- 0.2.22
- Add support for sntrup761x25519-sha512 KEX algorithm.
- Add support for mlkem768x25519-sha256, mlkem768nistp256-sha256 & mlkem1024nistp384-sha384 KEX algorithms.
- #739 fix SignatureECDSAN destroying private key
- 0.2.21
- #692 Update Deflate.java by @mjmst74.
- 0.2.20
- 0.2.19
- Enforce DHGEX prime modulus bit length meets configured constraints.
- #604 Fix possible rekeying timeouts.
- 0.2.18
- #565 Handle negated patterns according to ssh_config(5) by @bmiddaugh.
- 0.2.17
- Add PBKDF2-HMAC-SHA512/256 & PBKDF2-HMAC-SHA512/224, which are both supported as of Java 21.
- 0.2.16
- Add support for [email protected] KEX algorithm.
- Switch to bnd-maven-plugin in order to support Multi-Release OSGi bundle JAR's via supplemental manifest files.
- Introduce JSchProxyException to replace generic JschException in Proxy implementations by @mvegter in #467
- 0.2.15
- address CVE-2023-48795 by adding support for new strict key exchange extension
- Add support for
[email protected]
extension
- 0.2.14
- #450 use Socket.connect() with a timeout that has been supported since Java 1.4 instead of using old method of creating a separate thread and joining to that thread with timeout.
- 0.2.13
- #411 Add flush operation from Fix added is/jsch#39, with new config option to allow disabling in case it causes regressions.
- #403 add a warning when Channel.getInputStream() or Channel.getExtInputStream() is called after Channel.connect().
- 0.2.12
- Further refine previous fixes for windows line endings in PEM keys from #369 & #362.
- replace call to BigInteger.intValueExact to remain comptaible with Android #397
- Introduce JSchSessionDisconnectException to allow the reasonCode to be retrieved without String parsing #416
- Introduce specific JSchException for HostKey related failures #410
- 0.2.11
- 0.2.10
- Fix new Java 21 compiler warning:
possible 'this' escape before subclass is fully initialized
. - Tweak OSGi bundle manifest to allow Log4j 3.
- #362 fix PEM key parsing to work with windows line endings.
- #361 guard against
UIKeyboardInteractive
implementations that include NULL elements in theString[]
returned frompromptKeyboardInteractive()
. - Add a default implmentation of the deprecated
decrypt()
method to theIdentity
interface that throws anUnsupportedOperationException
.
- Fix new Java 21 compiler warning:
- 0.2.9
- #293 allow UserAuthNone to be extended.
- Make JGSS module optional.
- Tweak OSGi bundle manifest:
- Avoid self-import.
- Mark JGSS as optional.
- Loosen import versions of dependencies.
- Correctly adhere to the Multi-release JAR spec by ensuring all public classes under versioned directories preside over classes present in the top-level directory.
- Eliminate stray
System.err.println()
calls. - Change PageantConnector to use JNA's built-in support for
User32.SendMessage()
.
- 0.2.8
- 0.2.7
- Fix exception logging in Log4j2Logger.
- #265 change buffer_margin computation to be dynamic based upon the MAC to allow connections that advertise small maximum packet sizes.
- #266 fix PuTTY key parsing to work with unix line endings.
- Add support for ECDSA & EdDSA type PuTTY keys.
- #71 add support for PuTTY version 3 format keys.
- Encrypted PuTTY version 3 format keys requires Bouncy Castle (bcprov-jdk18on).
- Eliminate KeyPairDeferred and instead change handling of OpenSSH V1 type keys to be more like other KeyPair types.
- Be more vigilant about clearing private key data.
- Improve PKCS8 key handling and add support for PKCS5 2.1 encryption.
- Add support for ECDSA type PKCS8 keys.
- Add support for SCrypt type KDF for PKCS8 keys.
- PKCS8 keys using SCrypt requires Bouncy Castle (bcprov-jdk18on).
- Add support for EdDSA type PKCS8 keys.
- EdDSA type PKCS8 keys requires Bouncy Castle (bcprov-jdk18on).
- Attempt to authenticate using other signature algorithms supported by the same public key.
- Allow this behavior to be disabled via
try_additional_pubkey_algorithms
config option.- Some servers incorrectly respond with
SSH_MSG_USERAUTH_PK_OK
to an initial auth query that they don't actually support for RSA keys.
- Some servers incorrectly respond with
- Allow this behavior to be disabled via
- Add a new config option
enable_pubkey_auth_query
to allow skipping auth queries and proceed directly to attempting fullSSH_MSG_USERAUTH_REQUEST
's. - Add a new config option
enable_auth_none
to control whether an initial auth request for the methodnone
is sent to detect all supported auth methods available on the server.
- 0.2.6
- 0.2.5
- 0.2.4
- When connections fail due to an algorithm negotiation failure, throw a
JSchAlgoNegoFailException
that extendsJSchException
.- The new
JSchAlgoNegoFailException
details which specific algorithm negotiation failed, along with what both JSch and the server proposed.
- The new
- When connections fail due to an algorithm negotiation failure, throw a
- 0.2.3
- #188 fix private key length checks for ssh-ed25519 & ssh-ed448. by @norrisjeremy in #189
- 0.2.2
- 0.2.1
- 0.2.0
- Disable RSA/SHA1 signature algorithm by default #75
- Add basic Logger implementations that can be optionally utilized with
JSch.setLogger()
:- JulLogger, using
java.util.logging.Logger
- JplLogger, using Java 9's JEP 264
- Log4j2Logger, using Apache Log4j 2
- Slf4jLogger, using SLF4J
- JulLogger, using
- Fix client version to be compliant with RFC 4253 section 4.2 by not including minus sign characters #115
- Add
java.util.zip
based compression implementation #114- This is based upon the CompressionJUZ implementation posted to the JSch-users mailing list in 2012 by the original JSch author
- The existing JZlib implementation remains the default to maintain strict RFC 4253 section 6.2 compliance
- To use the new implementation globally, execute
JSch.setConfig("[email protected]", "com.jcraft.jsch.juz.Compression")
+JSch.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
- To use the new implementation per session, execute
session.setConfig("[email protected]", "com.jcraft.jsch.juz.Compression")
+session.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
- To use the new implementation globally, execute
- 0.1.72
- Switch [email protected] algorithm to a pure Bouncy Castle based implementation
- implement openssh config behavior to handle append, prepend and removal of algorithms #104
- 0.1.71
- Address #98 by restoring JSch.VERSION
- 0.1.70
- 0.1.69
- 0.1.68
- Added support for the [email protected] algorithm
- Added support for the hmac-ripemd160, [email protected] and [email protected] algorithms using Bouncy Castle
- Added support for various algorithms from RFC 4253 and RFC 4344 using Bouncy Castle
- cast128-cbc
- cast128-ctr
- twofish-cbc
- twofish128-cbc
- twofish128-ctr
- twofish192-cbc
- twofish192-ctr
- twofish256-cbc
- twofish256-ctr
- Added support for the [email protected] algorithm using Bouncy Castle
- Address #76 by making the "Host" keyword case-insensitive
- 0.1.67
- Added support for the blowfish-ctr algorithm from RFC 4344
- Fix bug where ext-info-c was incorrectly advertised during rekeying
- According to RFC 8308 section 2.1, ext-info-c should only advertised during the first key exchange
- Address #77 by attempting to add compatibility with older Bouncy Castle releases
- 0.1.66
- Added support for RFC 8308 extension negotiation and server-sig-algs extension
- This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or
jsch.enable_server_sig_algs
system property) - When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication
- Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 & rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for OpenSSH bug 2680
- This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or
- Added support for various algorithms supported by Tectia (ssh.com):
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- Added support for SHA224 to FingerprintHash
- Fixing #52
- Deprecate
void setFilenameEncoding(String encoding)
in favor ofvoid setFilenameEncoding(Charset encoding)
inChannelSftp
- Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to
ChannelAgentForwarding
- Address #65 by adding ssh-agent support derived from jsch-agent-proxy
- See
examples/JSchWithAgentProxy.java
for simple example - ssh-agent support requires either Java 16's JEP 380 or the addition of junixsocket to classpath
- Pageant support is untested & requires the addition of JNA to classpath
- See
- Added support for the following algorithms with older Java releases by using Bouncy Castle:
- ssh-ed25519
- ssh-ed448
- curve25519-sha256
- [email protected]
- curve448-sha512
- [email protected]
- Added support for RFC 8308 extension negotiation and server-sig-algs extension
- 0.1.65
- Added system properties to allow manipulation of various crypto algorithms used by default
- Integrated JZlib, allowing use of [email protected] & zlib compressions without the need to provide the JZlib jar-file
- Modularized the jar-file for use with Java 9 or newer
- Added runtime controls for the min/max/preferred sizes used for diffie-hellman-group-exchange-sha256 & diffie-hellman-group-exchange-sha1
- Renamed PubkeyAcceptedKeyTypes config to PubkeyAcceptedAlgorithms to match recent changes in OpenSSH (PubkeyAcceptedKeyTypes is still accepted for backward compatibility)
- Reduced number of algorithms that are runtime checked by default via CheckCiphers, CheckMacs, CheckKexes & CheckSignatures to improve runtime performance
- Added config options dhgex_min, dhgex_max & dhgex_preferred to allow runtime manipulation of key size negotiation in diffie-hellman-group-exchange type Kex algorithms
- Default values are:
- dhgex_min = 2048
- dhgex_max = 8192
- dhgex_preferred = 3072
- 0.1.64 Fixing #55
- 0.1.63 Fixing #42
- 0.1.62 bugfixes and code cleanup
- 0.1.61
- Add support for [email protected], ssh-ed25519, ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512 & diffie-hellman-group17-sha512. This makes use of the new EdDSA feature added in Java 15's JEP 339. #17
- added integration test for public key authentication #19
- 0.1.60
- support for openssh-v1-private-key format opensshFormat.md.
- Fix bug with AEAD ciphers when compression is used. #15
- 0.1.59 fixing issue from https://sourceforge.net/p/jsch/mailman/message/36872566/
- 0.1.58 support for more algorithms contributed by @norrisjeremy see #4
- 0.1.57 support for rsa-sha2-256 and rsa-sha2-512. #1
- 0.1.56 support for [email protected] (see SocketForwardingL.java)