Differences
This shows you the differences between the selected revisions of the page.
| 2020-06-26 | 2020-07-02 | ||
| bug 1883 (martin) | pbug vuln-agent-keylist-used-after-free (martin) | ||
| Line 3: | Line 3: | ||
| This is a full list of changes for each release of WinSCP. See also [[project_history|Project history]] and [[incompatible_changes|Incompatible changes between versions]]. | This is a full list of changes for each release of WinSCP. See also [[project_history|Project history]] and [[incompatible_changes|Incompatible changes between versions]]. | ||
| - | ===== [[5.18]] 5.18 (not released yet) ((2020-06-16)) ===== | + | ===== [[5.18]] 5.18 (not released yet) ((2020-07-02)) ===== |
| * A complete list of files that are part of a background transfer can be shown. [[bug>1785]] | * A complete list of files that are part of a background transfer can be shown. [[bug>1785]] | ||
| Line 11: | Line 11: | ||
| * When connecting to new SSH host, its host key can be automatically accepted in scripting and .NET assembly. | * When connecting to new SSH host, its host key can be automatically accepted in scripting and .NET assembly. | ||
| * Enabled TLS 1.3 by default. | * Enabled TLS 1.3 by default. | ||
| + | * SSH core upgraded to [[&url(puttychanges)|PuTTY 0.74]]. It brings the following change: | ||
| + | * Security fix: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]] | ||
| * Resume transfer when FTP data connection disconnects. [[bug>1878]] | * Resume transfer when FTP data connection disconnects. [[bug>1878]] | ||
| * Support for ''curve25519-sha256'' KEX. [[bug>1865]] | * Support for ''curve25519-sha256'' KEX. [[bug>1865]] | ||
| Line 25: | Line 27: | ||
| * Cleanup application data dialog labels cache cleanup checkbox label updated to reflect previously updated functionality. | * Cleanup application data dialog labels cache cleanup checkbox label updated to reflect previously updated functionality. | ||
| - | ===== [[5.17.7]] 5.17.7 (not released yet) ((2020-06-26)) ===== | + | ===== [[5.17.7]] 5.17.7 (not released yet) ((2020-07-02)) ===== |
| * WebDAV core upgraded to neon 0.31.2. | * WebDAV core upgraded to neon 0.31.2. | ||
| + | * Security fix from [[&url(puttychanges)|PuTTY 0.74]]: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]] | ||
| * Removed workaround for lack of support for ''max-keys'' parameter in Backblaze S3 API, as it is supported now. [[bug>1871]] | * Removed workaround for lack of support for ''max-keys'' parameter in Backblaze S3 API, as it is supported now. [[bug>1871]] | ||
| * Bug fix: Failure while changing path using path label while another command was executing already. [[bug>1877]] | * Bug fix: Failure while changing path using path label while another command was executing already. [[bug>1877]] | ||