Differences

This shows you the differences between the selected revisions of the page.

2020-10-02 2020-10-02
link to release notes for specific putty versions (martin) (hidden) old revision restored - the putty release pages do not have any useful information (martin) (hidden)
Line 13: Line 13:
  * Optional case-sensitive synchronization. [[bug>71]]   * Optional case-sensitive synchronization. [[bug>71]]
  * Enabled TLS 1.3 by default.   * Enabled TLS 1.3 by default.
-  * SSH core upgraded to [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.74.html|PuTTY 0.74]]. It brings the following change:+  * SSH core upgraded to [[&url(puttychanges)|PuTTY 0.74]]. It brings the following change:
    * Security fix: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]]     * Security fix: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]]
  * Resume transfer when FTP data connection disconnects. [[bug>1878]]   * Resume transfer when FTP data connection disconnects. [[bug>1878]]
Line 70: Line 70:
  * WebDAV core upgraded to neon 0.31.2.   * WebDAV core upgraded to neon 0.31.2.
-  * Security fix from [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.74.html|PuTTY 0.74]]: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]]+  * Security fix from [[&url(puttychanges)|PuTTY 0.74]]: If an SSH server accepted an offer of a public key and then rejected the signature, WinSCP could access freed memory, if the key had come from an SSH agent. [[pbug>vuln-agent-keylist-used-after-free]]
  * Displaying progress of synchronization in //Keep local directory up to date// extension. [[bug>1887]]   * Displaying progress of synchronization in //Keep local directory up to date// extension. [[bug>1887]]
  * Displaying session name and operation status in console title of //Keep local directory up to date// extension. [[bug>1888]]   * Displaying session name and operation status in console title of //Keep local directory up to date// extension. [[bug>1888]]
Line 220: Line 220:
  * Sorting find results. [[bug>902]]   * Sorting find results. [[bug>902]]
-  * SSH core upgraded to [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.73.html|PuTTY 0.73]]. It brings the following changes:+  * SSH core upgraded to [[&url(puttychanges)|PuTTY 0.73]]. It brings the following changes:
    * Security fix: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]]     * Security fix: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]]
    * Bug fix (possibly security-related): An SSH-1 server sending a disconnection message could cause an access to freed memory. [[pbug>ssh1-disconnect-use-after-free]]     * Bug fix (possibly security-related): An SSH-1 server sending a disconnection message could cause an access to freed memory. [[pbug>ssh1-disconnect-use-after-free]]
Line 251: Line 251:
    * Option //"Keep main window open when the last session is closed"// is enabled by default.     * Option //"Keep main window open when the last session is closed"// is enabled by default.
    * User is offered to save a workspace, even when only one session is opened.     * User is offered to save a workspace, even when only one session is opened.
-  * SSH core upgraded to [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.72.html|PuTTY 0.72]]. It brings the following changes:+  * SSH core upgraded to [[&url(puttychanges)|PuTTY 0.72]]. It brings the following changes:
    * Major rewrite of the crypto code to remove cache and timing side channels.     * Major rewrite of the crypto code to remove cache and timing side channels.
    * Hardware-accelerated AES. [[bug>1769]] [[pbug>cpu-crypto-accel]]     * Hardware-accelerated AES. [[bug>1769]] [[pbug>cpu-crypto-accel]]
Line 350: Line 350:
  * Back-propagated fixes and changes from 5.16--5.16.1 releases:   * Back-propagated fixes and changes from 5.16--5.16.1 releases:
-    * Security fix from [[https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.73.html|PuTTY 0.73]]: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]]+    * Security fix from [[&url(puttychanges)|PuTTY 0.73]]: On Windows, other applications were able to bind to the same TCP port as a WinSCP local port forwarding. [[pbug>vuln-win-exclusiveaddruse]]
    * XML parser upgraded to Expat 2.2.9.     * XML parser upgraded to Expat 2.2.9.
    * Bug fix: Error when reopening a remote file whose local temporary copy has been deleted. [[bug>1790]]     * Bug fix: Error when reopening a remote file whose local temporary copy has been deleted. [[bug>1790]]

Last modified: by martin