summaryrefslogtreecommitdiffhomepage
path: root/sites/www/changelog.rst
diff options
context:
space:
mode:
Diffstat (limited to 'sites/www/changelog.rst')
-rw-r--r--sites/www/changelog.rst44
1 files changed, 41 insertions, 3 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 46d26657..1b2aa031 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -26,9 +26,30 @@ Changelog
Thanks to ``@virlos`` for the original report, Chris Harris and ``@ibuler``
for initial draft PRs, and ``@jhgorrell`` for the final patch.
-* :support:`956 (1.17+)` Switch code coverage service from coveralls.io to
- codecov.io (& then disable the latter's auto-comments.) Thanks to Nikolai
- Røed Kristiansen for the patch.
+* :feature:`65` (via :issue:`471`) Add support for OpenSSH's SFTP
+ ``posix-rename`` protocol extension (section 3.3 of `OpenSSH's protocol
+ extension document
+ <http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL?rev=1.31>`_),
+ via a new ``posix_rename`` method in `SFTPClient
+ <paramiko.sftp_client.SFTPClient.posix_rename>` and `SFTPServerInterface
+ <paramiko.sftp_si.SFTPServerInterface.posix_rename>`. Thanks to Wren Turkal
+ for the initial patch & Mika Pflüger for the enhanced, merged PR.
+* :feature:`869` Add an ``auth_timeout`` kwarg to `SSHClient.connect
+ <paramiko.client.SSHClient.connect>` (default: 30s) to avoid hangs when the
+ remote end becomes unresponsive during the authentication step. Credit to
+ ``@timsavage``.
+
+ .. note::
+ This technically changes behavior, insofar as very slow auth steps >30s
+ will now cause timeout exceptions instead of completing. We doubt most
+ users will notice; those affected can simply give a higher value to
+ ``auth_timeout``.
+
+* :support:`921` Tighten up the ``__hash__`` implementation for various key
+ classes; less code is good code. Thanks to Francisco Couzo for the patch.
+* :support:`956 backported (1.17+)` Switch code coverage service from
+ coveralls.io to codecov.io (& then disable the latter's auto-comments.)
+ Thanks to Nikolai Røed Kristiansen for the patch.
* :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of
preferred MAC algorithms, as an incremental security improvement for users
whose target systems offer both. Credit: Pierce Lopez.
@@ -36,6 +57,15 @@ Changelog
2.0; but since the algorithm is now known to be completely insecure, we are
opting to remove support outright instead of fixing it. Thanks to Alex Gaynor
for catch & patch.
+* :feature:`857` Allow `SSHClient.set_missing_host_key_policy
+ <paramiko.client.SSHClient.set_missing_host_key_policy>` to accept policy
+ classes _or_ instances, instead of only instances, thus fixing a
+ long-standing gotcha for unaware users.
+* :feature:`951` Add support for ECDH key exchange (kex), specifically the
+ algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and
+ ``ecdh-sha2-nistp521``. They now come before the older ``diffie-hellman-*``
+ family of kex algorithms in the preferred-kex list. Thanks to Shashank
+ Veerapaneni for the patch & Pierce Lopez for a follow-up.
* :support:`- backported` A big formatting pass to clean up an enormous number
of invalid Sphinx reference links, discovered by switching to a modern,
rigorous nitpicking doc-building mode.
@@ -49,6 +79,14 @@ Changelog
to hosts which only offer these key types and no others. This is now fixed.
Thanks to ``@ncoult`` and ``@kasdoe`` for reports and Pierce Lopez for the
patch.
+* :feature:`325` (via :issue:`972`) Add Ed25519 support, for both host keys
+ and user authentication. Big thanks to Alex Gaynor for the patch.
+
+ .. note::
+ This change adds the ``bcrypt`` and ``pynacl`` Python libraries as
+ dependencies. No C-level dependencies beyond those previously required (for
+ Cryptography) have been added.
+
* :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant
(i.e. passes the maintainer's preferred `flake8 <http://flake8.pycqa.org/>`_
configuration) and add a ``flake8`` step to the Travis config. Big thanks to