Download: 2.11.11 | 2.11.10 | 2.11.9 | 2.11.8 | 2.11.7 | 2.11.6 | 2.11.5 | 2.11.4 | 2.11.3 | 2.11.2 | 2.11.1 | 2.11
Documentation: 2.11.11 | 2.11.10 | 2.11.9 | 2.11.8 | 2.11.7 | 2.11.6 | 2.11.5 | 2.11.4 | 2.11.3 | 2.11.2 | 2.11.1 | 2.11
Issue 505: Changes can be created and edited directly in the browser.
Many improvements in the new change screen.
The old change screen is removed.
For full details please refer to the release notes on the old site.
Upgrade jsch from 0.1.51 to 0.1.54 to get security fixes:
CVE-2015-4000: Weak Diffie-Hellman vulnerability, AKA “Logjam”.
The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection.
On February 22, 2018, Github removed support for weak cryptographic standards. As a result of this, replication to Github over SSH no longer works with diffie-hellman-group1-sha1 or diffie-hellman-group14-sha1 SSH keys.
CVE-2016-5725: Directory traversal vulnerability.
Versions of jsch prior to 0.1.54 have a directory traversal vulnerability on Windows. When the mode is ChannelSftp.OVERWRITE, it allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
For other fixes in jsch since 0.1.51, please refer to the jsch change log.
