search

DataVault / datavault

DataVault Project
MIT License
20 stars 16 forks source link

Bump org.apache.sshd:sshd-sftp from 2.9.2 to 2.10.0 #799

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 8 months ago

Bumps org.apache.sshd:sshd-sftp from 2.9.2 to 2.10.0.

Release notes

Sourced from org.apache.sshd:sshd-sftp's releases.

Apache Mina SSHD 2.9.3 is a bug fix release. This release is available for download from the Apache MINA SSHD website.

What's Changed

  • CVE-2023-35887 / SSHD-1324 Rooted file system can leak informations
  • Fix reproducible builds issue
  • Support building with Maven 3.9.x

Full Changelog: https://github.com/apache/mina-sshd/compare/sshd-2.9.2...sshd-2.9.3

Changelog

Sourced from org.apache.sshd:sshd-sftp's changelog.

Version 2.9.1 to 2.9.2

Version 2.9.2 to 2.10.0

Version 2.10.0 to 2.11.0

Planned for next version

Bug Fixes

New Features

Behavioral changes and enhancements

Potential compatibility issues

Server-side SFTP file handle encoding

Major Code Re-factoring

Commits
  • b8429ca [maven-release-plugin] prepare release sshd-2.10.0
  • 2406cbe Prepare 2.10.0 release
  • a61e930 [SSHD-1234] Rooted file system can leak informations
  • f9970ab Remove unwanted reverse lookup
  • d4b951a GH-364: Use flags for RSA signature requests in AbstractAgentClient
  • 9f5c03a Bump spring-core from 5.3.26 to 5.3.27
  • f06217f [releng] OSGi: Ensure the BC security provider can be found
  • 5c80258 Add a test for GH-351
  • c11bfcc GH-281: Follow first-match semantics specified for ssh config file
  • f887414 OpenSSH key parsing: minor clean-ups in new AEAD code paths
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DataVault/datavault/network/alerts).
dependabot[bot] commented 7 months ago

Superseded by #806.