diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2018-09-18 21:16:59 -0700 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2018-09-18 21:16:59 -0700 |
| commit | d4306de9c70be68103a5077861480367880ae7c0 (patch) | |
| tree | 82134cbe1b3eac7a9cea2b327d6d0844b242ec8a /sites/www | |
| parent | 12b23349d585559e199a8c431e4905f5fd7ecd29 (diff) | |
| parent | b5f4c213ba2e3b560cda84efc556812ff989cd1f (diff) | |
Merge branch '2.4'
Diffstat (limited to 'sites/www')
| -rw-r--r-- | sites/www/changelog.rst | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0fbb1e63..c0099c76 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,15 +2,19 @@ Changelog ========= +- :release:`2.4.2 <2018-09-18>` +- :release:`2.3.3 <2018-09-18>` +- :release:`2.2.4 <2018-09-18>` +- :release:`2.1.6 <2018-09-18>` +- :release:`2.0.9 <2018-09-18>` - :bug:`-` Modify protocol message handling such that ``Transport`` does not respond to ``MSG_UNIMPLEMENTED`` with its own ``MSG_UNIMPLEMENTED`` message. This behavior probably didn't cause any outright errors, but it doesn't seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends). -- :bug:`1283 (1.17+)` Fix exploit (CVE pending) in Paramiko's server mode - (**not** client mode) where hostile clients could trick the server into - thinking they were authenticated without actually submitting valid - authentication. +- :bug:`1283` Fix exploit (CVE pending) in Paramiko's server mode (**not** + client mode) where hostile clients could trick the server into thinking they + were authenticated without actually submitting valid authentication. Specifically, steps have been taken to start separating client and server related message types in the message handling tables within ``Transport`` and |