summaryrefslogtreecommitdiffhomepage
path: root/sites
diff options
context:
space:
mode:
authorJeff Forcier <jeff@bitprophet.org>2018-09-18 21:16:18 -0700
committerJeff Forcier <jeff@bitprophet.org>2018-09-18 21:16:18 -0700
commit33b706d0188d20468d17a2200e8be82cff298ecc (patch)
tree999a2a8f0630bf4200e48c93aa57c364162eed59 /sites
parent2631e2f340658280930a5de18dc4f15011496c06 (diff)
parentf61a8e8eff1b192d694d884a76f32bcecbe0abf1 (diff)
Merge branch '2.3' into 2.4
Diffstat (limited to 'sites')
-rw-r--r--sites/www/changelog.rst11
1 files changed, 7 insertions, 4 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index be488de6..1bbd4b4a 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,15 +2,18 @@
Changelog
=========
+- :release:`2.3.3 <2018-09-18>`
+- :release:`2.2.4 <2018-09-18>`
+- :release:`2.1.6 <2018-09-18>`
+- :release:`2.0.9 <2018-09-18>`
- :bug:`-` Modify protocol message handling such that ``Transport`` does not
respond to ``MSG_UNIMPLEMENTED`` with its own ``MSG_UNIMPLEMENTED`` message.
This behavior probably didn't cause any outright errors, but it doesn't seem
to conform to the RFCs and could cause (non-infinite) feedback loops in some
scenarios (usually those involving Paramiko on both ends).
-- :bug:`1283 (1.17+)` Fix exploit (CVE pending) in Paramiko's server mode
- (**not** client mode) where hostile clients could trick the server into
- thinking they were authenticated without actually submitting valid
- authentication.
+- :bug:`1283` Fix exploit (CVE pending) in Paramiko's server mode (**not**
+ client mode) where hostile clients could trick the server into thinking they
+ were authenticated without actually submitting valid authentication.
Specifically, steps have been taken to start separating client and server
related message types in the message handling tables within ``Transport`` and