Release Notes: This release added experimental sandboxing of network-facing code during the pre-authentication phase and SHA2-based HMAC modes for the SSH transport. sshd now sends logs from the privilege-separated process via a pipe, eliminating the need for /var/empty/dev/log. There were many more bugfixes and changes.
Release Notes: Many bugs were fixed. Performance and features were improved.
Release Notes: Execution of ~/.ssh/rc was disabled for sessions where a command has been forced by the sshd_config ForceCommand directive (unsafe default behavior). Chroot support for sshd was added. Internal sftp-server support was added to sshd, to allow chroot operation without support files. A "no-user-rc" option was added to ~/.ssh/authorized_keys to disable execution of ~/.ssh/rc in public key authentication. An sftp protocol extension, "email@example.com", was added to provide a rename operation with POSIX semantics.
Release Notes: Untrusted X11 forwarding is now prevented from using a trusted authentication cookie in certain situations. The SSH protocol 2 is used by default for new installations. Performance for high-BDP links was improved. Cryptographic speedups and a new, faster MAC algorithm were added. Many bugs were fixed.
Release Notes: sshd now allows the enabling and disabling of authentication methods on a per user, group, host, and network basis via the Match directive in sshd_config. A number of non-security bugs were fixed, including a hang on exit for ttyful/login sessions.
Release Notes: This release adds important security fixes. Support for Diffie-Hellman with SHA256 has been added. Several features have been added to sshd_config, including support for conditional directives, forcing use of a specified command, and restrictions on port forwarding. Optional logging has been added to sftp-server. The client may exit if any requested port forwarding cannot be established, and will record any non-standard ports in the known_hosts file. Support for SELinux, Solaris process contracts, and OpenSSL hardware engines can be built in. Various other bugs have been fixed and features added.
Release Notes: This is a bugfix release to resolve problems caused by a bug in the autoconf script that caused logout records to be incorrectly recorded on some systems.
No changes have been submitted for this release.
Release Notes: This release fixes two security problems, namely in dynamic port forwarding and in GSSAPI credential delegation. It also includes another round of proactive security changes (for signed vs. unsigned integer issues), a new compression method that eliminates the risk of pre-authentication exploitation of zlib bugs, stronger arcfour ciphers, and many improvements to connection sharing.
Release Notes: This is a bugfix release only, no new features have been added.