This is a preview-release (non-production ready)
Note that the change from "beta" to "preview" is simply to align with release naming requirements.
This release includes:
-
Upstream changes from OpenSSH 9.8p1.
-
Security Fixes (all pertaining to Windows parity with pre-existing upstream behavior):
- [ssh-agent] validate a PKCS11 library path based on allow-list configurable via
-P
, with default allow-list set to$env:ProgramFiles
and$env:ProgramFiles(x86)
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38029. - [sftp] check for invalid character in filename to prevent recursive directory attack - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43581.
- [scp] check for invalid character in filename to prevent recursive directory attack - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43615.
- [ssh-agent] validate a PKCS11 library path based on allow-list configurable via
-
Non-Security Fixes:
- Upgrade to ZLib 1.3.1. Please refer to https://zlib.net/.
- Upgrade to LibreSSL 3.9.2. Please refer to https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.9.2-relnotes.txt.
- Upgrade to LibFido2 1.15.0. Please refer to https://developers.yubico.com/libfido2/Release_Notes.html.