wolfSSH v1.4.13 (Apr 3, 2023)
ejohnstown
released this
04 Apr 23:06
·
584 commits
to master
since this release
New Feature Additions and Improvements
- Improvement to forking the wolfSSHd daemon.
- Added an STM32Cube Expansion pack. See the file ide/STM32CUBE/README.md for more information. (https://www.wolfssl.com/files/ide/I-CUBE-wolfSSH.pack)
- Improved test coverage for wolfSSHd.
- X.509 style private key support.
Fixes
- Fixed shadow password checking in wolfSSHd.
- Building cleanups: warnings, types, 32-bit.
- SFTP fixes for large files.
- Testing and fixes with SFTP and LwIP.
Vulnerabilities
- wolfSSHd would allow users without passwords to log in with any password. This is fixed as of this version. The return value of crypt() was not correctly checked. This issue was introduced in v1.4.11 and only affects wolfSSHd when using the default authentication callback provided with wolfSSHd. Anyone using wolfSSHd should upgrade to v1.4.13.