Skip to content

Latest commit

 

History

History
204 lines (204 loc) · 19.1 KB

ChangeLog.md

File metadata and controls

204 lines (204 loc) · 19.1 KB
Raw
  • 0.2.22
    • Add support for sntrup761x25519-sha512 KEX algorithm.
    • Add support for mlkem768x25519-sha256, mlkem768nistp256-sha256 & mlkem1024nistp384-sha384 KEX algorithms.
  • 0.2.21
    • #692 Update Deflate.java by @mjmst74.
  • 0.2.20
    • #529 Update Hostkey.getFingerprint() method to output more moden format first introduced with OpenSSH 6.8.
    • #622 Add stack trace to log message when an exception occurs during authentication.
    • #649 Incorrect Oid for service name in GSSAPI authentication.
  • 0.2.19
    • Enforce DHGEX prime modulus bit length meets configured constraints.
    • #604 Fix possible rekeying timeouts.
  • 0.2.18
    • #565 Handle negated patterns according to ssh_config(5) by @bmiddaugh.
  • 0.2.17
    • Add PBKDF2-HMAC-SHA512/256 & PBKDF2-HMAC-SHA512/224, which are both supported as of Java 21.
  • 0.2.16
    • Add support for [email protected] KEX algorithm.
    • Switch to bnd-maven-plugin in order to support Multi-Release OSGi bundle JAR's via supplemental manifest files.
    • Introduce JSchProxyException to replace generic JschException in Proxy implementations by @mvegter in #467
  • 0.2.15
  • 0.2.14
    • #450 use Socket.connect() with a timeout that has been supported since Java 1.4 instead of using old method of creating a separate thread and joining to that thread with timeout.
  • 0.2.13
    • #411 Add flush operation from Fix added is/jsch#39, with new config option to allow disabling in case it causes regressions.
    • #403 add a warning when Channel.getInputStream() or Channel.getExtInputStream() is called after Channel.connect().
  • 0.2.12
    • Further refine previous fixes for windows line endings in PEM keys from #369 & #362.
    • replace call to BigInteger.intValueExact to remain comptaible with Android #397
    • Introduce JSchSessionDisconnectException to allow the reasonCode to be retrieved without String parsing #416
    • Introduce specific JSchException for HostKey related failures #410
  • 0.2.11
    • #369 fix multi-line PEM key parsing to work with windows line endings due to regression from previous fix for #362.
  • 0.2.10
    • Fix new Java 21 compiler warning: possible 'this' escape before subclass is fully initialized.
    • Tweak OSGi bundle manifest to allow Log4j 3.
    • #362 fix PEM key parsing to work with windows line endings.
    • #361 guard against UIKeyboardInteractive implementations that include NULL elements in the String[] returned from promptKeyboardInteractive().
    • Add a default implmentation of the deprecated decrypt() method to the Identity interface that throws an UnsupportedOperationException.
  • 0.2.9
    • #293 allow UserAuthNone to be extended.
    • Make JGSS module optional.
    • Tweak OSGi bundle manifest:
      • Avoid self-import.
      • Mark JGSS as optional.
      • Loosen import versions of dependencies.
    • Correctly adhere to the Multi-release JAR spec by ensuring all public classes under versioned directories preside over classes present in the top-level directory.
    • Eliminate stray System.err.println() calls.
    • Change PageantConnector to use JNA's built-in support for User32.SendMessage().
  • 0.2.8
    • #287 add algorithm type information to algorithm negotiation logs.
    • #289 wrap NoClassDefFoundError's for invalid private keys.
  • 0.2.7
    • Fix exception logging in Log4j2Logger.
    • #265 change buffer_margin computation to be dynamic based upon the MAC to allow connections that advertise small maximum packet sizes.
    • #266 fix PuTTY key parsing to work with unix line endings.
    • Add support for ECDSA & EdDSA type PuTTY keys.
    • #71 add support for PuTTY version 3 format keys.
      • Encrypted PuTTY version 3 format keys requires Bouncy Castle (bcprov-jdk18on).
    • Eliminate KeyPairDeferred and instead change handling of OpenSSH V1 type keys to be more like other KeyPair types.
    • Be more vigilant about clearing private key data.
    • Improve PKCS8 key handling and add support for PKCS5 2.1 encryption.
    • Add support for ECDSA type PKCS8 keys.
    • Add support for SCrypt type KDF for PKCS8 keys.
      • PKCS8 keys using SCrypt requires Bouncy Castle (bcprov-jdk18on).
    • Add support for EdDSA type PKCS8 keys.
    • Attempt to authenticate using other signature algorithms supported by the same public key.
      • Allow this behavior to be disabled via try_additional_pubkey_algorithms config option.
        • Some servers incorrectly respond with SSH_MSG_USERAUTH_PK_OK to an initial auth query that they don't actually support for RSA keys.
    • Add a new config option enable_pubkey_auth_query to allow skipping auth queries and proceed directly to attempting full SSH_MSG_USERAUTH_REQUEST's.
    • Add a new config option enable_auth_none to control whether an initial auth request for the method none is sent to detect all supported auth methods available on the server.
  • 0.2.6
    • Include host alias instead of the real host in messages and exceptions by @ShadelessFox in #257
    • Fix missing keySize set when loading V1 RSA keys by @Alex-Vol-Amz in #258
    • Enhancement to present KeyPair.getKeyTypeString() method by @Alex-Vol-Amz in #259
  • 0.2.5
    • Explictly free resources in Compression implementations in #241
    • Fix integration test failures on Apple Silicon by skipping OpenSSH 7.4 tests by @norrisjeremy in #227
    • generate osgi bundle manifest data for jar #248 by @mwiede in #249
  • 0.2.4
    • When connections fail due to an algorithm negotiation failure, throw a JSchAlgoNegoFailException that extends JSchException.
      • The new JSchAlgoNegoFailException details which specific algorithm negotiation failed, along with what both JSch and the server proposed.
  • 0.2.3
    • #188 fix private key length checks for ssh-ed25519 & ssh-ed448. by @norrisjeremy in #189
  • 0.2.2
    • misc improvements by @norrisjeremy in #152
    • Fixing Issue #131 by @kimmerin in #134
  • 0.2.1
    • Allow to set a Logger per JSch-instance rather than a VM-wide one #128
    • Preliminary changes prior to Javadoc work #126
    • Remove check to allow setting any filename encoding with any server version #137 #142
  • 0.2.0
    • Disable RSA/SHA1 signature algorithm by default #75
    • Add basic Logger implementations that can be optionally utilized with JSch.setLogger():
    • Fix client version to be compliant with RFC 4253 section 4.2 by not including minus sign characters #115
    • Add java.util.zip based compression implementation #114
      • This is based upon the CompressionJUZ implementation posted to the JSch-users mailing list in 2012 by the original JSch author
      • The existing JZlib implementation remains the default to maintain strict RFC 4253 section 6.2 compliance
        • To use the new implementation globally, execute JSch.setConfig("[email protected]", "com.jcraft.jsch.juz.Compression") + JSch.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
        • To use the new implementation per session, execute session.setConfig("[email protected]", "com.jcraft.jsch.juz.Compression") + session.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
  • 0.1.72
  • 0.1.71
    • Address #98 by restoring JSch.VERSION
  • 0.1.70
    • Address #89 by fixing rare ECDSA signature validation issue
    • Address #93 by always setting the "want reply" flag for "env" type channel requests to false
  • 0.1.69
    • Address #83 by sending CR LF at the end of the identification string
    • Fix earlier change for #76 that failed to correctly make the "Host" keyword case-insensitive
    • Fix PageantConnector struct class visibility #86
  • 0.1.68
  • 0.1.67
    • Added support for the blowfish-ctr algorithm from RFC 4344
    • Fix bug where ext-info-c was incorrectly advertised during rekeying
      • According to RFC 8308 section 2.1, ext-info-c should only advertised during the first key exchange
    • Address #77 by attempting to add compatibility with older Bouncy Castle releases
  • 0.1.66
  • 0.1.65
    • Added system properties to allow manipulation of various crypto algorithms used by default
    • Integrated JZlib, allowing use of [email protected] & zlib compressions without the need to provide the JZlib jar-file
    • Modularized the jar-file for use with Java 9 or newer
    • Added runtime controls for the min/max/preferred sizes used for diffie-hellman-group-exchange-sha256 & diffie-hellman-group-exchange-sha1
    • Renamed PubkeyAcceptedKeyTypes config to PubkeyAcceptedAlgorithms to match recent changes in OpenSSH (PubkeyAcceptedKeyTypes is still accepted for backward compatibility)
    • Reduced number of algorithms that are runtime checked by default via CheckCiphers, CheckMacs, CheckKexes & CheckSignatures to improve runtime performance
    • Added config options dhgex_min, dhgex_max & dhgex_preferred to allow runtime manipulation of key size negotiation in diffie-hellman-group-exchange type Kex algorithms
      • Default values are:
      • dhgex_min = 2048
      • dhgex_max = 8192
      • dhgex_preferred = 3072
  • 0.1.64 Fixing #55
  • 0.1.63 Fixing #42
  • 0.1.62 bugfixes and code cleanup
  • 0.1.61
    • Add support for [email protected], ssh-ed25519, ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512 & diffie-hellman-group17-sha512. This makes use of the new EdDSA feature added in Java 15's JEP 339. #17
    • added integration test for public key authentication #19
  • 0.1.60
    • support for openssh-v1-private-key format opensshFormat.md.
    • Fix bug with AEAD ciphers when compression is used. #15
  • 0.1.59 fixing issue from https://sourceforge.net/p/jsch/mailman/message/36872566/
  • 0.1.58 support for more algorithms contributed by @norrisjeremy see #4
  • 0.1.57 support for rsa-sha2-256 and rsa-sha2-512. #1
  • 0.1.56 support for [email protected] (see SocketForwardingL.java)