Log4Shell CVE-2021-44228 describes a remote code execution vulnerability in Log4J 2. We can confirm that our Maverick Java SSH APIs do not depend on Log4J 2, and we do not distribute the affected versions with our APIs as a third-party dependency. However, using these versions with our library through the SLF4J facade we use to […]
The latest Maverick Legacy 1.7.27 releases include a new concept called Managed Security. This update introduces several changes under the hood to ensure that usage of the APIs maintains the highest possible security whenever possible. We introduced a set of security levels to classify the algorithms we support. As a developer, you can now fix […]
With the release of OpenSSH 8.2 last week, the project announced that they would disable ssh-rsa signatures in a future version. I thought it would be paramount to update our API users on what this means in practice and how it will impact your implementations. Why are SSH-RSA signatures being disabled? OpenSSH has decided to […]
With the release of OpenSSH 7.8, the default private key format for private keys generated from ssh-keygen has changed from OpenSSL-compatible PEM files to a custom key format created by the OpenSSH developers. At the time of writing, most open-source Java SSH APIs will need the keys to convert back to the old format before […]