Skip to content

v0.9.1

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Dec 15:26
· 25 commits to main since this release
v0.9.1
7e260e8

Security fixes

CVE-2023-48795 - Terrapin Attack [12fdf62]

A flaw in the SSH protocol itself allows an active MitM attacker to prevent the client & server from negotiating OpenSSH security extensions, or, with AsyncSSH, take control of the user's session.

This release adds the support for the kex-strict-*-v00@openssh.com extensions designed by OpenSSH specifically to prevent this attack.

More info: https://terrapin-attack.com

Changes

  • 21d6ab4: make HTTP session timeout and cookie age configurable in the config file (Nicolas SEYS) #922
Assets 6