J2SSH Maverick 1.7.60 - Sept 26, 2024
Features
o AdaptiveConfiguration option to skip default path processing of removing any trailing / on a path before sending to the SFTP server.
Bug Fixes
o isPassphraseProtected returns false for v3 PuTTY Private Key files.
o License result is cached to prevent excessive revalidation of license key over many new connection attempts.
o Added additional logging for Ssh1Protocol when an exception occurs during sendMessage.
--------------------------------
J2SSH Maverick 1.7.59 - 24 May, 2024
Bug Fixes
o AdaptiveConfiguration attempts to create algorithm instances but allows the exception to traverse up to the caller when an algorithm is not available, instead it should just not declare support for the algorithm that generated the error.
o BouncyCastle dependencies upgraded to 1.78.
* This release requires the use of maverick-common 1.4.30 dependency
--------------------------------
J2SSH Maverick 1.7.58 - 1 Apr, 2024
Features
o Fix to strict kex mode to set complete flag when SSH_MSG_NEWKEYS is received, not sent and received.
o Added support for generating a user/host certificate by passing just the public key.
o Fixed issue with some modern licenses failing to validate.
o Don't throw error when limiting host keys when no known keys are available, instead continue so a key can be accepted
o AdaptiveConfiguration now supports custom security levels through "Match WEAK|STRONG|PARANOID" directive and supports Ciphers, Macs, Publickeys and Kex configuration items.
* This release requires the use of maverick-common 1.4.29 dependency
--------------------------------
J2SSH Maverick 1.7.57 - 12 Feb, 2024
Features
o Cache pattern matched configuration values in AdaptiveConfiguration.
Bug Fixes
o Fixed logic issue in DisableDirectoryCheck option that reverses the desired setting.
o Available authentication methods do not get updated after authentication attempt.
o When an error occurs in SFTP try to provide a hint in the error message as to whether it was a file or directory error.
o If a channel closes and received a remote signal, log the signal in debug mode for easier support resolution.
o Fixes to Terrapin strict kex protocol changes to avoid over-eager disconnect when out-of-band messages are received and strict kex is not enabled.
o Limit supported host key algorithms to keys available in known hosts file fails to negotiate RSA key when only SHA2 signature types are supported.
* This release requires the use of maverick-common 1.4.28 dependency
--------------------------------
J2SSH Maverick 1.7.56 - 18 Dec, 2023
IMPORTANT SECURITY UPDATE
This release includes a fix for the Terrapin Attack vulnerability https://terrapin-attack.com described in CVE-2023-48795. This fix implements "Strict Transport" mode patch created by OpenSSH.
Bug Fixes
o ls filtered listing fails to clear temporary collection of files, adding it again in the next iteration when reading a directory.
o Improved logging of SecureRandom initialization to make it more obvious that startup delay is caused by seeding of the PNRG.
o You can now change the idle timeout setting of a connected client via the new setIdleConnectionTimeoutSecs method on SshClient (SSH2 only).
* This release requires the use of maverick-common 1.4.27 dependency
--------------------------------
J2SSH Maverick 1.7.55 - 21 Nov, 2023
No updates. This version was an automatic version bump to maintain consistent versions with our server product.
--------------------------------
J2SSH Maverick 1.7.54 - 14 Nov, 2023
Features
o Added X509 ECDSA certificate support to loadKeystore methods.
Bug Fixes
o New Adaptive Configuration directive "overrideSftpDefaultDirectory" that allows changing the default CWD of an SftpClient in configuration.
o Disable directory check flag used incorrectly during list children could cause check even if flag is enabled.
o AdaptiveConfiguration createAlgorithmList does not honour ignored preferences.
o When using zlib@openssh.com compression, if the remote side starts a key exchange, compression is incorrectly turned off.
--------------------------------
J2SSH Maverick 1.7.53 - 18 Sept, 2023
Features
o When enabled, limit the supported public keys to algorithms that the client has a known key for i.e. keys in known_hosts. The ordering remains as configured in preferences. Use "LimitPublicKeysToKnownHosts" Adaptive configuration directive or Ssh2Context method setLimitPublicKeysToKnownHosts.
Bug Fixes
o Configuration option DisableSftpCloseStatus is ignored by SftpFileInputStream which reads server responses back including the close message which is disabled by this option.
o SftpFileInputStream has no way of controlling the number of asynchronous requests that it sends.
o Added debug log for SSH_SMSG_EXITSTATUS in Ssh1Session.
o Sshtools private key file implementation is broken.
o Ecdsa certificates send the wrong algorithm name for signing, causing authentication to fail.
o Support for rsa-sha2-256 and rsa-sha2-512 signing in OpenSSH RSA certificates i.e. rsa-sha2-256-cert-v01@openssh.com and rsa-sha2-512-cert-v01@openssh.com
o Bumped dependent BouncyCastle version to 1.76
o Diffie hellman initialisation does not use maximum bit length available for private key.
--------------------------------
J2SSH Maverick 1.7.52 - Jun 8, 2023
o No changes from previous release. Updated version to maintain versions with server API
--------------------------------
J2SSH Maverick 1.7.51 - Apr 10, 2023
Features
o Any failure of the negotiated key exchange will force reconfiguration and attempt re-connection. You can prevent this with the adaptive configuration directive "reconfigureKexOnFailure" or system property -Dmaverick.reconfigureKexOnFailure=false although some known workarounds will still be active, for example the diffie-hellman-group-exchange backwards compatibility issue.
Bug Fixes
o It is possible to call SshClient isAuthenticated during initalization when the object is null.
o SFTP v4 file type is accessible to all versions and not correctly set when using v3 of the protocol.
o diffie-hellman-group-exchange-* option to force JCE calculation of e when prime is not divisible by 64. Available as adaptive configuration "DhForceJCE yes" or system property "-Dmaverick.dhForceJCE=true"
o diffie-hellman-group-exchange now always generates random numbers in DH calculation with the maximum number of bits possible which avoids periodic failure of the key exchange.
--------------------------------
J2SSH Maverick 1.7.50 - Mar 1, 2023
Features
o Added new option to Ssh2Context to disable SHA1 signatures on RSA keys.
o Changed handling of "server-sig-algs" extension to generate an error if it does not contain ssh-rsa and no other rsa signature has been selected.
o Added new default authentication timeout of 60 seconds with new Ssh2Context field idleAuthenticationTimeoutSeconds and Adaptive Configuration directive of same name.
o Waiting for session channel close can potentially lock up thread.
Bug Fixes
o Bumped use of maverick-slf4j to 2.0.8 to fix issue with INFO level reporting as ERROR
--------------------------------
J2SSH Maverick 1.7.49 - Jan 10, 2023
Features
o Improved verifyFiles method in SftpClient to use more recent draft extensions and now provides a choice of hash algorithm.
Bug Fixes
o The new setDirectoryAttributeCheck method is not initialized from the system property maverick.disableAttributeCheck.
o Addition of configuration option NoneAuthentication causes authentication methods to be reset if getAuthenticationMethods is called multiple times.
o Processing of OpenSSH certificate extensions causes authentication to fail when using certificates encoded by the API.
o Additional debug logging to ensure visibility of connection timeout during idle.
--------------------------------
J2SSH Maverick 1.7.48 - Nov 16, 2022
Features
o Added adaptive configuration option NoneAuthentication to determine if "none" authentication is requested. This is normally used to obtain a list of the authentication methods that can continue and should not normally be turned off.
o Added adaptive configuration option SupportsExtensionNegotiation to determine if the special key exchange algorithm is sent to the server to notify it that we support extension negotiation message. This is turned on by default but added to allow disabling of this if requested by support.
o Added getMinimumSecurity method to ComponentFactory to return the lowest SecurityLevel that factory supports.
Bug Fixes
o Improvements to DisableDirectoryCheck configuration directive for working with UNC paths and OpenSSH on Windows.
o Assert idle timeout when SSH_MSG_IGNORE is received as well as when socket timeout is detected.
* This release requires the use of maverick-common 1.4.21 dependency
--------------------------------
J2SSH Maverick 1.7.47 - Sept 27, 2022
Features
o Added Adaptive Configuration option DisableIdleProcessDuringKeyExchange to disable idle timeout processing during key exchange. This effectively makes key exchange generate a timeout exception at the first configured socket timeout interval
o Added generic temporary value configuration to Ssh2Context.
o Expose SshConnector initial timeout value for SSH identification exchange, previously hard-coded and now defaulted to 30000ms.
Bug Fixes
o Trace output shows Provider toString instead of getName.
o Shell does not automatically detect OpenSSH on Windows.
o Adjust detection command in Shell if we already know the type if Windows.
o Thread synchronisation in SftpSubsystemChannel always sets the block flag to released even if the thread did not obtain the lock.
o During workaround processing use new temporary value configuration on context instead of permanent Adaptive Configuration settings.
o Fixed logging in key exchange DEBUG mode where connection UUID is not included in log.
o Closing channel race condition causes channel to be closed, but not freed.
* This release requires the use of maverick-common 1.4.20 dependency
--------------------------------
J2SSH Maverick 1.7.46 - Aug 29, 2022
Features
o Increase known workarounds to retry key exchange on invalid DH errors or any other error during key exchange itself.
o Change directory method now supports optional boolean to disable attribute checks.
o New setter on SftpClient to permanently disable attribute checks when performing cd or ls.
Bug Fixes
o Remove hard-coded dependency on BouncyCastle in PuttyPrivateKeyFile by loading the class using the class loader at runtime.
o Removed partial message timeout disconnect policy because it is no longer required with new timeout mechanisms in place.
* This release requires the use of maverick-common 1.4.19 dependency
--------------------------------
J2SSH Maverick 1.7.45 - July 21, 2022
Bug Fixes
o ScpClientIO consumes exception without logging.
o ComponentFactory logging level revised to DEBUG.
* This release requires the use of maverick-common 1.4.18 dependency
--------------------------------
J2SSH Maverick 1.7.44 - Jun 2, 2022
Features
o Support for PuTTY Version 3 Private Key format (requires Bouncycastle dependency for Argon key derivation support)*
o Support for ed448 public and private keys*
Bug Fixes
o Adaptive configuration does not supply match parameters in consistent order (order should always be hostname, then SSH identification).
o Adaptive configuration does not supply hostname in some algorithm preference lookups.
o Added additional debug log to HttpProxyTransport implementation.
* This release requires the use of maverick-common 1.4.17 dependency
--------------------------------
J2SSH Maverick 1.7.43 - Apr 29, 2022
Bug Fixes
o ScpClient packet size field is only applied at channel open and is not applied to file read/write blocks resulting in 32k block size in all transfers.
o Added debug logging to KnownHostsKeyVerification implementation.
o Missing AES-256-CBC encryption support in PEM key files.
o Fixed regression in SftpClient cd where non-existent directory fails to generate exception.
--------------------------------
J2SSH Maverick 1.7.42 - Mar 14, 2022
Bug Fixes
o SSH1 connection generates a NullPointerException during connection.
o ScpClientIO does not have configurable window space and packet size settings.
o Azure SFTP does not handle hyphen and generates an EOFException during key exchange when it encounters one in the software/version/comments field. These are now automatically converted to underscores.
o Adjust ed25519 seed extraction to fix issues where JCE encodes both private and public key in same blob.
--------------------------------
J2SSH Maverick 1.7.41 - Jan 30, 2022
Features
o Added additional enableBouncyCastle method that accepts Provider instance and BC_FLAVOR enum type for BC configuration.
o Converted all System property usage to AdaptiveConfiguration which allows any "maverick.xxx" configuration value that could only previously have been set via System properties to be configured via the AdaptiveConfiguration object.
o Added option to log binary traffic to file for debugging purposes.
o All Ssh2Context settings can now be overridden with regex matches on the host or remote identification string via maverick.cfg file or directly using the AdaptiveConfiguation object.
o Option to disable channel data message logging with -Dmaverick.disableChannelDataLogs=true.
o Events now contain a UUID field to identify the connection it was generated from.
Bug Fixes
o Debug logs now attempt to log a unique id (uuid) for each statement to make filtering connection logs easier.
o Socket timeout passed to TransportProtocol readMessage is not honoured.
o Added debugging for extra information with channel close issues reported by customers.
o SFTP request id values are duplicated in performOptimizedWrite.
o Added blockForRemoteClose setting to AdaptiveConfiguration to override behaviour of a session channel waiting for the remote side to send its SSH_MSG_CHANNEL_CLOSE.
o Discovered some issues with performOptimizedRead when the server reports an incorrect file size it could end up with data truncation.
o Set passwordChangeRequired if new password is set on Ssh2PasswordAuthentication to allow client initiated password change.
o Warn of attributes failure in SftpClient cd method instead of generating an error.
o Removed hard dependency on BouncyCastle JCE for ed25519 keys. This now supports any JCE provider that supports ed25519 algorithm.
Changes have been made to the build process in this update that required changes to the output assembly. Whilst
we have tried to maintain the same output some changes may be noticed and jar file names changed.
All versions of Log4j have been removed from our dependencies. We continue to support SLF4J provider and recommend customers use the appropriate
patched versions of Log4J if they continue to use it in their own applications.
* This release requires the use of maverick-common 1.4.14 dependency
--------------------------------
J2SSH Maverick 1.7.40 - Oct 19, 2021
Bug Fixes
o ed25519 key cannot be loaded with BouncyCastle 1.69 or greater.
o Using a combination of setPreferredCipherCS and setCipherPreferredPositionCS results in incorrect preference results.
o Added debug logging in DH algorithm crypto initialization for better clarity on configuration and it's attempts to load from JCE providers.
o SSH.com key fails to parse due to check length operation on array constructed from the declaration of length; however, an additional byte to protect the MPINT from being negative was added to the length. Causing the final check length operation to fail.
o Fixed issues in java.text matching support in putFiles and associated methods.
o Updated all maven repository use of http://artifactory.javassh.com to https://artifactory.jadaptive.com
* This release requires the use of maverick-common 1.4.13 dependency
--------------------------------
J2SSH Maverick 1.7.39 - Aug 3, 2021
Bug Fixes
o Perform check on maximum async requests to ensure this does not exceed a sensible limit.
o AdaptiveConfiguration use of String.format potentially causes OOM with incorrect input.
o Log server's public key in DEBUG mode.
o Detection of socket timeout in key exchange does not take idle connection strategy into account.
--------------------------------
J2SSH Maverick 1.7.35 - Feb 3, 20201
IMPORTANT NOTICE
****************
Recent changes to algorithm configuration have made it difficult to maintain a global set of algorithm preferences when using both client and server APIs within the same JVM. Therefore with this release, the default has been changed to require per-context algorithm preferences and the setting has been deprecated. Each context now will have its own set of preferences and requires configuration separately. The setting to switch between per-context and global preferences has been deprecated and whilst it can be changed back, we do not advise to do so. If you have any concerns about how this change will impact your configuration please contact us at support@jadaptive.com
Features
o Log pseudo-terminal request values in DEBUG.
o Override algorithm preferences by SSH identifier or host using System properties in the form "<identifier>.ciphers", "<identifier>.macs", "<identifier>.publickeys", "<identifier>.kex" and "<identifier>.compressions" where <identifier> is the hostname used to connect (passed to socket) or the SSH Identification String of the server e.g. "OpenSSH_8.1".
o AdaptiveConfiguration class for global or pattern matching configuration of ciphers, macs, public keys, key exchanges, and compressions.
o Deprecated enableFIPSMode method on SshContext. The method and behavior are out-of-date. Use JCEProvider.initializeDefaultProvider("BCFIPS") passing a FIPS-approved JCE provider in approved mode to restrict algorithms to only those supported by the approved FIPS environment.
o Deprecated Diffie-hellman backward compatibility switches as new adaptive configuration now support detecting and automatically configuring this value if a server requires backward compatibility.
o Binary logging option using System property in the form -D<identifier>.binary=true where <identifier> is the hostname used to connect (passed to socket) or the SSH Identification String of the server e.g. "OpenSSH_8.1".
Bug Fixes
o SshDiagnostics run all tests parameter causes ArrayIndexOutOfBoundsException.
o Ssh2Session silently consumes timeout exception whilst waiting for the remote side to close.
o SftpClient ls method with filter/regex support does not filter locally if the remote server does not support server-side filtering.
o Apply more rules to the processing of known key exchange issues to capture protocol error when an incorrect DH exchange mechanism is used.
o Incorrect logging format in maverick-slf4j provider.
o Fixed NPE in Maverick SLF4J logger when no logging.properties is used and file logging is enabled via VM properties.
o Removed delay in ExecutorOperationSupport shutdown to avoid delay in the final event.
o Log SCP command received from a remote server.
o Additional debug of public-key authentication to show signing algorithm and key fingerprint being used.
o Made ByteArrayReader more resilient to length errors when processing messages.
o Ensure console logging in Maverick SLF4J provider is flushing output.
--------------------------------
J2SSH Maverick 1.7.36 - Mar 11, 2021
Features
o disableSftpCloseStatus configuration option (AdaptiveConfiguration only) to disable processing of acknowledgements to SFTP close operations. This should not be used in production. It is a switch primarily used for reproducing client scenarios in integration tests.
--------------------------------
J2SSH Maverick 1.7.34 - Nov 2, 2020
Features
o Debug option for logging verbose signature information.
o Changed ed25519 implementation to BouncyCastle via JCE interfaces (this is dependent on BouncyCastle internals and is not currently compatible with other JCE ed255129 implementations).
o ComponentManager.reset method added for resetting ComponentManager configuration after startup.
Bug Fixes
o Re-throw processed exception in processManagedSecurityException if the exception does not match a known workaround status code.
o Passing SSH1 key with OpenSSH format incorrectly generates an SSH2 format key*
* This release requires the use of maverick-common 1.4.7 dependency
--------------------------------
J2SSH Maverick 1.7.33 - Aug 27, 2020
Features
o Methods in SshConnector relating to version selection have been deprecated ahead of SSH1 being removed from the API in a future release.
o Now supports ECDSA and ED25519 in PuTTY private keys.
o Now supports ED25519 in OpenSSH certificate files.
o Supports generation of OpenSSH certificate files.
o Detection of common issues is now applied to all connection attempts, not just managed security.
o SshDiagnostics class now has getRemoteConfiguration method returning negotiated algorithms and security level, as well as the maximum security level possible with the remote server based on advertised algorithms.
o Replaced ORO text matching with built-in java.text matching implementation removing the need for ORO dependency.
Bug Fixes
o Made KnownHostsKeyVerification backward compatible with older AbstractKnownHostsKeyVerification implementation for an easier transition.
o KnownHostsKeyVerification incorrectly drops invalid key entries when saving files.
o TransportProtocol does not consult ignored algorithm list when making the final selection.
o Add debug level log to indicate when SshConnector temporarily sets socket timeout during remote identification exchange.
o Some versions of OpenSSH have problems with AES cipher in GCM mode causing EOF during key exchange. Added workaround to issue detection code to remove cipher and retry the connection.
o KnownHostsKeyVerification onHostKeyMismatch is not called and instead onUnkownHost
--------------------------------
J2SSH Maverick 1.7.32 - July 12, 2020
Bug Fixes
o DSA/RSA key generation is restricted to 1024 bits or higher*
o Ensure the disconnection of socket transport in SshConnector finally block when an error occurs.
o New OpenSSH format keys generated by previous versions of the API are missing comment field causing EOFException.
o SshConnector should throw the last error if its a SshException rather than wrapping it in another SshException.
* This release requires the use of maverick-common 1.4.5 dependency
--------------------------------
J2SSH Maverick 1.7.31 - June 3, 2020
IMPORTANT NOTICE
****************
This release restricts RSA keys in authentication to 1024 bits or greater. If you attempt to authenticate with a key with < 1024bits the API will automatically reject the authentication request. If you need to disable this you must contact Jadaptive technical support for further advice.
Bug Fixes
o DH initialization should set the preferred size of private exponent instead of using JCE default to improve key exchange performance.
o Fixed Java 7 compile and use issues.
--------------------------------
J2SSH Maverick 1.7.30 - May 14, 2020
Features
o Added com.maverick.ssh.SshDiagnostics main class for support diagnostic utility. The class will probe and report connectivity status against all the available server configurations.
Bug Fixes
o Priority value that helps determine the security level of each component not stored correctly in AbstractHmac causing algorithms within each SecuirtyLevel to have incorrect order*
o Deprecated Ripe160 HMAC due to various issues seen in support. It was also deprecated by OpenSSH in version 7.6.
o Dropping security level as a last resort reconfigures component factory but fails to reconnect.
o Timeout value in some areas not passed to the transport layer when running in single-threaded mode.
o RSA KeyFactory and Cipher specifications are not able to use separate JCE Providers.
o Add exception cause to errors thrown by AES GCM implementations.
o SshPublicKeyFileFactory allows SSH1 public key to be formated as an SSH2 public key.
o Potential fix for JSafe AES/GCM mode throwing invalid IV exception.
o Excessive CPU usage caused by SecureRandom re-seeding due to some areas not using shared PRNG.
* This release requires the use of maverick-common 1.4.3 dependency which is included in this release.
--------------------------------
J2SSH Maverick 1.7.29 - Mar 24, 2020
Features
o Further improvements to managed security mode to prevent algorithm order and removal.
o Added logic to retry alternative key exchange and preference configurations in the event of detectable compatibility issues with other software.
Bug Fixes
o SshConnector fails to reset state causing possible OOM when attempting to connect to SSH1 server after failing to connect using SSH2.
o ScpClient accepts directory directive from server when it did not expect or request one.
Upgraded compile dependency of BouncyCastle to 1.64
Upgraded compile dependency of SLF4J to 1.7.30
--------------------------------
J2SSH Maverick 1.7.28 - Mar 10, 2020
Features
o Implemented last resort drop in security level when algorithms cannot be negotiated.
o Downgrade all use of RSA with SHA1 to WEAK security level.
o Added copy-data, make-temp-folder, get-temp-folder, home-directory, hardlink@openssh.com and statvfs@openssh.com SFTP extensions.
Bug Fixes
o ssh-ed25519 keys generated by API produce invalid signatures during user authentication.
o Incorrect block size for chacha20 cipher causes delay in processing of small transport messages.
o SshConnector does not default minimum security level to that configured on default ComponentManager.
o Ignore disabling of non-standard algorithms when security level is PARANOID.
o Do not allow setting of preferences in managed security instances (if you need preferences then don't use managed security).
--------------------------------
J2SSH Maverick 1.7.27 - Feb 5, 2020
Features
o All algorithm listings are now ordered according to the security level they provide, ensuring the API advertises the strongest security in it's preferences.
o Default algorithm preferences updated to reflect the most secure option currently available.
o Added chacha20-poly1305@openssh.com cipher from OpenSSH specifications.
o Added curve25519-sha256 key exchange from IETF specification https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-08
o Implemented a set of "Security Levels" that allow the API to be configured for WEAK, STRONG and PARANOID security.
o Added new managed security mode automatically retries failed key exchange to find a suitable compatible configuration.
c Implemented custom SFTP extension open-directory-with-filter@sshtools.com allowing a directory to be read with a glob or regex filter applied so that only specific results are returned in client directory listing. Requires use of new ls method with filter String parameter, and must be connected to the same version Maverick SSHD (or greater).
o Support for SSH_MSG_EXT_INFO defined in draft https://tools.ietf.org/html/draft-ssh-ext-info-05 to allow notification of support for rsa-sha2-256 and rsa-sha2-512 signature types from server.
o Use SHA-256 or SHA-512 signatures for RSA keys if the server supports the signature types.
o Support for posix-rename@openssh.com SFTP extension.
o Support for copy-file SFTP extension to copy one remote file to another.
o Support for MD5 hash of remote file using md5-hash and md5-hash-handle extensions.
o Added getCertificateAndKey method to SshKeyUtils to retrieve authentication ready key pair containing private key and associated OpenSSH certificate file.
o Added new append methods to SftpClient for appending data to remote files.
o Added OPENSSL_FORMAT key type for generating standard PEM keys using SshKeyPairGenerator (requires BouncyCastle PKIX).
o SshPublicKey interface now supports getJCEPublicKey method to access JCE component (unsupported for ed25519 keys).
Bug Fixes
o Removed support for authenticating over SSH2 with SSH1 style RSA keys.
o Fixed OpenSSH certificate authentication when authenticating against OpenSSH servers.
o Signature validation is bypassed if no HostKeyVerification instance is configured causing connection error rather than invalid signature message to be output.
o Keys generated by API and saved in new OpenSSH format generated invalid format errors when parsed with ssh-keygen.
--------------------------------
J2SSH Maverick 1.7.26 - Dec 13, 2019
Bug Fixes
o SFTP transfers fail in DEBUG mode due to bad string format in a new debug statement
--------------------------------
J2SSH Maverick 1.7.25 - Dec 3, 2019
Features
o Added com.maverick.ssh.SshReporter main class for use as a basic diagnostic support tool to diagnosing SFTP, SCP and Algorithm Negotiation issues. Simply run and enter host, username, and password at the prompts to generate a report.
o Removed support for hmac-sha256@ssh.com and hmac-sha512@ssh.com. This non-standard algorithm has been implemented incorrectly by many vendors causing connectivity problems with our clients. If you need to continue to use these enable them with the system property -Dmaverick.hmac-sha256@ssh.com=true
Bug Fixes
o FileTransferProgress incorrectly reports the entire file length on resume.
o BC/BCFIPS private key implementation does not support older style OpenSSL PKCS8/PBKDF encrypted keys*
o Resuming put incorrectly writes all data to end of file ignoring the position value passed.
o SshIOException error message is not set from passed SshException.
*Requires upgrade to maverick-common 1.3.13 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.24 - Aug 19, 2019
Bug Fixes
o Upgraded JZLIB dependency version to 1.1.3 after reports of issues in production with previously distributed version 1.1.2.
--------------------------------
J2SSH Maverick 1.7.23 - Jul 17, 2019
Features
o Improved SshKeyFingerprint options to allow optional fingerprint generation based on Base64 or Hexidecimal encoding*
Bug Fixes
o OpenSSH agent server fails to encode signature correctly according to flags passed by ssh client.
o Execute channel open request off the main message pump and instead place on the configured executor.
*Requires upgrade to maverick-common 1.3.11 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.22 - May 3, 2019
Bug Fixes
o Usage of SecureRandom.getInstanceStrong causes hung process on systems with little randomness*
*Requires upgrade to maverick-common 1.3.10 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.21 - Mar 25, 2019
Features
o New SftpClient ls methods with maximum files parameter to restrict the number of returned files. The versions of these methods without specifying the maximum files are now deprecated in favor of these and lsIterator method introduced in the previous release.
o New SftpClient constructors that allow a message timeout value to be passed.
Bug Fixes
o Log local identification sent immediately after its sent rather than waiting for remote identification.
o changePositionofAlgorithm throws IndexOutOfBoundsException when presented with an algorithm that is not in the list*
o Channel can send duplicate EOF if it's OutputStream close method is called multiple times.
o Enabling BouncyCastle JCE does not configure separate Diffie Hellman algorithms causing an alternative provider to be selected*
o New KnownHostsKeyVerification implementation fails on invalid entry.
o Workaround for KEX protocol violations caused when a remote server sends a non-transport packet during key exchange.
o Added correct handling for SSH_MSG_UNIMPLEMENTED with option maverick.failOnUnimplemented system property flag (used in testing).
o Guard against NullPointerException in ForwardingClient stopLocalForwarding and cancelRemoteForwarding.
*Requires upgrade to maverick-common 1.3.9 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.20 - Jan 22, 2019
Features
o Support for ECDSA, RSA and DSA keys in new OpenSSH private key file format. Keys generated by the API will now default to this format when written*
o Support for BubbleBabble type fingerprint in SshKeyUtils and SshKeyFingerprint*
o Added lsIterator and lsIterator(path) methods to SftpClient to help reduce memory footprint when processing large directories.
Bug Fixes
o To prevent connectivity problems bypass JCE to perform DH calculations manually if the server sends a P value with a bit length that is not a multiple of 64*
o Ensure that an algorithm can still be used by other algorithms that depend on it even if it is removed from preferences e.g. ssh-rsa is required by rsa-sha2-256 and rsa-sha2-512*
o ECDSA public key implementation of equals returns false even though public keys are the same*
o ECDSA signature verification handling fixed to improve detection of SSH style signature*
o Added additional protection to ensure a bad SCP server cannot write outside the target download directory.
*Requires upgrade to maverick-common 1.3.8 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.19 - Nov 21, 2018
Features
o Added new methods to SshKeyUtils for the collection of a server's host key or all its configured keys.
Bug Fixes
o Added missing constants in Ssh2Context for new key exchange mechanisms and ssh-ed215519.
o Increased default key re-exchange thresholds.
o DynamicBuffer InputStream incorrectly returns negative value indicating EOF in single byte read operation*
o Improved logging in KBIAuthentication.
*Requires upgrade to maverick-common 1.3.7 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.18 - Oct 8, 2018
Bug Fixes
o Client deadlocks when receiving hostkeys-00@openssh.com request in threaded mode.
--------------------------------
J2SSH Maverick 1.7.17 - Oct 7, 2018
Features
o Added KnownHostsKeyVerification as a complete new HostKeyVerification implementation of the file protocol implemented by OpenSSH with wildcard support, @revoked and @cert-authority entries and the ability to maintain the order of the keys within the file as it found them, including blank lines, comment lines and host key comments.
o New KnownHostsFile implementation of KnownHostsKeyVerification for abstract management of known_hosts. This should replace AbstractKnownHostsKeyVerification which has now been deprecated.
o New ConsoleKnownHostsFile implementation of KnownHostsFile for abstract management of known_hosts. This should replace ConsoleKnownHostsKeyVerification which has now been deprecated.
o Support for hostkeys-00@openssh.com for automatic updating of host keys in conjunction with KnownHostsKeyVerification / KnownHostsFile.
o Support for Windows Named Pipes in SshAgentClient allowing Windows ssh-agent service to be utilised as an authentication source.
o Full support for ssh-ed25519 keys including key generation and new OpenSSH private key format with aes/bcrypt encryption*
o Enable PrivateKey to be used to create an RSA key. This allows the use of keys from a PKCS11 provider.
o Support for RSA key exchange rsa2048-sha256 and rsa1024-sha1*
o Support for curve25519-sha256@libssh.org key exchange*
o Support for rsa-sha2-256 and rsa-sha2-512 public key types for alternative RSA signatures*
Bug Fixes
o Remove dependency on log4j from SshAgentServer.
o Agent KeyStore interface does not return state for deleteAllKeys operation.
o NullPointerException is possible on ForwardingClient.SocketListener when stopping active client.
o Added additional verbose output when loading private keys to ensure exception is logged if required. Set -Dmaverick.verbose=true if instructed by support.
o Ensure comment is blank rather than null to avoid extra whitespace at the end of OpenSSH public key file*
o ed25519 implementation depends on BouncyCastle Arrays utility.
o Ensure when reading from Inputstream for SFTP put that the block size required is adhered to.
o Re-factored SftpFileAttributes to remove reference to the SftpSubsystemChannel that created it.
o Agent should create Ssh2RsaPrivateCrtKey from parameters otherwise the key cannot be stored in OpenSSH key file.
o Use system default PRNG unless specifically overridden algorithm is set on JCEProvider.
o SpongyCastle support should be explicitly requested using enableSpongyCastle method on JCEProvider.
*Requires upgrade to maverick-common 1.3.6 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.16 - Jun 29, 2018
Features
o Added helpful constructors to PublicKeyAuthentication to allow SshKeyPair, InputStream, String or File private keys to be passed.
o Support for ssh-ed25519 host keys*
Bug Fixes
o Load and test key exchanges individually to ensure previous version of maverick-common does not fail on loading all key exchanges*
o Failed to use correct ECDSA algorithm name when using SC JCE provider.
o Fixed source build files.
*Requires upgrade to maverick-common 1.3.5 which is included in this release.
*New dependency added "net.i2p.crypto/eddsa" for ssh-ed25519 support
--------------------------------
J2SSH Maverick 1.7.15 - May 24, 2018
Features
o More detailed SFTP logging in at DEBUG level.
Bug Fixes
o Recent fix for low window space and deferral of SFTP read requests can cause performance issue in GET on latent network. Set -Dmaverick.enableSFTPReadWindowSpaceFix=true to enable previous behavior.
o Shell hangs when echo command is not supported in remote terminal.
o Improvements to agent implementation.
o Fixed bug in SshKeyUtils.encrypt method.
o Refactored SftpClient get to utilise max async requests correctly.
o Do not attempt to configure socket send/receive buffers as this can potentially affect performance in some circumstances/environments.
--------------------------------
J2SSH Maverick 1.7.14 - Apr 23, 2018
IMPORTANT: BouncyCastle has been upgraded to 1.59 in this release to resolve a vulnerability in the 1.52 version [CVE-2017-13098]*
Features
o Ability to configure Diffie Hellman algorithm Provider separately for KeyFactory, KeyAgreement and KeyPairGenerator*
o Additional method on JCEProvider to configure Provider using name rather than Provider instance*
o Support for diffie-hellman-group14-sha256, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group17-sha512 and diffie-hellman-group18-sha512
o Improved algorithm support for FIPS mode (ECDH, ECDSA and stronger key exchange methods).
o Added option to disable SFTP block size optimisation with -Dmaverick.disableBlocksizeOptimization=true
o Automatic configuration/support for SpongyCastle JCE provider as a replacement for BouncyCastle on Android.
Bug Fixes
o Preempt SSH2 connection in initial identification exchange and handle error if remote server does not support.
o Prevent ConcurrentModificationException in ForwardingClient stopAllLocalForwarding methods.
o Added default timeout of 60 seconds for any global request.
o DSA private key signature encoding intermittently fails to generate compatible signature.
o Preempt authentication in HttpsProxyTransport.
o Some methods in ForwardingClient were not synchronized making it unsafe for multiple thread access.
*Requires upgrade to maverick-common 1.3.3 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.13 - Jan 26, 2018
Features
o Ability to disable algorithms at runtime using -Ddisable.<algorithm> system property*
Bug Fixes
o Expected RSA signature length calculation used for padding incorrect; added additional fallback to original signature if padded signature fails*
o Ensure fired events are logged in standard debug log*
*Requires upgrade to maverick-common 1.3.2 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.12 - Dec 22, 2017
Bug Fixes
o Fix for non-RFC X509 signature encoding (compatibility with Tectia)*
o Prevent ExecutorOperationSupport from pausing for 1 second during connection shutdown*
o Upgrade use of commons-vfs in SFTP provider to fix various memory issues caused by commons-vfs2.
*Requires upgrade to maverick-common 1.3.1 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.11 - Nov 23, 2017
Bug Fixes
o Full support for BCFIPS JCE Provider
*****************
IMPORTANT COMPATIBILITY INFORMATION
This release requires the use of maverick-common 1.3.0 dependency which is included in this release. When using both
client and server APIs in the same JVM you MUST use client and server versions compatible with 1.3 maverick-common.
*****************
--------------------------------
J2SSH Maverick 1.7.10 - Oct 23, 2017
Bug Fixes
o Support for licenses encoded in ISO-8859-1
o ecdh-sha2-nistp521 broken*
o Java 8u121 DSA signature validation fixes cause intermittent validation failures.
*Requires upgrade to maverick-common 1.2.9 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.8 - Jul 17, 2017
Features
o Added RSA encrypt/decrypt utility methods to SshKeyUtils.
Bug Fixes
o Check for disconnect error after complete file transfer and consume exception to avoid confusion.
o ECUtils does not use configured JCEProvider for EC algorithm*
o SftpSubsystemChannel incorrectly defaults to performing verification of file using extension mechanism.
o License configured with LicenseManager.addLicense could potentially be in an encoding other than UTF-8.
*Requires upgrade to maverick-common 1.2.8 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.7 - Jun 13, 2017
Bug Fixes
o Valid OpenSSH key does not pass format tests*
*Requires upgrade to maverick-common 1.2.7 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.6 - Jun 5, 2017
Features
o Implementation of OpenSSH certificates to support user authentication via signed certificate file as defined at https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
o Improvements to Shell implementation to detect incorrect password, better support for periodic password sudo prompt.
Bug Fixes
o Removed erroneous System.out in OpenSSHPrivateKeyFile.toKeyPair.
o Enterprise distribution now includes -sources jar files.
o Java 8 u121 introduces regression in DSA key signature validation.
o If BouncyCastle PKIX loading of private key fails with EncryptionException revert to original private key format implementation.*
o SshPublicKeyFileFactory#parse allows non IO error to be propagated*
o Disabled CBC ciphers cause private key encryption failures*
o Client events have no reference back to generating SshClient.
o Missing failed EVENT_KEY_EXCHANGE_COMPLETE event.
o Prevent multiple license to log statements when multiple SshConnector instances are used.
o Incorrect calculation of signature size causes RSA signature validation errors*
o Provide hint as to why we received a zero length packet in error when compression is enabled.
*Requires upgrade to maverick-common 1.2.6 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.5 - Mar 24, 2017
Features
o Added Ssh2Client protected method createTransportProtocol to allow custom implementations to create their own TransportProtocol instance.
Bug Fixes
o Error log in diffie hellman implementations does not log correct exception.
o Ant source build using incorrect source and target values.
o SshAgentClient requires object with Closable contract to ensure channel or Socket is closed correctly when agent is closed.
o Some dependencies on BouncyCastle classes were removed.
o AbstractKnownHostsKeyVerification and AbstractMultipleKnownHostsKeyVerification miss validation when passed hostname matches but FQDN and IP are not resolved.
o Added missing drain method in ShellProcess.
o Changes/improvements to support BouncyCastle FIPS certified JCE Provider
o Further fixes to RFC 6187 X509 implementation
*Requires upgrade to maverick-common 1.2.5 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.4 - Feb 22, 2017
Features
o Added commandExecuted, shellClosed, subsystemClosed, keyExchangeComplete methods to SshClientListener and associated SshClientAdapter.
o Added SshKeyUtils utility class to help with loading public keys.
Bug Fixes
o Fixed certificate chain and signature encoding inline RFC 6187 X509 implementations*
o ECDSA X509 implementations not registered correctly*
o EC and ECDH use default system JCE provider even if separate default provider is configured in API.
*Requires upgrade to maverick-common 1.2.4 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.3 - Feb 3, 2017
Bug Fixes
o Channel available method exception causes truncation problem with BufferedInputStream.
o Processing SSH_MSG_DISCONNECT causes SshException.
o Re-ordered default key exchange listing by order of strongest security preference.*
Requires upgrade to maverick-common 1.2.3 which is included in this release.
--------------------------------
J2SSH Maverick 1.7.2 - Jan 5, 2017
Features
o Implemented md5-hash and md5-hash-handle extensions as part of get operation (these were the original extensions defined in draft-ietf-secsh-filexfer-09.txt before draft-ietf-secsh-filexfer-extensions-00.txt replaced them with check-file-name and check-file-handle).
Bug Fixes
o Missing events for CONNECTED and DISCONNECTED.
Requires upgrade to maverick-common 1.2.2 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.25 - Dec 12, 2016
Bug Fixes
o Workaround added to fix broken GlobalScape server that responds to default dir request with file not found.
o ChannelInputStream available incorrectly consumes EOFException.
o Deprecated partial message timeout to prevent excessive socket option chatter. Reason for use is no longer valid with introduction of socket timeout support in 1.6.0.
o Missing events for CONNECTED and DISCONNECTED.
o Attribute ATTRIBUTE_HOST_KEY deprecated because it used unsafe encoding to String for a binary object. ATTRIBUTE_HOST_PUBLIC_KEY replacement provides a SshPublicKey instance for the key.
--------------------------------
J2SSH Maverick 1.6.24 - Nov 4, 2016
Features
o Ssh2Client getHostKey method to retrieve the host key of the server.
Bug Fixes
o SHA256 public key fingerprint is not compatible with OpenSSH fingerprint*
o OpenSSH public key file cannot be parsed with CR or NL in the encoded Base 64 blob*
o Better handling of rejected executor task required.
o HttpProxySocket not sends Bad Request in response to 407 Proxy Authentication Required response.
* Requires upgrade to maverick-common 1.1.12 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.23 - Oct 7, 2016
Features
o New AuthorizedKeyFile implementation enables parsing of authorized_key files with full support for all OpenSSH options as documented at http://man.openbsd.org/sshd.8*
Bug Fixes
o ChannelInputStream available not consistent with InputStream contract.
o Fixed NPE in Event getAllAttributes*
o Algorithm name in SECSH public key file causes NPE when parsed by SshPublicKeyFileFactory*
o AbstractKnownHostsKeyVerification would fail if @revoked or @cert-authority is present in known_hosts file.
* Requires upgrade to maverick-common 1.1.11 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.22 - Sept 2, 2016
Features
o Options added to Ssh2Context that allow disabling of ETM (encrypt-then-mac) and non standard algorithms such as @openssh.com and @ssh.com algorithm implementations.
Bug Fixes
o PuTTY private key file should use AES CBC cipher directly and not use supported ciphers ComponentFactory.*
o Key derivation function creates incompatible key when key exchange hash function output is smaller than required key.
o Remote identification without additional software version causes connection exception.
IMPORTANT NOTICE: This version requires maverick-common 1.1.9 and cannot be used with earlier versions of maverick-common jar file.
--------------------------------
J2SSH Maverick 1.6.21 - Aug 9, 2016
Features
o Added stripEOL property to SftpClient to instruct the client to strip and replace all EOL type characters in favour of the system EOL (get) or remote EOL (put).
Bug Fixes
o Width/Height parameters written in the wrong order in Ssh2Session changeTerminalDimensions.
o Event object cannot handle null attributes.*
o Diffie hellman key exchanges do not enforce validity of generated or server supplied algorithms.
o When in buffered mode queued packets from key exchange should not be placed on the executor.
* Requires upgrade to maverick-common 1.1.8 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.20 - July 14, 2016
Features
o Ssh2Client now has a number of get methods to return String array of remote algorithm lists.
Bug Fixes
o Ability to set pseudo block timeout using system property -Dmaverick.pseudoBlockTimeout=1000. Only use if directed by support.
o hmac-sha256@ssh.com should use 32 byte output but 16 byte key*
* Requires upgrade to maverick-common 1.1.7 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.19 - June 23, 2016
Bug Fixes
o Additional method signature of openDirectory added to SftpSubsystemChannel to support disabling of attribute checks to allow custom Dovetail SFTP commands to be executed against remote server.
o AbstractKnownHostsKeyVerification hashes hostname even if it had been previously hashed causing problems with key verification.
o Skip options in OpenSSH public key file could cause IndexOutOfBoundsException.*
* Requires upgrade to maverick-common 1.1.6 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.18 - Jun 2, 2016
Bug Fixes
o Prevent EOFException when processing bad SSH_FXP_STATUS packet from SSH-2.0-Go server.
o Added remoteIsDir (-d) option to ScpClientIO.
o Changed default host key preference to ECDSA key.
--------------------------------
J2SSH Maverick 1.6.17 - May 19, 2016
Features
o Extended agent implementation to support OpenSSH ssh-agent supporting list keys, hash and sign, lock, unlock. http://www.opensource.apple.com/source/OpenSSH/OpenSSH-142/openssh/PROTOCOL.agent
o Added AgentSocketForwardingChannel and AgentForwardingChannelFactory for agent forwarding support.
Bug Fixes
o Prevent disconnected event in SshClientListener from being generated more than once per connection.
o Ssh2Channel sendRequest does not pass its isActivity value to ConnectionProtocol sendMessage.
o SSHCOM private RSA keys fail to authenticate*
o Skip options in OpenSSH public key file.*
* Requires upgrade to maverick-common 1.1.5 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.16 - Mar 30, 2016
Features
o SshClient now supports storing attributes for variables connected with the current ssh connection.
o Added SshClientListener interface for general callback of useful client events such as authenticated, executedCommand, startedShell etc.
o Added SshClientAdapter to allow cut down implementation of SshClientListener
o SshSession getTerm method added. Returns the terminal type of any pseudo terminal successfully attached to the session. May return null.
Bug Fixes
o SftpClientFactory in Maverick VFS provider includes missing StringUtils dependency.
o Fix to filter erroneous banner/message can go into infinite loop.
o EOLProcessor duplicates character if stray CR is found when processing CRLF*
o Missing SshClient and SshSession attributes from session events.
* Requires upgrade to maverick-common 1.1.4 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.15 - Mar 14, 2016
Features
o Initial implementation of SSH agent and agent authentication mechanism https://tools.ietf.org/html/draft-ietf-secsh-agent-02. See AgentKeyConnect.java for example.
Bug Fixes
o Dynamic buffer fails to resize to required size causing ArrayIndexOutOfBoundsException.
o Filter erroneous banner/message from incorrectly configured server during SFTP subsystem startup.
o Try to honor write size in SSH2 channel output stream by looking for window space before it runs out.
o Missing constraint in performOptimisedWrite causes entire file to be written to server without any concern for async requests setting.
o Incorrect packet length displayed in error message when maximum packet length is exceeded.
--------------------------------
J2SSH Maverick 1.6.14 - Jan 29, 2016
Bug Fixes
o Fixed public key authentication support to Commons VFS SFTP provider.
o Javadocs were not included in the zip distribution.
--------------------------------
J2SSH Maverick 1.6.13 - Jan 13, 2016
Features
o Adding missing methods to manipulate extended file attributes on SftpFileAttributes.
o Increased session channel maximum channel packet to 34000 bytes.
o Improved JCEComponentManager startup to ensure existing BC provider does not prevent DH algorithm configuration.*
o Improved JCEComponentManager startup logging.*
* Requires upgrade to maverick-common 1.1.2 which is included in this release.
--------------------------------
J2SSH Maverick 1.4.59 - Jan 13, 2016
Bug Fixes
o Update shared DiffieHellmanGroups class to provide consistent classpath when jvm is shared with Maverick SSHD.
--------------------------------
J2SSH Maverick 1.6.12 - Dec 10, 2015
Bug Fixes
o diffie-hellman-group-exchange methods fail test with NPE when backwards compatibility is disabled.*
o Disabled backwards compatibility on diffie-hellman-group-exchange key exchange methods due to deprecation by OpenSSH.
o x509v3-ecdsa-sha2-nistp384 and x509v3-ecdsa-sha2-nistp521 typos in JCEComponentManager registration.*
* Requires upgrade to maverick-common 1.1.1 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.11 - Oct 29, 2015
Bug Fixes
o Removed use of trim in SFTP/SCP paths to ensure trailing spaces are valid in filenames.
o maverick-dynamic-forward.jar and maverick-vfs-ssh.jar were incorrectly included in the -all.jar builds. As optional components these should not have been present. They are now distributed as separate jar files.
--------------------------------
J2SSH Maverick 1.4.58 - 10 Nov, 2015
Bug Fixes
o ForwardingClient getLocalForwardingTunnels returns nothing for stopped local forwardings even though forwarding was stopped with killActiveTunnels=false
o ForwardingClient incorrectly initializes channel with wrong window space and packet length values.
o SftpOutputStream continues to process packets after error causing long delay in closing OutputStream.
o SFTP channel only has 32k of window space for session based channels.
o Increase maximum size of supported SFTP packet to 32k.
o openSessionChannel now has 60 second timeout.
--------------------------------
J2SSH Maverick 1.6.10 - Sept 14, 2015
Features
o Optimization on SFTP block size so that it takes into account subsystem and SFTP packet overhead to ensure each SSH_MSG_CHANNEL_DATA packet fully utilize the channels maximum packet length.
o Support for hmac-ripemd160, hmac-ripemd160-etm@openssh.com message authentications.
o Support for Encrypt then Mac message authentications hmac-md5-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
Bug Fixes
o Session using startShell is still logging commands which should only be logged if maverick.verbose property is set.
o ECDSA keys cannot be loaded if another JCE exists that processed EC keys and has a higher priority in security configuration*
o ECSDA public key compare using equals fails even when they represent the same public key*
o Key exchange synchronization potentially causes deadlock.
o Window size defaults changed, session channel for shell/command has smaller window size 128k + 32k packet. SFTP has 2G window size and slightly larger than 32k to prevent 32k data packets being fragmented by the connection protocol.
o Prefer keyboard-interactive flag would not check if keyboard-interactive was actually supported.
o Ensure enough key data is available for the size of the cipher or mac*
o Handle IOException/EOFException from local stream as non-fatal cancellation of transfer. Throw TransferCancelledException to indicate state to calling application.
o Removed erroneous code from ScpClient.
o SftpStatusException message includes status code translation and message from server. Only show both if the strings do not match.
* Requires upgrade to maverick-common 1.1.0 which is included in this release.
*****************
IMPORTANT COMPATIBILITY INFORMATION
For users combining both our client and server APIs in the same classpath you should ensure that both versions of the API used are compatible with a maverick-common version of 1.1.0.
If for any reasons you just use a single product and ship the individual jar files you should ensure you ship the maverick-common 1.1.0 version included in this release.
*****************
--------------------------------
J2SSH Maverick 1.4.57 - 7 May, 2015
Bug Fixes
o HttpProxyTransportWrapper tries to connect to endpoint server rather than proxy server.
o HttpProxyTransport fails with Bad Request when attempting authentication.
--------------------------------
J2SSH Maverick 1.6.9 - May 15, 2015
Bug Fixes
o Fixed Enterprise Edition broken source build.
o Removed printStackTrace and instead added warn level log on reflection error when attempting to load newer implementation of OpenSSHPrivateKeyFile that depends on Bouncycastle PKIK.
o Log missing BC dependency rather than printStackTrace.*
o ForwardingClient getLocalForwardingTunnels returns nothing for stopped local forwardings even though forwarding was stopped with killActiveTunnels=false.
o Optional Bouncycastle dependencies upgraded to version 1.52
* Requires upgrade to maverick-common 1.0.9 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.8 - Mar 24. 2015
Bug Fixes
o Automatic conversion to keyboard-interactive should not subsequently perform password if password auth is not available.
o Fixed NullPointerException on API startup caused by licensing code in some JVM environments.
--------------------------------
J2SSH Maverick 1.6.7 - Feb 24, 2015
Bug Fixes
o JCE expects a padded RSA signature but protocol allows client to send unpadded resulting in random authentication failures.
o SftpFileAttributes is checks wrong variable to determine if access time nano seconds is present resulting in NullPointerException.
o The Maverick Commons VFS implementation closes SshClient before OutputStream created to transfer file is completed.
o Idle connection hangs if JVM socketWrite method blocks because it cannot send disconnect message. Treat idle connection as error condition. Optional setting added to Ssh2Context to revert this behavior.
o Ssh2Client openSessionChannel default method is not using Ssh2Context settings for window space or maximum packet size.
o SshClient getChannelCount returns +1 channels as closed channel still exists in list when listener event is fired.
o Default SFTP block size too restrictive.
o SshPrivateKeyFileFactory fails to load encrypted EC private key when no passphrase is passed initially to factory.
* Requires upgrade to maverick-common 1.0.8 which is included in this release.
--------------------------------
J2SSH Maverick 1.4.56 - Feb 24, 2015
Bug Fixes
o JCE expects a padded RSA signature but protocol allows client to send unpadded resulting in random authentication failures.
o Idle connection hangs when socketWrite blocks due to network issues. Idle connections are now treated as error condition with no disconnect message sent. Option to revert this behavior added to Ssh2Context.
o SshClient getChannelCount returns +1 channels as closed channel still exists in list when listener event is fired.
--------------------------------
J2SSH Maverick 1.6.6 - Jan 12, 2015
Features
o Prefer keyboard-interactive over password authentication.
Bug Fixes
o SOCKS proxy transport fails to connect to proxy server.
o ThreadSynchronizer does not guarantee exclusive lock to the message pump when threaded/buffered mode client is in use.
o Ssh2Session incorrectly defaults to sending keep-alive packets, keeping session open and not honoring idle connection time.
o Buffered mode client idle disconnect does not propagate to other blocked threads.
o Shell fails to detect *nix type environment.
o Ssh2Session should only log session input/output in maverick.verbose mode.
o Ability to order ciphers, macs, key exchanges etc by passing String array of preferred order.
--------------------------------
J2SSH Maverick 1.4.55 - Jan 8, 2015
Bug Fixes
o Exception thrown when an attempt is made to install two different licenses.
--------------------------------
J2SSH Maverick 1.6.5 - Sept 23, 2014
Bug Fixes
o Removed erroneous output from JCEComponentManager startup*
o OpenSSH private key format made library always depend on Bouncycastle JCE provider and associated libs.
o SftpClient now only applies umask on files and folders if explicitly set by calling umask method.
* Requires upgrade to maverick-common 1.0.6 which is included in this release.
--------------------------------
J2SSH Maverick 1.4.54 - Sept 24, 2014
Bug Fixes
o Automatically attempt to add BouncyCastle JCE provider if found in classpath. If not installed, there may no large prime support for some Diffie Hellman algorithms.
o ThreadSynchronizer does not guarantee exclusive lock to the message pump when threaded/buffered mode client is in use.
--------------------------------
J2SSH Maverick 1.6.4 - Aug 26, 2014
Features
o Added hmac-sha2-512, hmac-sha2-512-96, hmac-sha2-256-96 mac algorithms*.
o Added ecdh-sha2-nistp256, ecdh-sha2-nistp384 and ecdh-sha2-nistp521 key exchange algorithms*.
o Added x509v3-rsa2048-sha256, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384 and x509v3-ecdsa-sha2-nistp521 public key algorithms.*
Bug Fixes
o HTTP / SOCKS proxy classes missing connection timeout support.
o ExecutorService core threads never timeout. Default behaviour is now for core threads to terminate after 60s of idle.
o Added SshConnector static methods that allows internal ExecutorService to be configured with different values for core thread pool, max threads and timeout.
o Added synchronization to license validation to prevent license validation issues under load.
* Requires upgrade to maverick-common 1.0.5 which is included in this release.
--------------------------------
J2SSH Maverick 1.4.53 - Aug 19, 2014
Bug Fixes
o HTTP / SOCKS proxy classes missing connection timeout support.
o Added synchronization to license validation to prevent possible corruption of license information under load.
o Ssh2Channel sendRequest incorrectly synchronizes on connection instance rather than channel instance.
--------------------------------
J2SSH Maverick 1.4.52 - Jun 11, 2014
Bug Fixes
o Server disconnects and does not accept client connection when client identification string is sent optimistically.
o Last CR in file is not replaced in SftpClient text mode transfers.
o jakarta-oro jar file missing from dependencies.
--------------------------------
J2SSH Maverick 1.6.3 - June 9, 2014
Features
o Support for SFTP versions 5, 6 in SftpClient and SftpSubsystemChannel. Currently must be enabled by passing version number into constructor.
Bug Fixes
o Upgraded BouncyCastle dependencies to 1.50 versions due to potential memory leaks created by the JCE library.*
o Outgoing compression fails with ArrayIndexOutOfBoundsException.
o Race condition causes Bad Packet exceptions after new keys are put into use.
o performOptimizedWrite in SftpSubsystemChannel does not progress FileTransferProgress when appending to file.
o performOptimizedWrite in SftpSubsystemChannel always writes to beginning of file ignoring position.
* Requires upgrade to maverick-common 1.0.4 which is included in this release.
--------------------------------
J2SSH Maverick 1.6.2 - May 14, 2014
Features
o Added support to Shell class for OpenVMS.
o Added SshClientPool utility for efficient management of single threaded idle clients.
o The host key verification process will treat servers running on separate ports as different servers as per other implementations. Added maverick.knownHosts.disablePortValidate system property to enable the disabling of this behavior and treat all servers on the same host as one server for host key validation purposes.
o Added support for ECDSA X509 certificates (RFC 6187).*
Bug Fixes
o Improved error message when failed to generate a DH value.
o Maverick VFS SSH would close a shared connection when FileObject.getOutputStream() was used.
o Server disconnects and does not accept client connection when client identification string is sent optimistically.
o Last CR in file is not replaced in SftpClient text mode transfers.*
o Revert to 1.4 internal Rsa implementation for SSH1 server/host key processing due to incompatibility with JCE.*
o Ssh2Client initializes port forwarding channel with non-optimal settings.
* Requires upgrade to maverick-common 1.0.3 which is included in this release.
--------------------------------
J2SSH Maverick 1.4.51 - Mar 31, 2014
Features
o Added acceptLocalForwarding method to ForwardingClientListener.
Bug Fixes
o Potential memory leak fixed when using pooled SftpClients with non-pooled SftpClient instances.
o Subsequent call to ForwardingClient.stopLocalForwarding with a key that had previously been used to stop listening but not kill active tunnels should kill any remaining tunnels if the killActiveTunnels flag is true.
o Changed default cipher to aes128-ctr.
o Added back processStandardData protected method of byte[],int,int to prevent backwards compatibility issues.
o Socket timeout applied via use of Ssh2Context.setSocketTimeout is not applied until after identification exchange.
--------------------------------
J2SSH Maverick 1.6.1 - Jan 29, 2014
Features
o Preliminary support for RFC 6187 X509 certificates for RSA and DSA public key algorithms. OSCP responses are currently not available or validated by the client if received.*
o Added X509HostKeyVerification implementation for easier verification of X509 certificates.
o Added HostKeyVerificationManager implementation to allow chaining of HostKeyVerification instances so that different verification types can be performed on a single connection.
Bug Fixes
o Potential memory leak fixed when using pooled SftpClients with non-pooled SftpClient instances.
o Ssh2Session incorrectly defaults send keep-alive packet on idle to true, causing connections to remain active when the expected result was a timeout.
o Made SftpClient.matchRemoteFiles method public to allow wildcard searches to be performed on remote directory.
o SftpFileInputStream calls getAttributes on file but its no longer needed.
o umask not being applied to default file permissions when put through SftpClient.
o Default cipher changed to aes128-ctr.
o Added back utility to J2SSHEventCodes to get event name from id.
* Requires upgrade to maverick-common 1.0.2 which is included in this release.
--------------------------------
J2SSH Maverick 1.4.50 - Nov 20, 2013
Bug Fixes
o Ssh2Session incorrectly defaults send keep-alive packet on idle to true, causing connections to remain active when the expected result was a timeout.
o Made SftpClient.matchRemoteFiles method public to allow wildcard searches to be performed on remote directory.
o SftpFileInputStream calls getAttributes on file but its no longer needed.
o umask not being applied to default file permissions when put through SftpClient.
--------------------------------
IMPORTANT NOTICE:
This is the first public release of the 1.6.x stable branch. Source code developed with versions 1.4.x or
lower will not be binary compatible with this API although changes should be minimal as this new branch
is a continuation of the work of those branches and should be considered the stable successor to 1.4.x
versions.
Please note that the internal cryptographic provider has been removed and as such all cryptographic
functions are provided by the installed Java Cryptography Extensions (JCE) in your environment. The minimum
required version of Java is 1.5.
J2SSH Maverick 1.6.0 - Oct 9, 2013
Features
o Logging is now provided though SLF4J.
o API is now built with and requires a minimum Java version of 1.5.
o Build system changed to Maven.
o Common components shared between client and server implementations have been moved to a separately versioned jar file to help compatibility between the two.
o Internal cryptographic provider has been removed.
o Added support for Elliptic Curve keys ecdsa-sha2-nistp256, ecdsa-sha2-nistp385 and ecdsa-sha2-nistp521.
o New Shell implementation that uses begin/end markers for each command to extract output from the users shell.
o Support for PKCS8 PEM encoded private keys (required BouncyCastle JCE provider installed)*
o checkLocalSourceAddress method added to ForwardingClientListener to allow forwarding to be declined based on source address.
Bug Fixes
o Ssh2Session incorrectly defaults send keep-alive packet on idle to true, causing connections to remain active when the expected result was a timeout.
* Requires upgrade to maverick-common 1.0.1 which is included in this release.
--------------------------------
J2SSH Maverick 1.4.49 - Oct 5, 2013
Bug Fixes
o Start of key exchange was not synchronized until SSH_KEX_INIT had been received allowing non key exchange message to be sent in error.
o Support for larger N sizes in DSA key signatures allowing > 1024 bit DSA keys to be utilised.
o Added hmac-sha2-256 algorithm to supported Hmacs
o copyRemoteDirectory/copyLocalDirectory flatten copied directory structure.
o Internal cache of SFTP file handles uses unsafe conversion from byte[] to String.
o Under load ConnectionProtocol was able to send a message during key re-exchange.
o SftpSubsystemChannel does not provide a method to perform SSH_FXP_LSTAT.
o Added statLink method to SftpClient to get attributes of a link.
o SftpClient symlink method passes target and link paths to createSymbolicLink in the wrong order.
o Added support for larger DH key sizes in diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256.
--------------------------------
J2SSH Maverick 1.4.48 - July 18, 2013
Bug Fixes
o Ssh2Channel checkCloseStatus call in close method does not pass correct remote closure state causing potential lockup in close method.
--------------------------------
J2SSH Maverick 1.4.47 - July 5, 2013
Features
o Added SshConnector.enableFIPSMode to configure the client to only use FIPS supported algorithms. This requires a JCE that supports 2048 bit DH primes so is incompatible with SunJCE, use BouncyCastle JCE to support this or a FIPS certified JCE.
Bug Fixes
o When no default JCE provider is specified on JCEComponentManager, for diffie-hellman-group14-sha1 only, default to BouncyCastle JCE if it is an installed Provider.
o AbstractJCECipher IV is now initialized with getBlockSize, allowing it to be overridden to prevent NPE with NSS/JSS crypto.
o Erroneous inclusion of Jakarta ORO .class files in maverick-all.jar. Use dependency if you need to depend on Jakarta ORO (regex matching in ScpClient/SftpClient).
o SftpFileInputStream does not implement available causing issues with GZIPInputStream and BufferedInputStream.
--------------------------------
J2SSH Maverick 1.4.46 - Apr 26, 2013
Bug Fixes
o Ssh2Session.close now attempts to ensure the remote SSH_MSG_CHANNEL_CLOSE is received before returning to ensure session exit code is processed correctly.
o Attempts to read non-existent data from SFTP v4 file attributes ACL.
--------------------------------
J2SSH Maverick 1.4.45 - Mar 13, 2013
Bug Fixes
o Timeout support introduced in Ssh2Client.openSessionChannel to prevent buffered mode clients from hanging. This currently requires that you call the specific openSessionChannel method in Ssh2Client with a reasonable timeout value.
o Forwarding client bottleneck fix in local forwarding socket listener.
o Better handling of channel EOF messages, forcing channel close when both sides are EOF.
o Channel is now freed only after all listener events have been fired.
o Debug mode now logs command input/output in log.
o SftpClient fails to throw SftpStatusException on put when server returns SSH_FXP_STATUS other than SSH_FX_OK in response to SSH_FXP_CLOSE message.
o License verification made less sensitive to whitespace changes.
o Removed use of circular buffer in Ssh2Channel to provide more flexible support for larger window sizes.
o OpenSSHPublicKeyFile performs unnecessary check against key algorithm name preventing further supported types being used.
o GlobRegExpMatching fails to process match if file is a directory.
o SSH1 RSA private keys fails to authenticate with 'unknown block type' or 'Data must start with zero' exception.
--------------------------------
J2SSH Maverick 1.4.44 - Dec 5, 2012
Features
o Allow X11 fake cookie to be set rather than relying on random value. Normally this would not be desired but allows a scenario where J2SSH is used to bridge X11 in a server environment and needs to use fake cookie supplied by bridged client.
Bug Fixes
o ScpClient creates file before parsing entire response; in the event response is incorrect create file after complete parsing of response.
o AbstractKnownHostsKeyVerification fails to process known_hosts line with multiple host names for public key.
--------------------------------
J2SSH Maverick 1.4.43 - Oct 12, 2012
Bug Fixes
o Text mode file transfer incorrectly defaults to processing all EOL types and not just system EOL types.
o SftpClient block and maximum packet settings brought into line with other implementations as our larger (but still technically within protocol limits) were causing problems with some servers.
--------------------------------
J2SSH Maverick 1.4.42 - Sept 19, 2012
Features
o AES-128-CBC encryption now supported in OpenSSH private key files.
Bug Fixes
o Workaround for WS_FTP causes error retrieving root path.
--------------------------------
J2SSH Maverick 1.4.41 - Sept 3, 2012
Features
o Ability to change default hash algorithm for SSH key fingerprints.
Bug Fixes
o AbstractKnownHostsKeyVerification falls into infinite loop if known_hosts file does not exist.
--------------------------------
J2SSH Maverick 1.4.40 - August 27, 2012
Features
o diffie-hellman-group-exchange-sha256 now supported.
Bug Fixes
o SFTP hangs on very large packet size. Added more restrictive check, size can be configured with system property maverick.sftp.maxPacketSize.
o Race condition causes short lived channel to remain open if server closes before client has updated channel from uninitialized to open.
o Zero length channel data packet causes EOF exception when channel int read() is used to return data from channel InputStream.
o AbstractKnownHostsKeyVerification requires synchronization to ensure thread safety.
--------------------------------
J2SSH Maverick 1.4.39 - June 28, 2012
Features
o Added system property maverick.debug.dsa.rvalue to allow output of DSA r value received from server in host key verification
for testing that no repeated r value is seen.
Bug Fixes
o X509 DSA certificate fails to be initialized from public key blob.
--------------------------------
J2SSH Maverick 1.4.38 - June 9, 2012
*************************
IMPORTANT NOTICE
*************************
This release contains a fix for a vulnerability discovered in the DSA implementation within the standalone cryptographic provider and it is advised that all users upgrade if their configuration has been modified to use the standalone cryptographic provider. The vulnerability can be used by a compromised server to discover the private key of a user using techniques outlined at http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/
J2SSH Maverick 1.4.5 or greater defaults to using the JCE cryptographic provider and in its default configuration is outside the scope of this vulnerability.
This affects you if you are using a version less than 1.4.5 OR a more recent version that you have explicitly set the following system property to a value of 'true' to activate the standalone provider:
-Dcom.maverick.ssh.components.ComponentManager.tryStandaloneCryptographyBeforeJCE=true
If you require any advise on this issue please contact support@javassh.com
Bug Fixes
o Diffie Hellman key exchange components were not fully utilising JCE DH algorithms for key agreement.
o Vulnerability in internal cryptographic DSA provider fixed. http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/
--------------------------------
J2SSH Maverick 1.4.37 - May 1, 2012
Features
o Added support for Connection, Server and Protocol licenses.
Bug Fixes
o Workaround for WS_FTP returning file not found when directory ends in /
o Removed broken J2ME build
--------------------------------
J2SSH Maverick 1.4.36 - Mar 26, 2012
Features
o Added getLength method to ScpClientIO to allow length of file to be determined over SCP.
Bug Fixes
o Possible signed bit conversion in ByteArrayReader causes NumberFormatException whilst reading file attributes
o Removed finalize operation from SftpSubsystemChannel and SftpClient and ensured responses are cleared when channel is closed.
--------------------------------
J2SSH Maverick 1.4.35 - Feb 6, 2012
Features
o Now supports known_hosts files generated using OpenSSH configuration HashKnownHosts=yes
Bug Fixes
o SftpMessage cleanup in SftpSubsystem channel to help prevent potential memory leak when connection is dropped uncleanly.
o Formatting on long filename in SftpClient incorrectly labels file as FIFO when no IF_MT value is passed by server.
o copyRemoteDirectory incorrectly copies all files to base directory.
o OpenSSH cannot read private keys encrypted by API.
o AbstractKnownHostsKeyVerification chokes on invalid host key entry, invalid hosts are now ignored by default and delegated to subclass in onInvalidHostEntry function. ConsoleKnownHostsKeyVerification now outputs the line as a warning but does not fail.
o rsa1 key is incorrectly encoded by JCEComponentManager in knownhosts file.
--------------------------------
J2SSH Maverick 1.4.34 - Sep 25, 2011
Bug Fixes
o Channel request failure does not include remote sides channel id
--------------------------------
J2SSH Maverick 1.4.33 - Sep 14, 2011
Bug Fixes
o ScpClient does not complete transfers when profile echos out during session initialization.
o openRemoteClient does not open buffered mode client
o TransportProtocol selectNegotiatedComponent made more tolerant of spaces in algorithm strings.
--------------------------------
J2SSH Maverick 1.4.32 - Jun 3, 2011
Features
o Added support for MD5 signatures in RSA certificates.
Bug Fixes
o Additional cleanup code added for SftpClient/SftpSubsystemClient to remove references to SftpMessage objects remaining in buffer.
o Ssh1RhostsRsaAuthentication fails to default client username to value set in SshConnector.connect call.
--------------------------------
J2SSH Maverick 1.4.31 - Apr 20, 2011
Bug Fixes
o Added check to ensure number of asynchronous requests never reaches zero.
--------------------------------
J2SSH Maverick 1.4.30 - Feb 7, 2011
Features
o Added support for newline@vandyke.com SFTP extension for text mode transfers with SFTP version <= 3.
o Added support for hmac-sha256.
o Added support for x509v3-sign-dss public/private keys & certificates.
o SftpClient will attempt to resolve actual username/group of UID/GID on directory file listing.
Bug Fixes
o x509v3-sign-rsa made compatible with older version of specification.
o Changed log statement description for invalid message length; removed mention of possible DoS attack.
o SocketWrapper.getHost potentially generates reverse DNS request, causing startup delays.
o putFiles/getFiles behavior is inconsistent; fixed errors in path validation and pattern matching.
o ScpClient issue with Windows path separator fixed.
--------------------------------
J2SSH Maverick 1.4.29 - Sep 16, 2010
Bug Fixes
o Race condition in key exchange allows client to send message out of sequence, before messages that have been queued during key exchange.
o Synchronization of Ssh2Channel.sendRequest causes deadlock when command execution request fails on Maverick SSHD server.
--------------------------------
J2SSH Maverick 1.4.28 - Sep 2, 2010
Features
o Added missing hmac-md5-96 and hmac-sha1-96 HMACs to JCE provider.
o Added enableCompression/disableCompression methods to Ssh2Context for easy configuration of zlib compression.
Bug Fixes
o New socket timeout behaviour causes deadlock when timeout occurs during session channel initialisation. New behaviour is not enabled by default and so this problem will only affect those customers that have enabled the new behaviour.
o Text mode performance fix fails to flush OutputStream causing small files to be uploaded as zero bytes.
--------------------------------
J2SSH Maverick 1.4.27 - Jul 14, 2010
Bug Fixes
o Text mode transfers suffer from performance problem due to writing single bytes to an unbuffered file.
--------------------------------
J2SSH Maverick 1.4.26 - May 24, 2010
Features
o Support for zlib@openssh.com compression added.
--------------------------------
J2SSH Maverick 1.4.25 - Apr 8, 2010
Bug Fixes
o SocketTransport.getHost() changed to return the stored hostname value instead of calling
Socket.getInetAddress().getHostName(). This call could initiate DNS calls that can
cause connection startup delays after a connection has been made due to it's use in
logging statements.
--------------------------------
J2SSH Maverick 1.4.24 - Mar 26, 2010
Features
o Added option to Ssh2Context to support socket timeouts and idle events through TransportProtocolListener
this includes an option to send SSH_MSG_IGNORE packet on idle as well as disconnect on idle connection timeout.
Bug Fixes
o Fixed source code compile for Enterprise license.
o Added getModifiedDateTime/getCreationDateTime/getAccessedDateTime methods to return SftpFileAttributes times
as a java.util.Date object.
o Changed SftpClient internal calls to return attributes from getAttributes rather than stat to prevent
multiple calls to resolveRemotePath().
o Use of OPEN_EXCL flag in put() method and getOutputStream() removed in favour of OPEN_TRUNCATE due to problems
with some servers handling OPEN_EXCL incorrectly.
o SftpClient.get() should perform stat prior to creating local file.
--------------------------------
J2SSH Maverick 1.4.23 - Feb 12, 2010
Bug Fixes
o Added timeout to ThreadSyncronizer wait() call due to potential lockup issue.
o API cannot handle remote window space larger than 2^31 due to signed int conversion.
o Fixed NullPointerException on Ssh1Des initialization.
o SSH2 channel open hangs under load when older closed channel with same id attempts to
free itself again.
o Changed get() calls to return attributes from getAttributes rather than stat to prevent
multiple calls to resolveRemotePath().
o JCE provider RSA encoding problem causes SSH1 connections to randomly fail.
--------------------------------
J2SSH Maverick 1.4.22 - Dec 30, 2009
Bug Fixes
o ScpClient put() incorrectly appends full absolute path to file's parent path.
o Uninitialised SecureRandom instance causes slow start-up due to delayed seed generation.
o ShellProcess readLine creates 1 second delay when process has closed.
--------------------------------
J2SSH Maverick 1.4.21 - Dec 9, 2009
Bug Fixes
o EventServiceImplementation made thread safe.
o Standalone hmac-sha96 implementation broken.
--------------------------------
J2SSH Maverick 1.4.20 - Nov 16, 2009
Bug Fixes
o SftpFileAttributes.getMaskString fails with NullPointerException when no
permissions value is returned by the server.
o Incorrect operator usage in standalone cryptography provider implementation of
Diffie Hellman key exchange could generate and use algorithm values that do not
conform to key exchange specification.
--------------------------------
J2SSH Maverick 1.4.19 - Nov 6, 2009
Bug Fixes
o Fixed copyLocalDirectory, copyRemoteDirectory behaviour to copy contents
of folder into specified directory rather than placing new directory with
contents into specified directory.
o 3des CTR mode incorrectly reported itself as CBC mode
o SFTP read fails after one block of data when server incorrectly reports a file
as having zero length in a stat request.
--------------------------------
J2SSH Maverick 1.4.18 - Aug 6, 2009
Bug Fixes
o Fixed putFile, getFile behaviour in SftpClient.
o Added debug jar file for each version of release jar.
--------------------------------
J2SSH Maverick 1.4.17 - Jul 29, 2009
Features
o Added method to enable 'none' cipher in ComponentFactory.
o Added AES and 3DES CTR mode ciphers to JCE cryptography provider.
Bug Fixes
o ShellProcess hangs when SshClient disconnects before closing session channel.
o AES CTR ciphers incorrectly initialized in standalone cryptography provider
--------------------------------
J2SSH Maverick 1.4.16 - Jul 20, 2009
Bug Fixes
o SubsystemChannel limited to message 131070 bytes long causing fatal errors
with some servers.
o JCE provider DSA implementation reports incorrect bit length for public keys.
--------------------------------
J2SSH Maverick 1.4.15 - Jun 24, 2009
Bug Fixes
o Forwarding client passes display value as screen number causing display numbers > 0
not to work.
--------------------------------
J2SSH Maverick 1.4.14 - Jun 16, 2009
Bug Fixes
o ComponentFactory list method not synchronized causing ArrayIndexOutOfBounds
exception if algorithm order changed whilst method is invoked.
--------------------------------
J2SSH Maverick 1.4.13 - Jun 9, 2009
Bug Fixes
o Fixed SftpFileInputStream read() method, returned int masked with 0x000000FF
to return correct integer value. Problem can previously be seen when using
GZIPInputStream to uncompress file loaded with SFTPFileInputStream.
Features
o Added useful methods to SshPrivateKeyFileFactory and SshPublicKeyFileFactory
to create a file directly from key objects and convert between file formats.
--------------------------------
J2SSH Maverick 1.4.12 - May 28, 2009
Bug Fixes
o Fixed bug with setting current directory in ScpClient.
--------------------------------
J2SSH Maverick 1.4.11 - May 15, 2009
Bug Fixes
o Fixed NullPointerException in SftpSubsystemChannel closeFile and openFile.
--------------------------------
J2SSH Maverick 1.4.10 - May 8, 2009
Bug Fixes
o Fixed issue with custom default JCE provider not implementing secure random
algorithm. API now defaults back to system default.
--------------------------------
J2SSH Maverick 1.4.9 - May 4, 2009
Bug Fixes
o Fixed EOFException when extracting attributes from mySecureShell server.
--------------------------------
J2SSH Maverick 1.4.8 - Apr 17, 2009
Features
o Added new session init process object to Shell class that allows expect and input
operations on the session before the session sits at the prompt. This would
typically be used to enter additional authentication information when a shell
initializes.
o Added arcfour, arcfour128 and arcfour256 ciphers to JCE provider.
o Added new constructor to SftpClient for initialization from existing SshSession object.
Bug Fixes
o Removed System.out.println when no BannerDisplay is set.
o FileTransferProgress variable not passed into recursive put or putFile calls.
--------------------------------
J2SSH Maverick 1.4.7 - Feb 14, 2009
Bug Fixes
o KBIRequestHandler showPrompts method changed to return boolean value. Implementations
should return true to indicate prompts have been answered, or false to indicate that
the user has cancelled the authentication attempt.
o X509 public key implementation fails signature validation due to incorrect algorithm
name in public key blob.
o Adding algorithm implementations to context when not using per instance algorithm mode causes
multiple instances of same algorithm to be reported in key exchange. This causes long running
applications to degrade connection performance and eventually causes new connections to fail
with ArrayIndexOutOfBounds exception.
--------------------------------
J2SSH Maverick 1.4.6 - Jan 7, 2009
Bug Fixes
o Serv-U FTP server returns blank string for FXP_REALNAME on default directory causing
subsequent attributes request to fail with "Bad Message" error.
o Added tests for guessed key exchange first packet in some key exchange implementations.
--------------------------------
J2SSH Maverick 1.4.5 - Dec 12, 2008
Features
o System property maverick.knownHosts.enableReverseDNS added to allow user to
disable reverse DNS lookup in AbstractKnownHostsKeyVerification.
Bug Fixes
o HttpProxyTransport.connectViaProxy method causes stack overflow error.
o Corrected change made to SftpClient rename which fails with file exists status
when new path parameter is a directory. The previous change caused the method
to act differently than previous versions which allowed the file to be moved
from one directory to another.
o ScpClient.put throws NullPointerException when local path is absolute.
o ScpClient fails with unexpected termination exception after successful file transfer
o SSH v1 connections fail under JCE when BouncyCastle provider is not available on the
classpath. BC provider is now added automatically, to disable set
maverick.enableBCProvider=false.
o X509 not automatically supported when running JCE cryptography provider.
--------------------------------
J2SSH Maverick 1.4.4 - Oct 12, 2008
Bug Fixes
o Last error in buffered/threaded mode causes calling thread to receive multiple notifications of exception.
--------------------------------
J2SSH Maverick 1.4.3 - Aug 27, 2008
Bug Fixes
o Fixed logging ClassCastException when parameter not a string
--------------------------------
J2SSH Maverick 1.4.2 - Jul 29, 2008
Features
o AbstractComponentFactory: implemented createInstance so it is not abstract anymore
o AbstractComponentFactory: class is not abstract anymore
o AbstractComponentFactory: renamed to ComponentFactory
o ComponentManager: init() no longer overrides the createInstance() methods of each of the factories
o ComponentManager: added static setPerContextAlgorithmPreferences() and getPerContextAlgorithmPreferences methods.
o Ssh2Context: constructor no longer overrides createInstance when creating the compression factories.
o TransportProtocol: moved the if(!name.equals(COMPRESSION_NONE)) from the Ssh2Context constructor to the performKeyExchange(byte[]) method so that the condition is checked once instead of twice.
o Ssh2Context: now supports per instance algorithm preferences.
o Provided additional method to pass optional headers through to HTTP proxy.
Bug Fixes
o ScpClient get() and put() fails to process filenames with / correctly.
o HTTP proxy headers now maintain their case correctly.
o Server reporting version 2.99 will cause protocol version error.
--------------------------------
J2SSH Maverick 1.4.1 - Jul 09, 2008
Features
o ComponentManager: changed to catch SecurityException on call to System.getProperty().
o StandaloneComponentManager: Added aes128-ctr, aes192-ctr, aes256-ctr ciphers.
o DiffieHellmanGroup1Sha1 and DiffieHellmanGroup14Sha1: have been tweaked to improve performance.
o DiffieHellmanGroup14Sha1: Added now that there is better code safety to prevent seemingly random errors when JCE'S are used that do not support it.
o JCEComponentManager: now tests each of the keyexchange algorithms before adding them to the list of supported algorithms, if the jce does not support the algorithm or the keysize it will not be added.
o OpenSSHPublicKeyFile: this class is now public.
o ScpClient: now implements Client like the other services.
o SECSHPublicKeyFile: this class is now public.
o SshConnector: Changed addEventListener and removeEventListener methods to take a String threadPrefix parameter that allows listeners to be registered that will only listen to threads who's name starts with this string.
o SshMessageRouter: If the thread that creates the message pump thread has a "prefix-" the message pump thread name is now prefixed with the this prefix, to allow per Ssh connection instance logging.
o SftpSubsystemChannel: removed unused "longname" variable from the extractFiles(SftpMessage, String) method
o SftpSubsystemChannel: new constructor that allows the maximum sftp version to use to be specified SftpSubsystemChannel(SshSession session, int Max_Version)
o SftpSubsystemChannel: can now set the maximum sftp version to use on a per instance basis using the instance method setThisMaxSftpVersion(int MAX_VERSION)
o SftpClient: new constructor that allows the maximum sftp version to use to be specified SftpClient(SshClient ssh, int Max_Version)
o Ssh2Channel: now has a sendExtendedChannelData() method that allows non protocol messages to be sent over a channel.
o changed ForwardingClient, AbstractKnownHostsKeyVerification, ScpClient, SftpClient, ComponentManager to catch SecurityException on calls to System.getProperty and to use "" instead of the expected value.
Bug Fixes
o ComponentManager: removed duplicated cipher and public key factory instantiations.
o Jars: Fixed problem with manifests that prevented them from being verified once signed using "jarsigner".
o J2SSHEventCodes: fixed conflicting event ids.
o IOStreamConnector: now uses the new event logging system
o SelectorThread: fixed closeAllChannels() so that it cleans up properly
o SftpFile: removed rename() method as it is not compatible with our sshd, as the sshd will have a file handle open and the rename message uses path not handle. (rename method fixed as it didn't work, then commented out).
o SftpClient: mkdir(String dir) now throws exception if a file with the name "dir" already exists, previously it would be overwritten.
o SftpClient: matchRemoteFiles now resolves paths correctly when no regular expression matching is used.
o SftpSubsystem: fixed file handle leak in onSubsystemFree().
--------------------------------
J2SSH Maverick 1.4.0 - May 08, 2008
Features
o Logging: All logging has been changed to use an event model. Important events have their own event codes, less important events are wrapped using EventLog and use the "log event" code or the "debug" event code.
o Logging: org.apache.log4j.BasicConfigurator.configure(); should still be used to configure log4j, but it is now only used in the LoggingListener an example implementation is provided "J2SSHLoggingListener". The LoggingListener used should be set using SshConnector.addEventListener(new J2SSHLoggingListener());.
o SshConnector: Added addEventListener and removeEventListener methods for use with the new logging event model.
o AbstractComponentFactory: Recoded so that algorithm lists can be fully ordered, there is now a new changePositionofAlgorithm method which facilitates this.
o AES192CBC and AES256CBC ciphers added.
o ComponentManager: Recoded so that ciphers and MACs can have independent preferences for Server->Client and Client->Server communications.
o ComponentManager: now tries JCE first if the "com.maverick.ssh.components.ComponentManager.tryStandaloneCryptographyBeforeJCE" system property is set to false otherwise Standalone is tried first, this allows the choice to use JCE or Standalone cryptography to be made programatically instead of by changing the classpath or creating a class loader.
o DiffieHellmanGroup14Sha1: Removed until better code safety is added in version 1.4.1 to prevent seemingly random errors when JCE'S are used that do not support it.
o SftpClient, SshClient, Ssh2Client, Shell, ForwardingClient, now implement a new Client interface giving them all an exit() method with the same name.
o Ssh1Client: Added exit method.
o Added more logging to various classes.
Bug Fixes
o ForwardingClient: Wrapped com.sshtools.net.ForwardingClient.addListener(ForwardingClientListener listener) in an if(listener!=null) {..} block.
o ShellEnvironment: moved session.close(); statements so that it does not close already closed sessions.
o ShellEnvironment: fixed so that when it detects 'cygwin' SSHD servers running on windows boxes it sets osDescription, previously only set osType.
o Ssh2RsaPublicKey: Fixed com.maverick.ssh.components.standalone.Ssh2RsaPublicKey equals method so that it is compatible with jce.Ssh2RsaPublicKey.
o Ssh2Client: Removed an unused password variable in Ssh2Client.
o ByteArrayReader: fixed com.maverick.util.ByteArrayReader.readShort(byte[], int), it was treating the byte[] as having the 0 index byte as the least significant instead of the most significant byte.
o IOStreamConnector: com.maverick.util.IOStreamConnector.close() now sets the connectors state to closed even if it has not been started.
o SftpClient: com.sshtools.sftp.SftpClient.rename() now doesn't attempt to rename to an existing filename.
o AbstractComponentFactory: made AbstractComponentFactory's add,remove,clear methods synchronised.
o SshMessageRouter: com.maverick.ssh.message.SshMessageRouter.start() now only starts the messagepump if it has not already been started.
o Fixed the word occurred which was misspelt as occured.
o When the server required no authentication and therefore had no authentication methods, the message pump on buffered sessions was not started if authenticate() was not called.
o fixed an scp absolute path problem
o updated obfuscation software to fix preverification errors
--------------------------------
J2SSH Maverick 1.3.10 - Nov 14, 2007
Features
o Added getHost() method to AuthenticationProtocol which returns the host the underlying transport protocol has connected to
o Added sendMessage() method to AuthenticationProtocol which sends a transport message.
o Added getProvider() method to TransportProtocol which returns the underlying SshTransport
o Added com.maverick.ssh2.TransportProtocol.getContext() method that returns the current SshContext.
o Added com.maverick.ssh2.GSSCallback class.
o Prepended "MessagePump" onto message pump thread name.
o Refactored build file.
o Added more debug information for when SshConnector fails to initialize Ssh2.
o Cleaned ComponentManager.init so that it does not initialize components twice
o Added getKeyExchange() method that returns the SshKeyExchangeClient in use to TransportProtocol
o Added getKeyExchange() method that returns the SshKeyExchangeClient in use to AuthenticationProtocol
o Added getKeyExchangeInstanceInUse() method that returns the SshKeyExchangeClient in use to Ssh2Client
o Made AuthenticationResult public
o Added listFiles() method to SftpClient as File.listFiles is not 1.1 compatible
o Added getIgnoreHostKeyifEmpty() and setIgnoreHostKeyifEmpty() methods to TransportProtocol,
when the ignoreHostKeyifEmpty is set to true performKeyExchange does not do any HostKeyVerification.
o Added Arrayequals method to transport protocol from Java 1.2 to make keep 1.1. compatibility
Bug Fixes
o Fixed com.maverick.util.IOStreamConnector.setBufferSize() so that an IllegalArgumentException is thrown for invalid sizes rather than valid sizes
o Fixed synchronization issue in com.maverick.ssh.components.ComponentManager.getInstance() so that
if first call to getInstance is made simultaneously by 2 threads it is only initialized once by making the second thread wait till the first has initialized it.
o Fixed bug in com.maverick.ssh2.Ssh2Channel.processChannelMessage(SshChannelMessage) where
SSH_MSG_CHANNEL_CLOSE messages were being consumed once processed rather than passing back up the call chain.
o Fixed some 1.1 compatibility problems.
--------------------------------
J2SSH Maverick 1.3.9 - Sep 19, 2007
Features
Bug Fixes
o Openssh public keys now don't require comments.
o Bug fix in SftpSubSystemChannel.performOptimizedRead relating to files that are not multiples of 32kb.
o Synchronization issue fixed in com.maverick.ssh2.Ssh2Channel.processChannelMessage(SshChannelMessage),
so that it no longer attempts to close a channel twice.
--------------------------------
J2SSH Maverick 1.3.8 - Sep 3, 2007
Features
o Option added to Shell implementation to pre-configure the remote operating system type to prevent auto-detection.
o Added hassize(), hasuid(), hasgid() methods to com.maverick.sftp.SftpFileAttributes
Bug Fixes
o Removed unused private transferFile() method from SftpClient
o Perl5RegExpMatching always threw ClassCastException
o Changed com.maverick.ssh.components.AbstractComponentFactory.createDelimitedList(String preferred, Enumeration names)
so that if the preferred component is not contained within the enumeration, it is not prepended to the list.
o Made Shell.setPromptTimeoutPeriod synchronized
o Various low level code optimizations
o Various code safety improvements.
o ShellEnvironment fixed so that it detects 'cygwin' SSHD servers running on windows boxes
o SftpSubsystemChannel.performOptimizedRead optimized for files smaller than the block size.
o Tweaked order of code in SftpClient.get() so that local files are processed before remote files, this reduces server load,
in cases where either exceptions are thrown or the api is used badly.
o ScpClient where relative paths were processed incorrectly
o com.maverick.ssh.CommandExecutor is now deprecated, the shell class should be used instead.
o ScpClient.putFiles fixes.
--------------------------------
J2SSH Maverick 1.3.7 - Jul 5, 2007
Features
o Added the ability to handle custom file system root formats such as "flash:"
Bug Fixes
o Removed all printStackTrace() calls.
o ScpClient.put() now throws an exception when no local file exists/matches the regular expression.
o Shell.exit() now closes the session even if the exit command hangs
--------------------------------
J2SSH Maverick 1.3.6 - Jun 19, 2007
Bug Fixes
o java.lang.ArrayIndexOutOfBoundsException in com.sshtools.scp.ScpClient.put
--------------------------------
J2SSH Maverick 1.3.5 - Jun 18, 2007
Features
o The Ssh2Client now authenticates using KBI when password authentication is not available.
o The SftpClient now has "getFiles" and "putFiles" methods that allow the use of regular expressions to copy multiple files.
o The resume features should not be used simultaneously with the a regular expression that matches more than one file.
o The ScpClient 'put' methods now allow the use of regular expressions to copy multiple files.
o The resume features should not be used simultaneously with the a regular expression that matches more than one file.
Bug Fixes
o Workaround for servers that do not conform to returning the number of bytes requested for SFTP read requests.
o Workaround for RSA JCE that does not return valid mac length prior to initialisation.
o CR in SSH identification string causes Invalid Checksum error when connecting to older
SSH1 servers.
--------------------------------
J2SSH Maverick 1.3.4 - May 2, 2007
Bug Fixes
o Standalone provider Dsa module outputs debug information to System.out
o PuTTY private key support broken due to missing dependency.
--------------------------------
J2SSH Maverick 1.3.3 - Mar 27, 2007
Bug Fixes
o Option to turn off pseudo terminal allocation in Shell class. This was required for
correct identification of VShell servers.
o SftpFileInputStream uses SSH_FXP_FSTAT message for open files. Whilst this is not a
problem for most SFTP servers the FreeFTPD server, for unknown reasons does not support
this operation so prevents access using the API when attempting to use InputStream based
code against this server implementation. Changed SftpFileInputStream to use SSH_FXP_STAT
message to prevent this error.
o SftpClient fails to release file handle for text mode files.
o SftpFile processes both \ and / as file separators causing problems with filenames that
contain \ as a valid character.
--------------------------------
J2SSH Maverick 1.3.2 - Feb 20, 2007
Bug Fixes
o Scp file transfers fail with IndexOutOfBounds exception if small buffer size is used.
--------------------------------
J2SSH Maverick 1.3.1 - Feb 12, 2007
Features
o Option to disable key re-exchange.
Bug Fixes
o SftpClient put to hidden files on Windows port of OpenSSH does not truncate file.
--------------------------------
J2SSH Maverick 1.3.0 - Jan 31, 2007
Features
o API can now be used exclusively with the Java Runtime JCE provider, or alternatively
the internal provider. Simply select the maverick-jce-only.jar file if you want to use
the JCE exclusively, or maverick-standalone-only.jar if you want to use the internal
provider. The maverick-all.jar contains all implementations and will default to the
internal provider.
--------------------------------
J2SSH Maverick 1.2.12 - Nov 12, 2006
Features
o Additional method added to SshConnector to allow SSH identification software/version/comments field
to be replaced by a custom value.
Bug Fixes
o SSH identification string from OpenSSH server with trailing space character ' ' causes
Invalid Host Key Signature exception.
o Shell exit method fails to close session channel if exit command fails.
o Public key authentication fails when using JCE versions of public key objects.
o Server failing to respond to MSG_SSH_CHANNEL_CLOSE causes API to lockup.
o Inconsistent SshException reason code returned when remote side terminates connection.
--------------------------------
J2SSH Maverick 1.2.11 - Sep 18, 2006
Features
o hmac-md5-96 and hmac-sha1-96 Message Authentication Code algorithms added
o Support for x509v3-sign-rsa and x509v3-sign-rsa-sha1 certificates
o Added methods to SshConnector to return current product version and release date.
o Added diffie-hellman-group14-sha1 key exchange as per SSH Transport Protocol specification. This
implementation exists in both the internal crypto provider and JCE formats although it should be
noted that the default SUN reference JCE provider does not support 2048 bit primes required by
this key exchange method. The BouncyCastle JCE provider (www.bouncycastle.org) does and has been
used to test this algorithm works with JCE enabled.
o Support for SSH1 challenge response authentication added.
Bug Fixes
o API now passes all SSHredder vulnerability checks (http://www.rapid7.com/info/sshredder.html)
o Added partial message timeout setting to Ssh2Context in response to a number of vulnerabilties
identified by SSHredder. This timeout only applies once a message is received, and determines how
long the remote server has to send the remaining bytes of the message before a timeout exception is
thrown. This prevents the client locking up when the server does not send all of the data it declared
in the message header.
o Shell class hangs on createSession due to prompt command being sent too quickly.
o Timeout setting added to Shell class so that it does not get stuck waiting for a prompt that never arrives.
o Initialization period setting added to Shell class to allow the shell to initialize correctly over a configurable period.
o FileTransferProgress reports total transfer length of 0 for ASCII file transfers.
--------------------------------
J2SSH Maverick 1.2.10 - Jul 22, 2006
Bug Fixes
o Shell class hangs when connecting to FreeSSHD Windows server. Whilst the actual problem seems to be a bug in
the server implementation several workarounds have been added to the Shell class (see javadocs for further info).
--------------------------------
J2SSH Maverick 1.2.9 - Jun 8, 2006
Bug Fixes
o SCP time command is now ignored rather than throwing an exception to allow files to still be received
from servers sending a time command.
o UTF-8 license encoding now supported.
--------------------------------
J2SSH Maverick 1.2.8 - May 3, 2006
Bug Fixes
o SftpFile getParent fix from 1.2.7 causes "No such file" error with filesystem root /
o Exceptions caught by a subsystem was not being propagated correctly resulting in bad error messages.
--------------------------------
J2SSH Maverick 1.2.7 - Mar 17, 2006
Features
o FileTransferProgress interface can now be passed into the ScpClient methods to enable a transfer to be
tracked or cancelled.
o Support for socket timeouts. Setting a timeout on the socket will now result in a non-fatal exception with
a reason code of SOCKET_TIMEOUT.
o Simple CommandExecutor class added to allow multiple commands to be executed with a session. (Requires knowledge
of prompt format)
o Additional executeCommand method added to SshSession interface to allow charset to be defined for the command.
Bug Fixes
o Shell class fails when remote environment cannot be determined, this has been changed to allow default behaviour.
o SftpInputStream read() method always returns 1
o SftpFile getParent method could return itself as the parent if path ends with /
o AbstractKnownHostsKeyVerification fails to consult temporary keys before permanent keys causing host verification errors
o Forwarding client could return tunnels that no longer exist.
--------------------------------
J2SSH Maverick 1.2.6 - Oct 13, 2005
Bug Fixes
o Directory operation methods would always report new file as an update file.
o Directory operation remote copy always fetched unchanged files causing corruption of progress tracking.
o Transport protocol failed to set maximum packet size to value configured in SshContext.
o In some circumstances the ByteArrayReader could return an incorrect value for unsigned int causing very
rare miscellaneous errors.
--------------------------------
J2SSH Maverick 1.2.5 - Aug 3, 2005
Bug Fixes
o UnsignedInteger32 could throw NumberFormatException even though value passed was a valid 32 bit unsigned integer.
o SSH key fingerprint uses incorrect hash algorithm
o Transport protocol fails with large number of padding bytes
o Incompatibility issues with FOXIT WAC server fixed.
o SftpInputStream returns corrupted data.
--------------------------------
J2SSH Maverick 1.2.4 - Jun 1, 2005
Features
o Methods in Ssh2Client to obtain the negotiated ciphers, macs, keyexchange, host key and compression algorithms.
o copyLocalDirectory and copyRemoteDirectory now provide a list of failed transfers in the DirectoryOperation result.
o Option to kill active tunnels added to ForwardingClient cancelRemoteForwarding and stopLocalForwarding methods.
Bug Fixes
o SftpInputStream and SftpOutputStream now perform optimized transfers providing similar performance to the
SftpClient's get and put methods.
o stopLocalForwarding & cancelRemoteForwarding methods throw NPE when attempt is made to stop an invalid
forwarding configuration
o The maximum supported transport protocol packet was 35,000 bytes, this caused problems with Globalscape server which
sends packets larger than the recommended size. The API will now adapt to such errors by increasing the maximum packet
size when required. The limit forcing a protocol exception can now be set in the Ssh2Context setMaximumPacketLength
method which defaults to 131072 bytes.
o ANT task removed from distribution, use the free ANT download if required.
o SshKeyPairGenerator class algorithm naming inconsistency removed.
o AbstractKnownHostsKeyVerification and public key factories throw OutOfMemoryError when parsing a corrupted file.
--------------------------------
J2SSH Maverick 1.2.3 - Apr 6, 2005
Features
o SftpClient now attempts to locate the sftp-server binary for *unix SSH1 connections wanting to use SFTP.
o InvalidPassphaseException added to help identify incorrect passphrase entry on private key files.
o Shell class provides capture of individual command output from the users shell.
o ShellEnvironment class provides information about the remote operating system and shell environment.
o ShellProcess provides expect type functionality for enhanced shell automation.
Bug Fixes
o SftpClient rename method now attempts to find destination file and throw a more descriptive error.
o copyRemoteDirectory fails to delete local file in synchronization mode.
o HTTPProxyTransport fails with IndexOutOfBoundsException when realm not present in Proxy-Authenticate header.
o Inbound compression error causes protocol violation.
o AbstractKnownHostsKeyVerification saves temporary keys to known_hosts file.
o Transport protocol fails to encrypt zero length array using JCE cipher.
--------------------------------
J2SSH Maverick 1.2.2 - Feb 7, 2005
Bug Fixes
o SftpClient.get method fails with "invalid resume state" exception when attempting to download
a zero length file
--------------------------------
J2SSH Maverick 1.2.1 - Jan 11, 2005
Features
o Channel option to automatically consume input data when using event based channels
Bug Fixes
o Rare race condition causes deadlock of connection
o SSH1 public key authentication fails with working private key
o Data events do not fire correctly in buffered mode
--------------------------------
J2SSH Maverick 1.2.0 - Jan 2, 2005
Features
o Support for SFTP protocol version 4
o SftpClient can now operate in text mode to support changing of EOL between systems
o Option to buffer the connection with a single background thread
o SftpClient now supports servers that incorrectly return windows style paths as absolute filenames
o Refactored message routing
o Utility class added to help encode pseudo terminal modes
Bug Fixes
o Adding a message to the SshMessageStore was not synchronized
o Remote forwarding channels although closed are not being removed from the ForwardingClient
o ChannelInputStream fails to return EOF after channel close operation.
--------------------------------
J2SSH Maverick 1.1.8 - Nov 29, 2004
Features
o Added openRemoteClient method to SshClient interface. This method creates an SSH client on the
remote computer and connects to a further SSH server and is useful for situations where you cannot
get direct access to a server because it is behind a firewall.
o JCE support added to SSH2 - You can now optionally use an external JCE provider for the following
algorithms Blowfish, DESede, MD5, SHA1, SHA1withRSA, SHA1withDSA, RSA, DSA and DH (Diffie Hellman).
Bug Fixes
o diffie-hellman-group-exchange key exchange fails with old servers - method now uses backwards
compatibile version of the specification
o Cancel remote forwarding request fails to reach server
--------------------------------
J2SSH Maverick 1.1.7 - Oct 29, 2004
Bug Fixes
o com.sshtools package source code missing from the enterprise distribution
--------------------------------
J2SSH Maverick 1.1.6 - Oct 20, 2004
Bug Fixes
o SCP implementation fails with IOS router because it does not send EOF message
o diffie-hellman-group-exchange-sha1 key exchange fails if debug or ignore messages are received
during the initial exchange of messages
--------------------------------
J2SSH Maverick 1.1.5 - Oct 14, 2004
Features
o ForwardingClientListener is now notified when a tunnel fails to open
o getPort method added to SshTransport
Bug Fixes
o Generated SSH1 RSA keys sometimes failed when re-loaded
o Forwarding listeners would continue to operate even when the connection has been disconnected
o BufferedSession caused possible deadlock when multiple threads attempted to close the channel
--------------------------------
J2SSH Maverick 1.1.4 - Sep 22, 2004
Features
o ChannelEventListener now receives extended data event
o SFTP put/get methods now have option to resume an interrupted download
Bug Fixes
o Duplication of SSH1 connections would fail if connection had been disconnected.
o RSA key signature fails when key is loaded from file
--------------------------------
J2SSH Maverick 1.1.3 - Aug 25, 2004
Features
o Secure Shell Public-Key Subsystem (Version 1)
o diffie-hellman-group-exchange-sha1 key exchange
o Rekeying recommendations from `SSH Transport Layer Encryption Modes` Internet Draft implemented
o Stateful decryption counter (SDCTR) mode ciphers for AES
o SshIO interface introduced as base interface for all SSH communication
o Packet class introduced to provide more efficent use of memory resources in Subsystem Class
Bug Fixes
o "Invalid message type 36 received" Exception caused by SSH1 server sending a debug message
as the client was waiting for SSH_SMSG_SUCCESS.
--------------------------------
J2SSH Maverick 1.1.2 - Jul 26, 2004
Bug Fixes
o Reading of SSH_FXP_STATUS exception caused exception in server versions <= 2
o AbstractKnownHostsKeyVerification failed to recognise IP address only entries.
o PuTTY private key format throws OutOfMemoryError with invlaid passphrase
o AbstractKnownHostsKeyVerification failed to throw an exception is host file could not
be saved.
--------------------------------
J2SSH Maverick 1.1.1 - Jun 3, 2004
Features
o Added supportsPassphraseChange and getType methods to SshPrivateKeyFile interface
o Reading of PuTTY private keys is now supported (PuTTY-User-Key-File-1 and PuTTY-User-Key-File-2 formats)
o Reading of SSH Communications Security private keys is now supported.
o cdup method added to SftpClient for changing the working directory to the parent directory
o getFile method added to SftpSubsystemChannel for creating instances of SftpFile
o getParent method added to SftpFile to return an SftpFile instance of the parent file
--------------------------------
J2SSH Maverick 1.1.0 - Apr 30, 2004
IMPORTANT NOTICE: This version of J2SSH Maverick may not be compatible with source code developed using
previous versions.
Features
o Refactored exception handling introduces SshException to replace generic IOException usage
o Support for hostbased authentication
Bug Fixes
o Incorrect permissions set when using umask on files
--------------------------------
J2SSH Maverick 1.0.9 - Apr 20, 2004
Bug Fixes
o X Forwarding problem failed to open channel
--------------------------------
J2SSH Maverick 1.0.8 - Apr 8, 2004
Bug Fixes
o Additional chmod operation removed from SftpClient put method
o Improved exception handling
o Closing channel OutputStream causes termination of connection
--------------------------------
J2SSH Maverick 1.0.7 - Mar 29, 2004
Features
o X forwarding is now supported
o Further enhancements to SFTP exception handling
o SFTP provider fallback option for SSH2 connections.
--------------------------------
J2SSH Maverick 1.0.6 - Mar 8, 2004
Features
o Added setting to configure SFTP filename charset encoding.
o HTTP, SOCKS 4 and SOCKS 5 proxy SshTransport implementations added.
--------------------------------
J2SSH Maverick 1.0.5 - Mar 2, 2004
Features
o Additional ciphers AES, Twofish and CAST have been added and may optionally be used for SSH2 connections.
o ChannelEventListener now supports dataRecieved, dataSent events.
o SSH1 PublicKeyAuthentication now supports testing of public key for authentication suitability
o API random number generator modified to improve overall entropy of randomness.
o SFTP support for SSH1 connections
Bug Fixes:
o Remote disconnection caused OutOfMemoryError.
o Message router fails to release block after receiving message which causes the connection to lockup.
o FileTransferProgress failed with SftpClient directory operations.
o SftpClient directory operations failed to synchronize.
--------------------------------
J2SSH Maverick 1.0.4 - Feb 7, 2004
Bug Fixes:
o Reduced maximum packet size which was causing problems with some servers.
o SFTP optimization block size could not be set at 4096 or below.
--------------------------------
J2SSH Maverick 1.0.3 - Feb 2, 2004
Features
o Additional methods in SftpSubsystemChannel to 'performOptimizedWrite' and 'performOptimizedRead'
o Optimized SftpClient 'put' and 'get' methods.
o SubsystemChannel moved to 'com.maverick.ssh' package and refactored to enable operation over both SSH1 and SSH2.
o SftpClient now operates over SSH1 by executing the subsystem directly. Use Ssh1Context's 'setSFTPProvider' to change the default binary location of '/usr/sbin/sftp-server'
o SSHTools Licensing system has been integrated with the product.
--------------------------------
J2SSH Maverick 1.0.1 - Jan 10, 2004
Bug Fixes:
o SSH2 Transport could fail cipher negotiation, even if a valid cipher exists.
--------------------------------
J2SSH Maverick 1.0.0 - Jan 9, 2004
Features:
o Public/Private key file generation
o DES cipher for SSH1
o ZLIB Compression for SSH2
--------------------------------