maertendMSFT
commented
5 months ago The Terrapin attack patch was included in our 9.5 release. 9.7 or a newer release (if applicable) is planned.
Closed Uj947nXmRqV2nRaWshKtHzTvckUUpD closed 5 months ago
maertendMSFT
commented
5 months ago The Terrapin attack patch was included in our 9.5 release. 9.7 or a newer release (if applicable) is planned.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
5 months ago thank you for the explanation. is there a way to see these kind of changes from upper versions pushed into previous versions (a changelog) ?
tgauth
commented
5 months ago There's no changelog, but the OpenSSH-Portable repo is tagged for each release so the commits from upstream that mitigate this issue can be seen there - https://github.com/PowerShell/openssh-portable/tree/v9.5.0.0.
Also to clarify, these changes were included in Win32-OpenSSH 9.5 from the start. Due to the release cadence being delayed from upstream and the timing of the CVE notification, we were able to include a cherry-pick of upstream's (9.6) "strict kex" protocol extension changes. It was not pushed into a previous version after the fact.
Uj947nXmRqV2nRaWshKtHzTvckUUpD
commented
5 months ago might be worthy to specify these kind of things in the future. closing this one
Summary of the new feature / enhancement
update to latest version for security patch against Terrapin attack
Proposed technical implementation details (optional)
No response