Forum » Support and Bug Reports »

Download notes for 6.3.3 and CVE-2024-31497

MLum Guest

Download notes for 6.3.3 and CVE-2024-31497

2024-04-16 21:33

The Download notes for 6.3.3 say:

SSH core upgraded to PuTTY 0.80.

But I thought that version has the vulnerability, unless "SSH core" version is
different from the PuTTY executable version.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,441
Location:: Prague, Czechia

Re: Download notes for 6.3.3 and CVE-2024-31497

2024-04-17

What "download notes" do you mean? Can you post a link?
The version history mentions "PuTTY 0.81":
https://winscp.net/eng/docs/history?a=6.3.3

Reply with quote

Inwi Guest

2024-04-17 11:48

On the download page https://winscp.net/eng/download.php it says

SSH core upgraded to PuTTY 0.80. That includes support for HMAC-SHA-512 and mitigation of “Terrapin” vulnerability.

Reply with quote

martin◆ Site Admin

2024-04-17

Ok, those are major changes in WinSCP 6.3 release from February.
It does not include changes in later hotfixes.
If you click on "List of all changes", you will see PuTTY 0.81.

Reply with quote

martin◆ Site Admin

2024-04-17

I have removed the mention of "PuTTY 0.80", so that people don't get confused.

Reply with quote

You can post new topics in this forum