Releases: sshtools/maverick-synergy
Release 3.1.2
Maverick Synergy 3.1.2 - Sep 20, 2024
Bug Fixes
o Added strict mode option to SignaturePolicy for clients to require declaration of signature support in SSH_MSG_EXT_INFO when provided.
o Specifically calculate dates with UTC time zone set to avoid local time zone defaults.
o User and group information can now be defaulted on an AbstractMount.
o Changed default public key preference from ecdsa to ed25519.
o Incorrect parent mount passed to VirtualMountFile when resolving children.
o CommandTaskBulder missing withConnection method.
o Fixes regression found in callback service where osshell
would fail to send keyboard input.
o Logging indicates that an IP address will be temporarily banned even if banning has been disabled.
o ScpClient and SftpClient have differing strategies for the default sandbox value. By default sandboxing is now turned off for both SFTP and SCP clients.
o Client would hang if 'none' authentication succeeded.
o Ensure attributes for SftpHandle are requested after file has been opened to maintain messaging strict sequence.
3.1.1
Release 3.1.0
Maverick Synergy 3.1.0 - Feb 20, 2024
Features
o Minimum Java version has been increased to Java 11.
o The API is now compatible with JPMS (Java Modularisation)
o Extendible SSH Agent transports. In order to allow optional native Unix domain socket support, and to reduce 3rd party dependencies, you must now choose one or more of the AgentProvider
implementations. So add at least one of maverick-sshagent-jdk16-sockets, maverick-sshagent-named-pipes or maverick-ssh-agent-jni-sockets.
o New module added to support JDK16's native Unix domain sockets to reduce dependency on third-party APIs.
o Unix domain socket tunnels are now supported (direct-streamlocal@openssh.com, forwarded-streamlocal@openssh.com)
o Authenticators requiring password/passphrase input now have optional Supplier argument for retrieving value when required and not at construction.
o Added methods to utility classes to support Path objects.
o Added static method getEnvironmentSocket to resolve agent socket through environment variables.
o New IdentityFileAuthenticator that prompts for password once the key is deemed acceptable for authentication.
o FileTransferProgress interface now made default.
o Make SftpClient Closeable.
o Jzlib dependency removed and replaced with standard Java compression API.
o ServiceLoader is now the basis of the loading of components (i.e. ciphers, kex, public keys, hmac, compress). To achieve this, each component now has an associated factory class responsible for creating the implementation. To add custom ciphers etc, simple implement the cipher, it's factory, and add the service using the standard mechanism using module-info.java or a META-INF/services files.
o Components may be enabled and disabled using ComponentManager.setDefaultEnabled().
o Improved SshdConfigFile support for reading and writing sshd_config and ssh_config files.
o Added isOlderThan method to IOUtils.
o Extract format longname so it can be used by other SFTP clients.
o Added IPPolicy to LoadBalancerPolicy.
o Changed checkConnection to take InetAddress.
o Added option for public key verifier implementation.
o RSA keys will now upgrade to SHA2 types where possible.
o Added UTF-8 mode to PseudoTerminalModes
o New PushSftp task to utilise multiple connections to increase throughput on latent networks.
o All *Task implementations (ShellTask, UploadFileTask, DownloadFileTask etc) now have deprecated constructors and should be created through their new builder implementations.
o Support for PseudoTerminalModes creation through new PseudoTerminalModesBuilder implementation.
o Added new EVENT_REMOTE_DISCONNECTED even to capture remote reason for disconnection.
o New multipart upload SFTP file extension to enable PushSftp on back-end storage that does not support random access across concurrent connections.
o New s3 abstract file implementation that supports multipart uploads on Amazon S3.
o Safer, modern, recursive delete methods on IOUtils.
o Server now supports hardlink@openssh.com and statvfs@openssh.com
o SshClientBuilder introduced as a replacement to direct SshClient construction.
o SftpClientBuilder introduced as a replacement to direct SftpClient construction.
o All Sftp extensions are now standard Java services. Use SftpExtensionLoaderFactory instead of DefaultSftpExtensionFactory in configuration.
Bug Fixes
o Implementations of available incorrectly return -1.
o Support for window space using full UnsignedInteger32 value (instead of Integer.MAX_VALUE).
o SshClient is missing getPort method.
o Extensions were not being processed and were effectively not supported.
o Reading SFTP v5 supported structure generates parsing error.
Other
o Tests split into separate Maven projects. This is to allow development in Eclipse, which does not yet allow main source and tests that are modular to exist in the same project.
o DirectFileJava7 has been deprecated and it's features moved to DirectFile.
o PuTTY support moved to it's own module, removing the Bouncycastle requirement in the core classes.
RELEASE_3.1.0_SNAPSHOT
Maverick Synergy 3.1.0 - TBC
Features
o Minimum Java version has been increased to Java 11.
o The API is now compatible with JPMS (Java Modularisation)
o Extendible SSH Agent transports. In order to allow optional native Unix domain socket support, and to reduce 3rd party dependencies, you must now choose one or more of the AgentProvider
implementations. So add at least one of maverick-sshagent-jdk16-sockets, maverick-sshagent-named-pipes or maverick-ssh-agent-jni-sockets.
o New module added to support JDK16's native Unix domain sockets to reduce dependency on third-party APIs.
o Unix domain socket tunnels are now supported (direct-streamlocal@openssh.com, forwarded-streamlocal@openssh.com)
o Authenticators requiring password/passphrase input now have optional Supplier argument for retrieving value when required and not at construction.
o Added methods to utility classes to support Path objects.
o Added static method getEnvironmentSocket to resolve agent socket through environment variables.
o New IdentityFileAuthenticator that prompts for password once the key is deemed acceptable for authentication.
o FileTransferProgress interface now made default.
o Make SftpClient Closeable.
o Jzlib dependency removed and replaced with standard Java compression API.
o ServiceLoader is now the basis of the loading of components (i.e. ciphers, kex, public keys, hmac, compress). To achieve this, each component now has an associated factory class responsible for creating the implementation. To add custom ciphers etc, simple implement the cipher, it's factory, and add the service using the standard mechanism using module-info.java or a META-INF/services files.
o Components may be enabled and disabled using ComponentManager.setDefaultEnabled().
o Improved SshdConfigFile support for reading and writing sshd_config and ssh_config files.
o Added isOlderThan method to IOUtils.
o Extract format longname so it can be used by other SFTP clients.
o Added IPPolicy to LoadBalancerPolicy.
o Changed checkConnection to take InetAddress.
o Added option for public key verifier implementation.
o RSA keys will now upgrade to SHA2 types where possible.
o Added UTF-8 mode to PseudoTerminalModes
o New PushSftp task to utilise multiple connections to increase throughput on latent networks.
o All *Task implementations (ShellTask, UploadFileTask, DownloadFileTask etc) now have deprecated constructors and should be created through their new builder implementations.
o Support for PseudoTerminalModes creation through new PseudoTerminalModesBuilder implementation.
o Added new EVENT_REMOTE_DISCONNECTED even to capture remote reason for disconnection.
o New multipart upload SFTP file extension to enable PushSftp on back-end storage that does not support random access across concurrent connections.
o New s3 abstract file implementation that supports multipart uploads on Amazon S3.
o Safer, modern, recursive delete methods on IOUtils.
o Server now supports hardlink@openssh.com and statvfs@openssh.com
o SshClientBuilder introduced as a replacement to direct SshClient construction.
o SftpClientBuilder introduced as a replacement to direct SftpClient construction.
o All Sftp extensions are now standard Java services. Use SftpExtensionLoaderFactory instead
of DefaultSftpExtensionFactory in configuration.
Bug Fixes
o Implementations of available incorrectly return -1.
o Support for window space using full UnsignedInteger32 value (instead of Integer.MAX_VALUE).
o SshClient is missing getPort method.
o Extensions were not being processed and were effectively not supported.
o Reading SFTP v5 supported structure generates parsing error.
Other
o Tests split into separate Maven projects. This is to allow development in Eclipse, which does not yet allow main source and tests that are modular to exist in the same project.
o DirectFileJava7 has been deprecated and it's features moved to DirectFile.
o PuTTY support moved to it's own module, removing the Bouncycastle requirement in the core classes.
RELEASE 3.0.10
Features
o Support for PuTTY Version 3 Private Key format (requires Bouncycastle dependency for Argon key derivation support)
o Support for ed448 public and private keys
o Added missing events for SFTP operations; EVENT_SFTP_GET_ATTRIBUTES for stat and EVENT_SFTP_DIRECTORY_OPENED for opening of a directory.
o Added openRemoteClient method for using the existing connection as a jump host.
Bug Fixes
o Fixed NPE when SCP is enabled on AbstractSshServer but no ChannelFactory has been set.
o VFSFileFactory fails to resolve file with no default path is set and local file scheme is not supported. Added maverick.vfsDefaultPath system property that allows override of the default path.
o Ensure mounts in VirtualFileFactory are initialized with VFSFileFactory with a default path of the mount path.
o getTotalBytesIn / getTotalBytesOut methods on Connection were present but not on implemented interface SshConnection.
o Do not throw exception when unsupported agent message is received. Log and continue. This should fix support for latest OpenSSH agents that now implement some extension messages.
RELEASE 3.0.9
Maverick Synergy 3.0.9 - Aug 21, 2022
Bug Fixes
o When supported SFTP attributes is not null, only process flags when there is actually a value set.
o Refactor of VirtualFileFactory to provide consistent resolution of children.
o Intermediate non-existent paths along a virtual mount path should be read only.
o Calling enableFile twice on the same logging path should not create an additional log context but should instead reconfigure the existing context.
o Added isMount method to VirtualFile to make it easier to determine if the file object is a mount or not.
o VirtualMounts are now processed and cached in the VirtualFileFactory constructor.
o There is no method to reset the logging contexts.
o DirectFileJava7 attempts to set name of group/user using the SftpFileAttributes method that only accepts a numerical GID/UID.
o PublicKeyAuthenticator setKeyPair method incorrectly stores unmodifiable collection causing UnsupportedOperationException when keys are removed during authentication.
o Removed non-compliant HMAC algorithms hmac-sha256 and hmac-sha512.
RELEASE 3.0.8
Maverick Synergy 3.0.8 - Jun 30, 2022
Features
o Removed hard dependency on BouncyCastle JCE for ed25519 keys. This now supports any JCE provider that supports the ed25519 algorithm.
o Refactored support for the incomplete and non-functional features in the client to use HTTP, SOCKS4 and SOCKS5 proxies.
Bug Fixes
o SftpFileAttributes setGroup and setUsername never set flag SSH_FILEXFER_ATTR_OWNERGROUP.
o SftpFileAttributes does not use values set by setGroup/setUsername in v4 binary blob.
o SftpFileAttributes does not validate UID/GID are numeric values.
o Added getMount to VirtualFile interface for consistent mount returning function across virtual file types. Deprecated getParentMount on VirtualFileObject for same reasons.
RELEASE 3.0.7
Maverick Synergy 3.0.7 - Apr 11, 2021
Features
o Proxy protocol v1 is now supported for IP resolution through load balancers. Remote address on Connection object is replaced with unresolved InetAddress containing the IP and port of the source connection.
o Further improvements to callback client and server.
o Added getSessionCount method to SshConnection.
o Enhancement to ExpiringConcurrentHashMap adding ExpiryConfiguration callback interface that allows external service to provide its own expiry setting.
o VirtualShell now supports option for configuring the native command used when user executes the 'osshell' command.
o Added ChannelFactoryListener interface for modification of channels as they are created in DefaultServerChannelFactory.
o Require each channel declares its channel type through getChannelType method.
Bug Fixes
o SessionChannelNG does not delegate subsystem creation to protected method making it impossible to override behaviour.
o Default ping mechanism now only used when idle time configuration is zero.
o Idle state mechanism incorrectly generates idle events every second after idle threshold is reached.
o Failed to negotiate algorithm reports incorrect list of algorithms in exception text.
o addInterface in SshEngineContext is expected to throw an error when an interface cannot be started when the server itself is already running.
o Guard against NullPointerException in ComponentFactory configureSecurityLevel method.
o Close event from RootShell was not providing RootShell instance as event source.
o Incorrect XOR of flag causes NPE in SftpFileAttributes setTimes methods.
o ConcurrentModificationExceptions seen with local forwarding under load when implementation uses ChannelEventListeners for feedback.
o Fixes to VirtualShell "raw" mode to prevent duplicate reading of the session streams when a command needs direct access to the session.
o Fixed replacements when UnknownHostException captured in virtual shell welcome message.
o Wrapping SshConnection in SshClient can now optionally disable disconnection.
o Allow SshClientCommand runCommand to be executed from another class by making it public.
o Callback client reconnect interval is now fixed to interval provided rather than accumulative delay.
o Ensure channel without a data cache evaluates window space on channel data receive.
o Use ConcurrentHashMap in ExecutorOperationSupprot listener collection.
o A callback server should be identifiable by its identification string e.g. SSH-2.0-CallbackServer
RELEASE 3.0.6
Maverick Synergy 3.0.6 - Dec 29, 2021
IMPORTANT: This release replaces the 3.0.5 release which had build/merge issues causing some of the described issues to be missing from the build.
Features
o Refactor of callback client; separated CallbackContextFactory and added SshConnection parameter to event methods.
o Added before/after methods to Utils.
o Create an SshClient from an existing SshConnection to allow wrapping of "jump" hosts.
o Added CallbackRegistrationService for management of callback clients within a callback server.
o Added setTimes method that allow SFTP v4 creation time attribute to be set, including sub-second times.
o Support signals. See AbstractSessionChannel.signal(String).
o Native session implementation and associated factory for "osshell" command to drop virtual session into a native session.
o VirtualMount option for lastModified and read-only flag which is now used by VirtualMountFile to return values.
Bug Fixes
o Missing server-level collection of GlobalRequestHandlers.
o Changed use of VFS SFTP 3.2.0 from snapshot to final version.
o Made SwitchingCallbackContext constructor public.
o Don't print stack trace of unsupported command, just log the error.
o Allow protected access to child channel factories of ShellCommandFactory.
o Allow protected access to console and ShellCommandFactory of VirtualShellNG session implementation.
o Default callback identifier made consistent with SSH identification practices.
o Authentication future is not processed as part of client disconnect.
o BouncyCastle 1.69 cannot load ED25519 key.
o ClientAuthenticator should allow SshException to propagate.
o NPE when no license is set.
o Client authenticators need to signal failure of the authenticator to their parent future.
o OpenSSL public key file support broken due to incorrect reflection class name.
o If PasswordAuthenticator is passed to SshClient.authenticate it should be translated into keyboard-interactive if the remote server only supports keyboard-interactive regardless of context preference to support password over keyboard-interactive.
o PasswordOverKeyboardInteractiveCallback should defer obtaining password until authentication is being performed.
o Loading a license from file was broken.
o OpenSSL private key file support broken due to incorrect reflection class name.
o Removed broken BouncyCastle OpenSSL public key file support as this was not complete and never implemented correctly.
o VirtualMountFile should not resolve child until absolutely necessary to prevent list of mounts becoming slow due to destination resolution.
o Regular expression file matching exists but not used in matchRemoteFiles.
RELEASE 3.0.5
Maverick Synergy 3.0.5-SNAPSHOT - Dec 1, 2021
Features
o Refactor of callback client; separated CallbackContextFactory and added SshConnection parameter to event methods.
o Added before/after methods to Utils.
o Create a SshClient from an existing SshConnection to allow wrapping of "jump" hosts.
o Added CallbackRegistrationService for management of callback clients within a callback server.
o Added setTimes method that allows SFTP v4 creation time attribute to be set, including sub-second times.
o Support signals. See AbstractSessionChannel.signal(String).
o Native session implementation and associated factory for "osshell" command to drop virtual session into a native session.
o VirtualMount option for lastModified and read-only flag which is now used by VirtualMountFile to return values.
Bug Fixes
o Missing server-level collection of GlobalRequestHandlers.
o Changed use of VFS SFTP 3.2.0 from snapshot to final version.
o Made SwitchingCallbackContext constructor public.
o Don't print the stack trace of unsupported command, just log the error.
o Allow protected access to child channel factories of ShellCommandFactory.
o Allow protected access to console and ShellCommandFactory of VirtualShellNG session implementation.
o Default callback identifier made consistent with SSH identification practices.
o Authentication future is not processed as part of client disconnect.
o BouncyCastle 1.69 cannot load an ED25519 key.
o ClientAuthenticator should allow SshException to propagate.
o Client authenticators need to signal failure of the authenticator to their parent future.
o OpenSSL public key file support broken due to incorrect reflection class name.
o If PasswordAuthenticator is passed to SshClient.authenticate it should be translated into keyboard-interactive if the remote server only supports keyboard-interactive regardless of context preference to support password over keyboard-interactive.
o PasswordOverKeyboardInteractiveCallback should defer obtaining passwords until authentication is being performed.
o OpenSSL private key file support broken due to incorrect reflection class name.
o Removed broken BouncyCastle OpenSSL public key file support as this was not complete and never implemented correctly.
o VirtualMountFile should not resolve child until absolutely necessary to prevent the list of mounts from becoming slow due to destination resolution.
o Regular expression file matching exists but is not used in matchRemoteFiles.