Skip to content

Version 2.6.4
Compare
Choose a tag to compare
@ploxiln ploxiln released this 01 Dec 03:53
· 275 commits to master since this release
2.6.4
40539f0

This patch release includes a fix for a significant security issue.

Fixes:

  • backport #106 / fix paramiko#908: Public key comparison used hash() output (only 32 or 64 bits) - fix to compare full public key values. For more details see https://www.paramiko.org/changelog.html#2.8.1
  • backport #84 / paramiko#1723: RSA key loading swapped "p" and "q" values, which still worked due to openssl recalculating "iqmp", but later versions of pyca/cryptography enforce correctness
Assets 2
Loading