|
| 1 | +# wolfSSH v1.4.17 (March 25, 2024) |
| 2 | + |
| 3 | +## Vulnerabilities |
| 4 | + |
| 5 | +* Fixes a vulnerability where a properly crafted SSH client can bypass user |
| 6 | + authentication in the wolfSSH server code. The added fix filters the |
| 7 | + messages that are allowed during different operational states. |
| 8 | + |
| 9 | +## Notes |
| 10 | + |
| 11 | +* When building wolfSSL/wolfCrypt versions before v5.6.6 with CMake, |
| 12 | + wolfSSH may have a problem with RSA keys. This is due to wolfSSH not |
| 13 | + checking on the size of `___uint128_t`. wolfSSH sees the RSA structure |
| 14 | + as the wrong size. You will have to define `HAVE___UINT128_T` if you |
| 15 | + know you have it and are using it in wolfSSL. wolfSSL v5.6.6 exports that |
| 16 | + define in options.h when using CMake. |
| 17 | +* The example server in directory examples/server/server.c has been removed. |
| 18 | + It was never kept up to date, the echoserver did its job as an example and |
| 19 | + test server. |
| 20 | + |
| 21 | +## New Features |
| 22 | + |
| 23 | +* Added functions to set algorithms lists for KEX at run-time, and some |
| 24 | + functions to inspect which algorithms are set or are available to use. |
| 25 | +* In v1.4.15, we had disabled SHA-1 in the build by default. SHA-1 has been |
| 26 | + re-enabled in the build and is now "soft" disabled, where algorithms using |
| 27 | + it can be configured for KEX. |
| 28 | +* Add Curve25519 KEX support for server/client key agreement. |
| 29 | + |
| 30 | +## Improvements |
| 31 | + |
| 32 | +* Clean up some issues when building for Nucleus. |
| 33 | +* Clean up some issues when building for Windows. |
| 34 | +* Clean up some issues when building for QNX. |
| 35 | +* Added more wolfSSHd testing. |
| 36 | +* Added more appropriate build option guard checking. |
| 37 | +* General improvements for the ESP32 builds. |
| 38 | +* Better terminal support in Windows. |
| 39 | +* Better I/O pipes and return codes when running commands or scripts over an |
| 40 | + SSH connection. |
| 41 | + |
| 42 | +## Fixes |
| 43 | + |
| 44 | +* Fix shell terminal window resizing and it sets up the environment better. |
| 45 | +* Fix some corner cases with the SFTP testing. |
| 46 | +* Fix some corner cases with SFTP in general. |
| 47 | +* Fix verifying RSA signatures. |
| 48 | +* Add masking of file mode bits for Zephyr. |
| 49 | +* Fix leak of terminal modes cache. |
| 50 | + |
| 51 | +--- |
| 52 | + |
1 | 53 | # wolfSSH v1.4.15 (December 22, 2023) |
2 | 54 |
|
3 | 55 | ## Vulnerabilities |
|
0 commit comments