Skip to content

v0.0.3

Choose a tag to compare

View all tags
@github-actions github-actions released this 30 May 06:25
· 168 commits to master since this release
v0.0.3
38cdf2b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Other

  • gate mask_mode to cfg(unix) and fix 4 broken rustdoc intra-doc links
  • Merge client + FFI + agent + zeroize security fixes
  • Merge server + sshd security fixes
  • Merge auth/hostkey/key/known_hosts security fixes
  • Merge transport/KEX/compression security fixes
  • gate loopback SFTP roundtrip test to cfg(unix)
  • round-2 fixes — macOS SUN_LEN, Windows clippy, aarch64 cross binary

Security

  • (agent) replace libc unsafe with nix + MetadataExt in SSH_AUTH_SOCK validation
  • (sftp) gate jail-prefix hiding in op_realpath behind opt-in
  • rustfmt cleanup across channel/scp/sftp test+impl
  • (forwarding) X11 single_connection, tcpip-forward allow filter, X11 cookie note
  • (scp) O_NOFOLLOW recv, canonicalised base, reject '.' name
  • (sftp) jail-aware symlink rejection, set_len cap, mode masking
  • (channel) reject traffic on unconfirmed channels
Assets 7
Loading