1 2Release Notes: 3============== 4 5build???, 2011-06-?? 6 7- Requires Java 5 or later. 8 9- Provide POM for Maven 3 build. 10 11- Performance gains with request parallelism in requests for read and write write operations in SFTPv3Client. 12 13- Bugfix for infinite timeout on socket connect. 14 15- SFTPInputStream and SFTPOutputStream to read or write from a SFTPv3FileHandle compatible with standard I/O operations in Java. 16 17- SCPClient returning SCPInputStream and SCPOutputStream for get and put operations respectively compatible with stanard I/O operations in Java. 18 19- Option to attach a packet listener to SFTPv3Client for logging purposes. 20 21- Fixed a bug in KnownHosts.getPreferredServerHostkeyAlgorithmOrder (it always returned null, which is a valid return value but wrong). 22 23- Added accessor to query session state and isConnected() in SFTPv3Client returning a boolean 24 25- Adjusted channel window size 26 27- Custom PEMDecryptException to catch PEM decoding failure. 28 29- Option to pass custom user agent string for identification string. 30 31- Continue silently when invalid key is found in known hosts file. 32 33- Add support for file append mode in SFTPv3Client. 34 35- Option to pass charset for commands executed on the remote machine. 36 37build251beta1, 2010-08-23: 38 39- Due to the slightly changed semantics of Thread.interrupt() and Object.wait() in JDK 6, 40 the code had to be adapted in several places. Please do not use Ganymed SSH-2 build250 41 on JDK 6, as the Kex and Streamgobbler code may occasionally consume all CPU resources. 42 43 Background: the JDK 6 javadocs for Object.wait say: "If the current thread is interrupted 44 by any thread before or while it is waiting, then an InterruptedException is thrown." 45 Unfortunately the Java 1.5 documentation does not say "before", only "while it is waiting". 46 47 Thanks to Elias Horness. 48 49build250, 2010-03-15: 50 51- Ganymed SSH-2 for Java is back. 52 The software can be downloaded from http://www.cleondris.ch/ssh2 53 54- Fixed the use of default platform character encodings. 55 56- Fixes for buggy servers. 57 58- Wait for the reply to the ServiceRequest packet before sending the next request. 59 60- Re-assign the interrupted flag after a InterruptedException. 61 62build211beta4, 2006-12-05: (never officially released) 63 64- Added Connection.sendIgnorePacket(...) methods which allow to send SSH_MSG_IGNORE packets. 65 Thanks to Andrei Tchijov. 66 67- Added support for the "none" authentication method. 68 69- Revised the SHA-1 code. Highly optimized. Speed should be more than doubled. 70 71- Changed references to the correct RFCs (instead of the drafts) in the javadocs (where possible). 72 73- Fixed the write() method in the SFTP code. Unsatisfiable preconditions stopped the method 74 from writing any bytes. As stated in the documentation, the SFTP code is still experimental. 75 Thanks to Andreas Pueschel. 76 77- Added a new createLocalPortForwarder(InetSocketAddress addr, ...) method which allows to 78 specify the local address and port to bind to. Thanks to Andrei Tchijov. 79 80- Slightly updated the FAQ. 81 82build210, 2006-10-06: 83 84- Added HTTP proxy support. See Connection.setProxyData() and the HTTPProxyData class. 85 Thanks to Jean-Pierre Schmit for providing example code. 86 87- Added basic support for SFTP (v3). 88 89- Beta users: removed support for automatic split of huge read transfers in SFTP, 90 as it was not possible to return EOF in a clean way. The write method still splits huge 91 transfers (in blocks of 32768 bytes). Thanks to Zhong Li. 92 93- SCP enhancement. It is now possible to specify an empty target directory name when sending 94 files. This is analogous to using "scp file user@host:" (thanks to Bernd Eggink). 95 96- SCP enhancement. It is now possible to receive a remote file and pipe it directly into 97 an OutputStream. Thanks to Bernd Eggink. 98 99- SCP enhancement. It is now possible to specify a different remote filename when sending 100 a file. Thanks to Thomas Tatzel. 101 102- Added more verbose error messages in case a channel open operation fails (e.g., resource 103 shortage on the server). Related to this, added a comment to the FAQ regarding the limitation 104 on the number of concurrent sessions per connection in OpenSSH. Thanks to Ron Warshawsky. 105 106- Added a feature (ConnectionMonitor) to get notified when a connection breaks. 107 Thanks to Daniel Ritz (Alcatel). 108 109- It is now possible to override the used SecureRandom instance (Connection.setSecureRandom()). 110 111- Added getters for the server's hostname and port to the Connection class. 112 113- Added examples for HTTP proxy usage as well as local/remote port forwarding. 114 115- Added support for SSH_MSG_KEX_DH_GEX_REQUEST_OLD in the DHGexParameters class (there 116 is a new, additional constructor). Please check the Javadoc for DHGexParameters. 117 118- Clarified in the javadoc the issue of re-using Connection objects. Changed the exception 119 message in case connect() is invoked on an already connected connection. 120 121- Added an entry to the FAQ regarding pumping data into remote files. 122 Thanks to Daniel Schwager. 123 124- Changed JDialog.show() to JDialog.setVisible(true) in the SwingShell example. 125 The show() method is deprecated in Java 5.0. Thanks to Carlo Dapor. 126 127- Fixed the behavior of the local port forwarder code. Trying to listen on an already bound port 128 will not fail silently anymore. Also, the accept thread will continue accepting connections 129 even if there was a problem with the establishment of the underlying ssh-forwarding of a 130 previous incoming connection (e.g., one tried to establish a forwarding to a remote port that 131 is not in state open (yet)). Thanks to Claudio Nieder (Inodes, Switzerland) and 132 Daniel Ritz (Alcatel) for pointing this out. 133 Note: the interface for managing port forwardings needs to be further improved. 134 135- Tried to implement a workaround for the Sun JVM bug 5092063. Changed InetAddress.getByAddress(byte[]) 136 in the "TransportManager.parseIPv4Address" method (which already is a workaround for JDK's that 137 use the resolver for dotted IP addresses, independently from the 5092063 bug) to 138 InetAddress.getByAddress(String, byte[]). Thanks to Alain Philipin. 139 140- Fixed a bug in KnownHosts.addHostkeyToFile. Hostnames were converted to lowercase which is 141 not good in case of hashed hostnames (it leads to a different BASE64 encoding and therefore 142 hashes won't match). Thanks to [unknown]. 143 144- Fixed a typo in the SCP client (tag for modification times is 'T' and not 'P'). 145 Thanks to Andreas Sahlbach. 146 147- Stupid performance enhancement in the Logger, it did unnecessary calls to System.currentTimeMillis(). 148 149- The LICENCE.txt file is now also included in the pre-compiled jar. Of course, redistributions in 150 binary form must *still* include the contents of LICENCE.txt in the documentation and/or other 151 materials provided with the distribution. 152 153- Small cleanups in the TransportManager code. 154 155build209, 2006-02-14: 156 157- A major release, many new features. Thanks to all who supported me with feedback! 158 159- Added remote port forwarding support. 160 Please consult the docs for Connection.requestRemotePortForwarding(). 161 162- Added X11 forwarding support. Please consult Session.requestX11Forwarding(). 163 X11 support is based on joint work with Simon Hartl (simon.hartl (at) gmx.net). Thanks, Simon! 164 165- The SCPClient constructor is now public. The factory method is still there (in the Connection 166 class), however, it will probably be marked as deprecated and eventually be removed in the future. 167 168- Added startSubSystem() method to the Session class. Now it is possible to implement subsystems, 169 e.g., sftp, outside of the library. 170 171- For advanced users: there is now a much better condition wait interface in the Session class. 172 It is now also possible to wait for the arrival of "exit-status" and "exit-signal". 173 The Session.waitUntilDataAvailable() method still works, but is marked as deprecated. 174 175 Users that used the beta version, please be aware of the following change: calling the close() 176 method on a Session object will immediatelly raise the ChannelCondition.CLOSED/EOF conditions 177 on the underlying channel - even though the remote side may not have yet responded with a 178 SSH_MSG_CHANNEL_CLOSE message (however, in the background the library still expects the server 179 to send the SSH_MSG_CHANNEL_CLOSE message). See below for an explanation. 180 181- The behavior of Session.close() has changed. If you *kill* a Session (i.e., call Session.close() 182 before EOF (or CLOSE) has been sent by the remote side), then immediatelly EOF will (locally) 183 be raised for both stdout and stderr. Further incoming data (for that particular Session) will 184 be ignored. However, remote data that arrived before we sent our SSH_MSG_CHANNEL_CLOSE message 185 is still available (you can think of having appended the EOF marker to the end of the local 186 incoming stdout and stderr queues). 187 188 The reason to do this is simply because some SSH servers do sometimes not reply to our 189 SSH_MSG_CHANNEL_CLOSE message (event though they should). As a consequence, a local reader may 190 wait forever for the remote SSH_MSG_CHANNEL_EOF or SSH_MSG_CHANNEL_CLOSE messages to arrive. 191 If you are interested, then you can try to reproduce the problem: Execute something like 192 "tail -f /dev/null" (which should do nothing forever) and then concurrently close the Session 193 (enable debug mode to see the SSH packets on the wire) to check how standard compliant your server 194 implementation is). Thanks to Cristiano Sadun. 195 196- The Session code does not anymore make use of the synchronized attribute for any of its methods. 197 This has the advantage that a call to Session.close() will never by blocked by concurrent 198 calls to the Session object. However, note that in the worst case the call may still block until 199 we can send our SSH_MSG_CHANNEL_CLOSE over the TCP connection. 200 201- The SCP client can now also be used to directly inject the contents of a given byte array 202 into a remote file (thanks to Dieter Baier for suggesting this). 203 204- Added support for specifying timeouts for connection establishment. 205 Thanks to Rob Hasselbaum and Ben XYZ. 206 207- Performance improvement: we use only a single SecureRandom object per connection 208 (until now there were multiple instances). 209 210- Fixed the Swingshell example program, it did not read in the known_hosts file on startup. 211 (thanks to Ashwani Kumar). 212 213- There was a typo in the CBCMode class (srcoff was ignored), however since we always pass 214 a zero offset the bug did not show up (thanks to Alex Pakhomov). 215 216- While implementing X11 support, found a strange X11 bug in OpenSSH (reported, openssh bug 1076). 217 12.10.2005: has been fixed for OpenSSH 4.3 by the OpenSSH crowd. 218 219- Changed the SingleThreadStdoutStderr example so that it uses the new condition wait interface. 220 221- Efficiently handle IPv4 addresses (when creating the underlying socket), there was a report 222 that some JDK's try to lookup dotted addresses with the resolver. 223 (thanks to Alexander Kitaev). 224 225- Added setTCPNoDelay() method to the Connection class. 226 227- Improved handling of unsupported global/channel requests received from the server. 228 229- The KEX code is now more robust. Also, the ServerHostKeyVerifier callback (if specified) will be called 230 before doing any DH calculation. 231 232- Major cleanup (i.e., rewrite) of the SSH channel code. 233 234- Cleanup up Session class, removed unnecessary IOExceptions. 235 236- Implemented 2^32-1 conformance for channel windows. 237 238- I got several times questions by e-mail from people that have problems with "putty" keys. 239 Added an entry to the FAQ. 240 241- Added an entry to the FAQ regarding how to handle servers with disabled password authentication 242 (thanks to Nicolas Raoul). 243 244- Upcoming: SFTP support (in the meantime almost a running gag). 245 246- Changed the name from "Ganymed SSH2" to "Ganymed SSH-2". Will this improve the G**gle ranking? =) 247 248- Latest javadoc is now also online. 249 250 251build208, 2005-08-24: 252 253- Added support for RSA private keys (PEM format), also revised code for RSA signature verification. 254 255- Extended support for encrypted PEM files. 256 Supported encryptions: DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC and AES-256-CBC. 257 258- Added rather complete support for known_hosts files (in KnownHosts.java). 259 The parser is able to understand the same pseudo-regex (*,?,!) syntax as OpenSSH clients. 260 The class includes support for hostkey comparison as well as functionality to add accepted keys 261 to a known_hosts file. One can also create OpenSSH compatible fingerprints (Hex and Bubblebabble). 262 Hashed hostname entries are understood and can also be generated. 263 264- Restructured the examples section, added more examples. The examples should cover most issues. 265 There is also a _very_ basic terminal emulator, see SwingShell.java. 266 267- It is now possible to override the default server hostkey algorithm order (for the key exchange) 268 with the Connection.setServerHostKeyAlgorithms method. This makes sense in combination with 269 known_hosts support (e.g., if you already know the server's public ssh-dss key, then 270 you probably prefer the "ssh-dss" over the "ssh-rsa" algorithm). 271 The used server hostkey algorithm is now also reflected in ConnectionInfo. 272 273- The default server hostkey algorithm order is now "ssh-rsa", "ssh-dss". 274 275- Important: revised Input- and OutputStream code, everything is now unbuffered 276 (less memory consumption, more direct interface, see also StreamGobbler class and the FAQ). 277 278- Added StreamGobbler helper class. 279 280- Method verifyServerHostKey() in the ServerHostKeyVerifier may now throw exceptions 281 (an alternative to returning "false"). 282 283- All background threads (the per-connection receive thread as well as all threads 284 used in forwarders and StreamGobblers) now use setDaemon(true) on startup. 285 286- Added "diffie-hellman-group14-sha1" support to the key exchange code. 287 288- Added chained IOExceptions where applicable (IOException initialization with initCause()). 289 290- Cleaned up packet building code, removed unnecessary server-side methods. 291 292- Cleaned up javadoc of SCPClient: replaced umask with mode. 293 294- Fixed a bug in the server identification string parser. This actually prevented a successful 295 key exchange with some ssh servers (the server's signature was rejected). 296 Thanks to Alex Molochnikov for the initial bug report and for helping in tracking down the issue. 297 298- Fixed a buffer re-allocation bug in the beta version of the StreamGobbler class 299 (thanks to Marc Lijour). 300 301- Fixed flawed UINT64 support (thanks to Bob Simons). 302 303- Fixed a bug in the build script of the beta builds (sftp beta directory was not completely removed) 304 (thanks to Richard Hash). 305 306- Use zero based padding for unencrypted traffic. 307 308- Changed again the client identification string (the one presented to the server). 309 310- Created a FAQ, available on the website and in the distribution. 311 312- Revised javadoc comments. Also, the generated documentation is now located in the subdirectory 313 "javadoc" instead of "doc" (in the distribution). 314 315- Added README.txt to the distribution. 316 317 318build207, 2005-07-21: 319 320- Added "Keyboard Interactive" authentication method: 321 authenticateWithKeyboardInteractive() in Connection.java, 322 also have a look at InteractiveCallback.java. 323 324- Extended authentication interface in Connection.java (backwards compatible). 325 New functionality: getRemainingAuthMethods(), isAuthMethodAvailable(), 326 isAuthenticationComplete() and isAuthenticationPartialSuccess(). 327 328- Using an authentication method not supported by the server leads now to an exception 329 (instead of returning "false"). Use isAuthMethodAvailable() if you want to check 330 for the availability of an authentication method. 331 332- Fixed a bug in SCPClient which sometimes lead to failed downloads. 333 334- Improved channel window handling. 335 336- Removed bogus (CVS) version string from Connection.java 337 338- Changed client identification string to "Ganymed_buildXXX". 339 340- Changed the jar file naming scheme (ganymed-ssh2-buildXXX.jar). 341 342- Started adding logging support for debugging purposes (currently only for development). 343 344- Cleanup of javadoc and comments at several places. 345 346- Reversed order of entries in HISTORY.TXT 347 348 349build206, 2005-07-04: 350 351- Fixed small resource issue with SCP (thanks to Michaël Giraud). 352 353- Added LocalStreamForwarder. 354 355- Added HISTORY.TXT 356 357 358build205, 2005-06-27: 359 360- Initial release. 361 362