Release v0.15.1 — SSH Security Fixes & Build Improvements · alternative-intelligence-cp/nitty

Security

SSH Host Key Verification (ssh_session.npk): Connections are now aborted if the server's host key does not match the known-hosts database. Previously, host key verification was stubbed out, leaving SSH sessions vulnerable to MITM attacks.

SSH Port Forwarding Rule Iteration (ssh_forward.npk, connection_manager.npk): fwd_apply_profile_rules now correctly iterates over all comma-separated forwarding rules from the connection profile. Local port listeners are spawned for all configured forwarding rules immediately after successful authentication.
SSH Bind Port / Channel ID Parsing (ssh_session.npk): The forwarded-tcpip payload now correctly extracts bind_port for multi-rule remote forwarding. Channel EOF/CLOSE packets now correctly extract recipient_channel_id before dispatch to forwarding close handlers.
Plugin Manager Sidebar Visibility (plugin_manager_ui.npk): nitty_gtk4_sidebar_set_visible shim calls are now active, restoring sidebar show/hide functionality.
Variable Shadowing (profile_editor.npk, ssh_vault.npk): Renamed ok → ok_val to resolve compiler variable-shadowing warnings.
Serial Toolbar (serial_toolbar.npk): Removed unused nitty_serial_toolbar_create import.

build.abc: Replaced -Wall -Wextra with -w for the gtk4_shim target to prevent GCC deprecation output from filling the npkbld subprocess pipe buffer during parallel compilation of the large nitty_gtk4_shim.c (caused intermittent build hangs).

Full Changelog: https://github.com/alternative-intelligence-cp/nitty/blob/main/CHANGELOG.md