1ChangeLog of JSch 2==================================================================== 3Last modified: Thu Nov 22 01:06:27 UTC 2018 4 5 6Changes since version 0.1.54: 7- bugfix: fixed vulnerabilities in examples; 8 ScpTo.java, ScpFrom.java and ScpNoneCipher.java, 9 https://gist.github.com/ymnk/2318108/revisions#diff-a5ec82fe8ccb2efa64aa42a5592bb137 10 https://gist.github.com/ymnk/2318108/revisions#diff-c1b069ab3a670f4fd3270d0f57550007 11 https://gist.github.com/ymnk/2318108/revisions#diff-a20032aa3cc9119fa627ec948b9ada46 12 thanks to Dylan Katz(http://dylankatz.com). 13- bugfix: OpenSSHConfig#getUser() should not overwrite the given user-name. 14- bugfix: fixed 'Invalid encoding for signature' errors in ssh-dss. 15- bugfix: fixed bugs in the key-exchange for ecdsa-sha2-nistp384, 16 ecdsa-sha2-nistp521. 17- bugfix: failed to generate the key pair from private keys, 18 ecdsa 384 and 521. 19- bugfix: failed to load the ecdsa 521 key identity from ssh-add command. 20- change: updating copyright messages; 2016 -> 2018 21- feature: supporting key files on EBCDIC environment. 22 23 24Changes since version 0.1.53: 25- bugfix: fixed CVS-2016-5725 26 Refer to following links, 27 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5725 28 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 29 Thanks a lot for tintinweb's contributions. 30- bugfix: sftp-put may send the garbage data in some rare case. 31- bugfix: fixed a deadlock bug in KnownHosts#getHostKey(). 32- bugfix: SftpProgressMonitor#init() was not invoked in sftp-put 33 by using the output-stream. 34- change: KnownHosts#setKnownHosts() should accept the non-existing file. 35- change: excluding the user interaction time from the timeout value. 36- change: addressing SFTP slow file transfer speed with Titan FTP. 37- change: updating copyright messages; 2015 -> 2016 38 39 40Changes since version 0.1.52: 41- bugfix: the rekey initiated by the remote may crash the session. 42- change: Logjam: use ecdh-sha2-nistp* if available, 43 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 44 diffie-hellman-group14-sha1, 45 diffie-hellman-group-exchange-sha256, 46 diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 47- change: Logjam: diffie-hellman-group-exchange-sha256 and 48 diffie-hellman-group-exchange-sha1 will use 2048-bit key on 49 Java8's SunJCE, thanks to JDK-6521495 and JDK-7044060. 50- change: key words for OpenSSH's config file should be case-insensitive. 51- change: there should be the host name in "WARNING: REMOTE HOST 52 IDENTIFICATION HAS CHANGED" message. 53 54 55Changes since version 0.1.51: 56- bugfix: resource leak: duplicate keys in LocalIdentityRepository. 57- feature: added the support for SSH ECC defined in RFC5656, 58 ecdsa-sha2-nistp256, 59 ecdsa-sha2-nistp384, 60 ecdsa-sha2-nistp521, 61 ecdh-sha2-nistp256, 62 ecdh-sha2-nistp384, 63 ecdh-sha2-nistp521 64 This functionality requires Java7 or later. 65- feature: added the support for server host keys in 66 ecdsa-sha2-nistp256, 67 ecdsa-sha2-nistp384, 68 ecdsa-sha2-nistp521 69- feature: generating key-pairs in 70 ecdh-sha2-nistp256, 71 ecdh-sha2-nistp384, 72 ecdh-sha2-nistp521 73- change: aes192-ctr, aes256-ctr and 74 diffie-hellman-group-exchange-sha256 have been enabled 75 by the default. 76- change: key exchange methods, ecdh-sha2-nistp256, 77 ecdh-sha2-nistp384 and ecdh-sha2-nistp521 have been enabled 78 by the default. 79- change: the support for host keys in ecdsa-sha2-nistp256, 80 ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 have been enabled 81 by the default. 82- change: 'examples/KeyGen.java' demonstrates how to generate 83 ecdsa-sha2-* key-pairs. 84- change: updating copyright messages; 2014 -> 2015 85- TODO: The ECC support is not functional on Java6 with BouncyCastle. 86 87 88Changes since version 0.1.50: 89- bugfix: reproducibility of "verify: false". FIXED. 90 Hundreds of thousands of connections had caused that exception. 91- bugfix: resource leaks at the failure of making local port forwarding. FIXED. 92- bugfix: NPE in connecting to the non-standard TCP port. FIXED. 93 This problem had appeared if a host-key does not exist in 94 "known_host" file. 95- bugfix: TCP connection may not be dropped if error messages from 96 the remote are too long. FIXED. 97- bugfix: SftpATTRS#getAtimeString() returns the wrong string. FIXED. 98- bugfix: bytes to be added by SSH_MSG_CHANNEL_WINDOW_ADJUST must be in 99 unsigned integer. FIXED. 100- bugfix: Util#checkTilde() should not convert a tilde in 101 "C:\PROGRA~1\". FIXED. 102- bugfix: A long long command for ChannelExec will cause 103 an ArrayIndexOutOfBoundsException. FIXED. 104- bugfix: ChannelSftp should not send bulk request greedily even if the remote 105 window has the enough space. FIXED. 106- bugfix: Util.createSocket() should throw an exception with 'cause'. FIXED. 107- bugfix: failed to parse .ssh/config in the EBCDIC environment. FIXED. 108- bugfix: com.jcraft.jsch.jcraft.HMACSHA1(used only for MacOSX) is not 109 reusable. FIXED. 110- bugfix: NPE caused by the delayed response for channel opening 111 requests. FIXED. 112- bugfix: hung-up in uploading huge data to ProFTPd without the config 113 'SFTPClientMatch "JSCH.*" channelWindowSize 1GB' FIXED. 114- bugfix: Cipher#init() may cause an infinite loop with 100% cpu use due to 115 https://bugs.openjdk.java.net/browse/JDK-8028627 FIXED. 116- bugfix: in some case, JSche#setKnowHosts(InputStream stream) may fail 117 to close the given stream. FIXED 118- change: com.jcraft.jsch.jcraft.HMAC* will not be used. 119 It seems Java6 on Mac OS X has fixed some memory leak bug in JCE, 120 so there is no reason to use c.j.j.j.HMAC* introduced at 0.1.30. 121- change: updating copyright messages; 2013 -> 2014 122- change: allowed to create the symbolic/hard link to the relative path by 123 ChannelSftp#symlink(String oldpath, String newpath) 124 ChannelSftp#hardlink(String oldpath, String newpath) 125- change: the availability of ciphers listed in "CheckCiphers" config will 126 not be checked if they are not used. 127- change: Util#fromBase64() will throw JSchException in stead of 128 RuntimeException, if the given string is not in base64 format. 129- feature: added the support for private keys in PKCS#8 format. 130- feature: introduced the interface com.jcraft.jsch.PBKDF to abstract 131 the implementation of Password-Based Key Derivation Function, 132 and added its implementation com.jcraft.jsch.jce.PBKDF by using JCE. 133 134 135Changes since version 0.1.49: 136- bugfix: "verify: false" error on Java7u6(and later). FIXED. 137 http://stackoverflow.com/questions/12279836/ssh-using-jschexception-verify-false-sometimes-fails 138 https://issues.apache.org/jira/browse/IVY-1374 139- bugfix: Session#setPortForwardingL(String bind_address, 140 int lport, String host, int rport) 141 will not work for the long host name. FIXED. 142- change: changed JSch#getIdentityRepository() to be public. 143- feature: added the following method to choose a canceled remote 144 port-forwarding with the specified bind address, 145 Session#delPortForwardingR(String bind_address, int rport) 146- feature: added support for following OpenSSH's sftp extensions, 147 posix-rename@openssh.com, 148 statvfs@openssh.com, 149 hardlink@openssh.com, 150 and some methods and a class to use those functionalities, 151 ChannelSftp#hardlink(String oldpath, String newpath), 152 ChannelSftp#statVFS(String path) 153 SftpStatVFS 154- feature: added support for OpenSSH's configuration file, 155 JSch#setConfigRepository(ConfigRepository configRepository) 156 JSch#getConfigRepository() 157 OpenSSHConfig class 158 Session#getSession(String host) 159 and added an example to demonstrate how to use it, 160 examples/OpenSSHConfig.java 161 OpenSSHConfig class will recognize the following keywords, 162 Host 163 User 164 Hostname 165 Port 166 PreferredAuthentications 167 IdentityFile 168 NumberOfPasswordPrompts 169 ConnectTimeout 170 HostKeyAlias 171 UserKnownHostsFile 172 KexAlgorithms 173 HostKeyAlgorithms 174 Ciphers 175 Macs 176 Compression 177 CompressionLevel 178 ForwardAgent 179 RequestTTY 180 ServerAliveInterval 181 LocalForward 182 RemoteForward 183 ClearAllForwardings 184- feature: added support for "diffie-hellman-group-exchange-sha256" 185- feature: allowed to use tilde(~) in the file name, 186 JSch#setIdentity(String prvkey, String pubkey) 187 JSch#setKnownHosts(String prvkey, String pubkey) 188- feature: added support for known_hosts file, which may include 189 markers(@revoke) and comments. 190 HostKey(String host, int type, byte[] key, String comment) 191 HostKey(String marker, String host, int type, 192 byte[] key, String comment) 193 HostKey#getComment() 194 HostKey#getMarker() 195- feature: added following methods to KeyPar class, 196 writePrivateKey(java.io.OutputStream out, byte[] passphrase) 197 writePrivateKey(String name, byte[] passphrase) 198- feature: allowed to set the connection timeout for the local port-forwarding, 199 and added following methods, 200 Session#setPortForwardingL(String bind_address, 201 int lport, String host, int rport, 202 ServerSocketFactory ssf, 203 int connectTimeout) 204 ChannelDirectTCPIP#connect(int connectTimeout) 205- feature: added the following method to Session class 206 getStreamForwarder(String host, int port) 207 and updated example/StreamForwarding.java to use that method. 208- feature: added following methods to Session class, 209 setPortForwardingL(String conf) 210 setPortForwardingR(String conf) 211- feature: allowed to have the session local HostkeyRepository, 212 Session#setHostKeyRepository(HostKeyRepository hostkeyRepository) 213 Session#getHostKeyRepository() 214- feature: added support for OpenSSH's local extension, 215 "no-more-sessions@openssh.com" and the method, 216 Session#noMoreSessionChannels() 217 218 219Changes since version 0.1.48: 220- bugfix: Some sftp servers will sometimes fail to handle bulk requests, 221 and whenever detecting such failures, we should re-send 222 requests again and again. FIXED 223- bugfix: KeyPair#getFingerPrint() should return a fingerprint instead 224 of keysize + " " + fingerprint. FIXED 225- bugfix: KeyPair#getKeySize() should return its key size. FIXED 226- bugfix: SftpATTRS#isDir() should return false for unix domain 227 socket files. FIXED 228- change: improved the heuristics for the password prompt in 229 the keyboard-interactive authentication. It may not be 230 started with "password:". 231- change: ChannelSftp#put(InputStream src, String dst) will not check 232 if dst is directory or not, and if an exception is thrown, 233 the check will be done. 234- change: if the compression is enabled without jzlib.jar, 235 an exception will be thrown. 236- feature: JSch#addIdentity() and KeyPair#load() methods will accept 237 Putty's private key files. 238 Note that Putty encrypts its private key with "aes256-cbc". 239 So, to handle such key files, "Java Cryptography 240 Extension (JCE) Unlimited Strength Jurisdiction Policy Files" 241 must be installed. 242- feature: hmac-sha2-256 defined in RFC6668 is supported. 243- feature: added following methods to KeyPair class, 244 byte[] getSignature(byte[] data) 245 Signature getVerifier() 246 byte[] forSSHAgent() 247 void setPublicKeyComment(String comment) 248- feature: added following methods to SftpATTR class, 249 boolean isChr() 250 boolean isBlk() 251 boolean isFifo() 252 boolean isSock() 253 254 255Changes since version 0.1.47: 256- change: the file transfer speed with ChannelSftp#get(String src) has been 257 improved; sending multiple requests at any one time. 258- change: by the default, at most, 16 requests will be sent at any one time 259 in ChannelSftp. 260- feature: added Session#{setIdentityRepository(),getIdentityRepository()} 261 262 263Changes since version 0.1.46: 264- bugfix: failed to initialize channels for the stream forwarding. FIXED 265- change: Session#getHostKey() will return the given hostkey 266 even if session is not established. 267- change: Logger will record additional messages about algorithm negotiations. 268- feature: added ChannelSftp#ls(String path, LsEntrySelector selector) method. 269- feature: added IdentityRepository#{getName(),getStatus()} methods. 270 271 272Changes since version 0.1.45: 273- bugfix: in the agent forwarding mode, "ssh-add -l" on the remote 274 will freeze. FIXED 275- bugfix: requests should not be sent to the closed channel. FIXED 276- bugfix: ChannelShell#setAgentForwarding(true) will cause 277 resource leaks. FIXED 278- change: for the efficiency, channel opening will be delayed 279 in local port forwarding. 280- change: added examples/Sudo.java to demonstrate sudo on exec channel. 281- change: authentication trials will be failed at 6 failures by the default. 282- change: updating copyright messages; 2011 -> 2012 283- feature: added JSch#setIdentityRepository(IdentityRepository irepo) to 284 integrate with jsch-agent-proxy. 285 286 287Changes since version 0.1.44: 288- bugfix: fields referred by multiple threads simultaneously should be 289 volatile. FIXED 290- bugfix: use local window size offered by the remote in sftp put. 291 FIXED 292- bugfix: SftpProgressMonitor#init was not invoked in sftp-put 293 for input-stream. FIXED 294- bugfix: sftp protocol version 3, 4 and 5 should allow only 295 UTF-8 encoding. FIXED 296- bugfix: Channel Subsystem had failed to set X forwarding flag. 297 FIXED 298- bugfix: Channel X11 had leaked some resources. 299 FIXED 300- bugfix: packet compression may break sessions 301 in some case(transferring deflated data). FIXED 302- bugfix: failed to set dev-null for logger 303 FIXED 304- bugfix: even in sftp protocol version 3 session, some sftpd sends data 305 packets defined in sftp protocol 6 ;-( working around it. FIXED 306- bugfix: ChannelSftp file globbing logic had missed 307 the string "foo\\\*bar" as a pattern. FIXED 308- bugfix: sequential accesses to ChannelSftp by multiple threads may 309 break its I/O channel. 310 https://bugs.eclipse.org/bugs/show_bug.cgi?id=359184 FIXED 311- bugfix: KeyPair.load can not handle private keys cyphered with AES. FIXED 312- change: to improve sftp-put performance, send multiple packet at one time. 313- change: wait/notify will be used instead of sleep loop 314 in establishing channel connections. 315- change: increasing local window size for sftp get. 316- change: updating copyright messages; 2010 -> 2011 317- change: src/com -> src/main/java/com 318- feature: key-exchange method "diffie-hellman-group14-sha1" 319 (RFC4253#section-8.2) 320- feature: KeyPair#getPlulicKeyCommment() is added. 321 322 323Changes since version 0.1.43: 324- bugfix: hmac-md5-96 and hmac-sha1-96 are broken. FIXED. 325- bugfix: working around OOME in parsing broken data from the remote. FIXED. 326- bugfix: failed to send very long command for exec channels. FIXED. 327- bugfix: in some case, failed to get the response 328 for remote port-forwarding request. FIXED. 329- feature: support for private keys ciphered with aes192-cbc and aes128-cbc. 330 331 332Changes since version 0.1.42: 333- bugfix: the remote window size must be in unsigned int. FIXED. 334- bugfix: support for EBCDIC environment. FIXED. 335- bugfix: data may be written to the closed channel. FIXED. 336- bugfix: NPE in closing channels. FIXED. 337- bugfix: the private key file may include garbage data before its header. FIXED. 338- bugfix: the session down may not be detected during the re-keying process. FIXED. 339- change: try keyboard-interactive auth with the given password if UserInfo is not given. 340- change: working around the wrong auth method list sent by some SSHD 341 in the partial auth success. 342- change: working around the CPNI-957037 Plain-text Recovery Attack. 343- change: in searching for [host]:non-default port in known_hosts, 344 host:22 should be also checked. 345- change: updating copyright messages; 2009 -> 2010 346 347 348Changes since version 0.1.41: 349- bugfix: making exec request during re-keying process will cause 350 the dead lock for the session. FIXED. 351 Many thanks for PanLi at Prominic dot NET and www.prominic.net, 352 US based hosting company. Without their testing JSch with 353 hundreds of hosts and their bug reports, this problem 354 was not fixed. 355- change: updating copyright messages; 2008 -> 2009 356 357 358Changes since version 0.1.40: 359- bugfix: canceling the remote port-forwarding with the incorrect 360 bind-address. FIXED. 361- bugfix: sftp had missed to close the file in some case. FIXED. 362- bugfix: ls(sftp) will throw an exception for the empty directory 363 in connecting to some sftpd server. FIXED. 364- change: dropping the session gently in accepting incorrect packets. 365- change: by the default, aes128-ctr will be chosen if it is available 366 on the local and the remote. 367- feature: adding the support for the private key ciphered in AES256. 368- feature: new ciphers: aes128-ctr,aes192-ctr,aes256-ctr, 369 3des-ctr,arcfour,arcfour128 ,arcfour256 370 371 372Changes since version 0.1.39: 373- bugfix: ProxySOCKS4 had not been functional. FIXED. 374- bugfix: NPE at closing the session when it is not opened. FIXED. 375- change: JSch#getConfing has become public. 376 377 378Changes since version 0.1.38: 379- bugfix: session will be dropped at rekeying. FIXED. 380- bugfix: NPE should not be thrown at unexpected session drop. FIXED. 381- change: Channel#getSession() may throw JSchExecption. 382 383 384Changes since version 0.1.37: 385- bugfix: NPE should not be thrown at unexpected session drop. FIXED. 386- bugfix: AIOOBE at Session#connect(). FIXED. 387- bugfix: Even if 'true' is given for 388 Channel#setOutputStream(OutputStream out, boolean dontclose) 389 as the second paramter, 'out' will be closed. FIXED. 390- change: 'examples/Sftp.java' has been modified to demonstrate 391 ChannelSftp#reaplpath(String path) 392- change: setEnv(Hashtable env) for exec and shell channels have been 393 marked as @deprecated 394- feature: setEnv(String name, String value) has been added to exec 395 and shell channels. 396- feature: setEnv(byte[] name, byte[] value) has been added to exec 397 and shell channels. 398- feature: ChannelSftp#realpath(String path) has been added. 399- feature: ChannelExec#setCommand(byte[] command) has been added. 400- feature: com.jcraft.jsch.ChannelSftp.LsEntry has implemented 401 java.lang.Comparable 402- feature: Session#getServerAliveInterval(), Session#getServerAliveCountMaX() 403 have been added. 404 405 406Changes since version 0.1.36: 407- bugfix: some sftpd will send invalid data in sftp protocol 408 point of view, and we need to work around such data. FIXED. 409- bugfix: the stream forwarding had been broken since 0.1.30. FIXED. 410- bugfix: failed to detect 'SSH_MSG_CHANNEL_OPEN_FAILURE'. FIXED. 411- bugfix: ChannelSftp will generate the unfavorable absolute pathname 412 in some case. FIXED. 413- bugfix: failed to ignore the invalid public-key file. FIXED. 414- change: ignoring empty data sent by 'SSH_MSG_CHANNEL_DATA' and 415 'SSH_MSG_CHANNEL_EXTENDED_DATA'. 416- change: updating copyright messages; 2007 -> 2008 417- change: build.xml will enable 'javac.debug' option by the default. 418- change: added logging messages to IndentityFile and Session class. 419- change: followings are deprecated methods, 420 InputStream ChannelSftp#get(String src, 421 int mode) 422 InputStream ChannelSftp#get(String src, 423 SftpProgressMonitor, 424 int mode) 425- feature: following method is added, 426 InputStream ChannelSftp#get(String src, 427 SftpProgressMonitor monitor, 428 long skip) 429 430 431Changes since version 0.1.35: 432- bugfix: ChannelSftp can not handle the local filenames correctly on Windows. FIXED. 433- bugfix: '/' must be handled as the file separator on JVM for Windows. FIXED. 434- change: the system property 435 "javax.security.auth.useSubjectCredsOnly" 436 will be set to "false" for "gssapi-with-mic" 437 if that property is not given explicitly. 438- change: added changes about ChannelSftp#{pwd(), home()} to 439 ChangeLog; 'Changes since version 0.1.34:' section. 440 441 442Changes since version 0.1.34: 443- bugfix: the OutputStream from the channel may make the JVM 444 lockup in some case. FIXED. 445 There was a possibility that Channel#connect() may be failed 446 to initialize its internal without throwing the JSchException. 447 On such case, the write operation for OutputStream from 448 that channel will cause the system(JVM) to lock up. 449- bugfix: ChannelSftp had problems filename globbing. FIXED. 450- bugfix: the message included in SSH_FXP_STATUS must be UTF-8. FIXED. 451- change: ChannelSftp supports the filename globbing for 452 the filename in multi-byte characters. 453- change: ChannelSftp will internally handle filenames in UTF-8 encoding. 454- change: ChannelSftp#pwd() may throw an SftpException. 455- change: ChannelSftp#home() may throw an SftpException. 456- feature: following methods have been added in ChannelSftp 457 String getServerVersion() 458 String getClientVersion() 459 void setFilenameEncoding(String encoding) 460 String getExtension(String key) 461 462Changes since version 0.1.33: 463- bugfix: there had a possibility that the session may be broken 464 if ciphers for upward/downward streams are different. FIXED. 465- bugfix: the authentication method "keyboard-interactive" had 466 not been tried without UserInfo. FIXED. 467- bugfix: ChannelShell#setTerminalMode(byte[] terminal_mode) had 468 not been functional. FIXED. 469- bugfix: the remote port-forwarding to the daemon had been broken 470 since 0.1.30. FIXED. 471- change: the cipher "aes128-cbc" will be used if AES is available. 472- change: the interface 'com.jcraft.jsch.ForwardedTCPIPDaemon' has been changed. 473- change: the data transfer rate will be improved on some environment. 474- feature: ChannelExec can control the size of pty; 475 ChannelExec#setPtySize(int col, int row, int wp, int hp) is 476 added. 477- feature: the property "CheckCiphers" has been added. 478 Refer to 'examples/AES.java'. 479- feature: Session#setConfig(String key, String value), 480 JSch#setConfig(String key, String value) have been added. 481 482 483Changes since version 0.1.32: 484- bugfix: freeze in 'diffie-hellman-group-exchange-sha1'. FIXED. 485 By the default, 'diffie-hellman-group1-sha1' will be used 486 and if you have not chosen 'diffie-hellman-group-exchange-sha1' 487 explicitly, you don't have to worry about it. 488- bugfix: there should be timeout mechanism in opening a socket 489 for remote port forwarding. FIXED. 490 At the failure or timeout, 'SSH_MSG_CHANNEL_OPEN_FAILURE' 491 will be sent to sshd. 492- bugfix: there should be timeout mechanism in opening a socket 493 for X11 forwarding. FIXED. 494 At the failure or timeout, 'SSH_MSG_CHANNEL_OPEN_FAILURE' 495 will be sent to sshd. 496 497 498Changes since version 0.1.31: 499- bugfix: remote port forwarding will be hanged at its closing. FIXED. 500- bugfix: X forwarding channels will be hanged and some resources 501 will be leaked whenever they are closed. FIXED. 502- bugfix: failed to detect "Connection refused". FIXED. 503- bugfix: at the failure for keyboard-interactive auth method, 504 a session will be terminated. FIXED. 505- bugfix: due to the cancel for keyboard-interactive auth method, 506 a session will be terminated. FIXED. 507- change: com.jcraft.jsch.jcraft.Compression#uncompress will respect 508 the argument "start". 509- change: "gssapi-with-mic" will choose the default credential. 510- feature: Session#setPortForwardingL will return the assigned local 511 TCP port number; TCP port will be assigned dynamically if lport==0. 512- feature: support for SSH_MSG_UNIMPLEMENTED. 513- feature: support for PASSWD_CHANGEREQ. 514 515 516Changes since version 0.1.30: 517- bugfix: a problem in padding for ciphered private key. 518 PKCS#5 padding should be used. FIXED. 519- bugfix: crash in parsing invalid public key file. FIXED. 520- bugfix: a public key may not have a comment. FIXED. 521- bugfix: output stream from ChannelSftp#put will hang if it is closed 522 twice. FIXED. 523- feature: agent forwarding. To enable this functionality, 524 Channel{Exec,Shell,Sftp}#setAgentForwarding(boolean enable) are added. 525- feature: ChannelShell#setTerminalMode(byte[] terminal_mode) is added. 526- feature: Session#setDaemonThread(boolean true) to run internal threads as 527 daemon threads. 528- feature: an option "PreferredAuthentications" is added. 529 The default value is "gssapi-with-mic,publickey,keyboard-interactive,password". 530- change: if alias-name is given, non-standard TCP port number will not be 531 saved in 'known_hosts' file. 532 533 534Changes since version 0.1.29: 535- bugfix: ChannelSftp#cd() will not throw an exception even if 536 a file is given. FIXED. 537- bugfix: ChannelSftp#put() has a bug which will appear in using 538 on the slow network. FIXED. 539- bugfix: ChannelSftp#ls() has a bug which will appear in using 540 on the slow network. FIXED. 541- bugfix: a bug had sneaked in the remote port forwarding. FIXED. 542- bugfix: some APIs from JCE have the memory leak on Mac OS X, 543 so we have re-written the code(com.jcraft.jsch.jcraft.HMAC* 544 classes) without them. On Mac OS X, such new classes will 545 be used automatically. FIXED. 546- bugfix: the session will be crashed by the long banner message. FIXED. 547- change: '/dev/random' will not be referred on Gnu/Linux. 548- change: if non-standard TCP port number is used, that number will 549 be saved in known_hosts file as recent OpenSSH's ssh client does. 550- change: Channel#getOutputStream will not use Piped{Output,Input}Stream. 551- change: com.jcraft.jsch.HostKeyRepository interface has been 552 slightly modified. 553- feature: Session#setPortForwardingR(String bind_address, ...) has been added. 554- feature: the packet compression method 'zlib@openssh.com' has been supported. 555- feature: the hashed known_hosts file has been supported. 556 Refer to 'examples/KnownHosts.java'. 557- feature: the authentication method 'gssapi-with-mic' has been 558 experimentally supported. 559- feature: com.jcraft.jsch.Logger interface and 560 JSch#setLogger(Logger logger) have been added. 561 Refer to 'examples/Logger.java' for the usage. 562 563 564Changes since version 0.1.28: 565- bugfix: ChannelSftp#put will stack in some situations FIXED. 566- bugfix: ChannelSftp invoked 'glob_remote' redundantly. FIXED. 567- bugfix: ChannelSftp failed to make globbing for some file names. FIXED. 568- bugfix: ChannelSftp did not carefully read its input-stream. FIXED. 569- bugfix: ChannelSftp#lstat did not try globbing for given path. FIXED. 570- bugfix: at closing channel, eof_lcoal and eof_remote did not 571 become true. FIXED. 572- bugfix: IdentityFile did not carefully read file input-streams. FIXED. 573- bugfix: KeyPair did not carefully read file input-streams. FIXED. 574- bugfix: ProxySOCKS4 did not carefully read file input-streams. FIXED. 575- bugfix: ProxySOCKS5 did not carefully read file input-streams. FIXED. 576- bugfix: ForwardedTCPIPDaemom may fail in some situation. FIXED. 577- bugfix: X forwarding failed to handle the magic-cookie 578 in some case FIXED. 579 Thanks to Walter Pfannenmller. 580- bugfix: setKnownHosts in KnownHosts.java doesn't read the last 581 line if linefeed is missing FIXED. 582 Thanks to Henrik Langos. 583- bugfix: With StrictHostKeyChecking set to yes connect() 584 shouldn't ask. FIXED. 585 Thanks to Henrik Langos. 586- change: Identity#setPassphrase(String passphrase) is replaced with 587 Identity#setPassphrase(byte[] passphrase). 588- change: IdentityFile will clear its internal secrets at finalizing. 589- change: KeyPair will clear its internal secrets at finalizing. 590- change: KeyPair will clear its internal secrets at finalizing. 591- change: MAC#doFinal() is replaced with 592 MAC#doFile(byte[] buf, int offset) 593- change: at TCP socket reading timeout, keep-alive message will be sent 594 to the remote sshd. To disable this functionality, invoke 595 explicitly Session.setServerAliveCountMax(0) 596- change: PortWatcher stops to use InetAddress.getByAddress(). 597- change: in the user authentication, username, password and passphrase 598 will be encoded in UTF-8. 599- change: JSch#addIdentity will check duplicate keys. 600- change: SftpException#message has been deleted. 601- change: SftpException#getMessage() will return the detailed message. 602- feature: IdentityFile#setPassphrase(byte[] passphrase) is added. 603- feature: IdentityFile#clear() is added to clear its internal secrets. 604- feature: KeyPair#decrypt(byte[] passphrase) is added. 605- feature: JSch#addIdentity(String path, byte[] passphrase) is added. 606- feature: JSch#getIdentityNames() is added. 607- feature: JSch#removeIdentity(String name) is added. 608- feature: JSch#removeAllIdentity() is added. 609- feature: ChannelSftp#readlink(String path) is added. 610- feature: ChannelSftp#getHome() is added. 611- feature: Channel#connect(int connectTimeout) is added. 612- feature: ChannelShell#setPtyType(String ttype) is added. 613- feature: Session#setPassword(byte[] password) is added. 614- feature: Session#setHostKeyAlias(String alias) is added. 615- feature: KeepAlive is implemented and 616 Session#setServerAliveInterval(int interval) and 617 Session#setServerAliveCountMax(int count) are added. 618- feature: Session#sendKeepAliveMsg() is added. 619- feature: JSchException#getCause() may return a reason. 620- feature: SftpException#getCause() may return a reason. 621- feature: ChannelExec#setErrStream(OutputStream out, boolean dontclose) 622 is added. 623 624 625Changes since version 0.1.27: 626- bugfix: ChannelSftp#localAbsolutePath did not work correctly. FIXED. 627- bugfix: ChannelSftp#chmod did not work for directory. FIXED. 628- bugfix: ProxyHTTP had a bug in processing HTTP headers. FIXED. 629- bugfix: messages before server's version string should be ignored. FIXED. 630- feature: Environment Variable Passing. 631 632 633Changes since version 0.1.26: 634- bugfix: there was a session crash bug. That occurrence is rare, but 635 depends on the thread scheduling. FIXED. 636- bugfix: problems in generating remote/local absolute paths on sftp. FIXED. 637- bugfix: problems in handling cancel operations for sftp. FIXED. 638- bugfix: ChannelX11s were not terminated for a wrong cookie. FIXED. 639- bugfix: NoSuchAlgorithmException should be thrown if JCE is not 640 accessible. FIXED. 641- bugfix: ProxyHTTP should check the return code from proxy. FIXED. 642- bugfix: server's version string should be checked carefully. FIXED. 643- feature: some more improvements on sftp uploading. 644- feature: 'getUserName' method is added to Session class. 645 646 647Changes since version 0.1.25: 648- bugfix: infinite loop/hang on connection at unexpected error during 649 key-exchanging operation. FIXED 650- bugfix: delays on sftp uploading. FIXED 651- bugfix: failed to purge a host-key from its repository in some case. FIXED. 652- feature: SOCKS4 proxy 653 654 655Changes since version 0.1.24: 656- bugfix: remote port forwarding is not established. FIXED. 657- bugfix: failed to parse known_hosts file if it has a long public key blob. 658 FIXED. 659- bugfix: sftp put/get operations keep failing. FIXED. 660- bugfix: ChannelShell.setXForwarding always set xforwarding to be true. FIXED. 661- change: ChannelShell.setPty is added. 662- change: Proxy interface is free from session object. 663- change: added examples/ScpToNoneCipher.java to demonstrate NONE Cipher switching. 664- feature: added NONE Cipher switching support. 665- feature: timeout check will be enabled for proxy connections. 666 667 668Changes since version 0.1.23: 669- bugfix: there was resource leak problems in closing local port forwardings. 670 FIXED. 671- bugfix: there was a session crash problems in using aes-cbc cipher. FIXED. 672- change: ChannelSession.setPtySize was redefined. 673- feature: added SocketFactory for remote port forwarding. 674 Session.setPortForwardingR(int rport, String host, int lport, 675 SocketFactory sf) 676- feature: added ServerSocketFactory for local port forwarding. 677 Session.setPortForwardingL(String boundaddress, 678 int lport, String host, int rport, 679 ServerSocketFactory ssf) 680 681Changes since version 0.1.22: 682- bugfix: there was a freeze problem at fails on key-exchanging. FIXED. 683- bugfix: race-condition forcefully disconnects session in closing channels. 684 FIXED. 685 686 687Changes since version 0.1.21: 688- bugfix: there is a bug in read() method implementation for the 689 input-stream returned from ChannelSftp.get(). FIXED. 690- bugfix: at fail on requesting for the remote port forwarding, 691 an exception should be thrown. FIXED. 692- bugfix: SSH_MSG_CHANNEL_OPEN request for the X11 forwarding should not 693 be accepted if clients don not expect it. FIXED. 694- bugfix: there is a problem in transferring large data(mote than 1GB) 695 to sshd from recent OpenSSH(3.6.1 or later). FIXED. 696 For security concerns, those sshd will re-key periodically and 697 jsch had failed to handle it. 698- bugfix: 'exec', 'shell' and 'sftp' channels will fail if the acceptable 699 packet size by remote sshd is not so large. FIXED. 700- bugfix: there are problems in 'InputStream ChannelSftp.get(String)' 701 and 'OutputStream put(String)'. FIXED. 702- feature: added boolean flag 'dontclose' to 703 * setInputStream(), 704 * setOutputStream() and 705 * setExtOutputStream() 706 methods of Channel class. 707- feature: added 'com.jcraft.jsch.ChannelSubsystem' 708- feature: allowed to control the compression level in the packet compression. 709 Refer to 'examples/Compression.java'. 710- change: modified 'com/jcraft/jsch/jce/KeyPairGenRSA.java' to be complied 711 on JDK 1.2. 712- change: 'examples/ScpTo.java' and 'examples/ScpFrom.java' will use 713 'long' type for the file size instead of 'int'. 714- change: 'Identity.getSignature' method will not expect 'session'. 715- change: while waiting for socket connection establishment, Thread.join 716 will be used instead of Thread.sleep. 717 718 719Changes since version 0.1.20: 720- known issue: there are problems in 'InputStream ChannelSftp.get(String)' 721 and 'OutputStream put(String)'. They will be re-implemented 722 in the next release. 723- bugfix: EOF packets should not be sent twice. This bug had crashed 724 the session on every channel close. FIXED. 725- bugfix: at the fail on opening connection to remote sshd, 726 a misleading exception "invalid server's version string" 727 had been thrown. FIXED. 728- bugfix: fixed a bug in hadling the size of remote channel window. 729- bugfix: channels should not be closed even if EOF is received. FIXED. 730- bugfix: fixed bugs in file name globbing on sftp. 731- change: to transfer packets efficiently, the size of internal buffer 732 for each channel has been increased. 733- change: ChannelSftp.ls will return a vector of 734 com.jcraft.jsch.ChannelSftp.LsEntry. Sorry for inconveniences. 735- feature: added ForwardedTCPIPDaemon. Refer to 'examples/Daemon.java', 736 which demonstrates to provide network services like inetd. 737- feature: ChannelExec.setPty() method to request for assigning pseudo tty. 738- feature: added ciphers "aes128-cbc", "aes192-cbc" and "aes256-cbc". 739 Refer to 'examples/AES.java'. 740- feature: local port-forwarding settings can be dynamically deleted 741 by the bound address. 742- feature: added 'Channel.isClosed()'. Channel.getExitStatus() should be 743 invoked after Channel.isClosed()==true. 744 745 746Changes since version 0.1.19: 747- ClassCastException while calling ChannelExec.finalize() method. FIXED. 748 Thanks to wswiatek at ais dot pl. 749 750 751Changes since version 0.1.18: 752- fixed problems related to thread-safety. 753 Thanks to Eric Meek at cs dot utk dot edu. 754- At the lost of the network connectivity to the remote SSHD, clients 755 connected to the local port were never made aware of the 756 disconnection. FIXED. 757- fixed confusions in handling EOFs from local input stream and 758 the input stream for remote process. 759- 'com.jcraft.jsch.jce.AES128CBC' is added, but it is not be functional in 760 this release. It will work in the next release. 761- Some sshd(Foxit-WAC-Serve) waits for SSH_MSG_NEWKEYS request before 762 sending it. FIXED. 763- fixed a problem in connecting to Cisco Devices. 764 Thanks to Jason Jeffords at comcast dot net. 765- changed the method 'add' of 'HostKeyRepository' interface. 766- 'UIKeyborarInteracetive' will ignore empty prompt by sshd. 767- added 'sendIgnore()' method to 'Session' class. 768- added '-p' for scp command in 'examples/ScpTo.java' to preserve 769 modification times, access times, and modes from the original file. 770 771 772Changes since version 0.1.17: 773- added 'com.jcraft.jsch.HostKeyRepository' interface. 774 It will allow you to handle host keys in your own repository 775 (for example, RDB) instead of using 'known_hosts' file. 776- added methods to get the finger-print of host keys. 777 refer to 'examples/KnownHosts.java'. 778- improved 'known_hosts' file handling. 779 - comment lines will be kept. 780 - SSH1 host keys will be kept. 781 - each hostname can have multiple host keys. 782- fixed a crash bug in processing private keys which have too long key-bits. 783 784 785Changes since version 0.1.16: 786- 'com.jcraft.jsch.jce.DHG1' and 'com.jcraft.jsch.jce.DHGEX' are moved to 787 'com.jcraft.jsch' package. 788- added APIs to handle hostkeys included in 'known_hosts', 789 JSch.getHostKeys(), 790 JSch.removeHostKey() 791- allowing to set timeout value in opening sockets, 792 Session.connect(int timeout) 793 794 795Changes since version 0.1.15: 796- adding support of setting mtime for remote files on sftp channel. 797- setKnownHosts method of JSch class will accept InputStream. 798- implementation of Basic password authentication for HTTP proxy. 799- fixed a bug in checking which ssh protocol version remote sshd supports 800- SSH_MSG_CHANNEL_OPEN_FAILURE will be handled correctly. 801- methods in SftpATTRS class has been public. 802- working around SIGBLOB bug hidden in older sshd. 803 804 805Changes since version 0.1.14: 806- fixed a crash bug in accepting keep-alive messages. 807- the parent directory of 'known_hosts' file will be created 808 if it does not exist. 809- the Subsystem channel support was removed. 810 811 812Changes since version 0.1.13: 813- added 'setClientVersion' method to Session class. 814- fixed hung-up problem on SftpChannel in connecting to 815 the sshd, which does not support sftp. 816- fixed OutOfMemory exception problem in decrypting a private key 817 with bad passphrase. 818- fixed hung-up problem in communicating with the sshd, 819 whose window size is small. 820- RuntimeExceptions will be thrown from jsch APIs. 821- SSH_MSG_CHANNEL_SUCCESS and SSH_MSG_CHANNEL_FAILURE requests 822 have been supported. 823 824 825Changes since version 0.1.12: 826- added the partial authentication support. 827- allowing to change the passphrase of a private key file 828 instead of creating a new private key. 829- added 'examples/ChangePassphrase.java' 830- the interface 'UIKeyboardInteractive' has been modified. 831 832 833Changes since version 0.1.11: 834- RSA keypair generation. 835- added the method 'getFingerPrint' to KeyPair class, 836 which will return the finger print of the public key. 837- fixed a bug in generating non-ciphered private key. 838 839 840Changes since version 0.1.10: 841- fixed a bug in the password authentication, sneaked in 842 0.1.9. By this bug, the password authentication had failed every time. 843 844 845Changes since version 0.1.9: 846- username and password can be in UTF-8 encoding. 847- DSA keypair generation. 848- added 'examples/KeyGen.java', which demonstrates 849 the DSA keypair generation. 850 851 852Changes since version 0.1.8: 853- fixed crash problems on the local port forwarding. 854- fixed crash problems on the remote port forwarding. 855- added setErrStream() and getErrStream() to ChannelExec. 856- added keyboard-interactive authentication support. 857- modified TripleDESCBC to support IBM's JDK 1.4.1. 858- added 'examples/UserAuthKI.java', which demonstrates keyboard-interactive 859 authentication. 860 861 862Changes since version 0.1.7: 863- added APIs for sftp resume downloads and uploads. 864 The author greatly appreciates 865 elpernotador(webmaster at unlix dot com dot ar), 866 who motivated him to hack this functionality. 867- 'examples/Sftp.java' demonstrates sftp resume functionality. 868 Please refer to "put-resume", "put-append", "get-resume" and 869 "get-append" command. 870- added the support of 'window-change' request. 871- fixed a freeze bug in 'Inputstream get(String src)' method of 'ChannelSftp' 872 class. 873 874 875Changes since version 0.1.6: 876- added 'int getExitStatus()' method to 'Channel' class. 877- fixed crash bugs in closing channels for port forwarding. 878- fixed glitches in managing forwarded ports. 879 880 881Changes since version 0.1.5: 882- fixed crash bugs in port forwarding. 883- modified to use "ssh-rsa" for key-exchanging by the default. 884- the port forwarding setting can be canceled dynamically. 885- fixed a freeze bug in getting an empty file on sftp channel. 886 887 888Changes since version 0.1.4: 889- fixed a bug in managing local window size. 890 The local window should be consumed by CHANNEL_EXTENDED_DATA packet. 891- checking the availability of the ssh session in opening channels. 892 In some case, ssh session had been freezed. 893- java.io.File.separator will be refereed in generating local pathname 894 on sftp channel. 895- absolute local pathname will be handled correctly on sftp channel. 896 897 898Changes since version 0.1.3: 899- fixed a serious bug, which had leaked resources related to 900 ChannelExec. 901- added the older SFTP protocol(version 0, 1, 2) support. 902- fixed a problem in the authentication step for FSecure's sshd. 903- fixed a bug, which had broken Diffie-Hellman key exchange in some case. 904- implemented the file name globbing for local files on sftp session. 905- fixed a bug in the file name globbing. 906- added an interface 'SftpProgressMonitor'. 907- modified 'examples/Sftp.java' to demonstrate displaying progress-bar 908 in transferring files. 909 910 911Changes since version 0.1.2: 912- modified 'build.xml' to allow Ant users to compile jsch with debug 913 support (i.e. line-number tables) by overriding the property 914 javac.debug on the command line. 915- added a property 'StrictHostKeyChecking'. 916- added 'UserAuthNone' class to request a list of authentication methods on 917 remote sshd. 918- channels will be managed in each sessions. 919- added 'ChannelSubsystem', which allows users to use their own 920 implementations for subsystems. 921- added 'isEOF()' method to 'Channel' class. 922- supported key pair files in DOS file format. 923 924 925Changes since version 0.1.1: 926- added the file name globbing support on sftp session. 927- fixed a bug in the public key authentication. 928 When there was not a public key in ~/.ssh/, that problem occurred. 929- improved the 'setTimeout' method. 930- fixed a typo in 'LICENSE.txt' 931 932 933Changes since version 0.1.0: 934- added 'rekey' method to 'Session' class for key re-exchanging. 935- added 'rekey' and 'compression' command to 'examples/Sftp.java'. 936- added new 'get' and 'put' methods to 'ChannelSftp'. 937 Those methods will operate I/O streams. 938- methods in 'ChannelSftp' will throw 'SftpException' 939- 'ChannelSftp.Ssh_exp_name' is added for the output of 'ls'. 940 Thanks to Graeme Vetterlein. 941- added 'setTimeout' and 'getTimeout' methods to 'Session' class. 942- guess will be done in the algorithm negotiation step. 943- FSecure's DSA private key has been supported partially. 944- hostkeys will be saved into 'known_hosts' file. 945- fixed a bug in 'Util.toBase64' method. 946- 'Identity' will reject unrecognized keys. 947- 'build.xml' will check if jzlib is available or not. 948 Thanks to Stefan Bodewig. 949- added javadoc target in 'build.xml'. 950 Thanks to Robert Anderson. 951 952 953Changes since version 0.0.13: 954- fixed a bug in connecting to Fsecure's sshd on Windows. 955- the license is changed to BSD style. 956 957 958Changes since version 0.0.12: 959- fixed a bug in verifying DAS signatures. 960- added 'SftpATTR' class, which allow you to get attributes of remote files on 961 sftp channel, and 'stat', 'lstat' method are added to 'ChannelSftp' class. 962- added 'getInputStream' and 'getOutputStream' methods Channel class, which 963 return passive I/O streams. 964- 'setIdentity' method is deleted from 'Session' class and 965 'addIdentity' method is added to 'JSch' class 966- 'setUserName' method is deleted from 'Session' class and 967 'getSession' method of 'JSch' class is changed. 968- 'isConnected' method is added to 'Session' class. 969- 'UserInfo' interface is changed. 970 971 972Changes since version 0.0.11: 973- taking care of remote window size. 974- adding 'disconnect' method to 'Channel' and 'Session' classes. 975- signal sending support. 976- 'mkdir' command for sftp. 977- 'fromBase64' method has been moved to Util class and 'toBase64' method has 978 also been added to that class. 979- 'KnownHosts' class for checking host-key in 'known_host' file. 980- 'examples/KnownHosts.java' has been added. 981- 'setUserName' and 'setPassword' methods have been added to Session class. 982- 'UserInfo' interface has been changed. 983- The implementation of compression has moved to 'com.jcraft.jsch.jcraft' 984 package. 985- fixed a bug in handling 'SSH_MSG_CHANNEL_REQUET' request. 986- fixed a bug in sending multiple requests on a single session. 987 988 989Changes since version 0.0.10: 990- Diffie-Hellman key exchange 'diffie-hellman-group1-sha1' is supported. 991 Refer to 'src/com/jcraft/jsch/jce/DHG1.java'. 992 Thanks to Mitsugu Kitano, whose feedback was very helpful. 993- By the default, 'diffie-hellman-group1-sha1' will be used in the 994 key exchange step. 995- The file attribute on 'SSH File Transfer Protocol' is supported. 996 Now, we can say JSch supports 'SSH File Transfer Protocol'. 997- 'examples/Sftp.java' is updated. 998 'chgrp','chown','chmod' commands are supported. 999 1000 1001Changes since version 0.0.9: 1002- SSH File Transfer Protocol is supported partially. 1003- 'examples/Sftp.java' is added. 1004 This example is a tiny sftp command and supports 'cd','put','get','rm',etc. 1005- 'close' method is added to Channel interface. 1006- build.xml for examples is added. 1007 Thanks to Ronald Broberg. 1008 1009 1010Changes since version 0.0.8: 1011- the tunneling through a SOCKS5 proxy is supported. 1012- 'examples/ScpFrom.java' is added. 1013- 'com.jcraft.jsch.UserInfo' interface is modified. 1014 1015 1016Changes since version 0.0.7: 1017- Packet comression is supported. 1018- 'examples/Compression.java' is added. 1019- JZlib is included. 1020 1021 1022Changes since version 0.0.6: 1023- RSA host key is supported. 1024- RSA public key authentication is supported. 1025 1026 1027Changes since version 0.0.5: 1028- DSA public key authentication is supported. 1029- examples/UserAuthPubKey.java is added. 1030- examples/ScpTo.java is added. 1031 1032 1033Changes since version 0.0.4: 1034- 3des-cbc is supported. 1035- hmac-sha1 is supported. 1036- hmac-md5-96 is supported. 1037- hmac-sha1-96 is supported. 1038 1039 1040Changes since version 0.0.3: 1041- port forwarding, similar to the -L option of SSH. 1042- examples/PortForwardingL.java is added. 1043- examples/StreamForwarding.java is added. 1044- examples/Exec.java is renamed as examples/Shell.java 1045- stream forwarding is added. 1046- ChannelSftp class is added for implementing filexfer. 1047- interfaces for jsch users are changed. 1048 1049 1050Changes since version 0.0.2: 1051- remote exec is supported. 1052- examples/Exec.java is added. 1053- build.xml and some scripts for Ant are added. (lbruand) 1054- Const class is added. (lbruand) 1055 1056 1057Changes since version 0.0.1: 1058- the tunneling via HTTP proxy is supported. 1059- port forwarding like option -R of ssh command. 1060 the given port on the remote host will be forwarded to the given host 1061 and port on the local side. 1062