Skip to content

Instantly share code, notes, and snippets.

@intel352

intel352/gist:d53eda6c938ab4301fa4

Created July 16, 2015 15:44
Show Gist options
  • Save intel352/d53eda6c938ab4301fa4 to your computer and use it in GitHub Desktop.
Save intel352/d53eda6c938ab4301fa4 to your computer and use it in GitHub Desktop.
Download ZIP
JSch changelog
Raw
gistfile1.txt
ChangeLog of JSch
====================================================================
Last modified: Fri Jun 5 03:22:57 UTC 2015
Changes since version 0.1.52:
- bugfix: the rekey initiated by the remote may crash the session.
- change: Logjam: use ecdh-sha2-nistp* if available,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group14-sha1,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
- change: Logjam: diffie-hellman-group-exchange-sha256 and
diffie-hellman-group-exchange-sha1 will use 2048-bit key on
Java8's SunJCE, thanks to JDK-6521495 and JDK-7044060.
- change: key words for OpenSSH's config file should be case-insensitive.
- change: there should be the host name in "WARNING: REMOTE HOST
IDENTIFICATION HAS CHANGED" message.
Changes since version 0.1.51:
- bugfix: resource leak: duplicate keys in LocalIdentityRepository.
- feature: added the support for SSH ECC defined in RFC5656,
ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384,
ecdsa-sha2-nistp521,
ecdh-sha2-nistp256,
ecdh-sha2-nistp384,
ecdh-sha2-nistp521
This functionality requires Java7 or later.
- feature: added the support for server host keys in
ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384,
ecdsa-sha2-nistp521
- feature: generating key-pairs in
ecdh-sha2-nistp256,
ecdh-sha2-nistp384,
ecdh-sha2-nistp521
- change: aes192-ctr, aes256-ctr and
diffie-hellman-group-exchange-sha256 have been enabled
by the default.
- change: key exchange methods, ecdh-sha2-nistp256,
ecdh-sha2-nistp384 and ecdh-sha2-nistp521 have been enabled
by the default.
- change: the support for host keys in ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 have been enabled
by the default.
- change: 'examples/KeyGen.java' demonstrates how to generate
ecdsa-sha2-* key-pairs.
- change: updating copyright messages; 2014 -> 2015
- TODO: The ECC support is not functional on Java6 with BouncyCastle.
Changes since version 0.1.50:
- bugfix: reproducibility of "verify: false". FIXED.
Hundreds of thousands of connections had caused that exception.
- bugfix: resource leaks at the failure of making local port forwarding. FIXED.
- bugfix: NPE in connecting to the non-standard TCP port. FIXED.
This problem had appeared if a host-key does not exist in
"known_host" file.
- bugfix: TCP connection may not be dropped if error messages from
the remote are too long. FIXED.
- bugfix: SftpATTRS#getAtimeString() returns the wrong string. FIXED.
- bugfix: bytes to be added by SSH_MSG_CHANNEL_WINDOW_ADJUST must be in
unsigned integer. FIXED.
- bugfix: Util#checkTilde() should not convert a tilde in
"C:\PROGRA~1\". FIXED.
- bugfix: A long long command for ChannelExec will cause
an ArrayIndexOutOfBoundsException. FIXED.
- bugfix: ChannelSftp should not send bulk request greedily even if the remote
window has the enough space. FIXED.
- bugfix: Util.createSocket() should throw an exception with 'cause'. FIXED.
- bugfix: failed to parse .ssh/config in the EBCDIC environment. FIXED.
- bugfix: com.jcraft.jsch.jcraft.HMACSHA1(used only for MacOSX) is not
reusable. FIXED.
- bugfix: NPE caused by the delayed response for channel opening
requests. FIXED.
- bugfix: hung-up in uploading huge data to ProFTPd without the config
'SFTPClientMatch "JSCH.*" channelWindowSize 1GB' FIXED.
- bugfix: Cipher#init() may cause an infinite loop with 100% cpu use due to
https://bugs.openjdk.java.net/browse/JDK-8028627 FIXED.
- bugfix: in some case, JSche#setKnowHosts(InputStream stream) may fail
to close the given stream. FIXED
- change: com.jcraft.jsch.jcraft.HMAC* will not be used.
It seems Java6 on Mac OS X has fixed some memory leak bug in JCE,
so there is no reason to use c.j.j.j.HMAC* introduced at 0.1.30.
- change: updating copyright messages; 2013 -> 2014
- change: allowed to create the symbolic/hard link to the relative path by
ChannelSftp#symlink(String oldpath, String newpath)
ChannelSftp#hardlink(String oldpath, String newpath)
- change: the availability of ciphers listed in "CheckCiphers" config will
not be checked if they are not used.
- change: Util#fromBase64() will throw JSchException in stead of
RuntimeException, if the given string is not in base64 format.
- feature: added the support for private keys in PKCS#8 format.
- feature: introduced the interface com.jcraft.jsch.PBKDF to abstract
the implementation of Password-Based Key Derivation Function,
and added its implementation com.jcraft.jsch.jce.PBKDF by using JCE.
Changes since version 0.1.49:
- bugfix: "verify: false" error on Java7u6(and later). FIXED.
http://stackoverflow.com/questions/12279836/ssh-using-jschexception-verify-false-sometimes-fails
https://issues.apache.org/jira/browse/IVY-1374
- bugfix: Session#setPortForwardingL(String bind_address,
int lport, String host, int rport)
will not work for the long host name. FIXED.
- change: changed JSch#getIdentityRepository() to be public.
- feature: added the following method to choose a canceled remote
port-forwarding with the specified bind address,
Session#delPortForwardingR(String bind_address, int rport)
- feature: added support for following OpenSSH's sftp extensions,
posix-rename@openssh.com,
statvfs@openssh.com,
hardlink@openssh.com,
and some methods and a class to use those functionalities,
ChannelSftp#hardlink(String oldpath, String newpath),
ChannelSftp#statVFS(String path)
SftpStatVFS
- feature: added support for OpenSSH's configuration file,
JSch#setConfigRepository(ConfigRepository configRepository)
JSch#getConfigRepository()
OpenSSHConfig class
Session#getSession(String host)
and added an example to demonstrate how to use it,
examples/OpenSSHConfig.java
OpenSSHConfig class will recognize the following keywords,
Host
User
Hostname
Port
PreferredAuthentications
IdentityFile
NumberOfPasswordPrompts
ConnectTimeout
HostKeyAlias
UserKnownHostsFile
KexAlgorithms
HostKeyAlgorithms
Ciphers
Macs
Compression
CompressionLevel
ForwardAgent
RequestTTY
ServerAliveInterval
LocalForward
RemoteForward
ClearAllForwardings
- feature: added support for "diffie-hellman-group-exchange-sha256"
- feature: allowed to use tilde(~) in the file name,
JSch#setIdentity(String prvkey, String pubkey)
JSch#setKnownHosts(String prvkey, String pubkey)
- feature: added support for known_hosts file, which may include
markers(@revoke) and comments.
HostKey(String host, int type, byte[] key, String comment)
HostKey(String marker, String host, int type,
byte[] key, String comment)
HostKey#getComment()
HostKey#getMarker()
- feature: added following methods to KeyPar class,
writePrivateKey(java.io.OutputStream out, byte[] passphrase)
writePrivateKey(String name, byte[] passphrase)
- feature: allowed to set the connection timeout for the local port-forwarding,
and added following methods,
Session#setPortForwardingL(String bind_address,
int lport, String host, int rport,
ServerSocketFactory ssf,
int connectTimeout)
ChannelDirectTCPIP#connect(int connectTimeout)
- feature: added the following method to Session class
getStreamForwarder(String host, int port)
and updated example/StreamForwarding.java to use that method.
- feature: added following methods to Session class,
setPortForwardingL(String conf)
setPortForwardingR(String conf)
- feature: allowed to have the session local HostkeyRepository,
Session#setHostKeyRepository(HostKeyRepository hostkeyRepository)
Session#getHostKeyRepository()
- feature: added support for OpenSSH's local extension,
"no-more-sessions@openssh.com" and the method,
Session#noMoreSessionChannels()
Changes since version 0.1.48:
- bugfix: Some sftp servers will sometimes fail to handle bulk requests,
and whenever detecting such failures, we should re-send
requests again and again. FIXED
- bugfix: KeyPair#getFingerPrint() should return a fingerprint instead
of keysize + " " + fingerprint. FIXED
- bugfix: KeyPair#getKeySize() should return its key size. FIXED
- bugfix: SftpATTRS#isDir() should return false for unix domain
socket files. FIXED
- change: improved the heuristics for the password prompt in
the keyboard-interactive authentication. It may not be
started with "password:".
- change: ChannelSftp#put(InputStream src, String dst) will not check
if dst is directory or not, and if an exception is thrown,
the check will be done.
- change: if the compression is enabled without jzlib.jar,
an exception will be thrown.
- feature: JSch#addIdentity() and KeyPair#load() methods will accept
Putty's private key files.
Note that Putty encrypts its private key with "aes256-cbc".
So, to handle such key files, "Java Cryptography
Extension (JCE) Unlimited Strength Jurisdiction Policy Files"
must be installed.
- feature: hmac-sha2-256 defined in RFC6668 is supported.
- feature: added following methods to KeyPair class,
byte[] getSignature(byte[] data)
Signature getVerifier()
byte[] forSSHAgent()
void setPublicKeyComment(String comment)
- feature: added following methods to SftpATTR class,
boolean isChr()
boolean isBlk()
boolean isFifo()
boolean isSock()
Changes since version 0.1.47:
- change: the file transfer speed with ChannelSftp#get(String src) has been
improved; sending multiple requests at any one time.
- change: by the default, at most, 16 requests will be sent at any one time
in ChannelSftp.
- feature: added Session#{setIdentityRepository(),getIdentityRepository()}
Changes since version 0.1.46:
- bugfix: failed to initialize channels for the stream forwarding. FIXED
- change: Session#getHostKey() will return the given hostkey
even if session is not established.
- change: Logger will record additional messages about algorithm negotiations.
- feature: added ChannelSftp#ls(String path, LsEntrySelector selector) method.
- feature: added IdentityRepository#{getName(),getStatus()} methods.
Changes since version 0.1.45:
- bugfix: in the agent forwarding mode, "ssh-add -l" on the remote
will freeze. FIXED
- bugfix: requests should not be sent to the closed channel. FIXED
- bugfix: ChannelShell#setAgentForwarding(true) will cause
resource leaks. FIXED
- change: for the efficiency, channel opening will be delayed
in local port forwarding.
- change: added examples/Sudo.java to demonstrate sudo on exec channel.
- change: authentication trials will be failed at 6 failures by the default.
- change: updating copyright messages; 2011 -> 2012
- feature: added JSch#setIdentityRepository(IdentityRepository irepo) to
integrate with jsch-agent-proxy.
Changes since version 0.1.44:
- bugfix: fields referred by multiple threads simultaneously should be
volatile. FIXED
- bugfix: use local window size offered by the remote in sftp put.
FIXED
- bugfix: SftpProgressMonitor#init was not invoked in sftp-put
for input-stream. FIXED
- bugfix: sftp protocol version 3, 4 and 5 should allow only
UTF-8 encoding. FIXED
- bugfix: Channel Subsystem had failed to set X forwarding flag.
FIXED
- bugfix: Channel X11 had leaked some resources.
FIXED
- bugfix: packet compression may break sessions
in some case(transferring deflated data). FIXED
- bugfix: failed to set dev-null for logger
FIXED
- bugfix: even in sftp protocol version 3 session, some sftpd sends data
packets defined in sftp protocol 6 ;-( working around it. FIXED
- bugfix: ChannelSftp file globbing logic had missed
the string "foo\\\*bar" as a pattern. FIXED
- bugfix: sequential accesses to ChannelSftp by multiple threads may
break its I/O channel.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=359184 FIXED
- bugfix: KeyPair.load can not handle private keys cyphered with AES. FIXED
- change: to improve sftp-put performance, send multiple packet at one time.
- change: wait/notify will be used instead of sleep loop
in establishing channel connections.
- change: increasing local window size for sftp get.
- change: updating copyright messages; 2010 -> 2011
- change: src/com -> src/main/java/com
- feature: key-exchange method "diffie-hellman-group14-sha1"
(RFC4253#section-8.2)
- feature: KeyPair#getPlulicKeyCommment() is added.
Changes since version 0.1.43:
- bugfix: hmac-md5-96 and hmac-sha1-96 are broken. FIXED.
- bugfix: working around OOME in parsing broken data from the remote. FIXED.
- bugfix: failed to send very long command for exec channels. FIXED.
- bugfix: in some case, failed to get the response
for remote port-forwarding request. FIXED.
- feature: support for private keys ciphered with aes192-cbc and aes128-cbc.
Changes since version 0.1.42:
- bugfix: the remote window size must be in unsigned int. FIXED.
- bugfix: support for EBCDIC environment. FIXED.
- bugfix: data may be written to the closed channel. FIXED.
- bugfix: NPE in closing channels. FIXED.
- bugfix: the private key file may include garbage data before its header. FIXED.
- bugfix: the session down may not be detected during the re-keying process. FIXED.
- change: try keyboard-interactive auth with the given password if UserInfo is not given.
- change: working around the wrong auth method list sent by some SSHD
in the partial auth success.
- change: working around the CPNI-957037 Plain-text Recovery Attack.
- change: in searching for [host]:non-default port in known_hosts,
host:22 should be also checked.
- change: updating copyright messages; 2009 -> 2010
Changes since version 0.1.41:
- bugfix: making exec request during re-keying process will cause
the dead lock for the session. FIXED.
Many thanks for PanLi at Prominic dot NET and www.prominic.net,
US based hosting company. Without their testing JSch with
hundreds of hosts and their bug reports, this problem
was not fixed.
- change: updating copyright messages; 2008 -> 2009
Changes since version 0.1.40:
- bugfix: canceling the remote port-forwarding with the incorrect
bind-address. FIXED.
- bugfix: sftp had missed to close the file in some case. FIXED.
- bugfix: ls(sftp) will throw an exception for the empty directory
in connecting to some sftpd server. FIXED.
- change: dropping the session gently in accepting incorrect packets.
- change: by the default, aes128-ctr will be chosen if it is available
on the local and the remote.
- feature: adding the support for the private key ciphered in AES256.
- feature: new ciphers: aes128-ctr,aes192-ctr,aes256-ctr,
3des-ctr,arcfour,arcfour128 ,arcfour256
Changes since version 0.1.39:
- bugfix: ProxySOCKS4 had not been functional. FIXED.
- bugfix: NPE at closing the session when it is not opened. FIXED.
- change: JSch#getConfing has become public.
Changes since version 0.1.38:
- bugfix: session will be dropped at rekeying. FIXED.
- bugfix: NPE should not be thrown at unexpected session drop. FIXED.
- change: Channel#getSession() may throw JSchExecption.
Changes since version 0.1.37:
- bugfix: NPE should not be thrown at unexpected session drop. FIXED.
- bugfix: AIOOBE at Session#connect(). FIXED.
- bugfix: Even if 'true' is given for
Channel#setOutputStream(OutputStream out, boolean dontclose)
as the second paramter, 'out' will be closed. FIXED.
- change: 'examples/Sftp.java' has been modified to demonstrate
ChannelSftp#reaplpath(String path)
- change: setEnv(Hashtable env) for exec and shell channels have been
marked as @deprecated
- feature: setEnv(String name, String value) has been added to exec
and shell channels.
- feature: setEnv(byte[] name, byte[] value) has been added to exec
and shell channels.
- feature: ChannelSftp#realpath(String path) has been added.
- feature: ChannelExec#setCommand(byte[] command) has been added.
- feature: com.jcraft.jsch.ChannelSftp.LsEntry has implemented
java.lang.Comparable
- feature: Session#getServerAliveInterval(), Session#getServerAliveCountMaX()
have been added.
Changes since version 0.1.36:
- bugfix: some sftpd will send invalid data in sftp protocol
point of view, and we need to work around such data. FIXED.
- bugfix: the stream forwarding had been broken since 0.1.30. FIXED.
- bugfix: failed to detect 'SSH_MSG_CHANNEL_OPEN_FAILURE'. FIXED.
- bugfix: ChannelSftp will generate the unfavorable absolute pathname
in some case. FIXED.
- bugfix: failed to ignore the invalid public-key file. FIXED.
- change: ignoring empty data sent by 'SSH_MSG_CHANNEL_DATA' and
'SSH_MSG_CHANNEL_EXTENDED_DATA'.
- change: updating copyright messages; 2007 -> 2008
- change: build.xml will enable 'javac.debug' option by the default.
- change: added logging messages to IndentityFile and Session class.
- change: followings are deprecated methods,
InputStream ChannelSftp#get(String src,
int mode)
InputStream ChannelSftp#get(String src,
SftpProgressMonitor,
int mode)
- feature: following method is added,
InputStream ChannelSftp#get(String src,
SftpProgressMonitor monitor,
long skip)
Changes since version 0.1.35:
- bugfix: ChannelSftp can not handle the local filenames correctly on Windows. FIXED.
- bugfix: '/' must be handled as the file separator on JVM for Windows. FIXED.
- change: the system property
"javax.security.auth.useSubjectCredsOnly"
will be set to "false" for "gssapi-with-mic"
if that property is not given explicitly.
- change: added changes about ChannelSftp#{pwd(), home()} to
ChangeLog; 'Changes since version 0.1.34:' section.
Changes since version 0.1.34:
- bugfix: the OutputStream from the channel may make the JVM
lockup in some case. FIXED.
There was a possibility that Channel#connect() may be failed
to initialize its internal without throwing the JSchException.
On such case, the write operation for OutputStream from
that channel will cause the system(JVM) to lock up.
- bugfix: ChannelSftp had problems filename globbing. FIXED.
- bugfix: the message included in SSH_FXP_STATUS must be UTF-8. FIXED.
- change: ChannelSftp supports the filename globbing for
the filename in multi-byte characters.
- change: ChannelSftp will internally handle filenames in UTF-8 encoding.
- change: ChannelSftp#pwd() may throw an SftpException.
- change: ChannelSftp#home() may throw an SftpException.
- feature: following methods have been added in ChannelSftp
String getServerVersion()
String getClientVersion()
void setFilenameEncoding(String encoding)
String getExtension(String key)
Changes since version 0.1.33:
- bugfix: there had a possibility that the session may be broken
if ciphers for upward/downward streams are different. FIXED.
- bugfix: the authentication method "keyboard-interactive" had
not been tried without UserInfo. FIXED.
- bugfix: ChannelShell#setTerminalMode(byte[] terminal_mode) had
not been functional. FIXED.
- bugfix: the remote port-forwarding to the daemon had been broken
since 0.1.30. FIXED.
- change: the cipher "aes128-cbc" will be used if AES is available.
- change: the interface 'com.jcraft.jsch.ForwardedTCPIPDaemon' has been changed.
- change: the data transfer rate will be improved on some environment.
- feature: ChannelExec can control the size of pty;
ChannelExec#setPtySize(int col, int row, int wp, int hp) is
added.
- feature: the property "CheckCiphers" has been added.
Refer to 'examples/AES.java'.
- feature: Session#setConfig(String key, String value),
JSch#setConfig(String key, String value) have been added.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment