SSHD Maverick 1.7.60 - Sept 26, 2024

Bug Fixes
o Regression caused by last releases Connection object changes means calling Connetion.disconnect would not disconnect the connection.
o isPassphraseProtected returns false for v3 PuTTY Private Key files.
o Added configurable bounded queue for outgoing channel data limits as its possible for data to build up over time when a low window space client is connected and data is being generated faster than the client can handle. Queue is currently controlled by the system property maverick.dataQueueSize if set. The default is to use an unbounded queue but a value can be set to mitigate OOM, we are currently suggesting 100 however, a reasonable default will be set in a future next version after we have gathered data from customers and further testing.


--------------------------------

SSHD Maverick 1.7.59 - 24 May, 2024

Bug Fixes
o SFTP tasks now marked with requires response flag to indicate if they need to be dropped if they are still queued when the connection has been disconnected.
o Additional check in Channel isOpen to return false if the transport is disconnected.
o Connection object has a private field to indicate if the connection is closed, but it never gets updated. This has now been removed and the transports disconnection status used.
o When disconnected discard messages from the queue that require a response to be sent to the client i.e. read file, read directory, real path etc.
o Authentication protocol requests are now threaded onto Transport executor service. This can be disabled with -Dmaverick.disableThreadedAuth=true

* This release requires the use of maverick-common 1.4.30 dependency

--------------------------------

SSHD Maverick 1.7.58 - 1 Apr, 2024

Features
o Added support for generating a user/host certificate by passing just the public key.

Bug Fixes
o Fix to strict kex mode to set complete flag when SSH_MSG_NEWKEYS is received, not sent and received.
o SshContext constructor incorrectly defaults send and receive socket buffers to 64K.
o Refactored out unused boolean return value from SshMessage.writeMessageIntoBuffer method to avoid confusion since all implementations return true.
o Fixed issue with some modern licenses failing to validate.
o Pass cause exception when generating an error from SshContext constructor.
o Clear transport outgoing queues of messages when the socket is closed to help avoid OOM.

* This release requires the use of maverick-common 1.4.29 dependency

--------------------------------

SSHD Maverick 1.7.57 - 12 Feb, 2024

Features
o Support for Jadaptive "Modern" license keys for multi-year support.
o Cache pattern matched configuration values in AdaptiveConfiguration.
o New SshContext setting to prevent a client from attempting to open multiple handles to the same directory if it already has a handle open to the same directory.

Bug Fixes
o Fixes to Terrapin strict kex protocol changes to avoid over-eager disconnect when out-of-band messages are received and strict kex is not enabled.

* This release requires the use of maverick-common 1.4.28 dependency

--------------------------------

SSHD Maverick 1.7.56 - 18 Dec, 2023

IMPORTANT SECURITY UPDATE

This release includes a fix for the Terrapin Attack vulnerability https://terrapin-attack.com described in CVE-2023-48795. This fix implements "Strict Transport" mode patch created by OpenSSH.

Bug Fixes
o Fixed NPE in Channel canClose when called whilst a channel is opening.
o Improved logging of SecureRandom initialization to make it more obvious that startup delay is caused by seeding of the PNRG.

* This release requires the use of maverick-common 1.4.27 dependency

--------------------------------

SSHD Maverick 1.7.55 - 21 Nov, 2023

IMPORTANT SECURITY UPDATE

Security Fix
o Validate outgoing signature to prevent against Passive SSH Key Compromise vulnerability.

--------------------------------

SSHD Maverick 1.7.54 - 14 Nov, 2023

Features
o Support for zlib@openssh.com compression added.

Bug Fixes
o AdaptiveConfiguration createAlgorithmList does not honour ignored preferences.
o Add ssh-rsa and ssh-rsa-cert-v01@openssh.com to ignore list if SHA1 signatures have been disabled.

--------------------------------

SSHD Maverick 1.7.53 - 18 Sept, 2023

Bug Fixes
o Sshtools private key file implementation is broken.
o Support for rsa-sha2-256 and rsa-sha2-512 signing in OpenSSH RSA certificates i.e. rsa-sha2-256-cert-v01@openssh.com and rsa-sha2-512-cert-v01@openssh.com
o Bumped dependent BouncyCastle version to 1.76
o Diffie hellman initialisation does not use maximum bit length available for private key.

--------------------------------

SSHD Maverick 1.7.52 - Jun 8, 2023

Bug Fixes
o Race condition causes data truncation in SocketForwardingChannel.

--------------------------------

SSHD Maverick 1.7.51 - Apr 10, 2023

Bug Fixes
o SFTP v4 file type is accessible to all versions and not correctly set when using v3 of the protocol.
o Added system property to allow runtime reversal of SCP file type change for a specific use case. Use -Dmaverick.revertSCPFileType=true to active, there is no change in behaviour without this system property.


--------------------------------

SSHD Maverick 1.7.50 - Mar 1, 2023

Features
o Load balancer policy now has an IPPolicy object for controlling IP white and black lists when using service behind a load balancer with proxy protocol support.
o Introduced PublicKeyAuthenticationVerifier for vendors that want to implement their own verification of public key authentication requests.
o Introduced UsernamePolicy for vendors that need to process the username before it is placed on the connection, for example, vendor may want to modify the username.
o Added option to disable RSA SHA1 signatures in public key authentication.

Bug Fixes
o Bumped use of maverick-slf4j to 2.0.8 to fix issue with INFO level reporting as ERROR.
o Public key order does not use security level for ordering.

--------------------------------

SSHD Maverick 1.7.49 - Jan 10, 2023

Features
o Implemented draft "copy-data" extension that allows files to be combined remotely on the server using their open file handle (requires AbstractFileSystem and will not work on FileSystem).
o Implemented draft "check-file-name" and "check-file-handle" extensions for returning hash values for entire files, or parts of.

Bug Fixes
o Processing of OpenSSH certificate extensions causes authentication to fail when using certificates encoded by the API.

--------------------------------

SSHD Maverick 1.7.48 - Nov 16, 2022

Bug Fixes
o Behaviour of paramiko SFTP client causes server to read entire file into memory before being sent causing OOM when server memory is below the file size.
o Removal of non-blocking option from Subsystem and SFTP as it could lead to bad clients forcing OOM on server.
o Window space value in debug logs was not correct showing the current window space and not the window space value at the time the message was processed for sending.
o Capture read error during directory listing when target to symlink is missing and prevent failure of the listing.

* This release requires the use of maverick-common 1.4.21 dependency

--------------------------------

SSHD Maverick 1.7.47 - Sep 27, 2022

Bug Fixes
o Synchronize access to channel data queue when clearing messages on clean up.
o Trace output shows Provider toString instead of getName.

* This release requires the use of maverick-common 1.4.20 dependency

--------------------------------

SSHD Maverick 1.7.46 - Aug 29, 2022

Features
o Add -Dmaverick.debugSelector=true to debug socket selector at INFO without raising logging level to DEBUG

Bug Fixes
o Remove hard-coded dependency on BouncyCastle in PuttyPrivateKeyFile by loading the class using the class loader at runtime.
o MessagePolicy introduced in previous release is not set by default causing a NPE during connection, leading to possible OOM over time.

* This release requires the use of maverick-common 1.4.19 dependency

--------------------------------

SSHD Maverick 1.7.45 - July 21, 2022

Features
o New methods on Daemon class stopAcceptingConnections and startAcceptingConnections allows you to pause the acceptance of new connections to the server without having to shutdown.
o Added MessagePolicy object to SshContext to enable developers to change specific messages generated by the server. Currently supports only idle disconnect message.
o Default SFTP window space set to 16MB after framework tests to find an optimised value that do not require further tuning of TCPIP parameters.

Bug Fixes
o Closing of SFTP subsystem is not performed on same executor as processing of data causing issues with transfers on heavily loaded systems.
o Changed INFO to DEBUG level on ComponentFactory logging output.
o Incorrect use of bitwise operators causes removal of permission to be enable when called multiple times.

* This release requires the use of maverick-common 1.4.18 dependency

--------------------------------

SSHD Maverick 1.7.44 - Jun 2, 2022

Features
o Support for PuTTY Version 3 Private Key format (requires Bouncycastle dependency for Argon key derivation support)*
o Support for ed448 public and private keys*

Bug Fixes
o Further work on previous issue where subsystem negative message length can cause high CPU usage with certain error conditions.

* This release requires the use of maverick-common 1.4.17 dependency

--------------------------------

SSHD Maverick 1.7.43 - Apr 29, 2022

Features
o Added DisplayAwareKeyboardInteractiveProvider for returning custom display name for display in client. This now suppresses the unwanted display of the text "password" in password over keyboard-interactive authentication.

Bug Fixes
o Connection bytes in/out use slightly differing calculations resulting in out of sync values when compared to client values. The calculation has been made to calculate the sum of the payload lengths of all SSH transport packets, excluding headers, padding and message verification bytes.
o Subsystem negative message length can cause high CPU usage with certain error conditions.
o Missing AES-256-CBC encryption support in PEM key files.

--------------------------------

SSHD Maverick 1.7.42 - Mar 14, 2022

Bug Fixes
o Custom forwarding channel evaluates window space too early allowing unsent data to build up.
o Added security options for PROXY protocol which are restrictive by default to ensure a user cannot spoof their IP address.
o Adjust ed25519 seed extraction to fix issues where JCE encodes both private and public key in same blob.

--------------------------------

SSHD Maverick 1.7.41 - Jan 30, 2022

Features
o Proxy protocol v1 is now supported for IP resolution through load balancers. Remote address on Connection object is replaced with unresolved InetAddress containing the IP and port of the source connection.
o Added additional enableBouncyCastle method that accepts Provider instance and BC_FLAVOR enum type for BC configuration.
o Converted all System property usage to AdaptiveConfiguration which allows any "maverick.xxx" configuration value that could only previously have been set via System properties to be configured via the AdaptiveConfiguration object.
o Option to disable channel data message logging with -Dmaverick.disableChannelDataLogs=true.

Bug Fixes
o Protection against FileSystem readDirectory returning no results instead of throwing EOFException.
o EVENT_FAILED_TO_NEGOTIATE_TRANSPORT_COMPONENT does not have complete list of algorithms from each side.
o EVENT_KEY_EXCHANGE_INIT does not fire in case of failed negotiation.
o Removed hard dependency on BouncyCastle JCE for ed25519 keys. This now supports any JCE provider that supports ed25519 algorithm.

Changes have been made to the build process in this update that required changes to the output assembly. Whilst
we have tried to maintain the same output some changes may be noticed and jar file names changed.

All versions of Log4j have been removed from our dependencies. We continue to support SLF4J provider and recommend customers use the appropriate
patched versions of Log4J if they continue to use it in their own applications.

* This release requires the use of maverick-common 1.4.14 dependency

--------------------------------

SSHD Maverick 1.7.40 - Oct 19, 2021

Bug Fixes
o ed25519 key cannot be loaded with BouncyCastle 1.69 or greater.
o Added debug logging in DH algorithm crypto initialization for better clarity on configuration and its attempts to load from JCE providers.
o SSH.com key fails to parse due to check length operation on array constructed from the declaration of length; however, an additional byte to protect the MPINT from being negative was added to the length. Causing the final check length operation to fail.
o Check for maximum connections for a user in AuthenticationProtocol allows one more connection than is configured.
o Updated all maven repository use of http://artifactory.javassh.com to https://artifactory.jadaptive.com
o Maximum window space parameter in SessionChannel constructor not passed to super constructor.

* This release requires the use of maverick-common 1.4.13 dependency

--------------------------------

SSHD Maverick 1.7.39 - Aug 3, 2021

Bug Fixes
o Remote window changed to an atomic integer to avoid excessive synchronization.
o Added task queue to channel to make better use of multiple threads.
o AdaptiveConfiguration use of String.format potentially causes OOM with incorrect input.

--------------------------------

SSHD Maverick 1.7.36 - Mar 11, 2021

Features
o SCP preserve attribute flag now additionally supports time attributes.

Bug Fixes
o SFTP clean-up can execute prematurely before the SFTP subsystem has processed all its messages (typically only seen under load).
o Ensure paths are only calculated once for each instance of VirtualMappedFile.
o Moved path translation logs to trace as they generated a lot of log spam.
o Generate a suitable error if FileSystem readDirectory generates too many results to fit into a single SFTP packet.
o sendEOF for forwarding socket should be placed on the outgoing queue to avoid possible final data chunk truncation.

--------------------------------

SSHD Maverick 1.7.35 - Feb 3, 2021

IMPORTANT NOTICE
****************

Recent changes to algorithm configuration have made it difficult to maintain a global set of algorithm preferences when using both client and server APIs within the same JVM. Therefore with this release, the default has been changed to require per-context algorithm preferences and the setting has been deprecated.

Each context now will have its own set of preferences and requires configuration separately. The setting to switch between per-context and global preferences has been deprecated and whilst it can be changed back, we do not advise to do so. If you have any concerns about how this change will impact your configuration please contact us at support@jadaptive.com


Features
o Deprecated enableFIPSMode method on SshContext. The method and behavior are out-of-date. Use JCEProvider.initializeDefaultProvider("BCFIPS") passing a FIPS-approved JCE provider in approved mode to restrict algorithms to only those supported by the approved FIPS environment.
o Deprecated FileSystem interface as direct implementations will not be supported in our next major release. Use AbstractFileSystem and AbstractFile implementation for SFTP/SCP filesystem support.
o Optional SSL transport now supports the use of client certificates.
o Security level can now be passed to SshContext so each SshContext has its own level.
o Override algorithm preferences by SSH identifier or remote IP using System properties in the form "<identifier>.ciphers", "<identifier>.macs", "<identifier>.publickeys", "<identifier>.kex" and "<identifier>.compressions" where <identifier> is the hostname used to connect (passed to socket) or the SSH Identification String of the server e.g. "OpenSSH_8.1".
o AdaptiveConfiguration class for global or pattern matching configuration of ciphers, macs, public keys, key exchanges, and compressions.

Bug Fixes
o Incorrect logging format in maverick-slf4j provider.
o Fixed typo in Diffie-hellman key exchange debug statement.
o Fixed NPE in Maverick SLF4J logger when no logging.properties file is used and file logging is enabled via VM properties.
o Removed delay in ExecutorOperationSupport shutdown to avoid delay in the final event.
o Fixed issues with virtual mount resolution when no root file system mount is provided and improved resolution for embedded mounts within the existing file system.
o Fixed NPE in an early disconnect in SSL implementation.
o Fixed NPE in SftpFileAttributes getPermissionsString
o Made ByteArrayReader more resilient to length errors when processing messages.
o Removed duplicate call to toActualPath in VirtualMappedFile.
o Negative connection count logged in some DoS attempt scenarios.
o Ensure console logging in Maverick SLF4J provider is flushing output.
o Fix for SSL transport CPU spike when sslyze tool is used against it.

--------------------------------

SSHD Maverick 1.7.34 - Nov 2, 2020

Features
o Changed ed25519 implementation to BouncyCastle via JCE interfaces (this is dependent on BouncyCastle internals and is not currently compatible with other JCE ed255129 implementations).

Bug Fixes
o Subsystem can get out of sync with data stream causing infinite loop when the client sends an incorrect message length.
o Window adjust under load causes connection error if the channel has been closed.
o Socket forwarding close event can close channel prematurely before cached data has been sent.
o Passing SSH1 key with OpenSSH format incorrectly generates an SSH2 format key*
o Only use executor to post a message once the initial key exchange has been completed.

* This release requires the use of maverick-common 1.4.7 dependency

--------------------------------

SSHD Maverick 1.7.33 - Aug 27, 2020

Features
o Allow minimum remote packet size threshold to be set.
o Now supports ECDSA and ED25519 in PuTTY private keys.
o Now supports ED25519 in OpenSSH certificate files.
o Supports generation of OpenSSH certificate files.
o Connection now supports its own idle connection timeout setting allowing it to be changed on a per-connection basis.

Bug Fixes
o SftpFileAttributes setPermissions does not set version 3 level file type field correctly.
o Missing constant for curve25519-sha256 on SshContext.
o Fixed deadlock in SocketForwardingChannel and associated sub-classes close handling.
o Fixed failure to break out of transport write queue when queue size is exceeded.
o Increased transport protocol write queue threshold to 1000 messages.
o Fix for ByteBuffer not being returned to pool when allocated but the connection is closed due to an exception.
o Subsystem session is incorrectly closed after the executor has been shut down.
o Transport should not reset idle state for SSH_MSG_IGNORE packets received from remote as this prevents idle timeout from working correctly.


--------------------------------

SSHD Maverick 1.7.32 - July 12, 2020

Features
o Added getSubsystem method to SessionChannel for access to the Subsystem running in the session.

Bug Fixes
o DSA/RSA key generation is restricted to 1024 bits or higher*
o SCP directory download has incorrect permissions and cannot be opened on some platforms*
o SCP directory recursive download does not create a base directory. Instead, it places files directly in download path (due to the potential of this issue in causing regressions this fix is only enabled using the new context method setWriteSCPBaseDir method)
o SFTP status flags in make directory are not fully consistent with status codes described in SFTP specifications.
o Allow disabling of directory checks in make directory to force API always to call makeDirectory on the installed file system. Use new context method setDisableSFTPDirChecks to activate.
o No SFTP extensions are declared in server version message resulting in client failing to use supported extensions.
o Fixed default permissions set in VFSFile (missing execute permission when the file is a directory).
o New OpenSSH format keys generated by previous versions of the API are missing comment field causing EOFException.

* This release requires the use of maverick-common 1.4.5 dependency.

--------------------------------

SSHD Maverick 1.7.31 - June 3, 2020

IMPORTANT NOTICE
****************
This release restricts RSA keys in authentication to 1024 bits or greater. If you attempt to authenticate with a key with < 1024 bits the API will automatically reject the authentication request. If you need to disable this you must contact Jadaptive technical support for further advice.

Bug Fixes
o DH initialization should set the preferred size of private exponent instead of using JCE default to improve key exchange performance.
o Fixed potential memory leak scenario in Channel when the remote window reaches zero and the channel is forced to close.
o Added no-common server jar file to source code build.
o Refactor of connection initialization to prevent issue under load where the server sends key exchange initialization message without or before sending the SSH identification string.
o Added methods to set enabled SSL protocols and cipher suites on SSLSocketConnection and SSLContextConnection classes.
o Fixed Java 7 compile and use issues.

--------------------------------

SSHD Maverick 1.7.30 - May 14, 2020

Features
o Added setMaxSessions option to SshContext to match the behaviour of OpenSSH MaxSessions directive to restrict the number of concurrent session channels open at any one time.

Bug Fixes
o Priority value that helps determine the security level of each component not stored correctly in AbstractHmac causing algorithms within each SecuirtyLevel to have incorrect order*
o Deprecated Ripe160 HMAC due to various issues seen in support. It was also deprecated by OpenSSH in version 7.6.
o Added default timeout support to ScpCommand to prevent locked up threads where client stops sending data.
o Removed deprecated authentication mechanisms setup code from SshContext.
o A race condition between the changing of key exchange state and the sending ext-info message could cause NPE.
o RSA KeyFactory and Cipher specifications are not able to use separate JCE Providers.
o Add exception cause to errors thrown by AES GCM implementations.
o Server fails to process client's SSH_MSG_EXT_INFO causing disconnect.
o VirtualFileFactory can cause NPE due to unsynchronized access to its mount manager.
o SshPublicKeyFileFactory allows SSH1 public key to be formated as an SSH2 public key.
o Transport should log negotiated algorithms in DEBUG mode.
o Potential fix for JSafe AES/GCM mode throwing invalid IV exception.
o Excessive CPU usage caused by SecureRandom re-seeding due to some areas not using shared PRNG.
o SFTP subsystem now captures all thrown errors and returns STATUS_FX_FAULURE where possible to the client.

* This release requires the use of maverick-common 1.4.3 dependency which is included in this release.

--------------------------------

SSHD Maverick 1.7.29 - Mar 24, 2020

Features
o Further improvements to managed security mode to prevent algorithm order and removal.

Bug Fixes
o Host key negotiation does not remove host keys where its algorithm has been removed from preferences.

Upgraded compile dependency of BouncyCastle to 1.64
Upgraded compile dependency of SLF4J to 1.7.30

--------------------------------

SSHD Maverick 1.7.28 - Mar 10, 2020

Features
o Downgrade all use of RSA with SHA1 to WEAK security level.
o Added authentication provider implementation for using private keys from JADAPTIVE Universal Authenticator mobile app.

Bug Fixes
o Some clients can cause an NPE after the server has disconnected due to too many authentications.

--------------------------------

SSHD Maverick 1.7.27 - Feb 5, 2020

Features
o All algorithm listings are now ordered according to the security level they provide, ensuring the API advertises the strongest security in it's preferences.
o Default algorithm preferences updated to reflect the most secure option currently available.
o Added chacha20-poly1305@openssh.com cipher from OpenSSH specifications.
o Added curve25519-sha256 key exchange from IETF specification https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-08
o Implemented a set of "Security Levels" that allow a minimum security level WEAK, STRONG or PARANOID to be configured on the API.
o Improved support for SFTP extensions. Use DefaultSftpExtensionFactory to select optional support for supported extensions passing values from SupportedSftpExtensions enum in constructor.
o Implemented custom SFTP extension open-directory-with-filter@sshtools.com allowing a directory to be read with a glob or regex filter applied so that only specific results are returned in client directory listing. Requires use of AbstractFileSystem and AbstractFile implementation. This is not supported for FileSystem implementations.
o copy-file SFTP extension implemented from https://tools.ietf.org/id/draft-ietf-secsh-filexfer-extensions-00.txt
o ssh-rsa host keys are now automatically declared as rsa-sha2-256 and rsa-sha2-512 keys for stronger signing support.
o Support for SSH_MSG_EXT_INFO defined in draft https://tools.ietf.org/html/draft-ssh-ext-info-05 to allow notification of support for rsa-sha2-256 and rsa-sha2-512 signature types.
o Support for appending to files in AbstractFileSystem.
o Added OPENSSL_FORMAT key type for generating standard PEM keys using SshPrivateKeyFileFactory (requires BouncyCastle PKIX).
o SshPublicKey interface now supports getJCEPublicKey method to access JCE component (unsupported for ed25519 keys).

Bug Fixes
o sendChannelDataAndBlock incorrectly triggers completion callback before data is complete when data is split because of low window space.
o Waiting threads not notified when message is consumed on write queue; adding potential performance degradation when write queue threshold is reached.
o Channel data timeout fails to force disconnect.
o Keys generated by API and saved in new OpenSSH format generated invalid format errors when parsed with ssh-keygen.

--------------------------------

SSHD Maverick 1.7.26 - Dec 13, 2019

*This release contains no changes from 1.7.25. It is released only to maintain the same version as the client API.

--------------------------------

SSHD Maverick 1.7.25 - Dec 3, 2019

Features
o Added context setting for the maximum number of channels a connection will allow over its lifetime. This is not maximum concurrent channels, but rather the number of incremental channels opened during the lifetime of the connection. If a client attempts to open more channels than this value allows it will be disconnected.
o Removed support for hmac-sha256@ssh.com and hmac-sha512@ssh.com. This non-standard algorithm has been implemented incorrectly by many vendors causing connectivity problems with our clients. If you need to continue to use these enable them with the system property -Dmaverick.hmac-sha256@ssh.com=true

Bug Fixes
o BC/BCFIPS private key implementation does not support older style OpenSSL PKCS8/PBKDF encrypted keys*
o Further optimization to help prevent OOM. Ability to limit the number of packets queued for writing with external threads being blocked when write queue reaches maximum threshold. In addition changes to interested ops on sockets to ensure read is not selected when there are write operations pending (to revert this use -Dmaverick.preventWriteQueue=true)
o Missing channel type in channel open log statements.
o ProxySession does not evaluate window space causing hung sessions.
o Removed synchronization from AuthenticationProtocol stop as the method currently does nothing.
o A client sending a maximum packet length of 1 can cause OOM and/or DoS. API now requires a maximum packet length from clients of >= 4096 bytes.
o Remove default addition of DefaultSftpExtensionFactory. Users should add this if they want SFTP Extensions to be supported.
o SshIOException error message is not set from passed SshException.
o AbstractFileSystem makeDirectory fails to error when the parent folder does not exist. To revert this behaviour use -Dmaverick.disableMkdirParentCheck=true

*Requires upgrade to maverick-common 1.3.13 which is included in this release.

--------------------------------

SSHD Maverick 1.7.24 - Aug 19, 2019

Features
o Binary logging option for detailed debugging of protocol exchanges and data sent/received. Set -Dmaverick.binaryLogging=true*
o Added option to SshContext to allow SO_LINGER option to be set on the socket (missing).

Bug Fixes
o EVENT_SFTP_SESSION_STARTED is fired after other SFTP session events due to race condition.
o AbstractFileSystemm attempts to re-populate Connection object on all events.
o Upgraded JZLIB dependency version to 1.1.3 after reports of issues in production with previously distributed version.
o Event EVENT_KEY_EXCHANGE_COMPLETE and EVENT_KEY_EXCHANGE_FAILURE do not fire in the case when an algorithm cannot be negotiated.
o AbstractFile setAttributes missing ability to throw PermissionException.

*Requires upgrade to maverick-common 1.3.12 which is included in this release.

--------------------------------

SSHD Maverick 1.7.23 - July 17, 2019

Features
o Binary logging option for detailed debugging of protocol exchanges and data sent/received. Set -Dmaverick.binaryLogging=true*
o Added option to SshContext to allow SO_LINGER option to be set on the socket (missing).

Bug Fixes
o Ensure SocketChannel close is called when error happens during open to prevent socket handle leak on some platforms.
o Send/receive buffer should only be set on forwarded socket if the value has been explicitly set on context.

*Requires upgrade to maverick-common 1.3.11 which is included in this release.

--------------------------------

SSHD Maverick 1.7.22 - May 3, 2019

Bug Fixes
o Potential race condition on SocketConnection.closeConnection causes NPE with new logging code.
o Fixed deadlock between Channel.processChannelEOF and Channel.close
o Usage of SecureRandom.getInstanceStrong causes hung process on systems with little randomness*

*Requires upgrade to maverick-common 1.3.10 which is included in this release.

--------------------------------

SSHD Maverick 1.7.21 - Mar 25, 2019

Features
o Added checkPermissions, onConnectionComplete and onConnectionError protected callback methods in LocalForwardingChannel.
o Moved SshKeyUtils to maverick-common to make it available in the Server API.
o Added getter/setter for Locale on the Connection object. This overrides SshContext.getLocale if set.
o Introduced very limited INFO level logging for basic diagnostic of connection behavior in production environments.

Bug Fixes
o Channel causes protocol violation by sending additional SSH_MSG_CHANNEL_EOF under heavy forwarding load.
o changePositionofAlgorithm throws IndexOutOfBoundsException when presented with an algorithm that is not in the list*
o Enabling BouncyCastle JCE does not configure separate Diffie Hellman algorithms causing an alternative provider to be selected*
o Throw PermissionDeniedException instead of IOException when SFTP client tries to delete a non-empty directory.

*Requires upgrade to maverick-common 1.3.9 which is included in this release.

--------------------------------

SSHD Maverick 1.7.20 - Jan 22, 2019

Features
o Support for ECDSA, RSA and DSA keys in new OpenSSH private key file format. Keys generated by the API will now default to this format when written*
o Support for BubbleBabble type fingerprint in SshKeyUtils and SshKeyFingerprint*

Bug Fixes
o Don't set socket buffer size unless implementation explicitly sets them on the SshContext.
o Don't close the channel after subsystem request failure just send the request status back to the client.
o Ensure that an algorithm can still be used by other algorithms that depend on it even if it is removed from preferences e.g. ssh-rsa is required by rsa-sha2-256 and rsa-sha2-512.
o setMaximumNumberofAsyncSFTPRequests is now redundant and has now been marked as deprecated.
o ECDSA public key implementation of equals returns false even though public keys are the same*
o ECDSA signature verification handling fixed to improve detection of SSH style signature*
o Scp recursive mode should assume wildcard patter when none is provided.
o Scp fixed null permissions when creating a directory.

* Requires upgrade to maverick-common 1.3.8 which is included in this release.

--------------------------------

SSHD Maverick 1.7.19 - Nov 21, 2018

Features
o Added white/black list options to IPPolicy. Use CIDR or single IP address values to block or allow connections.
o Added isSFTPCloseFileBeforeFailedTransferEvents method to SshContext to allow change in behaviour that will close any failed transfer file before any failed events are generated.

Bug Fixes
o Fixed issue in DH parameter bounds test where incorrect provider was used to calculate bounds.
o Added missing constants in SshContext for new key exchange mechanisms.
o DynamicBuffer InputStream incorrectly returns negative value indicating EOF in single byte read operation. This affected SCP put causing truncated file names when names contained extended ascii or unicode characters*
o EVENT_KEY_EXCHANGE_COMPLETE fires prematurely before key exchange is actually finished.

*Requires upgrade to maverick-common 1.3.7 which is included in this release.

--------------------------------

SSHD Maverick 1.7.18 - Oct 7, 2018

Features
o New SftpOperationWrapper interface for receiving callback for begin/end of SFTP operations (replaces OperationWrapperSupport with richer interface including current operation information).
o Support for Public Key subsystem (requires add/remove/list implementation support in PublicKeyAuthenticationProvider).
o Full support for ssh-ed25519 keys including key generation and new OpenSSH private key format with aes/bcrypt encryption*
o Support for RSA key exchange rsa2048-sha256 and rsa1024-sha1*
o Support for curve25519-sha256@libssh.org key exchange*
o Support for rsa-sha2-256 and rsa-sha2-512 public key types for alternative RSA signatures*
o Added disableIdleTimeout / enableIdleTimeout methods to Connection object.
o New base classes for SshPrivateKey implementations to allow JCE PrivateKey object to be used from PKCS11 tokens.

Bug Fixes
o Added additional verbose output when loading private keys to ensure exception is logged if required. Set -Dmaverick.verbose=true if instructed by support*
o SshContext.supportedSubsystems should have been replaced by ChannelFactory.createSubsystem in switch to 1.7.
o Ensure comment is blank rather than null to avoid extra whitespace at the end of OpenSSH public key file*
o Use system default PRNG unless specifically overridden algorithm is set on JCEProvider*
o SpongyCastle support should be explicitly requested using enableSpongyCastle method on JCEProvider.

*Requires upgrade to maverick-common 1.3.6 which is included in this release.

--------------------------------

SSHD Maverick 1.7.17 - Jun 29, 2018

Features
o New startup mode that will allow errors that were previously consumed to be thrown from Daemon startup method.
o Added ability to set minimum SFTP window space on SshContext.

Bug Fixes
o VirtualFileFactory mount selection incorrectly matches mount in filename e.g. /inupload.txt was incorrectly matching against mount /in/
o Fixed source build files.
o Check that file is actually a file when AbstractFileSystem.openFile is called.
o Load and test key exchanges individually to ensure mismatch of jar versions does not fail on loading all key exchanges*

*Requires upgrade to maverick-common 1.3.5 which is included in this release.

--------------------------------

SSHD Maverick 1.7.16 - May 24, 2018

Features
o Added ReadOnlyFileFactoryAdapter to wrap and create read only file systems.

Bug Fixes
o Inconsistent shutdown behaviour in ExecutorOperationSupport*
o Clients using large block sizes for SFTP messages can lockup.

*Requires upgrade to maverick-common 1.3.4 which is included in this release.

--------------------------------

SSHD Maverick 1.7.15 - Apr 23, 2018

IMPORTANT: BouncyCastle has been upgraded to 1.59 in this release to resolve a vulnerability in the 1.52 version [CVE-2017-13098]*

Features
o Ability to configure Diffie Hellman algorithm Provider separately for KeyFactory, KeyAgreement and KeyPairGenerator*
o Additional method on JCEProvider to configure Provider using name rather than Provider instance*
o Support for SFTP extension posix-rename@openssh.com
o New PublicKeyWithVerifyAuthenticationProvider can optionally be used to differentiate between public key check (can I authenticate) and public key authentication attempts.
o Support for diffie-hellman-group14-sha256, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group17-sha512 and diffie-hellman-group18-sha512
o Improved algorithm support for FIPS mode (AES CTR, ECDH, ECDSA and stronger key exchange methods).
o Automatic configuration/support for SpongyCastle JCE provider as a replacement for BouncyCastle on Android.

Bug Fixes
o Improvements to SFTP memory handling did not take the value of ssh.maxWindowSpace system property into account when issuing new window space.
o Incorrect conversion of terminal modes to String in VirtualShell and supporting classes.
o DSA private key signature encoding intermittently fails to generate compatible signature.

*Requires upgrade to maverick-common 1.3.3 which is included in this release.

--------------------------------

SSHD Maverick 1.7.14 - Jan 26, 2018

Features
o Ability to disable algorithms at runtime using -Ddisable.<algorithm> system property*
o Added system property to enable non-compliant SFTP operation of moving file into a folder using rename operation by specifying only the folder name as destination in the rename operation. Use -Dmaverick.enableRenameIntoDir=true to enable.

Bug Fixes
o AbstractFileSystem should be final. We have never supported extensions to this implementation.
o Expected RSA signature length calculation used for padding incorrect; added additional fallback to original signature if padded signature fails*
o Connection object missing getActiveChannels method.
o Ensure fired events are logged in standard debug log*
o ScpCommand does not use FileSystem.populateEvents method to add additional file system attributes to SCP events.

*Requires upgrade to maverick-common 1.3.2 which is included in this release.

--------------------------------

SSHD Maverick 1.7.13 - Dec 22, 2017

Bug Fixes
o Fix for non-RFC X509 signature encoding (compatibility with Tectia)*
o DirectFile throws UnsupportedOperationException on Windows.
o Prevent ExecutorOperationSupport from pausing for 1 second during connection shutdown*
o Upgrade use of commons-vfs in SFTP provider to fix various memory issues caused by commons-vfs2.

*Requires upgrade to maverick-common 1.3.1 which is included in this release.

--------------------------------

SSHD Maverick 1.7.12 - Nov 23, 2017

Features
o Full support for BCFIPS JCE Provider.
o Ability to disable key re-exchange.
o Added methods to Connection object to access the transport algorithms in use.
o Improved SFTP window and memory management.

Bug Fixes
o Removed setKeyboardInteractiveProvider and getKeyboardInteractiveProvider methods that have no function.

*****************
IMPORTANT COMPATIBILITY INFORMATION

This release requires the use of maverick-common 1.3.0 dependency which is included in this release. When using both
client and server APIs in the same JVM you MUST use client and server versions compatible with 1.3 maverick-common.
*****************

--------------------------------

SSHD Maverick 1.7.11 - Oct 23, 2017

Features
o HTTP redirect mode added that enables redirect of HTTP clients connecting on an SSH port.

Bug Fixes
o Support for licenses encoded in ISO-8859-1
o ecdh-sha2-nistp521 broken*
o Scp command truncated when filename contains space followed by "-"
o Java 8u121 DSA signature validation fixes cause intermittent validation failures.

*Requires upgrade to maverick-common 1.2.9 which is included in this release.

--------------------------------

SSHD Maverick 1.7.9 - Jul 17, 2017

Bug Fixes
o Additional trace for subsystem infinite loop issue.
o ECUtils does not use configured JCEProvider for EC algorithm*
o License configured with LicenseManager.addLicense could potentially be in an encoding other than UTF-8.

*Requires upgrade to maverick-common 1.2.8 which is included in this release.

--------------------------------

SSHD Maverick 1.7.8 - Jun 13, 2017

Bug Fixes
o Valid OpenSSH key does not pass format tests*

*Requires upgrade to maverick-common 1.2.7 which is included in this release.

--------------------------------

SSHD Maverick 1.7.7 - Jun 5, 2017

Features
o Implementation of OpenSSH certificates to support user authentication via signed certificate file as defined at https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
o Added OpenSshCertificateAuthenticator.

Bug Fixes
o Removed erroneous System.out in OpenSSHPrivateKeyFile.toKeyPair.
o loadOrGenerateHostKey fails to pass passphrase through to generation method.
o Proxy session channel corrupts session output.
o Proxy session window space not consumed.
o SessionChannel should delegate subsystem creation to overridable method.
o getTransport missing from Connection object.
o getKeyExchange method is missing from TransportProtocol object.
o Changed authInProgresss to use volatile AtomicBoolean.
o Added additional debug logs in case of IOException in public key authentication.
o Enterprise distribution now includes -sources jar files.
o Java 8 u121 introduces regression in DSA key signature validation*
o If BouncyCastle PKIX loading of private key fails with EncryptionException revert to original private key format implementation.*
o SshPublicKeyFileFactory#parse allows non IO error to be propagated*
o Disabled CBC ciphers cause private key encryption failures*
o Missing failed EVENT_KEY_EXCHANGE_COMPLETE event.
o Incorrect calculation of signature size causes RSA signature validation errors*

*Requires upgrade to maverick-common 1.2.6 which is included in this release.

--------------------------------

SSHD Maverick 1.7.6 - Mar 24, 2017

Features
o Added InstructionPrompt and NamePrompt extension of KBIPrompt for the ability to change the name and instructions prompts in keyboard-interactive.

Bug Fixes
o Moved throwing of FileNotFoundException to AbstractFile implementations.
o Scp command should not be automatically installed in VirtualShell.
o Added missing / documented DirectFileSystemFactory.
o Single custom DH prime throws bound exception.*
o ChannelFactory is not defaulted on SshContext.
o Some dependencies on BouncyCastle classes were removed.
o Channel requests should be executed on ExecutorService to avoid holding up transport queue.
o Improvements to ProxyChannelFactory and associated classes to allow delayed authentication in proxied client.
o Moved AgentForwardingChannel from virtual-session project to core.
o Apply authentication idle timeout to connected socket that has not yet negotiated protocol.
o Catch FileNotFoundException from FileSystem readFile and writeFile and return appropriate SFTP status message.
o Changes/improvements to support BouncyCastle FIPS certified JCE Provider
o Further fixes to RFC 6187 X509 implementation

*Requires upgrade to maverick-common 1.2.5 which is included in this release.

--------------------------------

SSHD Maverick 1.7.5 - Feb 22, 2017

Bug Fixes
o Improved startup and shutdown handling to prevent duplicate accept thread which was causing a shutdown delay of up to 30 seconds.
o Fixed certificate chain and signature encoding inline RFC 6187 X509 implementations*
o Ensure source object of all SFTP events are the SftpSubsystem instance allowing access to session and its attributes.
o Added EVENT_SFTP_FILE_DOWNLOAD_INIT, EVENT_SFTP_FILE_UPLOAD_INIT, EVENT_SFTP_FILE_ACCESS_INIT, EVENT_SCP_UPLOAD_INIT, EVENT_SCP_DOWNLOAD_INIT events to ensure all transfers attempts have some kind of event as maximum concurrent transfer violation would never generate an event.
o AbstractFileSystem getAttributes does not throw FileNotFoundException for missing file.
o ECDSA X509 implementations not registered correctly*
o EC and ECDH use default system JCE provider even if separate default provider is configured in API.

*Requires upgrade to maverick-common 1.2.4 which is included in this release.

--------------------------------

SSHD Maverick 1.7.4 - Feb 3, 2017

Bug Fixes
o When a PasswordAuthenticationProvider has not been supplied a NPE is caught if client attempts to perform password authentication.
o Virtual shell alias command is broken.
o AbstractFileSystem can potentially leave OpenFile instance referenced causing memory leak and OOM exception.
o DiffieHellmanGroupExchangeSha256JCE class requests non-standard hash algorithm name SHA256 instead of correct SHA-256 causing it to fail in some JCE environments.
o Re-ordered default key exchange listing by order of strongest security preference.*

Requires upgrade to maverick-common 1.2.3 which is included in this release.

--------------------------------

SSHD Maverick 1.7.3 - Jan 11, 2017

Bug Fixes
o ExecutableCommand shuts down all input/output when SSH_MAG_CHANNEL_EOF is received causing potential issues with ScpCommand implementation. Only input is now shutdown to allow SCP to finish remaining tasks.


--------------------------------

SSHD Maverick 1.7.2 - Jan 5, 2017

Features
o New SftpExtension interface to allow SFTP extensions to be implemented.
o Implemented md5-hash and md5-hash-handle extensions (these were the original extensions defined in draft-ietf-secsh-filexfer-09.txt before draft-ietf-secsh-filexfer-extensions-00.txt replaced them with check-file-name and check-file-handle).

Bug Fixes
o Failed interface is not removed from list of contexts interfaces.
o Possible NPE on Connection object in AuthenticationProtocol under load.
o isDirectory fails with NPE when accessing through proxy when SFTP version between proxy and end-point are different.
o SFTP window management can cause upload to hang if final packet is fragmented over channel window.

--------------------------------

SSHD Maverick 1.6.29 - Dec 12, 2016

Features
o Configuration methods to set specific window space values for SFTP and session channels.
o New optional mode to allow server to dynamically adjust window based on incoming SFTP profile.

Bug Fixes
o ConcurrentModificationException thrown during shutdown when server is under load.
o parseMessage NPE during SFTP channel close.
o Number of connections decreased asynchronously causing tests for set number of maximum connections to fail.
o Source compile fix as AgentForwardingChannel depends on SshAgentClient in client jar.
o Check transport connection status in channel data blocking method.

--------------------------------

SSHD Maverick 1.6.28 - Nov 4, 2016

Features
o Ability to configure thread priority for accept, connect and transfer threads.
o installFactory method added to ShellCommandFactory for easier chaining of ShellCommandFactory instances.

Bug Fixes
o SHA256 public key fingerprint is not compatible with OpenSSH fingerprint*
o OpenSSH public key file cannot be parsed with CR or NL in the encoded Base 64 blob*
o Better handling of rejected executor task required.

* Requires upgrade to maverick-common 1.1.12 which is included in this release.

--------------------------------

SSHD Maverick 1.6.27 - Oct 7, 2016

Features
o New AuthorizedKeyFile implementation enables parsing of authorized_key files with full support for all OpenSSH options as documented at http://man.openbsd.org/sshd.8*

Bug Fixes
o ConnectionManager ConcurrentModificationException fixed.
o No need to use ConnectionManager.getConnectionById in places where a Connection object is available from transport fields.
o DiffieHellmanGroups group16 incorrect value*
o AbstractFileSystem incorrectly uses getBytes() to convert handle.
o Temporary transfer thread throws ClosedSelectorException under load.
o Fixed NPE in Event getAllAttributes*
o Algorithm name in SECSH public key file causes NPE when parsed by SshPublicKeyFileFactory*
o Shutdown synchronization causes extended shutdown sequence.

* Requires upgrade to maverick-common 1.1.11 which is included in this release.

--------------------------------

SSHD Maverick 1.6.26 - Sept 8, 2016

Bug Fixes
o ExecutorOperationSupport ConcurrentModificationException fixed*

* Requires upgrade to maverick-common 1.1.10 which is included in this release.

--------------------------------

SSHD Maverick 1.6.25 - Sept 2, 2016

Bug Fixes
o ExecutorOperationSupport deadlock fixed*
o Key derivation function creates incompatible key when key exchange hash function output is smaller than required key.

* Requires upgrade to maverick-common 1.1.9 which is included in this release.

--------------------------------

SSHD Maverick 1.6.24 - Aug 24, 2016

Features
o SshContext option to enable check required authentications for each authentication attempt to replicate previous behavior of 1.4 server.

Bug Fixes
o Disconnect immediately on protocol message violation.
o Empty subsystem message handling is unclear.
o Handle unknown message id with unsupported operation status.
o SFTP extended operation case does not break from switch statement.
o Large maximum packet size causes BufferOverflowException in SFTP subsystem.

--------------------------------

SSHD Maverick 1.6.23 - Aug 9, 2016

Features
o VirtualShell prompt can now include references to other environment variables.

Bug Fixes
o Fixed NPE in ConnectionManager getUserConnections method.
o Missing return statement in PasswordKeyboardInteractiveProvider can cause unexpected behavior.
o Event object cannot handle null attributes.*

* Requires upgrade to maverick-common 1.1.8 which is included in this release.

--------------------------------

SSHD Maverick 1.6.22 - July 14, 2016

Features
o Added setMaximumUserConnections to limit the number of connections each user can open concurrently.

Bug Fixes
o hmac-sha256@ssh.com should use 32 byte output but 16 byte key*
o Ported setMaxAsyncSFTPRequests from 1.4 to help restrict number of bytes being queued for processing in SFTP. Needs to be combined with lower window space setting in order to work as the mechanism relies on restricting window space to ensure client does not send too much data.
o FIPS mode did not enable diffie hellman group exchange algorithms

* Requires upgrade to maverick-common 1.1.7 which is included in this release.

--------------------------------

SSHD Maverick 1.6.21 - June 23, 2016

Features
o Support for SshContext and Connection level event listeners.
o Added getLastError method to Daemon to retrieve the last error detected during a failed startup.

Bug Fixes
o ScpCommand does not handle paths with quotes.
o Skip options in OpenSSH public key file could cause IndexOutOfBoundsException.*

* Requires upgrade to maverick-common 1.1.6 which is included in this release.

--------------------------------

SSHD Maverick 1.6.20 - Jun 2, 2016

Bug Fixes
o Timeout mechanism added to ensure sending of channel data will eventually drop out of the notification loop. Previously it was possible for a bad client to exploit this by refusing to send window space and causing threads to be infinitely stuck.
o Incorrect configuration of default ExecutorService causes hung connection.
o TransportProtocol currentState should be volatile.

--------------------------------

SSHD Maverick 1.6.19 - May 19, 2016

Features
o ChannelOutputStream implementation for a server Channel.
o SessionChannel now supports agent forwarding request. Override requestAgentForwarding to implement agent forwarding.
o When a connection is disconnected due to idle connection the socket state is not correctly returned to the Selector causing the SelectionKey to never be cancelled.
o Added EVENT_SCP_UPLOAD_STARTED, EVENT_SCP_DOWNLOAD_STARTED, EVENT_SCP_FILE_READ, EVENT_SCP_FILE_WRITE events.
o VirtualShell commands can ignore fixed Option parsing.
o Connection is now available to access through ThreadLocal storage using ConnectionManager.getInstance().getConnection().
o Execute threads using Connection.executeTask to make it Connection aware and executed on the installed ExecutorService.

Bug Fixes
o AbstractFileSystem does not check writable permission on parent in makeDirectory.
o AbstractFileSystem does not check readable permission on file in openDirectory.
o Authorized key implementations should ignore OpenSSH specific options at beginning of key line.
o UnsupportedSession does not close channel correctly.
o SSHCOM private RSA keys fail to authenticate*
o SshContext maximum concurrent transfer setting had wider implications due to its restriction on the number of threads supported by ExecutorService and has been refactored to remove this limitation.
o DataBlock notified boolean made volatile.
o Skip options in OpenSSH public key file*

* Requires upgrade to maverick-common 1.1.5 which is included in this release.

--------------------------------

SSHD Maverick 1.6.18 - Mar 30, 2016

Bug Fixes
o Version in SftpFileAttributes may not be set causing missing flags.
o EOLProcessor duplicates character if stray CR is found when processing CRLF*

* Requires upgrade to maverick-common 1.1.4 which is included in this release.

--------------------------------

SSHD Maverick 1.6.17 - Mar 14, 2016

Features
o Ability to set name of PasswordKeyboardInteractiveProvider that is passed to client in keyboard-interactive operation.
o Added implementation of publickey@vandyke.com subsystem.
o Ability to set maximum DH prime value for key exchange.

Bug Fixes
o Virtual shell should support bash type last exit code variable $?
o Cannot set backlog option on listening interface.
o Deadlock on socket write due to writeMessageIntoBuffer placement within kexlock synchronized block.
o Change to long name date format breaks scripts expecting specific format. Format has been revered and made configurable.
o Channel data deadlock if connection closes due to network error.

--------------------------------

SSHD Maverick 1.6.16 - Jan 29, 2016

Bug Fixes
o Server using new authentication APIs and supporting change password encountered NPE on change password attempt.
o Fix added in 1.6.14 could cause further locking scenario in sendChannelDataAndBlock.
o Allow complete configuration of welcome text in virtual shell.
o Javadocs were not included in the zip distribution.
o Resolved performance issue introduced in 1.6.14 caused by extending ExecutorOperationSupport to Subsystem.sendMessage.

--------------------------------

SSHD Maverick 1.6.15 - Jan 13, 2016

Features
o Adding missing method to getExtendedAttribute and hasExtendedAttribute to SftpFileAttributes.
o Increased session channel maximum channel packet to 34000 bytes.

Bug Fixes
o Added suitable constructor to UnsupportedSession, VirtualShell, NativeSession to allow session variables to be changed.
o Mixed use of AuthenticationMechansimFactory and AccessManager can cause required authentication to be changed during authentication.
o Previous changes to X509 certificate support removed SHA256 certificates from x509v3-sign-rsa implementation specified in https://tools.ietf.org/html/draft-saarenmaa-ssh-x509-00 since it was only supposed to support SHA1. Added backwards compatibility -Dmaverick.backwardCompatibleSHA2=true mode to allow implementations to re-introduce this issue if they require the old behaviour
o NPE in shutdown when shutdown hook is not set.
o Diffie Hellman Group Exchange methods fail to return the size requested.
o Improved JCEComponentManager startup to ensure existing BC provider does not prevent DH algorithm configuration.*
o Improved JCEComponentManager startup logging.*

* Requires upgrade to maverick-common 1.1.2 which is included in this release.

--------------------------------

SSHD Maverick 1.6.14 - Dec 10, 2015

Features
o New EVENT_SFTP_SESSION_STOPPING event to indicate when SFTP session shutdown has been initiated, includes attributes for open files and directories.
o Added getFileForHandle method to AbstractFileSystem.
o Added ATTRIBUTE_OPERATION_STARTED and ATTRIBUTE_OPERATION_FINISHED to EVENT_SFTP_SESSION_STOPPED.
o Authenticator type interfaces can now throw IOException to optionally force immediate disconnection.

Bug Fixes
o Bug in improved sendChannelDataAndBlock method causes deadlock if channel data has to be split into smaller messages.
o Authentication mechanisms perform all operations on IO thread.
o Extended ExecutionOperationSupport to Subsystem sendMessage.
o Log consumed exception in AbstractFileSystem.closeFile.
o Scp requires spaces in filenames to be escaped with backslash. Added optional system property switch -Dmaverick.disableScpSpaceException=true to disable this behavior.
o File paths in SFTP should not be trimmed.
o Use ConcurrentHashMap instead of Collections.synchronizedMap to prevent concurrent modification errors.
o 4k minimum window size to small for forwarding channels, increased to 32k.
o Scp command does not produce file not found message when request for non-existent file is made.
o diffie-hellman-group-exchange methods fail test when backwards compatibility is disabled.*
o Create time not exposed in SftpFileAttributes (SFTP version 4 attribute).
o Incomplete error attributes on read/write events.
o Inclusion of version 4 attribute flag causes problems with clients that validate attribute flags.
o x509v3-ecdsa-sha2-nistp384 and x509v3-ecdsa-sha2-nistp521 typos in JCEComponentManager registration.*

* Requires upgrade to maverick-common 1.1.1 which is included in this release.

--------------------------------

SSHD Maverick 1.4.56 - Jan 13, 2016

Bug Fixes
o Default session packet size changed to 34000 due to lazy SSH implementations not implementing channel flow mechanism correctly and assuming SFTP packets are the same as channel data packets.
o Diffie hellman group exchange methods fail to return the correct group size requested.

--------------------------------

SSHD Maverick 1.4.55 - Dec 10, 2015

Bug Fixes
o Scp fails to report file not found in get operation.
o Forwarding channels were using incorrect window space value.

--------------------------------

SSHD Maverick 1.4.54 - 10 Nov, 2015

Bug Fixes
o Fixed SocketForwardingChannel synchronization after discovering deadlock situation.
o Window adjust synchronization fixed.
o Allow revert to old (broken) behavior returning all supported authentication mechanisms on partial authentication. Set -Dmaverick.oldMethodsToContinue=true system property.
o Scp requires spaces in filenames to be escaped with backslash. Added optional system property switch -Dmaverick.disableScpSpaceException=true to disable this behavior.

--------------------------------

SSHD Maverick 1.6.13 - Sept 14, 2015

Features
o Optional events EVENT_SFTP_FILE_READ, EVENT_SFTP_FILE_WRITE for SFTP read/write operations. Enable via SshContext setSFTPReadWriteEvents method.
o DirectFile implementation returns native file attributes if running in Java 7+ environment.
o New authentication idle timeout option added to allow different idle timeouts depending on connection state.
o Plumbed in ShellPolicy and ForwardingPolicy to replace functionality provided by AccessManager interface.
o Added IPPolicy implementation to replace canConnect functionality provided by AccessManager interface.
o Added getRequiredMechanisms method to AuthenticationMechanismFactory to replace getRequiredAuthentications functionality provided by AccessManager interface.
o To help protect against Logjam new setting of minimum Diffie Hellman prime size added with default value of 2048 bites.
o Moved some logging statements to verbose mode to make reading log files easier.
o RFC 6187 RSA certificate of 2048 bits supporting SHA256WithRSA signature added*
o Added getMappedFile method to VirtualMappedFile to enable access to actual file.
o Support for hmac-ripemd160, hmac-ripemd160-etm@openssh.com message authentications.
o Support for Encrypt then Mac message authentications hmac-md5-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
o Added EVENT_SFTP_FILE_UPLOAD_STARTED, EVENT_SFTP_FILE_DOWNLOAD_STARTED, EVENT_SFTP_FILE_ACCESS_STARTED events
o Allow revert to old (broken) behavior to return all supported authentication mechanisms on partial authentication. Set system property -Dmaverick.oldMethodsToContinue=true

Bug Fixes
o Improved sendChannelDataAndBlock method to ensure data has been written to socket. Previously a rare race condition exists which could see the queued data overwritten before it was transferred to the channel data message.
o Fixed synchronization in SocketForwardingChannel after discovering deadlock.
o ECDSA keys cannot be loaded if another JCE exists that processed EC keys and has a higher priority in security configuration*
o Session channel fails to kill ScpCommand if its still active on session close.
o AbstractDirectFile fields changed to protected for better extension support.
o Extracted RandomAccessImpl to public class with protected fields for better extension support.
o AbstractFileSystem renameFile would allow non-writable files to be renamed.
o Open file event not being fired from SFTP subsystem.
o Ensure enough key data is available for the size of the cipher or mac.
o SFTP v4 text mode does not ignore read/write offset as specified by SFTP specification.
o AbstractFileFactory processEvent was not plumbed into SftpSubsystem events.
o AbstractFileSystem consumes AbstractFile.close IOException.
o SFTP long name file listing format does not include day of month.
o SFTP error events do not contain exception.
o For clarify call getDefaultPath instead of getFile("") in AbstractFileSystem.
o VFSFile does not process last modified time correctly.
o AbstractFileSystem only checks writable flag in AbstractFile if file exists.

* Requires upgrade to maverick-common 1.1.0 which is included in this release.

*****************
IMPORTANT COMPATIBILITY INFORMATION

For users combining both our client and server APIs in the same classpath you should ensure that both versions of the API used are compatible with a maverick-common version of 1.1.0.
If for any reasons you just use a single product and ship the individual jar files you should ensure you ship the maverick-common 1.1.0 version included in this release.
*****************

--------------------------------

SSHD Maverick 1.4.53 - 7 May, 2015

Features
o Allow protocol violations to be treated as warnings in an effort to support bad clients that are not conforming to the specification. Set -Dmaverick.disableProtocolViolation=true

Bug Fixes
o Bad client can cause memory exceptions by requesting large SFTP reads but denying window space in a timely fashion.
o Added maximum number of outstanding SFTP async requests limit to ensure slow file systems do not cause OOM exceptions.
o Perform check on incoming data packet to ensure it conforms to protocol rules.
o VirtualFileSystem setFileAttributes on open file handle fails to convert client's last modified time correctly.


--------------------------------

SSHD Maverick 1.6.12 - May 15, 2015

Features
o Optional per-connection upload quota limit added.

Bug Fixes
o Removed printStackTrace and instead added warn level log on reflection error when attempting to load newer implementation of OpenSSHPrivateKeyFile that depends on Bouncycastle PKIK.
o Added debug logs to VFSFileFactory to help resolve FileNotFoundException causes.
o Log missing BC dependency rather than printStackTrace.*
o Virtual shell corrupts/overwrites its own output before channel data is sent.
o ShowLastError command throws a cast exception.
o Commands cannot be hidden.
o Virtual shell does not select default keybindings and various flavours of xterm fail to be recognized.
o Optional Bouncycastle dependencies upgraded to version 1.52*

* Requires upgrade to maverick-common 1.0.9 which is included in this release.

--------------------------------

SSHD Maverick 1.6.11 - Mar 24, 2015

Bug Fixes
o Throw appropriate exception in RootShell if file system is not an AbstractFileSystem derived implementation.
o NullPointerException when uninitialised ProxySession is closed.
o AccessManager canConnect is now additionally called after each failed authentication giving the server a chance to disconnect if application rules have decided the attempt is no longer allowed.


--------------------------------

SSHD Maverick 1.4.52 - Feb 24, 2015

Features
o Optional support for none HMAC. Must be explicitly turned on, do not use in production.

Bug Fixes
o JCE expects a padded RSA signature but protocol allows client to send unpadded resulting in random authentication failures.
o Re-factor of SocketForwardingChannel to prevent thread lock up.

--------------------------------

SSHD Maverick 1.6.10 - Feb 24, 2015

Features
o Proxy session implementation that utilizes Maverick Legacy Client to proxy another SSH session through the server.

Bug Fixes
o JCE expects a padded RSA signature but protocol allows client to send unpadded resulting in random authentication failures.
o Re-factored SocketForwardingChannel to prevent thread lock up.
o NullPointerException when first connection is denied from AccessManager.canConnect.

--------------------------------

SSHD Maverick 1.6.9 - Jan 12, 2015

Bug Fixes
o Exception caught processing publickey authentication is not logged so reason for error simply cannot be obtained.
o Connection not set in PublicKeyAuthentication causing NullPointerException during publickey authentication.
o TransportProtocol fails to log actual error after catching Throwable.
o Ensure AbstractFileSystem read returns all bytes requested unless file is EOF.
o Username/group flag in SFTPv4 attributes not set.
o Ability to order ciphers, macs, keyexchanges etc by passing String array of preferred order.

--------------------------------

SSHD Maverick 1.4.51 - Jan 8, 2015

Bug Fixes
o Move some debug logging into mavercik.verbose mode.

--------------------------------

SSHD Maverick 1.6.8 - Sept 23, 2014

Features
o Added getter methods for cipher, compression and mac settings to TransportProtocol.

Bug Fixes
o Bug in Authentication Protocol that meant AuthenticationMechanismFactory supported mechanisms was not used in some scenarios.
o If Maximum concurrent transfers is zero an IllegalArgumentException is thrown when ExecutorService is first accessed.
o OpenSSH private key format made library always depend on Bouncycastle JCE provider and associated libs.

--------------------------------

SSHD Maverick 1.4.50 - Sept 24, 2014

Features
o Added getter methods for cipher, compression and mac settings to TransportProtocol.

--------------------------------

SSHD Maverick 1.6.7 - Aug 26, 2014

Features
o Added hmac-sha2-512, hmac-sha2-512-96, hmac-sha2-256-96 mac algorithms*.
o Added ecdh-sha2-nistp256, ecdh-sha2-nistp384 and ecdh-sha2-nistp521 key exchange algorithms*.
o Added x509v3-rsa2048-sha256, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384 and x509v3-ecdsa-sha2-nistp521 public key algorithms.*
o NativeSessionChannel implementation added for Linux based servers.

Bug Fixes
o Made backlog setting available on ListeningInterface.

* Requires upgrade to maverick-common 1.0.5 which is included in this release.

--------------------------------

SSHD Maverick 1.4.49 - Aug 19, 2014

Bug Fixes
o Made backlog setting available to be changed on ListeningInterface object.

--------------------------------

SSHD Maverick 1.4.48 - Jun 18, 2014

Bug Fixes
o Channel has race condition that can potentially send SSH_MSG_CHANNEL_CLOSE before SSH_MSG_CHANNEL_EOF.
o Buffer overflow caused by unexpectedly large file system packets.
o Potential lockup in SelectorThread when write buffer requires asynchronous writes.
o Changed call to getCanonicalHostName to getHostAddress to prevent reverse DNS lookup in debug mode jar (runtime jar was not affected).
o Forwarding channel could be overloaded with data from forwarding socket causing excessive heap memory and potential OOM.

--------------------------------

SSHD Maverick 1.6.6 - Jun 9, 2014

Bug Fixes
o Scp command now makes use of ExecutorService in SshContext to perform its operations on a pooled thread.
o Made VirtualFileSystem more resilient to double slashes in paths.
o ExecutorService core threads never timeout. Default behaviour is now for core threads to terminate after 60s of idle.
o Upgraded BouncyCastle dependencies to 1.50 versions due to potential memory leaks created by the JCE library.*
o Forwarding channel could be overloaded with data from forwarding socket causing excessive heap memory and potential OOM.

* Requires upgrade to maverick-common 1.0.4 which is included in this release.

--------------------------------

SSHD Maverick 1.6.5 - Feb 12, 2014

Bug Fixes
o File attributes in formatted long name fails to show correct file type in permissions string.
o Automatically determine v4 type field from v3 permissions for backwards compatibility.
o Imaginary file in directory listing causes FileNotFoundException.

--------------------------------

SSHD Maverick 1.6.4 - Jan 29, 2014

Features
o Support for SFTP version 4. This needs to be explicitly enabled using SshContext's enableSFTPVersion4 method.
o New AbstractFileSystem added making it easier to add file systems with an AbstractFile interface similar to java.io.File.
o DirectFileFactory concrete implementation of AbstractFileFactory that uses standard java.io.File to serve local files.
o Preliminary support for RFC 6187 X509 certificates for RSA and DSA public key algorithms. OSCP responses are currently not retrieved and encoded or validated by the server if received.*

Bug Fixes
o File attributes provided by the client are not being passed to makeDirectory.
o Permanent transfer thread refuses to register new channel without throwing exception resulting in hung client connection.
o Workaround added for NIO epollWait JVM bug.
o Buffer overflow caused by unexpectedly large file system packets.

* Requires upgrade to maverick-common 1.0.2 which is included in this release.

--------------------------------

SSHD Maverick 1.4.47 - Nov 11, 2013

Bug Fixes
o Permanent transfer thread refuses to register new channel without throwing an error resulting in hung client connection.
o Added workaround for JVM epoll bug.

--------------------------------

SSHD Maverick 1.4.46 - Oct 7, 2013

Bug Fixes
o Incoming swap byte[] is not dereferenced on socket close causing potential memory leak.
o Fixed NPE in shutdown after SFTP initialization fails.
o Removed invalid check for null in SftpSubsystem RealPathOperation.
o Support for larger N sizes in DSA key signatures allowing > 1024 bit DSA keys to be utilised.
o Added hmac-sha2-256 algorithm to supported Hmacs
o Channel can potentially lockup if closed with queued data that has not been flushed.
o Default maximum packet size increased slightly to allow for packet overhead to support JScape client that sends 128k file blocks.
o Overridden maximum packet size in SshContext is now used in place of hard coded value in SftpSubsystem.

--------------------------------

SSHD Maverick 1.6.3 - Sept 25, 2013

Features
o Support for PKCS8 PEM encoded private keys (required BouncyCastle JCE provider installed)*

Bug Fixes
o SelectorThread fails to close its own selector.
o Shutdown under load potentially locks up in channel data queue.
o Shortened shutdown timeout values to help reduce shutdown time.
o Fixed NPE in SftpSubsystem shutdown.
o SFTP mkdir request fails to check if parent folder exists.
o Scp upload event passes incorrect path in filename attribute.
o Added hmac-sha2-256 algorithm to supported Hmacs*
o Support for larger N sizes in DSA key signatures allowing > 1024 bit DSA keys to be utilised*

* Requires upgrade to maverick-common 1.0.1 which is included in this release.

--------------------------------

IMPORTANT NOTICE:

This is the first public release of the 1.6.x stable branch. Previous releases indicated below were
internal releases only. Source code developed with versions 1.4.x or lower will not be binary compatible
with this API although changes should be minimal as this new branch is a continuation of the work of those
branches and should be considered the stable successor to 1.4.x versions.

Please note that the internal cryptographic provider has been removed and as such all cryptographic
functions are provided by the installed Java Cryptography Extensions (JCE) in your environment. The minimum
required version of Java is 1.5.

SSHD Maverick 1.6.2 - Sept 5, 2013

Bug Fixes
o Incoming swap byte[] is not dereferenced on socket close causing potential memory leak.
o Removed invalid check for null in SftpSubsystem RealPathOperation.
o ConcurrentModificationException thrown during shutdownNow.

=================
= HISTORY =
=================

SSHD Maverick 1.6.1 - Jul 18, 2013

Bug Fixes
o Subsystem operations moved to transport to allow other components to synchronize with cleanup correctly.
o Cleanup was executed based on session identifier being a non-null value, however if key exchange had not completed, cleanup would not be performed.
o Authentication Failure event is not fired on the final attempt when authentication retry limit is reached.

------------------

SSHD Maverick 1.6.0 - June 19, 2013

Features
o Logging is now provided though SLF4J.
o API is now built with and requires a minimum Java version of 1.5.
o Build system changed to Maven.
o Common components shared between client and server implementations have been moved to a separately versioned jar file to help compatibility between the two.
o Internal cryptographic provider has been removed.
o Added support for Elliptic Curve keys ecdsa-sha2-nistp256, ecdsa-sha2-nistp385 and ecdsa-sha2-nistp521.
o SFTP threading is now controlled by an Executor providing the ability to configure maximum number of concurrent transfers or replace with your own implementation.
o VirtualFileSystem can now be instantiated with mount objects removing the need for system wide configuration.
o FileSystemFactory now controls creation of FileSystem instances.
o Added Connection object for easy identification of individual sessions in events.

--------------------------------

SSHD Maverick 1.4.45 - 16 Jul, 2013

Features
o Added option to SshContext to allow SO_LINGER option to be set on the socket.

Bug Fixes
o Mixed use of String.length() and getBytes() could cause incorrect length to be sent in SSH_MSG_USERAUTH_BANNER if UTF-8 character was present.
o AbstractJCECipher IV is now initialized with getBlockSize, allowing it to be overridden to prevent NPE with NSS/JSS crypto.
o Added refresh method to GSSAPIWithMICAuthentication to allow Enterprise License source to be compiled with Java 5.
o Allow password over keyboard-interactive default prompt text to be changed by extending class and overriding protected methods in PasswordKeyboardInteractiveProvider.
o Some debug statements were not being removed from no-debug jar file.
o Authorized keys store implementation does not allow empty or skip lines starting with #
o Large file download over SCP could potentially cause OOM exception.

--------------------------------

SSHD Maverick 1.4.44 - May 10, 2013

Features
o Added SocketConnectionFactory interface to allow possible override of SocketConnection implementation on a per-connection basis.
o Added SshContext.enableFIPSMode to configure the server to only use FIPS supported algorithms. This requires a JCE that supports 2048 bit DH primes so is incompatible with SunJCE, use BouncyCastle JCE to support this or a FIPS certified JCE.

Bug Fixes
o Ensure selector is closed correctly at end of selector thread.
o SocketForwardingChannel could potentially send data out of sequence if last message in queue was not written fully.

--------------------------------



--------------------------------

SSHD Maverick 1.4.43 - Mar 21, 2013

Features
o Server can now start a listening interface with a port value of zero allowing the OS to select an open free port. Use ListeningInterface.getActualPort to retreive the allocated port number.

Bug Fixes
o Remote forwarding request with zero port value allocates random unallocated port but fails to return correct value to client.
o Remote forwarding request always returns port value in response causing incompatibility with some clients.
o SCP client that fails to wait for acknowledgment of completed transfer causes premature channel close and termination of scp thread. Workaround added for this scenario to allow a transfer to be considered complete if server has received total file as reported by client.
o SCP upload/download events were not fired for failed transfers.
o ScpCommand.readFromRemote now captures base IOException and logs before re-throwing for error state clarity.
o Server fails to put ciphers into use immediately after sending SSH_MSG_NEW_KEYS resulting in error if client SSH_MSG_NEW_KEYS is not received before an SSH_MSG_IGNORE is sent.
o License verification made less sensitive to whitespace changes.
o Exception in ProtocolClientAcceptor.finishAccept could potentially leave a SelectionKey open.
o Made synchronization in DataWindow consistently synchronize on the same object.
o RemoteForwardingChannel window space and remote packet variables allocated incorrectly.
o OpenSSHPublicKeyFile performs unnecessary check against key algorithm name preventing further supported types being used.
o Forwarding channel does not send queued data before being closed when server is under load.
o Channel.sendChannelDataWithBuffering is no longer useful as all channel data is buffered according to window space availability so method has been deprecated, use sendChannelData instead.


--------------------------------

SSHD Maverick 1.4.43 - Mar 21, 2013

Features
o Server can now start a listening interface with a port value of zero allowing the OS to select an open free port. Use ListeningInterface.getActualPort to retreive the allocated port number.

Bug Fixes
o Remote forwarding request with zero port value allocates random unallocated port but fails to return correct value to client.
o Remote forwarding request always returns port value in response causing incompatibility with some clients.
o SCP client that fails to wait for acknowledgment of completed transfer causes premature channel close and termination of scp thread. Workaround added for this scenario to allow a transfer to be considered complete if server has received total file as reported by client.
o SCP upload/download events were not fired for failed transfers.
o ScpCommand.readFromRemote now captures base IOException and logs before re-throwing for error state clarity.
o Server fails to put ciphers into use immediately after sending SSH_MSG_NEW_KEYS resulting in error if client SSH_MSG_NEW_KEYS is not received before an SSH_MSG_IGNORE is sent.
o License verification made less sensitive to whitespace changes.
o Exception in ProtocolClientAcceptor.finishAccept could potentially leave a SelectionKey open.
o Made synchronization in DataWindow consistently synchronize on the same object.
o RemoteForwardingChannel window space and remote packet variables allocated incorrectly.
o OpenSSHPublicKeyFile performs unnecessary check against key algorithm name preventing further supported types being used.
o Forwarding channel does not send queued data before being closed when server is under load.
o Channel.sendChannelDataWithBuffering is no longer useful as all channel data is buffered according to window space availability so method has been deprecated, use sendChannelData instead.

--------------------------------

SSHD Maverick 1.4.42 - Dec 7, 2012

Features
o Updated RemoteForwardingManager to support x11 channels. Requires an implementation (not provided) as x11 channels are not supported by default.

Bug Fixes
o Added setLocale method to SshContext. This allows the default locale to be changed, currently only used to generate the long name format in SFTP file responses.
o Authentication protocol should not send a completed authentication method in the list of methods that can continue in a partial authentication success message.
o Possible race condition in new SftpSubsystem shutdown process causes SFTP connection to hang upon close.
o Allow zero length file flag set to false can incorrectly delete a file that had previously existed if the client opened and closed without reading/writing from the file).
o onChannelClosed not called when channel is closed due to unexpected connection shutdown.
o Possible deadlock scenario in Channel.close and ConnectionProtocol.stop and processQueuedData

--------------------------------

SSHD Maverick 1.4.41 - Oct 24, 2012

Bug Fixes
o SftpFile is now initialized with absolute path in readDirectory operations. This is for internal processing only, the filename sent to the client is still the name of the file relative to the directory as per specification.
o Newly opened channel is closed incorrectly under load by the previous owner of the channel id calling close a second time.
o Failed transfer events at SFTP subsystem close now have open file handle SSHDEventCodes.ATTRIBUTE_HANDLE attribute.
o A condition exists where a SocketForwardingChannel is able to send data out of sequence if last message in queue is not entirely sent on first attempt.
o Maximum number of connections are tracked globally but each SshContext can have its own unique distinct setting. Connections are now tracked by context.
o SFTP subsystem asynchronous operations thread could be ended prematurely causing transfer to end in error.
o SocketForwardingChannel fails to request write operation after queuing data.

--------------------------------

SSHD Maverick 1.4.40 - Sept 19, 2012

Features
o Added restart method to Daemon. Optional 'graceful' restart option allows server to stop accepting connections but continue to service existing connections. After all connections have closed (or a forced maximum time limit) the restart is performed.
o AES-128-CBC encryption now supported in OpenSSH private key files.

Bug Fixes
o Ensure SelectionKey.cancel is called in shutdown to prevent Windows JRE from keeping listening port open.
o Removed erroneous info log statement in SocketConnection to debug log.

--------------------------------

SSHD Maverick 1.4.39 - Sept 3, 2012

Features
o Added support for diffie-hellman-group-exchange-sha256
o Ability to change default hash algorithm for SSH key fingerprints.

Bug Fixes
o Discovered race condition in transport protocol state when client sends SSH identification string and key exchange initialization packet before waiting for the server's SSH identification string.
o ConnectionManager use of sessionid is subject to system default character encoding allowing potential clashes resulting in incorrect number of connections reported.

--------------------------------

SSHD Maverick 1.4.38 - June 28, 2012

Features
o Flag added to SshContext to disallow zero length file upload.

Bug Fixes
o X509 DSA certificate fails to be initialized from public key blob.

--------------------------------

*************************
IMPORTANT NOTICE
*************************

This release contains a fix for a vulnerability discovered in the DSA implementation within the standalone cryptographic provider and it is advised that all users upgrade if their configuration has been modified to use the standalone cryptographic provider. The vulnerability can be used to discover the private key of a server using techniques outline at http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

Maverick SSHD 1.4.6 or greater defaults to using the JCE cryptographic provider and in its default configuration is outside the scope of this vulnerability.

This affects you if you are using a version less than 1.4.6 OR a more recent version that you have explicitly set either of the following system properties to a value of 'true' to activate the standalone provider:

-Dcom.maverick.sshd.components.ServerComponentManager.tryStandaloneCryptographyBeforeJCE=true

-Dcom.maverick.ssh.components.ComponentManager.tryStandaloneCryptographyBeforeJCE=true

If you require any advise on this issue please contact support@javassh.com

SSHD Maverick 1.4.37 - June 9, 2012

Bug Fixes
o Possible deadlock scenario fixed in TransportProtocol when thread attempts to post message whilst socket is closing.
o SCP transfer fails with file not found when file exists on the system and path is correct.
o Unexpected disconnection of session during SFTP transfer can potentially cause NullPointerException.
o Diffie hellman components not fully utilising JCE key agreement algorithm.
o Vulnerability in internal cryptographic DSA provider fixed. http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

--------------------------------

SSHD Maverick 1.4.36 - May 1, 2012

Bug Fixes
o Fixed issue with forwarding channels causing excessive CPU usage in some close scenarios.

--------------------------------

SSHD Maverick 1.4.35 - Feb 8, 2012

Features
o newline@vandyke.com SFTP extension added.

Bug Fixes
o SessionChannel "exec" event fired incorrect event id.
o Exception message not passed to client in SSH_FXP_REALPATH response.

--------------------------------

SSHD Maverick 1.4.34 - Sep 14, 2011

Bug Fixes
o onChannelClose not called when connection is disconnected before remote SSH_MSG_CHANNEL_CLOSE is received.
o TransportProtocol selectNegotiatedComponent made more tolerant of spaces in algorithm strings.
o Uninitialised GSSAPI module causes connection error, GSSAPI must be added explicitly if you want to support it. To do this add context.supportAuthenticationMechanisms().add("gssapi-with-mic", Class.forName("com.maverick.sshd.GSSAPIWithMICAuthentication")); in your Daemon.configure method.
o Virtual File System path canonicalization causes file not found errors with symbolic links with targets outside of valid mount paths. Use system property -Dmaverick.alternativeCanonicalize=true to enable a change in behaviour that allows these to be resolved whilst still maintaining mount security.




--------------------------------

SSHD Maverick 1.4.33 - Jun 3, 2011

Features
o gssapi-with-mic authentication method added.
o Added support for MD5 signatures in RSA certificates.

Bug Fixes
o SFTP subsystem attempts to send exit code after channel is closed causing NullPointerException.
o ExecutableCommand race condition causing data to potentially be sent prior to completion of 'exec' or 'shell' SSH_MSG_CHANNEL_REQUEST_SUCCESS message.
o Optional workaround added for JDK bug 4640544 that prevents NIO non-blocking socket from binding on windows. Set -Dmaverick.windowsIpv6Workaround=true to activate.
o File transfers not completed at connection close do not have any failed transfer events fired.
o AuthenticationProvider translation of session id into string can potentially cause NativeAuthenticationProvider.logoffUser() call to be skipped due to duplicate session id strings.


--------------------------------

SSHD Maverick 1.4.32 - Feb 7, 2011

Features
o Added methods to load keystore from InputStream and to allow store type to be specified.
o Added support for hmac-sha256.
o Added support for x509v3-sign-dss public/private keys & certificates.

Bug Fixes
o SFTP subsystem formats UID/GID integer values in ls -l operation. Added methods to SftpFileAttributes so that username/group strings can be added, many clients will show these instead of the UID.GID values when listing directories.
o x509v3-sign-rsa made compatible with older version of specification.
o Bad SSH client can cause OOM in SFTP operation by sending large number of read requests without releasing window space for the server to return the data requested. Default behavior of SftpSubsystem has subsequently been changed to require an asynchronous operation thread to ensure that reads are not performed before window space on the client is available. It is recommended that all users keep the default behavior and remove any calls to SshContext.setAsynchronousFileOperations
o EVENT_SFTP_DOWNLOAD_COMPLETED in some circumstances may not have been triggered.
o NativeFileSystemProvider.closeFilesystem does not get called in some scenarios.


--------------------------------

SSHD Maverick 1.4.31 - Sep 16, 2010

Features
o Added missing hmac-md5-96 and hmac-sha1-96 HMACs to JCE provider.

Bug Fixes
o Exception caught in SelectorThread ends operation of thread, RuntimeException is not logged and causes thread to stop without warning. All Exceptions are now consumed and logged.
o SCP get operation fails to reset session state, causing download failures if transfer takes longer than session timeout period.
o Session channel sends SSH_MSG_CHANNEL_CLOSE on command/session execution failure before sending SSH_MSG_CHANNEL_FAILURE causing a potential deadlock scenario with J2SSH Maverick.


--------------------------------

SSHD Maverick 1.4.30 - Jul 14, 2010

Bug Fixes
o Discovered race condition in transport protocol state when client sends SSH identification string and key exchange initialization packet before waiting for the server's SSH identification string.
o Added additional checks to ensure SFTP asynchronous operation thread is closed in a timely fashion.
o Changed window space renewal strategy to work around Ipswitch WS_FTP inability to respond to window space adjustment when window space gets lower than the maximum packet size.


--------------------------------

SSHD Maverick 1.4.29 - May 24, 2010

Features
o addMount method to VirtualFileSystem to allow extension on a per instance basis by overriding init method and calling addMount after super.init

Bug Fixes
o ConnectionProtocol synchronization causes deadlock under race condition when external thread closes channel.
o Order of channel request response and issuing of window space changed to resolve connectivity issue with Ipswitch WS-FTP client.
o Option added to NativeAuthenticationProvider to throw PasswordChangeException during password change to ensure keyboard-interactive authentication does not require user to re-enter original password again.
o Message can now be passed through to PasswordChangeException constructor for display in keyboard-interactive authentication.
o Number of failed password change attempts limited to 3 for each keyboard-interactive authentication cycle.


--------------------------------

SSHD Maverick 1.4.28 - Mar 26, 2010

Bug Fixes
o Added VirtualFileSystem call to PermissionHandler.canRead in getAttributes to ensure user has
access to file.


--------------------------------

SSHD Maverick 1.4.27 - Feb 12, 2010

Bug Fixes
o Channel close synchronization causes deadlock when another thread attempts to issue window
space after posting data.
o Added check to ensure no queued data exists before closing channel.
o Added null check on session when initialization fails; NullPointerException could be thrown
if client disconnects prior to initialization completing.
o Formatted attributes sent in SFTP protocol uses 12hr instead of 24hr time format.
o VirtualFileSystem StackOverflowError after invalid path is received from client.
o Added Option for NativeFileSystemProvider to return -1 rather than throw EOFException to indicate
end-of-file in file reads.
o Changed SftpSubsystem asynchronous operation thread to notify waiting threads with notifyAll
instead of notify
o VirtualFileSystem now attempts to force remaining writes to disk before closing file.


--------------------------------

SSHD Maverick 1.4.26 - Dec 30, 2009

Bug Fixes
o Uninitialised SecureRandom instance causes slow start-up due to delayed seed generation.
o Forwarding channel sends EOF in response to remote socket close before writing remaining
queued data to channel.
o TransportProtocol synchronization causes deadlock with ConnectionProtocol when multiple
connections attempt to communicate internally across threads.


--------------------------------

SSHD Maverick 1.4.25 - Dec 9, 2009

Bug Fixes
o EventServiceImplementation made thread safe.
o HashMap use converted to ConcurrentHashMap in areas where multiple threads could
potentially access the Map concurrently.
o SessionChannel.evaluateWindowSpace changed synchronization from Channel.this to
Channel.localWindowLock
o Standalone hmac-sha96 implementation broken.


--------------------------------

SSHD Maverick 1.4.24 - Nov 16, 2009

Bug Fixes
o Incorrect operator usage in standalone cryptography provider implementation of
Diffie Hellman key exchange could generate and use algorithm values that do not
conform to key exchange specification.


--------------------------------

SSHD Maverick 1.4.23 - Nov 9, 2009

Bug Fixes
o License error is logged but should be thrown from Daemon.startup.
o SCP command can potentially leave thread running if session is closed uncleanly.
o Virtual File System sends real path information back to client in some error messages.


--------------------------------

SSHD Maverick 1.4.22 - Aug 25, 2009

Bug Fixes
o Server fails to send disconnect message before disconnect socket.


--------------------------------

SSHD Maverick 1.4.21 - Aug 7, 2009

Bug Fixes
o UNC paths as mounts do not work
o Removed info level logging from ByteBufferPool.


--------------------------------

SSHD Maverick 1.4.20 - Aug 6, 2009

Bug Fixes
o Added debug jar file for each version of release jar.
o Fixed security issue with VirtualFileSystem mounts that use partial matching names.


--------------------------------

SSHD Maverick 1.4.19 - Jul 29, 2009

Features
o Added method to enable 'none' cipher in ServerComponentFactory.
o Added AES and 3DES CTR mode ciphers to JCE cryptography provider.



--------------------------------

SSHD Maverick 1.4.17 - Jul 13, 2009

Bug Fixes
o Transport protocol fails to process socket data remaining in buffer after
a request for an immediate write operation.
o Low socket buffer causes corrupt mac on input errors.


--------------------------------

SSHD Maverick 1.4.16 - Jul 2, 2009

Bug Fixes
o Transport protocol fails to process socket data when received length is
less than current cipher block size.


--------------------------------

SSHD Maverick 1.4.15 - Jun 24, 2009

Bug Fixes
o Socket disconnects no longer logged as error.


--------------------------------

SSHD Maverick 1.4.14 - Jun 18, 2009

Bug Fixes
o Erroneous log statement removed from Channel.java



--------------------------------

SSHD Maverick 1.4.12 - Jun 9, 2009

Features
o Added DaemonContext method to remove an active listening interface at runtime.

Bug Fixes
o Outgoing packet counter uses incorrect value causing key exchange to be performed
too often.
o Fixed keep alive logic adding new keepAliveInterval and keepAliveDataMaxLength
properties to SshContext to allow configuration of length and timing of keep alive
packets.


--------------------------------

SSHD Maverick 1.4.11 - May 8, 2009

Bug Fixes
o Fixed issue with custom default JCE provider not implementing secure random
algorithm. API now defaults back to system default.


--------------------------------

SSHD Maverick 1.4.10 - Apr 17, 2009

Features
o Added arcfour, arcfour128 and arcfour256 ciphers to JCE provider.

Bug Fixes
o Channel close event fails to fire in unclean client disconnect causing
memory leak in IdleStateManager.
o Write state gets out of sync with client causing connection stalls.
o Added session identifier attribute to fired events.
o Forwarding channel data queue not limited causing potential memory errors
and performance problems


--------------------------------

SSHD Maverick 1.4.9 - Mar 18, 2009

Bug Fixes
o When preferred public key is not loaded the server still reports algorithm as supported
to connecting clients causing connection errors when clients select the unsupported
algorithm.


--------------------------------

SSHD Maverick 1.4.8 - Feb 14, 2009

Bug Fixes
o X509 public key implementation fails signature validation due to incorrect algorithm
name in public key blob.
o Race condition in ScpCommand causes potential data corruption in SCP get operations.


--------------------------------

SSHD Maverick 1.4.7 - Jan 7, 2009

Features
o Added new jar files that excludes all J2SSH Maverick client code to help resolve issues
when using both APIs on the same classpath. Just include maverick-all.jar from J2SSH in your
classpath and use SSHD jar file that ends in no-j2ssh.jar

Bug Fixes
o Server sends SSH_MSG_UNIMPLEMENTED in response to clients SSH_MSG_UNIMPLEMENTED.
o Required authentication set to "password" takes no account of password over keyboard-interactive.
o Connection hangs when client guesses first key exchange packet correctly.


--------------------------------

SSHD Maverick 1.4.6 - Dec 12, 2008

Features
o Added idle connection timeout option to SshContext.
o Support for keyboard-interactive authentication added through new
com.maverick.sshd.platform.KeyboardInteractiveProvider interface.
o Event service implementation now extends interfaces in J2SSH Maverick making it possible to
share an event service implementation across both products.

Bug Fixes
o ServerComponentManager can throw NullPointerException in cases where multiple servers
are created at the same time in the same JVM.
o VirtualFileSystem fails with NoClassDef error when using JCE only jar files.
o WS_FTP Professional ignores window space and sends data that exceeds current window.
Workaround added to ensure minimum window space is always above packet size used by WS_FTP.
o SFTP asynchronous operation thread causes deadlock due to incorrect synchronization
o Writable flag in SocketConnection set outside synchronization block causing output to hang temporarily.
o X509 not automatically supported when running JCE cryptography provider.


--------------------------------

SSHD Maverick 1.4.5 - Oct 17, 2008

Bug Fixes
o Disconnect message does not shutdown connection immediately in key exchange.


--------------------------------

SSHD Maverick 1.4.4 - Oct 12, 2008

Features
o Added diffie-hellman-group-exchange-sha1 to JCE provider.

Bug Fixes
o Component factory test to verify key exchange is supported by JCE can return incorrect state.
o Server Component factory initializes CTR mode cipher with CBC mode causing disconnection errors.


--------------------------------

SSHD Maverick 1.4.3 - Aug 27, 2008

Bug Fixes
o Tunnel channels pause due to threading issue.
o JCE only environment fails with NoClassDefError on com/maverick/crypto/digest/Hash.
o AuthenticationProvider: added null check in getHomeDirectory
o SocketConnection: added limit check to processWriteEvent to avoid calling socketChannel.write with no data
o VirtualFileSystem: added SecurityException try catch block, and null check for the com.maverick.sshd.vfs.VFSRoot system property in init().
o Fixed logging ClassCastException when parameter not a string


--------------------------------

SSHD Maverick 1.4.2 - Jul 23, 2008

Features
o ServerComponentManager: init() no longer overrides the createInstance() methods of each of the factories
o SshContext: constructor no longer overrides createInstance when creating the compression factories.
o TransportProtocol: moved the if(!name.equals(COMPRESSION_NONE)) from the SshContext constructor to the sendKeyExchangeInit() method so that the condition is checked once instead of twice.
o ServerComponentManager: added static setPerContextAlgorithmPreferences() and getPerContextAlgorithmPreferences methods.
o SshContext: now supports per instance algorithm preferences.

Bug Fixes
o Added correct examples


--------------------------------

SSHD Maverick 1.4.1 - Jul 09, 2008

Features
o DaemonContext: added setProduct method that allows the a product name to be set that is used to prefix thread names, the default for this is now "SSHD-"
o Daemon: now prefixes thread names with the product name set in the DaemonContext
o DaemonContext: Changed addEventListener and removeEventListener methods to take a String threadPrefix parameter that allows listeners to be registered that will only listen to threads who's name starts with this string.
o DiffieHellmanGroups: new class to store the safe primes for DH key exchanges.
o DiffieHellmanGroup14Sha1: Added now that there is better code safety to prevent seemingly random errors when JCE'S are used that do not support it.
o DiffieHellmanGroup1Sha1JCE, DiffieHellmanGroup14Sha1JCE, DiffieHellmanGroup14Sha1Server and DiffieHellmanGroup1Sha1Server: have been tweaked to improve performance.
o DiffieHellmanGroupExchangeSha1Server: added this key exchange algorithm to the standalone provider
o JCEServerComponentManager: now tests each of the keyexchange algorithms before adding them to the list of supported algorithms, if the jce does not support the algorithm or the keysize it will not be added.
o TransportProtocol: moved warning that the authentication provider is not set from onSocketClose to SshContext.init().
o ServerComponentManager: changed to catch SecurityException on call to System.getProperty().
o SocketConnection: added getPort() method.
o SshContext: added GenerateKeyFiles() method.
o StandaloneServerComponentManager: Added aes128-ctr, aes192-ctr, aes256-ctr ciphers.
o SshContext: added setForwardingCallback() and getForwardingCallback() methods.
o Cleaned up the DH key exchanges and moved the primes to a new com.maverick.components.DiffieHellmanGroups class.

Bug Fixes
o Channel: isRemoteEOF is now set when the remote end of the tunnel goes EOF
o ConnectionProtocol: fixed bug in workaround in stop() for clients that send disconnect before channelclose, that caused the state of the channel to not be set to closed
o ConnectionProtocol: removed empty private jbInit() method and the call to it in the constructor.
o ConnectionProtocol: added calls to ConnectionManager to register and unregister connections.
o ConnectionManager: added back in, as was missed out of 1.4.0 release.
o ConnectionManager: getConnection(byte[] sessionid) and getTransport(byte[] sessionid) now check if the provided sessionid is registerd, and return null if it isn't instead of throwing a NullPointerException.
o DaemonContext and Daemon: now support IPV6.
o DaemonContext: removed useless getProtocolContext() method.
o Jars: Fixed problem with manifests that prevented them from being verified once signed using "jarsigner".
o LocalForwardingChannel: removed unused idle() method.
o PasswordAuthentication: removed unreachable catch block from the init() method.
o PublicKeyAuthentication: removed unreachable catch block from the init() method.
o RemoteForwardingChannel: optimized createChannel() method.
o RemoteForwardingChannel: fixed a bug where connections to the start of a remote forwarding tunnel that were rejected by the end of the tunnel were not closed.
o Selector Thread: closeAllChannels(), fixed to call correct close methods to prevent memory leaks when server is shutdown whilst there are connections still active.
o SftpSubsystem: onSubsystemFree(), fixed to close the NFS to prevent memory leaks when server is shutdown whilst there are connections still active.
o SocketForwardingChannel: synchronized accesses to queue.
o SocketForwardingChannel: fixed registrationCompleted() so that all messages received during registration are processed rather than just the first.
o SocketForwardingChannel: fixed java.lang.ClassCastException: java.nio.HeapByteBuffer caused by incorrect cast when high activity causes data to be sent before registration is completed.
o SshContext: fixed loadKeystore() method so that exceptions caused by unsupported algorithms are thrown not swallowed.
o SshContext: removed unused private loadReflectionCipher() method.
o TransportProtocol: removed unused i variable in negotiateProtocol.
o TransportProtocol: removed unused method and field - getLastError() and lastError.
o TransportProtocol: added getRemotePort(), getLocalAddress(), getLocalPort() methods.
o VirtualFileSystem: removed unused package-private startsWithIgnoreCase() method.
o VFSMount: class was package-private, but methods were public, changed methods to be package-private
o Updated copyright headers
o Cleaned code style.


--------------------------------

SSHD Maverick 1.3.4 - May 15, 2008

Features
o AbstractComponentFactory: Recoded so that algorithm lists can be fully ordered, there is now a new changePositionofAlgorithm method which facilitates this.
o ConfigurationContext: Added addEventListener and removeEventListener methods for use with the new logging event model.
o ConfigurationContext: Changed setAuthenticationProvider to accept an instance of AuthenticationProvider rather than an AuthenticationProvider class
o ConnectionProtocol: Added workaround to the stop() method for clients that send disconnect before channelclose to ensure that channels are cleaned.
o ServerComponentManager: Recoded ServerComponentManager,SshContext so that ciphers and macs can have independent preferences for Server->Client and Client->Server communications.
o ServerComponentManager: com.maverick.sshd.components.ServerComponentManager.java now tries JCE first if the com.maverick.sshd.components.ServerComponentManager.tryStandaloneCryptographyBeforeJCE is set to false otherwise Standalone is tried first, this allows the choice to use JCE or Standalone cryptography to be made programatically instead of by changing the classpath or creating a class loader.
o SessionChannel: added setMaxWindowSpace(int minSizeMultiple) method which allows the MAX_WINDOW_SPACE to be set to a multiple of MIN_WINDOW_SPACE.
o SshDaemon: added new method com.maverick.sshd.SshDaemon.loadOrGenerateHostKey(File, String, int, ConfigurationContext, int, int, String) that allows the servers host key to be passphrase protected
o VirtualFileSystem: now logs an error if the vfs root path is not a directory or does not exist
o Added AES192CBC and AES256CBC ciphers.
o Removed DiffieHellmanGroup14Sha1 until better code safety can be added when JCES are used that do not support it.
o All logging has been changed to use an event model. Important events have their own event codes,
less important events are wrapped using EventLog and use the "log event" code or the "debug" event code.
o TransportProtocol: Added getLocalPort, getLocalAddress and getPort methods.

Bug Fixes
o Channel: removed parameter from Channel.evaluateWindowSpace as it was not used in SessionChannel.
o ForwardingChannel: replaced evaluateWindowSpace's argument with localwindowWithPending to match SessionChannel.
o ForwardingChannel: fixed synchronization issue by synchronizing accesses to "queue".
o ForwardingChannel: fixed deadlocking issue in the setInterestedOps() method.
o SessionChannel: removed parameter from SessionChannel.evaluateWindowSpace as it was not used.
o TransportProtocol: internalDisconnect() now sets the socketChannel to null
o Fixed the word occurred which was misspelt as occured.


--------------------------------

SSHD Maverick 1.3.3 - Sep 19, 2007

Features
o AuthenticationProvider: Added logon method that takes the clients public key as a parameter
o AuthenticationProviderChanged logon(byte[], String, SocketAddress, SshPublicKey) to
logon(byte[], String, SocketAddress, SshPublicKey, boolean).
If the new parameter is true then if provider.logonUser returns true, the pendingUser is not added to the list of current users.
o AuthenticationProvider: Added getAuthenticationStatus() method to
to allow authentications to set an SshAuthenticationStatus variable when a simple boolean successful is inadequate.
o ConfigurationContext: Added setFileSystemProvider_KeyStore() method to allow the NFS for the KeyStore to be different from that passed to setFileSystemProvider().
o NativeAuthenticationProvider: Changed logonUser(byte[], String, SocketAddress, SshPublicKey) to
logonUser(byte[], String, SocketAddress, SshPublicKey, boolean).
The new parameter indicates whether the client is checking whether their key is acceptable
or they are attempting to logon.
o NativeAuthenticationProvider: Added getAuthenticationStatus() method to allow authentications
to set an SshAuthenticationStatus variable when a simple boolean succesful is inadequate.

Bug Fixes
o TransportProtocol.internalDisconnect() now doesn't fail if the AuthenticationProvider is not set.
o AuthenticationProvider.getHomeDirectory() now throws an IOException if the users home directory does not exist.
o Changed com.maverick.ssh.components.AbstractComponentFactory.createDelimitedList(String preferred, Enumeration names)
so that if the preferred component is not contained within the enumeration, it is not prepended to the list.


--------------------------------

SSHD Maverick 1.3.2 - Aug 13, 2007
Features
o Changed com.maverick.sshd.vfs.VirtualFileSystem: slight code optimisations

Bug Fixes
o Changed com.maverick.nio.DaemonContext.setPermanentConnectThreads() so that it uses the permanentthreads parameter rather than the transferthreads paramater
o Changed com.maverick.sshd.ConnectionProtocol.processChannelClose, ConnectionProtocol.processChannelOpenConfirmation ConnectionProtocol.processChannelOpenFailure to synchronized
to fix a synchronization issue.
o Changed com.maverick.sshd.vfs.VirtualFileSystem.makedirectory to be consistent in the path type it sends to permissionhandle.canwrite
o Changed com.maverick.sshd.vfs.VirtualFileSystem: fixed removeFile() so that it calls canWrite() to check permissions before deleting.


--------------------------------

SSHD Maverick 1.3.0 - Feb 12, 2007

Features
o API can now be used exclusivley with the Java Runtime JCE provider, or alternativley
the internal provider. Simply select the maverick-sshd-jce-only.jar file if you want to use
the JCE exclusivley, or maverick-sshd-standalone-only.jar if you want to use the internal
provider. The maverick-sshd.jar contains all implementations and will default to the
internal provider.

Bug Fixes

o AuthorizedKeysStoreImpl.java now passes the attributes of the authorizedKeysFile to nfs.openFile() instead of passing an empty set of attributes.


--------------------------------

SSHD Maverick 1.2.14 - Nov 28, 2006

Features
o SshDaemon startup method additional option to shutdown if any interface fails to bind.
o Added option to clear a ConfigurationContext component factory.
o Added additional loadOrGenerateHostKey method that allows key format to be set.

Bug Fixes
o VFSPermissonHandler interface does not provide getPermissions method with username parameter
o Shutdown method throws NullPointerException if server is not started correctly.
o Shutdown method ensures all threads are exited before returning.


--------------------------------

SSHD Maverick 1.2.13 - Sep 18, 2006

Features
o Added methods to SshDaemon to return the version and release date of the product.
o Support for x509v3-sign-rsa and x509v3-sign-rsa-sha1 certificates

Bug Fixes
o Added getter/setter method to ConfigurationContext to allow "Too many connections" text to
be changed.
o Added PermissionDeniedException to getFileAttributes methods.
o Non ascii characters in folder name causes "The handle is invalid" error.
o Canonicalization of paths may cause double // in path in log files.
o File system last modified date is out of bounds on rare occasions causing
fatal errors when listing folders which contain these files. Check added to
prevent fatal error.


--------------------------------

SSHD Maverick 1.2.12 - Aug 8, 2006

Features
o Added diffie-hellman-group14-sha1 key exchange as per SSH Transport Protocol specification. This
implementation exists in both the internal crypto provider and JCE formats although it should be
noted that the default SUN reference JCE provider does not support 2048 bit primes required by
this key exchange method. The BouncyCastle JCE provider (www.bouncycastle.org) does and has been
used to test this algorithm works with JCE enabled.

Bug Fixes
o Added system property "filezilla.bug.workaround" to help workaround an issue with Filezilla
SFTP client 2.2.11. This version fails to respond to SSH_MSG_WINDOW_ADJUST after SFTP channel
is opened
o Reordered SelectorThreadPool creation to avoid accept threads accepting clients before transfer
pool is initialized.
o ConcurrentModificationException thrown during shutdown if client attempts to connect.


--------------------------------

SSHD Maverick 1.2.11 - Jul 22, 2006

Features
o Additional option to allow KEX for denied connections. This helps the client recieve a correct
disconnection message rather than connection termination.
o New ConnectionManager singleton class added to provide lookup of TransportProtocol and ConnectionProtocol
objects based upon the sessionid.

Bug Fixes
o Server passes all SSHredder vulnerability checks (http://www.rapid7.com/info/sshredder.html)
o Solaris 9 OP_CONNECT is never selected for loopback address.
o addListeningInterface fails to accept IPV6 address.
o SelectorThread fails to remove itself from the thread pool when thread exits.


--------------------------------

SSHD Maverick 1.2.10 - Jun 8, 2006

Features
o Maximum number of concurrent connections setting added to ConfigurationContext.
o Framework changes to allow LocalForwardingChannel and RemoteForwardingChannel to be overidden.

Bug Fixes
o Client hangs after access manager refuses to allow connection.
o Disconnection of clients in rare circumstances could cause session leaking.
o JCE ciphers returning null for zero length transformation causes connection failure.
o Added support for UTF-8 licenses.


--------------------------------

SSHD Maverick 1.2.8 - Jul 22, 2005

Bug Fixes
o SSH key fingerprint uses incorrect algorithm.
o Transport protocol fails with large number of padding bytes


--------------------------------

SSHD Maverick 1.2.7 - Jun 24, 2005

Features
o ConfigurationContext options to set socket option SO_REUSEADDR

Bug Fixes
o SCP filename pattern matching implementation changed to solve some compatibility issues.
o Public key authentication was ignoring the boolean value returned from NativeAuthenticationProvider logon.


--------------------------------

SSHD Maverick 1.2.6 - Jun 1, 2005

Features
o Configuration item added to allow a limit to be placed on the number of public key verification
attempts made by a client.

Bug Fixes
o SCP now handles escaped spaces in filenames, for example "foobar\ barfoo"
o Server shutdown failed to close selector correctly resulting in socket maintaining a listening state.
o Shutdown fails to free channels and call associated cleanup methods.
o Some servers suffer from big difference in Inbound vs Outbound performance.


--------------------------------

SSHD Maverick 1.2.5 - May 4, 2005

Bug Fixes
o Files transfered over SCP become corrupted
o AuthenticationProvider getHomeDirectory called with null username value.


--------------------------------

SSHD Maverick 1.2.4 - Apr 22, 2005

Features
o Configuration items for setting SO_KEEPALIVE and TCP_NODELAY on connected sockets.
o Option to override the default SFTP character set.
o PublicKeyStore interface added to allow customization of the public key authentication mechanism.
o NativeFileSystemProvider closeFilesystem method added and initialization contract changed.
o Further optimization to ensure faster throughput of data
o Server options to force key exchange after n packets or n bytes of data

Bug Fixes
o SCP directory uploading creates unexpected path structure.
o SFTP character set incorrectly defaulted to UTF-8.
o NativeFileSystemProvider readDirectory EOFException causes SCP error.
o SCP fails to upload directory
o Public key authentication fails to validate public key algorithm causing OutOfMemoryError
o SFTP does not read as many bytes from file as the client requests.


--------------------------------

SSHD Maverick 1.2.3 - Feb 24, 2005

Bug Fixes
o Server fails to respond to SFTP extension messages.


--------------------------------

SSHD Maverick 1.2.2 - Jan 28, 2005

Features
o Added onChannelClosing event to ChannelEventListener/ChannelEventAdapter

Bug Fixes
o Compression failure when using OpenSSH scp client
o Session timeout fails with ConcurrentModificationException
o Added exit code to SftpSubsystem client
o Fixed null username being passed into getHomeDirectory
o Termination of scp/sftp transfer was not disconnecting correctly if socket terminates in processWriteEvent
o SCP buffer overflow causes disconnection


--------------------------------

SSHD Maverick 1.2.1 - Jan 13, 2005

Bug Fixes
o AuthenticationProvider getRemoteAddress method fails to return address
o Uploading of files over SCP with compression causes client failure
o SCP thread fails to exit when a channel error occurs
o NPE when SCP attempts to close a channel thats already closed
o onChannelClosing is called after state is set to close
o Disconnecting of transport logs off user before closing all channels
o SCP client interrupt fails to free channel correctly


--------------------------------

SSHD Maverick 1.2.0 - Jan 11, 2005

Features
o Option to use external JCE - you can now optionally use an external JCE provider
for the following algorithms Blowfish, DESede, MD5, SHA1, SHA1withRSA, SHA1withDSA,
RSA, DSA and DH (Diffie Hellman).
o startup method added to SshDaemon and constructor behaviour changed to require
added method to be called to start the service.
o NativeAuthenticationProvider interface updated to provide session id with all
method calls.
o Cleaned up session channel onChannel* event methods and removed final statements
to allow implementations greater flexibility - always call the super method if
you override.
o AccessManager refactored to include several more security checks and to provide
additional parameters for greater control.
o Option in ConfigurationContext to force all active remote forwarding tunnels to
close when a user cancels a remote forwarding listener.
o Option to buffer channel data and associated methods to block external threads
attempting when they attempt to add more data than is available in the buffer
o Session timeout option
o Remote ip address now passed into NativeAuthenticationProvider

Bug Fixes
o SCP race condition causes file corruption
o Password authentication password change fails
o Public key authentication throws OutofMemoryError
o Port forwarding channels fail to send queued data when channel closes
o Forwarding channel data received before selector thread registration causes NPE
o When client disconnects the server is still bound to remote forwarding addresses
o Failed connection state causes logoffUser to be called with NULL session id
o Race condition in RemoteForwardingChannel causes Socket to remain open
o Removal of remote forwarding listeners throws modification exception
o Closing of port forwarding channel causes deadlock of the connection
o SCP thread doesnt exit after file upload
o Failed socket bind causes server to shutdown even if other lstening interfaces are active


--------------------------------

SSHD Maverick 1.1.1 - Oct 14, 2004

Features
o Added methods to TransportProtocol and ConnectionProtocol to return the local
address in use for an individual connection

Bug Fixes
o OutOfMemoryError thrown with large files 2GB+ when using SCP. Deprecated existing
NativeFileSystemProvider method readFile and replaced with readFile method that
takes a buffer to avoid excessive allocation of memory.


--------------------------------

SSHD Maverick 1.1.2 - Oct 14, 2004

Features
o Added getConnection method to Channel to return the associated ConnectionProtocol
instance.
o NativeFileSystemProvider init method changed to take SessionChannel rather than
the sessionid. This provides access to session level properties such as sessionid
and via the ConnectionProtocol the ip of the connected host.


Bug Fixes
o readFile reads more data than the client has requested. Changed the interface to
include the number bytes required by the client.


--------------------------------

SSHD Maverick 1.1.0 - Sep 14, 2004

Features
o Software/Version/Comments field of the SSH identification string can now be modified to
show implementation specific information
o Each instance of SshDaemon can now listen on multiple interfaces for connections
o loadOrGenerateHostKey utility method added to SshDaemon
o Configure an ExecutableCommand as the default session
o ExecutableCommand abstract class added to provide support for individual command execution
o SCP support added as an implementation of ExecutableCommand
o LogoffUser method added to NativeAuthenticationProvider
o Rewritten socket selector to only register OP_WRITE as an when needed. This provides better
performance and removes the high CPU usage problem and removes a the third party dependency.
o Rewritten threading model to better distribute the load between available threads. An additional
option is now provided to enable the maximum number of selectors per thread to be set.
o Thread settings can now be set using the ConfigurationContext.

Bug Fixes
o Forwarding channels made thread safe
o SessionChannel hangs on failed command
o RSA host key signature fails when key is loaded from file



--------------------------------

SSHD Maverick 1.0.3 - Jul 20, 2004

Bug Fixes
o Shutdown method not available in SshDaemon causing possible net bind errors. A Runtime hook
has been added to call this method when the VM exits but it is recommended that implementations
provide a more reliable method of calling the method when the server requires to be shutdown.


--------------------------------