summaryrefslogtreecommitdiffhomepage
path: root/sites/www/changelog.rst
diff options
context:
space:
mode:
Diffstat (limited to 'sites/www/changelog.rst')
-rw-r--r--sites/www/changelog.rst66
1 files changed, 63 insertions, 3 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 5a13957d..351c2994 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -37,6 +37,7 @@ Changelog
``black`` code formatter (both of which previously only existed in the 2.4
branch and above) to everything 2.0 and newer. This makes back/forward
porting bugfixes significantly easier.
+- :release:`2.2.3 <2018-03-12>`
- :release:`2.1.5 <2018-03-12>`
- :release:`2.0.8 <2018-03-12>`
- :release:`1.18.5 <2018-03-12>`
@@ -46,13 +47,22 @@ Changelog
where authentication status was not checked before processing channel-open
and other requests typically only sent after authenticating. Big thanks to
Matthijs Kooijman for the report.
+- :bug:`1039` Ed25519 auth key decryption raised an unexpected exception when
+ given a unicode password string (typical in python 3). Report by Theodor van
+ Nahl and fix by Pierce Lopez.
- :bug:`1108 (1.17+)` Rename a private method keyword argument (which was named
``async``) so that we're compatible with the upcoming Python 3.7 release
(where ``async`` is a new keyword.) Thanks to ``@vEpiphyte`` for the report.
- :support:`- backported` Include LICENSE file in wheel archives.
+- :release:`2.2.2 <2017-09-18>`
- :release:`2.1.4 <2017-09-18>`
- :release:`2.0.7 <2017-09-18>`
- :release:`1.18.4 <2017-09-18>`
+- :bug:`1065` Add rekeying support to GSSAPI connections, which was erroneously
+ missing. Without this fix, any attempt to renegotiate the transport keys for
+ a ``gss-kex``-authed `~paramiko.transport.Transport` would cause a MIC
+ failure and terminate the connection. Thanks to Sebastian Deiß and Anselm
+ Kruis for the patch.
- :bug:`1061` Clean up GSSAPI authentication procedures so they do not prevent
normal fallback to other authentication methods on failure. (In other words,
presence of GSSAPI functionality on a target server precluded use of _any_
@@ -70,6 +80,18 @@ Changelog
consider a different type to be a "Missing" host key. This fixes a common
case where an ECDSA key is in known_hosts and the server also has an RSA host
key. Thanks to Pierce Lopez.
+- :support:`1012` (via :issue:`1016`) Enhance documentation around the new
+ `SFTP.posix_rename <paramiko.sftp_client.SFTPClient.posix_rename>` method so
+ it's referenced in the 'standard' ``rename`` method for increased visibility.
+ Thanks to Marius Flage for the report.
+- :release:`2.2.1 <2017-06-13>`
+- :bug:`993` Ed25519 host keys were not comparable/hashable, causing an
+ exception if such a key existed in a ``known_hosts`` file. Thanks to Oleh
+ Prypin for the report and Pierce Lopez for the fix.
+- :bug:`990` The (added in 2.2.0) ``bcrypt`` dependency should have been on
+ version 3.1.3 or greater (was initially set to 3.0.0 or greater.) Thanks to
+ Paul Howarth for the report.
+- :release:`2.2.0 <2017-06-09>`
- :release:`2.1.3 <2017-06-09>`
- :release:`2.0.6 <2017-06-09>`
- :release:`1.18.3 <2017-06-09>`
@@ -98,9 +120,30 @@ Changelog
Thanks to ``@virlos`` for the original report, Chris Harris and ``@ibuler``
for initial draft PRs, and ``@jhgorrell`` for the final patch.
-- :support:`956 (1.17+)` Switch code coverage service from coveralls.io to
- codecov.io (& then disable the latter's auto-comments.) Thanks to Nikolai
- Røed Kristiansen for the patch.
+- :feature:`65` (via :issue:`471`) Add support for OpenSSH's SFTP
+ ``posix-rename`` protocol extension (section 3.3 of `OpenSSH's protocol
+ extension document
+ <http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL?rev=1.31>`_),
+ via a new ``posix_rename`` method in `SFTPClient
+ <paramiko.sftp_client.SFTPClient.posix_rename>` and `SFTPServerInterface
+ <paramiko.sftp_si.SFTPServerInterface.posix_rename>`. Thanks to Wren Turkal
+ for the initial patch & Mika Pflüger for the enhanced, merged PR.
+- :feature:`869` Add an ``auth_timeout`` kwarg to `SSHClient.connect
+ <paramiko.client.SSHClient.connect>` (default: 30s) to avoid hangs when the
+ remote end becomes unresponsive during the authentication step. Credit to
+ ``@timsavage``.
+
+ .. note::
+ This technically changes behavior, insofar as very slow auth steps >30s
+ will now cause timeout exceptions instead of completing. We doubt most
+ users will notice; those affected can simply give a higher value to
+ ``auth_timeout``.
+
+- :support:`921` Tighten up the ``__hash__`` implementation for various key
+ classes; less code is good code. Thanks to Francisco Couzo for the patch.
+- :support:`956 backported (1.17+)` Switch code coverage service from
+ coveralls.io to codecov.io (& then disable the latter's auto-comments.)
+ Thanks to Nikolai Røed Kristiansen for the patch.
- :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of
preferred MAC algorithms, as an incremental security improvement for users
whose target systems offer both. Credit: Pierce Lopez.
@@ -108,6 +151,15 @@ Changelog
2.0; but since the algorithm is now known to be completely insecure, we are
opting to remove support outright instead of fixing it. Thanks to Alex Gaynor
for catch & patch.
+- :feature:`857` Allow `SSHClient.set_missing_host_key_policy
+ <paramiko.client.SSHClient.set_missing_host_key_policy>` to accept policy
+ classes _or_ instances, instead of only instances, thus fixing a
+ long-standing gotcha for unaware users.
+- :feature:`951` Add support for ECDH key exchange (kex), specifically the
+ algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and
+ ``ecdh-sha2-nistp521``. They now come before the older ``diffie-hellman-*``
+ family of kex algorithms in the preferred-kex list. Thanks to Shashank
+ Veerapaneni for the patch & Pierce Lopez for a follow-up.
- :support:`- backported` A big formatting pass to clean up an enormous number
of invalid Sphinx reference links, discovered by switching to a modern,
rigorous nitpicking doc-building mode.
@@ -121,6 +173,14 @@ Changelog
to hosts which only offer these key types and no others. This is now fixed.
Thanks to ``@ncoult`` and ``@kasdoe`` for reports and Pierce Lopez for the
patch.
+- :feature:`325` (via :issue:`972`) Add Ed25519 support, for both host keys
+ and user authentication. Big thanks to Alex Gaynor for the patch.
+
+ .. note::
+ This change adds the ``bcrypt`` and ``pynacl`` Python libraries as
+ dependencies. No C-level dependencies beyond those previously required (for
+ Cryptography) have been added.
+
- :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant
(i.e. passes the maintainer's preferred `flake8 <http://flake8.pycqa.org/>`_
configuration) and add a ``flake8`` step to the Travis config. Big thanks to