===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/70.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- www/70.html 2021/10/02 12:15:52 1.12
+++ www/70.html 2021/10/02 12:17:35 1.13
@@ -273,7 +273,34 @@
-
OpenSSH 8.7 XXX
+OpenSSH 8.8 XXX replace with release notes
+ Corrected sshd(8) initialization of supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand helper program (not enabled by default) as a different user.
+ Fixed the ssh(1) "Allocated port" debug message for unix sockets.
+ Switched scp(1) back to using the original scp/rcp protocol by default for release.
+ Made scp(1) SFTP mode (including error logging) more scp-like.
+ Allowed CanonicalPermittedCNAMEs=none in ssh_config(5).
+ Put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT in ssh(1).
+ Stopped ignoring SIGINT in sftp(1) while waiting for input if editline(3) is not used.
+ Altered scp(1) to use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
+ Disabled the RSA/SHA-1 signature algorithm by default in ssh(1).
+ Ensured some programs (including sftp(1)) do not ignore Ctrl-C when awaiting user input.
+ Added scp(1) -O and temporary -s (SFTP) flags to select the sftp protocol.
+ Made scp(1) -3 the default for remote-to-remote copies.
+ Improved handling of ~ prefixed paths in scp(1) in SFTP mode.
+ Added experimental support for using the SFTP protocol for file transfers in scp(1).
+ Added a ForkAfterAuthentication directive to ssh_config(5), equivalent to ssh(1) -f.
+ Added a StdinNull directive to ssh_config(5) to prevent reading from stdin, equivalent to ssh(1) -n.
+ Let allowed signers files used by ssh-keygen(1) signatures support key lifetimes and verification mode to specify a signature time at which to check.
+ Added a SessionType directive to ssh_config(5), equivalent to the -N (no session) and -s (subsystem) command line flags.
+ Allowed spaces to appear in usernames for scp(1) local to remote and scp -3 remote to remote copies.
+ Prevented a hang in sshd(8) when interrupted.
+ Matched host certificates against host public keys in sshd(8), allowing use of certificates with private keys held in an ssh-agent.
+ Prevented a race condition which could result in sshd(8) not shutting down until the next time it receives a new connection.
+ Allowed ssh_config(5) SetEnv to override $TERM.
+ Fixed a segmentation violation in ssh(1) in an UpdateHostKezs debug() message when the update removed more host keys than remain present.
+ Fixed ssh(1) to restore file descriptors to non-blocking mode on exit.
+ Fixed ssh(1) started with ControlPersist incorrectly executing a shell when the -N option was specified.
+