GH-300 Read the channel id in SSH_MSG_CHANNEL_OPEN_CONFIRMATION as unsigned int.
GH-313 Log exceptions in the SFTP subsystem before sending a failure status reply.
SSHD-1315 Do not log sensitive data at log level TRACE.
SSHD-1316 Possible OOM in ChannelPipedInputStream (fix channel window).
SSHD-1319 Use position in SftpRemotePathChannel.transferFrom().
Major code re-factoring
Potential compatibility issues
Minor code helpers
Behavioral changes and enhancements
CoreModuleProperties.PASSWORD_PROMPTS is now also used for password authentication. Previous versions used it only for keyboard-interactive authentication.
The semantics has been clarified to be the equivalent of the OpenSSH configuration NumberOfPasswordPrompts, which is actually the number of authentication
attempts. (In keyboard-interactive authentication, there may be several prompts per authentication attempt.) Only interactive authentication attempts
using UserInteraction count towards the limit. Attempts fulfilled by explicitly provided passwords (via session.addPasswordIdentity() or
session.setPasswordIdentityProvider()) are not counted. The default value of the property is unchanged and is 3, as in OpenSSH. The limit is applied
independently for both authentication mechanisms: with the default setting, there can be three keyboard-interactive authentication attempts, plus three
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/3KeyCompany/CZERTAINLY-Keystore-Entity-Provider/network/alerts).
Bumps sshd-core from 2.5.1 to 2.7.0.
Changelog
Sourced from sshd-core's changelog.
... (truncated)
Commits
2772c7c[maven-release-plugin] prepare release sshd-2.7.0c5500e9Add changelog for 2.7.09a724be[SSHD-525] Server side implementation of posix-rename@openssh.com4dad0d7[SSHD-1145] Deprecate ReflectionUtils#isClassAvailable and use ThreadUtils#re...db7cbdc[SSHD-1158] Don't send channel EOF after having received channel CLOSE60b50f9[SSHD-1141] DefaultClientKexExtensionHandler: ensure list is modifiable797d887Updated Netty version to 4.1.634bfeca3Updated PMD version to 6.33.0f7a2ae3Updated Checkstyle version to 8.41.10a3f5daUpdated Spring Core version to 5.3.6Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/3KeyCompany/CZERTAINLY-Keystore-Entity-Provider/network/alerts).