jsch-0.2.15

mwiede released this 20 Dec 06:10

· 389 commits to master since this release

What's Changed

address CVE-2023-48795 by adding support for new strict key exchange extension. by @norrisjeremy in #461
Add support for [email protected] extension by @norrisjeremy in #461

This release introduces two new config options to control usage of the new strict key exchange extension:

enable_strict_kex (set to yes by default)
require_strict_kex (set to no by default)
If either option (or both) is enabled, then JSch will attempt to use the new strict key exchange extension.
If the require_strict_kex option is enabled and JSch detects the server does not support it, then JSch will terminate the connection and throw an exception.
If the require_strict_kex option is not enabled and JSch detects the server does not support it, then JSch will fallback and proceed with the connection without using the new extension.

This gives users the ability to enable a strong security posture if needed and avoid proceeding with connections to potentially insecure servers.

Dependency Updates

Bump surefire.version from 3.2.2 to 3.2.3 by @dependabot in #458
Bump actions/upload-artifact from 3 to 4 by @dependabot in #459
Bump github/codeql-action from 2 to 3 by @dependabot in #460

Full Changelog: jsch-0.2.14...jsch-0.2.15

Contributors

norrisjeremy and dependabot

Assets 2