===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/43.html,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- www/43.html	2008/03/11 10:39:37	1.32
+++ www/43.html	2008/03/12 12:53:25	1.33
@@ -205,7 +205,90 @@
 
 <li>OpenSSH 4.8:
 <ul>
-<li>...
+<li>New features:
+  <ul>
+    <li>Added 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&amp;sektion=2">chroot(2)</a>
+    support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>,
+     controlled by a new option
+    <em>"ChrootDirectory"</em>. Please refer to 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&amp;sektion=5">sshd_config(5)</a>
+    for details, and
+    please use this feature carefully.</li>
+    <li>Linked
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a>
+    into
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>. The internal sftp server is
+    used when the command <em>"internal-sftp"</em> is specified in a Subsystem
+    or ForceCommand declaration. When used with <em>ChrootDirectory</em>, the
+    internal sftp server requires no special configuration of files
+    inside the chroot environment. Please refer to 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&amp;sektion=5">sshd_config(5)</a>
+    for more information.</li>
+    <li>Added a protocol extension method "posix-rename@openssh.com" for
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a>
+    to perform POSIX atomic rename() operations.</li>
+    <li>Removed the fixed limit of 100 file handles in
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a>.
+    The server will now dynamically allocate handles up to the number of
+    available file descriptors.</li>
+    <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
+    will now skip generation of SSH protocol 1 ephemeral server
+    keys when in inetd mode and protocol 2 connections are negotiated.
+    This speeds up protocol 2 connections to inetd-mode servers that
+    also allow Protocol 1.</li>
+    <li>Accept the <em>PermitRootLogin</em> directive in a 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&amp;sektion=5">sshd_config(5)</a>
+    <em>Match</em>
+    block. Allows for, e.g. permitting root only from the local
+    network.</li>
+    <li>Reworked 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&amp;sektion=1">sftp(1)</a>
+    argument splitting and escaping to be more
+    internally consistent (i.e. between sftp commands) and more
+    consistent with
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sh&amp;sektion=1">sh(1)</a>.
+    Please note that this will change the
+    interpretation of some quoted strings, especially those with
+    embedded backslash escape sequences.</li>
+    <li>Support <em>"Banner=none"</em> in 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&amp;sektion=5">sshd_config(5)</a>
+    to disable sending of a
+    pre-login banner (e.g. in a <em>Match</em> block).</li>
+    <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
+    <em>ProxyCommand</em>s are now executed with $SHELL rather than
+    /bin/sh.</li>
+    <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)'s</a>
+    <em>ConnectTimeout</em> option is now applied to both the TCP
+    connection and the SSH banner exchange (previously it just covered
+    the TCP connection). This allows callers of
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
+    to better detect
+    and deal with stuck servers that accept a TCP connection but don't
+    progress the protocol, and also makes <em>ConnectTimeout</em> useful for
+    connections via a <em>ProxyCommand</em>.</li>
+    <li>Many new regression tests, including interop tests against PuTTY's
+    plink</li>
+  </ul></li>
+  <li>The following significant bugs have been fixed in this release:
+  <ul>
+     <li>SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client
+     keepalive logic, causing disconnections on servers that did not
+     explicitly implement "keepalive@openssh.com".</li>
+     <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
+     used the obselete SIG DNS RRtype for host keys in DNS,
+     instead of the current standard RRSIG.</li>
+     <li>Correctly drain ACKs when a 
+     <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&amp;sektion=1">sftp(1)</a>
+     upload write fails midway,
+     avoids a fatal() exit from what should be a recoverable condition.</li>
+     <li>Fixed packet size advertisements. Previously TCP and agent
+     forwarding incorrectly advertised the channel window size as the
+     packet size, causing fatal errors under some conditions.</li>
+     <li><em>Many more bugfixes. Please refer to the
+     <a href="http://www.openssh.com/txt/release-4.8">Release Notes</a>.</em>
+     </li>
+  </ul></li>
 </ul>
 <p>
 
@@ -649,7 +732,7 @@
 alt="OpenBSD"></a>
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
 <br><small>
-$OpenBSD: 43.html,v 1.32 2008/03/11 10:39:37 sobrado Exp $
+$OpenBSD: 43.html,v 1.33 2008/03/12 12:53:25 djm Exp $
 </small>
 
 </body>