Differences
This shows you the differences between the selected revisions of the page.
| 2020-10-02 | 2020-10-02 | ||
| bug 1908 (martin) | link to release notes for specific putty versions (martin) (hidden) | ||
| Line 13: | Line 13: | ||
| * Optional case-sensitive synchronization. [[bug>71]] | * Optional case-sensitive synchronization. [[bug>71]] | ||
| * Enabled TLS 1.3 by default. | * Enabled TLS 1.3 by default. | ||
| - | * SSH core upgraded to [[&url(puttychanges)|PuTTY 0.74]]. It brings the following change: | + | * SSH core upgraded to [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.74.html|PuTTY 0.74]]. It brings the following change: |
| * Security fix: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]] | * Security fix: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]] | ||
| * Resume transfer when FTP data connection disconnects. [[bug>1878]] | * Resume transfer when FTP data connection disconnects. [[bug>1878]] | ||
| Line 70: | Line 70: | ||
| * WebDAV core upgraded to neon 0.31.2. | * WebDAV core upgraded to neon 0.31.2. | ||
| - | * Security fix from [[&url(puttychanges)|PuTTY 0.74]]: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]] | + | * Security fix from [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.74.html|PuTTY 0.74]]: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]] |
| * Displaying progress of synchronization in //Keep local directory up to date// extension. [[bug>1887]] | * Displaying progress of synchronization in //Keep local directory up to date// extension. [[bug>1887]] | ||
| * Displaying session name and operation status in console title of //Keep local directory up to date// extension. [[bug>1888]] | * Displaying session name and operation status in console title of //Keep local directory up to date// extension. [[bug>1888]] | ||
| Line 220: | Line 220: | ||
| * Sorting find results. [[bug>902]] | * Sorting find results. [[bug>902]] | ||
| - | * SSH core upgraded to [[&url(puttychanges)|PuTTY 0.73]]. It brings the following changes: | + | * SSH core upgraded to [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.73.html|PuTTY 0.73]]. It brings the following changes: |
| * Security fix: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]] | * Security fix: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]] | ||
| * Bug fix (possibly security-related): An SSH-1 server sending a disconnection message could cause an access to freed memory. [[pbug>ssh1-disconnect-use-after-free]] | * Bug fix (possibly security-related): An SSH-1 server sending a disconnection message could cause an access to freed memory. [[pbug>ssh1-disconnect-use-after-free]] | ||
| Line 251: | Line 251: | ||
| * Option //"Keep main window open when the last session is closed"// is enabled by default. | * Option //"Keep main window open when the last session is closed"// is enabled by default. | ||
| * User is offered to save a workspace, even when only one session is opened. | * User is offered to save a workspace, even when only one session is opened. | ||
| - | * SSH core upgraded to [[&url(puttychanges)|PuTTY 0.72]]. It brings the following changes: | + | * SSH core upgraded to [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.72.html|PuTTY 0.72]]. It brings the following changes: |
| * Major rewrite of the crypto code to remove cache and timing side channels. | * Major rewrite of the crypto code to remove cache and timing side channels. | ||
| * Hardware-accelerated AES. [[bug>1769]] [[pbug>cpu-crypto-accel]] | * Hardware-accelerated AES. [[bug>1769]] [[pbug>cpu-crypto-accel]] | ||
| Line 350: | Line 350: | ||
| * Back-propagated fixes and changes from 5.16--5.16.1 releases: | * Back-propagated fixes and changes from 5.16--5.16.1 releases: | ||
| - | * Security fix from [[&url(puttychanges)|PuTTY 0.73]]: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]] | + | * Security fix from [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.73.html|PuTTY 0.73]]: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]] |
| * XML parser upgraded to Expat 2.2.9. | * XML parser upgraded to Expat 2.2.9. | ||
| * Bug fix: Error when reopening a remote file whose local temporary copy has been deleted. [[bug>1790]] | * Bug fix: Error when reopening a remote file whose local temporary copy has been deleted. [[bug>1790]] | ||