jsch-0.2.18

What's Changed

• Handle negated patterns according to ssh_config(5) by @bmiddaugh in #565

Dependency Updates

• update maven wrapper by @norrisjeremy in #555
• Bump log4j.version from 2.23.0 to 2.23.1 by @dependabot in #516
• Bump org.testcontainers:junit-jupiter from 1.19.6 to 1.19.7 by @dependabot in #513
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.0 by @dependabot in #515
• Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.0 by @dependabot in #517
• Bump errorprone.version from 2.25.0 to 2.26.0 by @dependabot in #514
• Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.0 to 3.7.1 by @dependabot in #521
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.0 to 3.2.1 by @dependabot in #520
• Bump errorprone.version from 2.26.0 to 2.26.1 by @dependabot in #519
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in #526
• Bump de.thetaphi:forbiddenapis from 3.6 to 3.7 by @dependabot in #525
• Bump dependabot/fetch-metadata from 1 to 2 by @dependabot in #524
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #522
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.1 to 3.2.2 by @dependabot in #530
• Bump junixsocket.version from 2.9.0 to 2.9.1 by @dependabot in #534
• Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #537
• Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 by @dependabot in #535
• Bump com.kohlschutter:compiler-annotations from 1.6.7 to 1.7.0 by @dependabot in #531
• Bump commons-io:commons-io from 2.15.1 to 2.16.1 by @dependabot in #536
• Bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 by @dependabot in #542
• Bump com.kohlschutter:compiler-annotations from 1.7.0 to 1.7.1 by @dependabot in #540
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.2 to 3.2.3 by @dependabot in #539
• Bump org.bouncycastle:bcprov-jdk18on from 1.78 to 1.78.1 by @dependabot in #546
• Bump com.kohlschutter:compiler-annotations from 1.7.1 to 1.7.2 by @dependabot in #547
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.3 to 3.2.4 by @dependabot in #544
• Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.2 by @dependabot in #551
• Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.2 by @dependabot in #550
• Bump org.testcontainers:junit-jupiter from 1.19.7 to 1.19.8 by @dependabot in #558
• Bump errorprone.version from 2.26.1 to 2.27.1 by @dependabot in #556
• Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 by @dependabot in #548
• Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 by @dependabot in #545
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 by @dependabot in #568
• Bump errorprone.version from 2.27.1 to 2.28.0 by @dependabot in #567
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 by @dependabot in #566
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.5.0 to 3.6.0 by @dependabot in #562
• Bump net.revelc.code.formatter:formatter-maven-plugin from 2.23.0 to 2.24.0 by @dependabot in #569

New Contributors

• @bmiddaugh made their first contribution in #565

Full Changelog: jsch-0.2.17...jsch-0.2.18

jsch-0.2.17

What's Changed

• 0.2.17 changes by @norrisjeremy in #482
  • Organize imports and remove unused imports.
  • Remove unneeded implements statements.
  • Remove unused local variables.
  • Skip flatten-maven-plugin during CI tests.
  • Expand wildcard imports in order to better adhere to Google Java Style Guide.
  • Add PBKDF2-HMAC-SHA512/256 & PBKDF2-HMAC-SHA512/224, which are both supported as of Java 21.
  • Organize imports.
  • Always embed NoPadding into Cipher string.
  • Import javax.crypto.Cipher instead of com.jcraft.jsch.Cipher.
  • Organize module-info.
  • More formatting corrections to better adhere to Google Java Style Guide.
  • Switch to using java.time classes & make work for dates past 2038.

Dependency Updates

• Bump errorprone.version from 2.24.0 to 2.24.1 by @dependabot in #478
• Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 by @dependabot in #476
• Bump com.kohlschutter:compiler-annotations from 1.6.6 to 1.6.7 by @dependabot in #477
• Bump surefire.version from 3.2.3 to 3.2.5 by @dependabot in #480
• Bump org.codehaus.mojo:flatten-maven-plugin from 1.5.0 to 1.6.0 by @dependabot in #481
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in #486
• Bump actions/cache from 3 to 4 by @dependabot in #487
• Bump org.testcontainers:junit-jupiter from 1.19.3 to 1.19.4 by @dependabot in #492
• Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2 by @dependabot in #497
• Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 by @dependabot in #500
• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 by @dependabot in #502
• Bump org.testcontainers:junit-jupiter from 1.19.4 to 1.19.5 by @dependabot in #501
• Bump errorprone.version from 2.24.1 to 2.25.0 by @dependabot in #505
• Bump junixsocket.version from 2.8.3 to 2.9.0 by @dependabot in #504
• Bump org.testcontainers:junit-jupiter from 1.19.5 to 1.19.6 by @dependabot in #509
• Bump log4j.version from 2.22.1 to 2.23.0 by @dependabot in #510

Full Changelog: jsch-0.2.16...jsch-0.2.17

jsch-0.2.16

What's Changed

• 0.2.16 changes by @norrisjeremy in #464
  • Add support for sntrup761x25519-sha512@openssh.com KEX algorithm.
  • Switch to bnd-maven-plugin in order to support Multi-Release OSGi bundle JAR's via supplemental manifest files.
• Introduce JSchProxyException to replace generic JschException in Proxy implementations by @mvegter in #467
• Do not falsely log support for ext-info if the server did not return 'ext-info-s' by @mvegter in #463

Dependency Updates

• Bump errorprone.version from 2.23.0 to 2.24.0 by @dependabot in #466
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 by @dependabot in #465
• Bump log4j.version from 2.22.0 to 2.22.1 by @dependabot in #469
• Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.10 by @dependabot in #468

Full Changelog: jsch-0.2.15...jsch-0.2.16

jsch-0.2.15

What's Changed

• address CVE-2023-48795 by adding support for new strict key exchange extension. by @norrisjeremy in #461
• Add support for ext-info-in-auth@openssh.com extension by @norrisjeremy in #461

This release introduces two new config options to control usage of the new strict key exchange extension:

• enable_strict_kex (set to yes by default)
• require_strict_kex (set to no by default)
  If either option (or both) is enabled, then JSch will attempt to use the new strict key exchange extension.
• If the require_strict_kex option is enabled and JSch detects the server does not support it, then JSch will terminate the connection and throw an exception.
• If the require_strict_kex option is not enabled and JSch detects the server does not support it, then JSch will fallback and proceed with the connection without using the new extension.

This gives users the ability to enable a strong security posture if needed and avoid proceeding with connections to potentially insecure servers.

Dependency Updates

• Bump surefire.version from 3.2.2 to 3.2.3 by @dependabot in #458
• Bump actions/upload-artifact from 3 to 4 by @dependabot in #459
• Bump github/codeql-action from 2 to 3 by @dependabot in #460

Full Changelog: jsch-0.2.14...jsch-0.2.15

jsch-0.2.14

What's Changed

• #450 use Socket.connect() with a timeout that has been supported since Java 1.4 instead of using old method of creating a separate thread and joining to that thread with timeout. by @norrisjeremy in #451

Dependency Updates

• Bump org.testcontainers:junit-jupiter from 1.19.1 to 1.19.2 by @dependabot in #439
• Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.77 by @dependabot in #440
• Bump log4j.version from 2.21.1 to 2.22.0 by @dependabot in #441
• Bump org.testcontainers:junit-jupiter from 1.19.2 to 1.19.3 by @dependabot in #443
• Bump commons-io:commons-io from 2.15.0 to 2.15.1 by @dependabot in #447
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 by @dependabot in #448
• Bump com.kohlschutter:compiler-annotations from 1.6.5 to 1.6.6 by @dependabot in #446
• Bump actions/setup-java from 3 to 4 by @dependabot in #449
• Bump jna.version from 5.13.0 to 5.14.0 by @dependabot in #452
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.4.0 to 3.5.0 by @dependabot in #444

Full Changelog: jsch-0.2.13...jsch-0.2.14

jsch-0.2.13

What's Changed

• #411 Add flush operation from Fix added is/jsch#39, with new config option to allow disabling in case it causes regressions.
• #403 add a warning when Channel.getInputStream() or Channel.getExtInputStream() is called after Channel.connect().

Dependency Updates

• Bump surefire.version from 3.1.2 to 3.2.1 by @dependabot in #419
• Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.0 to 3.6.1 by @dependabot in #420
• Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.3.1 by @dependabot in #423
• Bump junixsocket.version from 2.8.1 to 2.8.2 by @dependabot in #421
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 by @dependabot in #422
• Bump org.junit.jupiter:junit-jupiter from 5.10.0 to 5.10.1 by @dependabot in #426
• Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.1 to 3.3.2 by @dependabot in #427
• Bump commons-io:commons-io from 2.14.0 to 2.15.0 by @dependabot in #428
• Bump org.codehaus.mojo:templating-maven-plugin from 1.0.0 to 3.0.0 by @dependabot in #429
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.2 by @dependabot in #434
• Bump junixsocket.version from 2.8.2 to 2.8.3 by @dependabot in #432
• Bump surefire.version from 3.2.1 to 3.2.2 by @dependabot in #433
• Bump com.kohlschutter:compiler-annotations from 1.6.4 to 1.6.5 by @dependabot in #435

Full Changelog: jsch-0.2.12...jsch-0.2.13

jsch-0.2.12

What's Changed

• Further refine previous fixes for windows line endings in PEM keys from #371 & #362 by @norrisjeremy in #371
• #392 replace call to BigInteger.intValueExact to remain comptaible wi… by @mwiede in #397
• Introduce JSchSessionDisconnectException to allow the reasonCode to be retrieved without String parsing by @mvegter in #416
• Introduce specific JSchException for HostKey related failures by @mvegter in #410

Dependency Updates

• update dependencies by @norrisjeremy in #375
• Bump errorprone.version from 2.20.0 to 2.21.1 by @dependabot in #373
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.0 by @dependabot in #381
• Bump org.testcontainers:junit-jupiter from 1.18.3 to 1.19.0 by @dependabot in #379
• Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 by @dependabot in #384
• Bump actions/checkout from 3 to 4 by @dependabot in #383
• Bump junixsocket.version from 2.7.0 to 2.7.1 by @dependabot in #387
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.0 to 3.4.1 by @dependabot in #388
• Bump com.kohlschutter:compiler-annotations from 1.5.6 to 1.5.7 by @dependabot in #389
• Bump junixsocket.version from 2.7.1 to 2.7.2 by @dependabot in #393
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 by @dependabot in #394
• Bump errorprone.version from 2.21.1 to 2.22.0 by @dependabot in #395
• Bump com.kohlschutter:compiler-annotations from 1.5.7 to 1.5.8 by @dependabot in #396
• Bump org.testcontainers:junit-jupiter from 1.19.0 to 1.19.1 by @dependabot in #401
• Bump commons-io:commons-io from 2.13.0 to 2.14.0 by @dependabot in #402
• Bump com.kohlschutter:compiler-annotations from 1.5.8 to 1.6.4 by @dependabot in #400
• Bump junixsocket.version from 2.7.2 to 2.8.1 by @dependabot in #399
• Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 by @dependabot in #406
• Bump errorprone.version from 2.22.0 to 2.23.0 by @dependabot in #414
• Reset the sequence numbers on Session disconnect to support reconnection by @mvegter in #409
• Bump log4j.version from 2.20.0 to 2.21.1 by @dependabot in #415

New Contributors

• @mvegter made their first contribution in #410

Full Changelog: jsch-0.2.11...jsch-0.2.12

jsch-0.2.11

What's Changed

• update dependencies changes by @norrisjeremy in #368
• #369 fix multi-line PEM key parsing to work with windows line endings due to regression from previous fix for #362.

Full Changelog: jsch-0.2.10...jsch-0.2.11

jsch-0.2.10

What's Changed

• Fix new Java 21 compiler warning: possible 'this' escape before subclass is fully initialized. by @norrisjeremy
• Tweak OSGi bundle manifest to allow Log4j 3. by @norrisjeremy
• #362 fix PEM key parsing to work with windows line endings. by @norrisjeremy
• #361 guard against UIKeyboardInteractive implementations that include NULL elements in the String[] returned from promptKeyboardInteractive(). by @norrisjeremy
• Add a default implmentation of the deprecated decrypt() method to the Identity interface that throws an UnsupportedOperationException. by @norrisjeremy

Dedepency updates

• Bump guava from 31.1-jre to 32.0.0-jre by @dependabot in #334
• Bump maven-checkstyle-plugin from 3.2.2 to 3.3.0 by @dependabot in #335
• Bump maven-dependency-plugin from 3.5.0 to 3.6.0 by @dependabot in #336
• Bump maven-bundle-plugin from 5.1.8 to 5.1.9 by @dependabot in #337
• Bump cyclonedx-maven-plugin from 2.7.8 to 2.7.9 by @dependabot in #338
• Bump junit-jupiter from 1.18.1 to 1.18.3 by @dependabot in #340
• Bump formatter-maven-plugin from 2.22.0 to 2.23.0 by @dependabot in #342
• Bump maven-release-plugin from 3.0.0 to 3.0.1 by @dependabot in #341
• Bump surefire.version from 3.1.0 to 3.1.2 by @dependabot in #345
• Bump guava from 32.0.0-jre to 32.0.1-jre by @dependabot in #346
• Bump bcprov-jdk18on from 1.73 to 1.74 by @dependabot in #351
• Bump guava from 32.0.1-jre to 32.1.1-jre by @dependabot in #355
• Bump commons-codec from 1.15 to 1.16.0 by @dependabot in #354
• Bump maven-clean-plugin from 3.2.0 to 3.3.1 by @dependabot in #353
• Bump bcprov-jdk18on from 1.74 to 1.75 by @dependabot in #352
• Bump errorprone.version from 2.19.1 to 2.20.0 by @dependabot in #350
• Bump org.junit.jupiter:junit-jupiter from 5.9.3 to 5.10.0 by @dependabot in #364

Full Changelog: jsch-0.2.9...jsch-0.2.10

jsch-0.2.9

What's Changed

• various improvements by @norrisjeremy in #295
  • #293 allow UserAuthNone to be extended.
  • Make JGSS module optional.
  • Tweak OSGi bundle manifest:
  • Avoid self-import.
  • Mark JGSS as optional.
  • Loosen import versions of dependencies.
  • Correctly adhere to the Multi-release JAR spec by ensuring all public classes under versioned directories preside over classes present in the top-level directory.
  • Eliminate stray System.err.println() calls.
  • Change PageantConnector to use JNA's built-in support for User32.SendMessage().
• Improve error handling in InputStream.close() for SFTP channels by @stsiano in #331

Dependency Updates

• Bump jacoco-maven-plugin from 0.8.8 to 0.8.9 by @dependabot in #301
• Bump cyclonedx-maven-plugin from 2.7.5 to 2.7.6 by @dependabot in #304
• Bump junit-jupiter from 1.17.6 to 1.18.0 by @dependabot in #306
• Bump maven-enforcer-plugin from 3.2.1 to 3.3.0 by @dependabot in #305
• Bump flatten-maven-plugin from 1.4.0 to 1.4.1 by @dependabot in #303
• Bump bcprov-jdk18on from 1.72 to 1.73 by @dependabot in #310
• Bump maven-checkstyle-plugin from 3.2.1 to 3.2.2 by @dependabot in #314
• Bump cyclonedx-maven-plugin from 2.7.6 to 2.7.7 by @dependabot in #313
• Bump jacoco-maven-plugin from 0.8.9 to 0.8.10 by @dependabot in #319
• Bump cyclonedx-maven-plugin from 2.7.7 to 2.7.8 by @dependabot in #318
• Bump junit-jupiter from 5.9.2 to 5.9.3 by @dependabot in #317
• Bump surefire.version from 3.0.0 to 3.1.0 by @dependabot in #321
• Bump maven-gpg-plugin from 3.0.1 to 3.1.0 by @dependabot in #322
• Bump junit-jupiter from 1.18.0 to 1.18.1 by @dependabot in #323
• Bump maven-assembly-plugin from 3.5.0 to 3.6.0 by @dependabot in #324
• Bump build-helper-maven-plugin from 3.3.0 to 3.4.0 by @dependabot in #325
• Bump flatten-maven-plugin from 1.4.1 to 1.5.0 by @dependabot in #326
• Bump errorprone.version from 2.18.0 to 2.19.1 by @dependabot in #327

New Contributors

• @stsiano made their first contribution in #331

Full Changelog: jsch-0.2.8...jsch-0.2.9