Replies: 17 comments 12 replies
-
I'm 👍 for a release. We mostly need to get the |
Beta Was this translation helpful? Give feedback.
-
Release notes updates here: It's a fresh script + manual work. I did my best, but please let me know Helper script here: PR for further updates: |
Beta Was this translation helpful? Give feedback.
-
If nobody has anything else pending, we're ready for release. |
Beta Was this translation helpful? Give feedback.
-
+1 would be really cool to see a release out with #1058 :) |
Beta Was this translation helpful? Give feedback.
-
@MichaelBuckley is investigating a possible regression, please hold off until we give an all clear. |
Beta Was this translation helpful? Give feedback.
-
OK, fix has been landed. All clear. |
Beta Was this translation helpful? Give feedback.
-
@willco007 & @MichaelBuckley: Thanks! Any chance somebody would be kind to peer-review my #1297 and #1301? |
Beta Was this translation helpful? Give feedback.
-
Hey all! Just wondering on the status of this. Are there any remaining blockers left? Or are we just waiting on a cut to be made? |
Beta Was this translation helpful? Give feedback.
-
Comments and suggestions are appreciated for deprecation |
Beta Was this translation helpful? Give feedback.
-
Hi guys, |
Beta Was this translation helpful? Give feedback.
-
Starting to get comments from users using ChaCha as many servers rollout their Terrapin updates. Lots of other good stuff in here that would be nice to have too. |
Beta Was this translation helpful? Give feedback.
-
I am still confused if the use of libssh2 makes my setup really vulnerable to CVE-2023-48795 afaik libssh2 does not support ChaCha20-Poly1305 and also not any MAC algorithm suffixed [email protected] but... here is part of the FAQ from terrapin-attack.com: So even if there is no release (that enables support of strict key exchange) I am still not vulnerable to this attack as libssh2 does not support this combination. Is that correct? |
Beta Was this translation helpful? Give feedback.
-
Hello! Is it still planned to release a 1.11.1 release? I'm specifically interested in getting the fix for CVE-2023-48795. |
Beta Was this translation helpful? Give feedback.
-
After processing the backlog and merging more improvements and fixes,
/cc @bagder |
Beta Was this translation helpful? Give feedback.
-
I am admiring all the work that @vszakats is doing the last time for LIbSSH2, but really would like to see a release as well. The Terrapin fix was already merged in December. Is anything blocking the 1.11.1 release? |
Beta Was this translation helpful? Give feedback.
-
To make the wait more useful for everyone, we appreciate testing and feedback Also for somebody interested in mbedTLS, we have an unfixed regression with Lines 1295 to 1315 in 3b23e03 I was thinking to make it a compile-time failure outside of CI, to avoid |
Beta Was this translation helpful? Give feedback.
-
We also have this unfixed regression with wolfSSL, since 1.11.0: |
Beta Was this translation helpful? Give feedback.
-
There has been a fair amount of mostly fixes and tidy-ups since 1.11.0.
196 commits at the moment: libssh2-1.11.0...f0e23da
With niceties such as OpenSSL 3
no-deprecated
compatibility, REUSEcompatibility, disablable MD5, AES-GCM-encrypted private keys, CMake
improvements, *BSD CI tests, a few build regression fixes and more. Almost
all of these backed by new CI tests (up to 84 from 61). We also lose the
Makefile.mk
andNMakefile
build methods. And fix CVE-2023-48795.It'd be real nice to include the [email protected] patch
in this release. [next time]
And still pending #1243, which is green now and ready for review. [DONE]
After this release it came up to do an ABI break next. This would allow
to address this long-term issue: #1220 and those listed in TODO. In case
we agree to commit to this.
/cc @libssh2/dev-team
Beta Was this translation helpful? Give feedback.
All reactions