diff options
| -rw-r--r-- | paramiko/_version.py | 2 | ||||
| -rw-r--r-- | sites/www/changelog.rst | 12 |
2 files changed, 9 insertions, 5 deletions
diff --git a/paramiko/_version.py b/paramiko/_version.py index 95e86b6a..2e797d40 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (2, 4, 1) +__version_info__ = (2, 4, 2) __version__ = ".".join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0fbb1e63..c0099c76 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,15 +2,19 @@ Changelog ========= +- :release:`2.4.2 <2018-09-18>` +- :release:`2.3.3 <2018-09-18>` +- :release:`2.2.4 <2018-09-18>` +- :release:`2.1.6 <2018-09-18>` +- :release:`2.0.9 <2018-09-18>` - :bug:`-` Modify protocol message handling such that ``Transport`` does not respond to ``MSG_UNIMPLEMENTED`` with its own ``MSG_UNIMPLEMENTED`` message. This behavior probably didn't cause any outright errors, but it doesn't seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends). -- :bug:`1283 (1.17+)` Fix exploit (CVE pending) in Paramiko's server mode - (**not** client mode) where hostile clients could trick the server into - thinking they were authenticated without actually submitting valid - authentication. +- :bug:`1283` Fix exploit (CVE pending) in Paramiko's server mode (**not** + client mode) where hostile clients could trick the server into thinking they + were authenticated without actually submitting valid authentication. Specifically, steps have been taken to start separating client and server related message types in the message handling tables within ``Transport`` and |