The major flaw found in Log4J, a Java logging API, has had a lot of focus this week, and security experts and IT teams have been scrambling to ensure their web servers are not vulnerable. Amid all this craziness, we should not forget that Enterprise Java Software is not limited to the world of HTTP […]
Log4Shell and the Maverick Java SSH APIs
Log4Shell CVE-2021-44228 describes a remote code execution vulnerability in Log4J 2. We can confirm that our Maverick Java SSH APIs do not depend on Log4J 2, and we do not distribute the affected versions with our APIs as a third-party dependency. However, using these versions with our library through the SLF4J facade we use to […]
Managed Security in our Java SSH APIs
The latest Maverick Legacy 1.7.27 releases include a new concept called Managed Security. This update introduces several changes under the hood to ensure that usage of the APIs maintains the highest possible security whenever possible. We introduced a set of security levels to classify the algorithms we support. As a developer, you can now fix […]
What impact will OpenSSH disabling SSH-RSA signatures have on Maverick Java SSH API
With the release of OpenSSH 8.2 last week, the project announced that they would disable ssh-rsa signatures in a future version. I thought it would be paramount to update our API users on what this means in practice and how it will impact your implementations. Why are SSH-RSA signatures being disabled? OpenSSH has decided to […]
Java SSH and the new OpenSSH Private Key Format
With the release of OpenSSH 7.8, the default private key format for private keys generated from ssh-keygen has changed from OpenSSL-compatible PEM files to a custom key format created by the OpenSSH developers. At the time of writing, most open-source Java SSH APIs will need the keys to convert back to the old format before […]