=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/70.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- www/70.html 2021/10/02 12:15:52 1.12 +++ www/70.html 2021/10/02 12:17:35 1.13 @@ -273,7 +273,34 @@ -
  • OpenSSH 8.7 XXX +
  • OpenSSH 8.8 XXX replace with release notes +
  • Corrected sshd(8) initialization of supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand helper program (not enabled by default) as a different user. +
  • Fixed the ssh(1) "Allocated port" debug message for unix sockets. +
  • Switched scp(1) back to using the original scp/rcp protocol by default for release. +
  • Made scp(1) SFTP mode (including error logging) more scp-like. +
  • Allowed CanonicalPermittedCNAMEs=none in ssh_config(5). +
  • Put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT in ssh(1). +
  • Stopped ignoring SIGINT in sftp(1) while waiting for input if editline(3) is not used. +
  • Altered scp(1) to use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag. +
  • Disabled the RSA/SHA-1 signature algorithm by default in ssh(1). +
  • Ensured some programs (including sftp(1)) do not ignore Ctrl-C when awaiting user input. +
  • Added scp(1) -O and temporary -s (SFTP) flags to select the sftp protocol. +
  • Made scp(1) -3 the default for remote-to-remote copies. +
  • Improved handling of ~ prefixed paths in scp(1) in SFTP mode. +
  • Added experimental support for using the SFTP protocol for file transfers in scp(1). +
  • Added a ForkAfterAuthentication directive to ssh_config(5), equivalent to ssh(1) -f. +
  • Added a StdinNull directive to ssh_config(5) to prevent reading from stdin, equivalent to ssh(1) -n. +
  • Let allowed signers files used by ssh-keygen(1) signatures support key lifetimes and verification mode to specify a signature time at which to check. +
  • Added a SessionType directive to ssh_config(5), equivalent to the -N (no session) and -s (subsystem) command line flags. +
  • Allowed spaces to appear in usernames for scp(1) local to remote and scp -3 remote to remote copies. +
  • Prevented a hang in sshd(8) when interrupted. +
  • Matched host certificates against host public keys in sshd(8), allowing use of certificates with private keys held in an ssh-agent. +
  • Prevented a race condition which could result in sshd(8) not shutting down until the next time it receives a new connection. +
  • Allowed ssh_config(5) SetEnv to override $TERM. +
  • Fixed a segmentation violation in ssh(1) in an UpdateHostKezs debug() message when the update removed more host keys than remain present. +
  • Fixed ssh(1) to restore file descriptors to non-blocking mode on exit. +
  • Fixed ssh(1) started with ControlPersist incorrectly executing a shell when the -N option was specified. +