This is a beta-release (non-production ready)
This release includes:
-
Upstream changes from OpenSSH 9.3p2 and OpenSSH 9.4.
-
Breaking changes - see upstream release notes for more information:
- the ssh-agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behavior "-Oallow-remote-pkcs11".
-
Security Fixes:
- the sshd service will check the
$env:ProgramData\sshfolder permissions upon startup to ensure only SYSTEM and Administrator accounts have write access to the folder; similar to the existing check upon install incontrib\win32\openssh\install-sshd.ps1.
- the sshd service will check the
-
Non-Security Fixes:
- Upgrade to LibreSSL 3.7.3. Please refer to https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt
- Upgrade to ZLib 1.3. Please refer to http://zlib.net/
- Fix #2125 - thanks @samhocevar!
- Fix datatype mismatch - thanks @s911415!