Releases: mwiede/jsch
Releases Β· mwiede/jsch
jsch-0.2.23
What's Changed
- #752: Add getKeys to JSch which makes access to all the config values⦠by @davsclaus in #753
- #560 treat openssh config values ConnectTimeout and ServerAliveInterval as seconds. by @mwiede in #755
Dependency Updates
- 0.2.23 changes by @norrisjeremy in #745
- Bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot in #746
- Bump commons-codec:commons-codec from 1.17.1 to 1.17.2 by @dependabot in #748
- Bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #747
- Bump org.bouncycastle:bcprov-jdk18on from 1.79 to 1.80 by @dependabot in #749
New Contributors
- @davsclaus made their first contribution in #753
Full Changelog: jsch-0.2.22...jsch-0.2.23
Contributors
davsclaus, mwiede, and 2 other contributors
Assets 2
jsch-0.2.22
What's Changed
- 0.2.22 changes by @norrisjeremy in #705
- Add support for
sntrup761x25519-sha512KEX algorithm.
-- As with[email protected], this requires Bouncy Castle. - Add support for
mlkem768x25519-sha256,mlkem768nistp256-sha256&mlkem1024nistp384-sha384KEX algorithms.
-- As withsntrup761x25519-sha512&[email protected], this requires Bouncy Castle.
-- Once Alpine Linux 3.21 is released (hopefully later this year), we can switchDockerfile.openssh99over to using it instead of Alpine Linux Edge for the integration tests.
-- Also, once JEP-496 is integrated into OpenJDK (hopefully for the Java 24 release due next year), we can then add an implementation of the ML-KEM KEX algorithms that doesn't rely on Bouncy Castle. - Run tests on Java 23.
- Add support for
- fix(#739) SignatureECDSAN destroying private key by @ikucuze in #740
Dependency Updates
- Bump surefire.version from 3.5.1 to 3.5.2 by @dependabot in #703
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.11.1 by @dependabot in #704
- Bump org.bouncycastle:bcprov-jdk18on from 1.78.1 to 1.79 by @dependabot in #702
- Bump JamesIves/github-pages-deploy-action from 4.6.8 to 4.6.9 by @dependabot in #706
- Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #707
- Bump github/codeql-action from 3.27.1 to 3.27.4 by @dependabot in #711
- Bump org.testcontainers:junit-jupiter from 1.20.3 to 1.20.4 by @dependabot in #713
- Bump log4j.version from 2.24.1 to 2.24.2 by @dependabot in #712
- Bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #716
- Bump commons-io:commons-io from 2.17.0 to 2.18.0 by @dependabot in #715
- Bump errorprone.version from 2.35.1 to 2.36.0 by @dependabot in #714
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.9.0 to 2.9.1 by @dependabot in #718
- Bump JamesIves/github-pages-deploy-action from 4.6.9 to 4.7.1 by @dependabot in #720
- Bump biz.aQute.bnd:bnd-maven-plugin from 7.0.0 to 7.1.0 by @dependabot in #719
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2 by @dependabot in #722
- Bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot in #725
- Bump JamesIves/github-pages-deploy-action from 4.7.1 to 4.7.2 by @dependabot in #724
- Bump github/codeql-action from 3.27.6 to 3.27.9 by @dependabot in #728
- Bump org.junit.jupiter:junit-jupiter from 5.11.3 to 5.11.4 by @dependabot in #730
- Bump log4j.version from 2.24.2 to 2.24.3 by @dependabot in #729
- Bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot in #736
- Bump actions/setup-java from 4.5.0 to 4.6.0 by @dependabot in #735
- Bump jna.version from 5.15.0 to 5.16.0 by @dependabot in #733
- Bump com.kohlschutter:compiler-annotations from 1.7.4 to 1.8.0 by @dependabot in #731
- Bump actions/cache from 4.1.2 to 4.2.0 by @dependabot in #723
- Bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #734
New Contributors
Full Changelog: jsch-0.2.21...jsch-0.2.22
Contributors
norrisjeremy, dependabot, and ikucuze
Assets 2
jsch-0.2.21
What's Changed
Dependency Updates
- Bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in #658
- Bump junixsocket.version from 2.10.0 to 2.10.1 by @dependabot in #659
- Bump commons-io:commons-io from 2.16.1 to 2.17.0 by @dependabot in #660
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.1 to 2.8.2 by @dependabot in #663
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.6 to 3.2.7 by @dependabot in #662
- Bump org.junit.jupiter:junit-jupiter from 5.11.0 to 5.11.1 by @dependabot in #665
- Bump JamesIves/github-pages-deploy-action from 4.6.4 to 4.6.8 by @dependabot in #667
- Bump actions/setup-java from 4.3.0 to 4.4.0 by @dependabot in #668
- Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #666
- Bump log4j.version from 2.23.1 to 2.24.1 by @dependabot in #664
- Bump org.junit.jupiter:junit-jupiter from 5.11.1 to 5.11.2 by @dependabot in #674
- Bump surefire.version from 3.5.0 to 3.5.1 by @dependabot in #671
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.10.1 by @dependabot in #675
- Bump org.testcontainers:junit-jupiter from 1.20.1 to 1.20.2 by @dependabot in #676
- Bump actions/upload-artifact from 4.4.0 to 4.4.1 by @dependabot in #678
- Bump github/codeql-action from 3.26.8 to 3.26.12 by @dependabot in #679
- Bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in #683
- Bump actions/upload-artifact from 4.4.1 to 4.4.3 by @dependabot in #682
- Bump org.junit.jupiter:junit-jupiter from 5.11.2 to 5.11.3 by @dependabot in #687
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.7.0 to 3.8.0 by @dependabot in #688
- Bump errorprone.version from 2.32.0 to 2.34.0 by @dependabot in #686
- Bump actions/cache from 4.0.2 to 4.1.1 by @dependabot in #684
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.2 to 2.9.0 by @dependabot in #681
- Bump de.thetaphi:forbiddenapis from 3.7 to 3.8 by @dependabot in #672
- Bump actions/checkout from 4.2.0 to 4.2.2 by @dependabot in #689
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.0 to 3.8.1 by @dependabot in #695
- Bump org.testcontainers:junit-jupiter from 1.20.2 to 1.20.3 by @dependabot in #697
- Bump actions/cache from 4.1.1 to 4.1.2 by @dependabot in #699
- Bump actions/setup-java from 4.4.0 to 4.5.0 by @dependabot in #700
- Bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #698
- Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.5.0 to 3.6.0 by @dependabot in #696
- Bump errorprone.version from 2.34.0 to 2.35.1 by @dependabot in #694
- Bump org.apache.maven.plugins:maven-site-plugin from 3.20.0 to 3.21.0 by @dependabot in #693
New Contributors
Full Changelog: jsch-0.2.20...jsch-0.2.21
Contributors
mjmst74 and dependabot
Assets 2
jsch-0.2.20
What's Changed
- Incorrect Oid for service name in GSSAPI authentication. Fix #648 by @vpinna80 in #649
- Update
Hostkey.getFingerprint()method to output more moden format first introduced with OpenSSH 6.8. by @norrisjeremy in #638 for #529 - Add stack trace to log message when an exception occurs during authentication. by @norrisjeremy in #638 for #622
Dependency Updates
- Bump actions/upload-artifact from 4.3.4 to 4.3.6 by @dependabot in #616
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.5 by @dependabot in #619
- Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.16 by @dependabot in #620
- Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.2 to 3.1.3 by @dependabot in #627
- Bump org.apache.maven.plugins:maven-install-plugin from 3.1.2 to 3.1.3 by @dependabot in #628
- Bump com.kohlschutter:compiler-annotations from 1.7.3 to 1.7.4 by @dependabot in #631
- Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 by @dependabot in #632
- Bump surefire.version from 3.3.1 to 3.4.0 by @dependabot in #630
- Bump org.junit.jupiter:junit-jupiter from 5.10.3 to 5.11.0 by @dependabot in #629
- Bump github/codeql-action from 3.25.15 to 3.26.3 by @dependabot in #626
- Bump github/codeql-action from 3.26.3 to 3.26.5 by @dependabot in #636
- Bump JamesIves/github-pages-deploy-action from 4.6.3 to 4.6.4 by @dependabot in #645
- Bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot in #647
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.5 to 3.2.6 by @dependabot in #653
- Bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #656
- Bump errorprone.version from 2.29.2 to 2.32.0 by @dependabot in #655
- Bump jna.version from 5.14.0 to 5.15.0 by @dependabot in #654
- Bump actions/setup-java from 4.2.2 to 4.3.0 by @dependabot in #651
- Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #646
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.10.0 by @dependabot in #642
- Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.4.0 to 3.5.0 by @dependabot in #635
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.1 to 3.8.0 by @dependabot in #634
- Bump surefire.version from 3.4.0 to 3.5.0 by @dependabot in #643
New Contributors
Full Changelog: jsch-0.2.19...jsch-0.2.20
Contributors
norrisjeremy, vpinna80, and dependabot
Assets 2
jsch-0.2.19
What's Changed
- Enforce DHGEX prime modulus bit length meets configured constraints by @norrisjeremy in #585
- Fix possible rekeying timeouts by @norrisjeremy in #605
Dependency Updates
- Bump net.revelc.code.formatter:formatter-maven-plugin from 2.24.0 to 2.24.1 by @dependabot in #574
- Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 by @dependabot in #573
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.0 by @dependabot in #579
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 by @dependabot in #580
- Bump surefire.version from 3.2.5 to 3.3.0 by @dependabot in #578
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.0 to 3.7.1 by @dependabot in #583
- Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 by @dependabot in #584
- Bump org.junit.jupiter:junit-jupiter from 5.10.2 to 5.10.3 by @dependabot in #587
- Bump com.kohlschutter:compiler-annotations from 1.7.2 to 1.7.3 by @dependabot in #588
- Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.2 to 3.4.0 by @dependabot in #582
- Bump surefire.version from 3.3.0 to 3.3.1 by @dependabot in #592
- Bump org.apache.maven.plugins:maven-release-plugin from 3.1.0 to 3.1.1 by @dependabot in #594
- Bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #595
- Bump junixsocket.version from 2.9.1 to 2.10.0 by @dependabot in #593
- Bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #599
- Bump commons-codec:commons-codec from 1.17.0 to 1.17.1 by @dependabot in #602
- Bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in #606
- Bump actions/setup-java from 4.2.1 to 4.2.2 by @dependabot in #611
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 by @dependabot in #613
- Bump org.testcontainers:junit-jupiter from 1.19.8 to 1.20.1 by @dependabot in #612
- Bump errorprone.version from 2.28.0 to 2.29.2 by @dependabot in #603
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 by @dependabot in #600
Full Changelog: jsch-0.2.18...jsch-0.2.19
Contributors
norrisjeremy and dependabot
Assets 2
jsch-0.2.18
What's Changed
- Handle negated patterns according to ssh_config(5) by @bmiddaugh in #565
Dependency Updates
- update maven wrapper by @norrisjeremy in #555
- Bump log4j.version from 2.23.0 to 2.23.1 by @dependabot in #516
- Bump org.testcontainers:junit-jupiter from 1.19.6 to 1.19.7 by @dependabot in #513
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.0 by @dependabot in #515
- Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.0 by @dependabot in #517
- Bump errorprone.version from 2.25.0 to 2.26.0 by @dependabot in #514
- Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.0 to 3.7.1 by @dependabot in #521
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.0 to 3.2.1 by @dependabot in #520
- Bump errorprone.version from 2.26.0 to 2.26.1 by @dependabot in #519
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in #526
- Bump de.thetaphi:forbiddenapis from 3.6 to 3.7 by @dependabot in #525
- Bump dependabot/fetch-metadata from 1 to 2 by @dependabot in #524
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #522
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.1 to 3.2.2 by @dependabot in #530
- Bump junixsocket.version from 2.9.0 to 2.9.1 by @dependabot in #534
- Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #537
- Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 by @dependabot in #535
- Bump com.kohlschutter:compiler-annotations from 1.6.7 to 1.7.0 by @dependabot in #531
- Bump commons-io:commons-io from 2.15.1 to 2.16.1 by @dependabot in #536
- Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 by @dependabot in #542
- Bump com.kohlschutter:compiler-annotations from 1.7.0 to 1.7.1 by @dependabot in #540
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.2 to 3.2.3 by @dependabot in #539
- Bump org.bouncycastle:bcprov-jdk18on from 1.78 to 1.78.1 by @dependabot in #546
- Bump com.kohlschutter:compiler-annotations from 1.7.1 to 1.7.2 by @dependabot in #547
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.3 to 3.2.4 by @dependabot in #544
- Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.2 by @dependabot in #551
- Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.2 by @dependabot in #550
- Bump org.testcontainers:junit-jupiter from 1.19.7 to 1.19.8 by @dependabot in #558
- Bump errorprone.version from 2.26.1 to 2.27.1 by @dependabot in #556
- Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 by @dependabot in #548
- Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 by @dependabot in #545
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 by @dependabot in #568
- Bump errorprone.version from 2.27.1 to 2.28.0 by @dependabot in #567
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 by @dependabot in #566
- Bump org.codehaus.mojo:build-helper-maven-plugin from 3.5.0 to 3.6.0 by @dependabot in #562
- Bump net.revelc.code.formatter:formatter-maven-plugin from 2.23.0 to 2.24.0 by @dependabot in #569
New Contributors
- @bmiddaugh made their first contribution in #565
Full Changelog: jsch-0.2.17...jsch-0.2.18
Contributors
bmiddaugh, norrisjeremy, and dependabot
Assets 2
jsch-0.2.17
What's Changed
- 0.2.17 changes by @norrisjeremy in #482
- Organize imports and remove unused imports.
- Remove unneeded implements statements.
- Remove unused local variables.
- Skip flatten-maven-plugin during CI tests.
- Expand wildcard imports in order to better adhere to Google Java Style Guide.
- Add PBKDF2-HMAC-SHA512/256 & PBKDF2-HMAC-SHA512/224, which are both supported as of Java 21.
- Organize imports.
- Always embed NoPadding into Cipher string.
- Import javax.crypto.Cipher instead of com.jcraft.jsch.Cipher.
- Organize module-info.
- More formatting corrections to better adhere to Google Java Style Guide.
- Switch to using java.time classes & make work for dates past 2038.
Dependency Updates
- Bump errorprone.version from 2.24.0 to 2.24.1 by @dependabot in #478
- Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 by @dependabot in #476
- Bump com.kohlschutter:compiler-annotations from 1.6.6 to 1.6.7 by @dependabot in #477
- Bump surefire.version from 3.2.3 to 3.2.5 by @dependabot in #480
- Bump org.codehaus.mojo:flatten-maven-plugin from 1.5.0 to 1.6.0 by @dependabot in #481
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in #486
- Bump actions/cache from 3 to 4 by @dependabot in #487
- Bump org.testcontainers:junit-jupiter from 1.19.3 to 1.19.4 by @dependabot in #492
- Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2 by @dependabot in #497
- Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 by @dependabot in #500
- Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 by @dependabot in #502
- Bump org.testcontainers:junit-jupiter from 1.19.4 to 1.19.5 by @dependabot in #501
- Bump errorprone.version from 2.24.1 to 2.25.0 by @dependabot in #505
- Bump junixsocket.version from 2.8.3 to 2.9.0 by @dependabot in #504
- Bump org.testcontainers:junit-jupiter from 1.19.5 to 1.19.6 by @dependabot in #509
- Bump log4j.version from 2.22.1 to 2.23.0 by @dependabot in #510
Full Changelog: jsch-0.2.16...jsch-0.2.17
Contributors
norrisjeremy and dependabot
Assets 2
jsch-0.2.16
What's Changed
- 0.2.16 changes by @norrisjeremy in #464
- Add support for [email protected] KEX algorithm.
- Switch to bnd-maven-plugin in order to support Multi-Release OSGi bundle JAR's via supplemental manifest files.
- Introduce JSchProxyException to replace generic JschException in Proxy implementations by @mvegter in #467
- Do not falsely log support for ext-info if the server did not return 'ext-info-s' by @mvegter in #463
Dependency Updates
- Bump errorprone.version from 2.23.0 to 2.24.0 by @dependabot in #466
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 by @dependabot in #465
- Bump log4j.version from 2.22.0 to 2.22.1 by @dependabot in #469
- Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 by @dependabot in #468
Full Changelog: jsch-0.2.15...jsch-0.2.16
Contributors
norrisjeremy, mvegter, and dependabot
Assets 2
jsch-0.2.15
What's Changed
- address CVE-2023-48795 by adding support for new strict key exchange extension. by @norrisjeremy in #461
- Add support for
[email protected]extension by @norrisjeremy in #461
This release introduces two new config options to control usage of the new strict key exchange extension:
enable_strict_kex(set to yes by default)require_strict_kex(set to no by default)
If either option (or both) is enabled, then JSch will attempt to use the new strict key exchange extension.- If the
require_strict_kexoption is enabled and JSch detects the server does not support it, then JSch will terminate the connection and throw an exception. - If the
require_strict_kexoption is not enabled and JSch detects the server does not support it, then JSch will fallback and proceed with the connection without using the new extension.
This gives users the ability to enable a strong security posture if needed and avoid proceeding with connections to potentially insecure servers.
Dependency Updates
- Bump surefire.version from 3.2.2 to 3.2.3 by @dependabot in #458
- Bump actions/upload-artifact from 3 to 4 by @dependabot in #459
- Bump github/codeql-action from 2 to 3 by @dependabot in #460
Full Changelog: jsch-0.2.14...jsch-0.2.15
Contributors
norrisjeremy and dependabot
Assets 2
jsch-0.2.14
What's Changed
- #450 use Socket.connect() with a timeout that has been supported since Java 1.4 instead of using old method of creating a separate thread and joining to that thread with timeout. by @norrisjeremy in #451
Dependency Updates
- Bump org.testcontainers:junit-jupiter from 1.19.1 to 1.19.2 by @dependabot in #439
- Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.77 by @dependabot in #440
- Bump log4j.version from 2.21.1 to 2.22.0 by @dependabot in #441
- Bump org.testcontainers:junit-jupiter from 1.19.2 to 1.19.3 by @dependabot in #443
- Bump commons-io:commons-io from 2.15.0 to 2.15.1 by @dependabot in #447
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 by @dependabot in #448
- Bump com.kohlschutter:compiler-annotations from 1.6.5 to 1.6.6 by @dependabot in #446
- Bump actions/setup-java from 3 to 4 by @dependabot in #449
- Bump jna.version from 5.13.0 to 5.14.0 by @dependabot in #452
- Bump org.codehaus.mojo:build-helper-maven-plugin from 3.4.0 to 3.5.0 by @dependabot in #444
Full Changelog: jsch-0.2.13...jsch-0.2.14
Contributors
norrisjeremy and dependabot