⚡ Security
- No security fixes since previous release
- Oldest release with no known security issue is
v3.14.15(2023-11-08)
💡 Highlights
A new restricted command has been added: assetForgetHostKey, which is the bastion-wide version of the selfForgetHostKey command. In other words, it removes a given asset's hostkey from all the bastion accounts' personal known_hosts file. This is particularely useful when a given asset is reinstalled or its IP is being reallocated, and you've left the bastion-wide default of StrictHostKeyChecking to 'ask': in that case, if this command is not used after the asset hostkeys have changed, each account will have to use selfForgetHostKey on their own, to tell the bastion that the previously known hostkey should be forgotten.
This new command makes it possible to sync the reinstallation of an asset with a bastion-wide reset of its hostkeys (e.g. using an automation account that will be granted the use of the assetForgetHostKey command), without requiring all the other accounts to do it on their own. On their next connection, the other accounts will just have to accept the new hostkey (if StrictHostKeyChecking is set to ask, which is the default), or the new hostkey will be auto-accepted in the absence of a known one (if StrictHostKeyChecking is set to accept-new).
A long-standing but has also been fixed with stalling downloads using scp (#486).
The list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.
📌 Changes
- feat: add assetForgetHostKey
- fix: scp: downloads would sometimes stall (fix #486)