Expand MessageOrderError use to handle more packet types

author: Jeff Forcier <jeff@bitprophet.org> 2023-12-17 18:47:33 -0500
committer: Jeff Forcier <jeff@bitprophet.org> 2023-12-17 18:47:33 -0500
commit: 33508c920309860c4a775be70f209c2a400e18ec (patch)
tree: 21c2796a9f132850200f8a6f4deb7e7ba4337689 /sites/www/changelog.rst
parent: 96db1e2be856eac66631761bae41167a1ebd2b4e (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 8f745b42..682e3beb 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -24,9 +24,9 @@ Changelog
       unless you override this by specifying ``strict_kex=False`` in
       `Transport.__init__`.
     - Paramiko will now raise an `SSHException` subclass (`MessageOrderError`)
-      when protocol messages are received in unexpected order. (This is not
-      *really* a change in behavior, as most such cases already raised vanilla
-      `SSHException` anyways.)
+      when protocol messages are received in unexpected order. This includes
+      situations like receiving ``MSG_DEBUG`` or ``MSG_IGNORE`` during initial
+      key exchange, which are no longer allowed during strict mode.
     - Key (re)negotiation -- i.e. ``MSG_NEWKEYS``, whenever it is encountered
       -- now resets packet sequence numbers. (This should be invisible to users
       during normal operation, only causing exceptions if the exploit is
author	Jeff Forcier <jeff@bitprophet.org>	2023-12-17 18:47:33 -0500
committer	Jeff Forcier <jeff@bitprophet.org>	2023-12-17 18:47:33 -0500
commit	33508c920309860c4a775be70f209c2a400e18ec (patch)
tree	21c2796a9f132850200f8a6f4deb7e7ba4337689 /sites/www/changelog.rst
parent	96db1e2be856eac66631761bae41167a1ebd2b4e (diff)