Skip to content

v0.40.2
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Dec 15:14
· 66 commits to main since this release
v0.40.2
dca6a02

Security fixes

CVE-2023-48795 - Terrapin Attack [a355c62]

A flaw in the SSH protocol itself allows an active MitM attacker to prevent the client & server from negotiating OpenSSH security extensions, or, with AsyncSSH, take control of the user's session.

This release adds the support for the kex-strict-*-v00@openssh.com extensions designed by OpenSSH specifically to prevent this attack.

More info: https://terrapin-attack.com

Assets 2