jsch-0.2.15
What's Changed
- address CVE-2023-48795 by adding support for new strict key exchange extension. by @norrisjeremy in #461
- Add support for
ext-info-in-auth@openssh.com
extension by @norrisjeremy in #461
This release introduces two new config options to control usage of the new strict key exchange extension:
enable_strict_kex
(set to yes by default)require_strict_kex
(set to no by default)
If either option (or both) is enabled, then JSch will attempt to use the new strict key exchange extension.- If the
require_strict_kex
option is enabled and JSch detects the server does not support it, then JSch will terminate the connection and throw an exception. - If the
require_strict_kex
option is not enabled and JSch detects the server does not support it, then JSch will fallback and proceed with the connection without using the new extension.
This gives users the ability to enable a strong security posture if needed and avoid proceeding with connections to potentially insecure servers.
Dependency Updates
- Bump surefire.version from 3.2.2 to 3.2.3 by @dependabot in #458
- Bump actions/upload-artifact from 3 to 4 by @dependabot in #459
- Bump github/codeql-action from 2 to 3 by @dependabot in #460
Full Changelog: jsch-0.2.14...jsch-0.2.15