sent to detect all supported auth methods available on the server.
  • 0.2.6
    • Include host alias instead of the real host in messages and exceptions by @ShadelessFox in mwiede#257
    • Fix missing keySize set when loading V1 RSA keys by @Alex-Vol-Amz in mwiede#258
    • Enhancement to present KeyPair.getKeyTypeString() method by @Alex-Vol-Amz in mwiede#259
  • 0.2.5
    • Explictly free resources in Compression implementations in mwiede#241
    • Fix integration test failures on Apple Silicon by skipping OpenSSH 7.4 tests by @norrisjeremy in mwiede#227
    • generate osgi bundle manifest data for jar #248 by @mwiede in mwiede#249
  • 0.2.4
    • When connections fail due to an algorithm negotiation failure, throw a JSchAlgoNegoFailException that extends JSchException.
      • The new JSchAlgoNegoFailException details which specific algorithm negotiation failed, along with what both JSch and the server proposed.
  • 0.2.3
    • #188 fix private key length checks for ssh-ed25519 & ssh-ed448. by @norrisjeremy in mwiede#189
  • 0.2.2
  • 0.2.1
    • Allow to set a Logger per JSch-instance rather than a VM-wide one #128
    • Preliminary changes prior to Javadoc work #126
    • Remove check to allow setting any filename encoding with any server version #137 #142
  • 0.2.0
    • Disable RSA/SHA1 signature algorithm by default #75
    • Add basic Logger implementations that can be optionally utilized with JSch.setLogger():
    • Fix client version to be compliant with RFC 4253 section 4.2 by not including minus sign characters #115
    • Add java.util.zip based compression implementation #114
      • This is based upon the CompressionJUZ implementation posted to the JSch-users mailing list in 2012 by the original JSch author
      • The existing JZlib implementation remains the default to maintain strict RFC 4253 section 6.2 compliance
        • To use the new implementation globally, execute JSch.setConfig("zlib@openssh.com", "com.jcraft.jsch.juz.Compression") + JSch.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
        • To use the new implementation per session, execute session.setConfig("zlib@openssh.com", "com.jcraft.jsch.juz.Compression") + session.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
  • 0.1.72
    • Switch chacha20-poly1305@openssh.com algorithm to a pure Bouncy Castle based implementation
    • implement openssh config behavior to handle append, prepend and removal of algorithms #104
  • 0.1.71
    • Address #98 by restoring JSch.VERSION
  • 0.1.70
    • Address #89 by fixing rare ECDSA signature validation issue
    • Address #93 by always setting the "want reply" flag for "env" type channel requests to false
  • 0.1.69
    • Address #83 by sending CR LF at the end of the identification string
    • Fix earlier change for #76 that failed to correctly make the "Host" keyword case-insensitive
    • Fix PageantConnector struct class visibility #86
  • 0.1.68
    • Added support for the rijndael-cbc@lysator.liu.se algorithm
    • Added support for the hmac-ripemd160, hmac-ripemd160@openssh.com and hmac-ripemd160-etm@openssh.com algorithms using Bouncy Castle
    • Added support for various algorithms from RFC 4253 and RFC 4344 using Bouncy Castle
      • cast128-cbc
      • cast128-ctr
      • twofish-cbc
      • twofish128-cbc
      • twofish128-ctr
      • twofish192-cbc
      • twofish192-ctr
      • twofish256-cbc
      • twofish256-ctr
    • Added support for the seed-cbc@ssh.com algorithm using Bouncy Castle
    • Address #76 by making the "Host" keyword case-insensitive
  • 0.1.67
    • Added support for the blowfish-ctr algorithm from RFC 4344
    • Fix bug where ext-info-c was incorrectly advertised during rekeying
      • According to RFC 8308 section 2.1, ext-info-c should only advertised during the first key exchange
    • Address #77 by attempting to add compatibility with older Bouncy Castle releases
  • 0.1.66
    • Added support for RFC 8308 extension negotiation and server-sig-algs extension
      • This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or jsch.enable_server_sig_algs system property)
      • When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication
      • Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 & rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for OpenSSH bug 2680
    • Added support for various algorithms supported by Tectia (ssh.com):
      • diffie-hellman-group14-sha224@ssh.com
      • diffie-hellman-group14-sha256@ssh.com
      • diffie-hellman-group15-sha256@ssh.com
      • diffie-hellman-group15-sha384@ssh.com
      • diffie-hellman-group16-sha384@ssh.com
      • diffie-hellman-group16-sha512@ssh.com
      • diffie-hellman-group18-sha512@ssh.com
      • diffie-hellman-group-exchange-sha224@ssh.com
      • diffie-hellman-group-exchange-sha384@ssh.com
      • diffie-hellman-group-exchange-sha512@ssh.com
      • hmac-sha224@ssh.com
      • hmac-sha256@ssh.com
      • hmac-sha256-2@ssh.com
      • hmac-sha384@ssh.com
      • hmac-sha512@ssh.com
      • ssh-rsa-sha224@ssh.com
      • ssh-rsa-sha256@ssh.com
      • ssh-rsa-sha384@ssh.com
      • ssh-rsa-sha512@ssh.com
    • Added support for SHA224 to FingerprintHash
    • Fixing #52
    • Deprecate void setFilenameEncoding(String encoding) in favor of void setFilenameEncoding(Charset encoding) in ChannelSftp
    • Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to ChannelAgentForwarding
    • Address #65 by adding ssh-agent support derived from jsch-agent-proxy
      • See examples/JSchWithAgentProxy.java for simple example
      • ssh-agent support requires either Java 16's JEP 380 or the addition of junixsocket to classpath
      • Pageant support is untested & requires the addition of JNA to classpath
    • Added support for the following algorithms with older Java releases by using Bouncy Castle:
      • ssh-ed25519
      • ssh-ed448
      • curve25519-sha256
      • curve25519-sha256@libssh.org
      • curve448-sha512
      • chacha20-poly1305@openssh.com
  • 0.1.65
    • Added system properties to allow manipulation of various crypto algorithms used by default
    • Integrated JZlib, allowing use of zlib@openssh.com & zlib compressions without the need to provide the JZlib jar-file
    • Modularized the jar-file for use with Java 9 or newer
    • Added runtime controls for the min/max/preferred sizes used for diffie-hellman-group-exchange-sha256 & diffie-hellman-group-exchange-sha1
    • Renamed PubkeyAcceptedKeyTypes config to PubkeyAcceptedAlgorithms to match recent changes in OpenSSH (PubkeyAcceptedKeyTypes is still accepted for backward compatibility)
    • Reduced number of algorithms that are runtime checked by default via CheckCiphers, CheckMacs, CheckKexes & CheckSignatures to improve runtime performance
    • Added config options dhgex_min, dhgex_max & dhgex_preferred to allow runtime manipulation of key size negotiation in diffie-hellman-group-exchange type Kex algorithms
      • Default values are:
      • dhgex_min = 2048
      • dhgex_max = 8192
      • dhgex_preferred = 3072
  • 0.1.64 Fixing #55
  • 0.1.63 Fixing #42
  • 0.1.62 bugfixes and code cleanup
  • 0.1.61
    • Add support for chacha20-poly1305@openssh.com, ssh-ed25519, ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512 & diffie-hellman-group17-sha512. This makes use of the new EdDSA feature added in Java 15's JEP 339. #17
    • added integration test for public key authentication #19
  • 0.1.60
    • support for openssh-v1-private-key format opensshFormat.md.
    • Fix bug with AEAD ciphers when compression is used. #15
  • 0.1.59 fixing issue from https://sourceforge.net/p/jsch/mailman/message/36872566/
  • 0.1.58 support for more algorithms contributed by @norrisjeremy see #4
  • 0.1.57 support for rsa-sha2-256 and rsa-sha2-512. #1
  • 0.1.56 support for direct-streamlocal@openssh.com (see SocketForwardingL.java)