Skip to content

v3.14.15
Compare
Choose a tag to compare
@speed47 speed47 released this 08 Nov 14:02
· 105 commits to master since this release
v3.14.15
137c7b5

⚡ Security

💡 Highlights

This release fixes a security issue where JIT MFA on sftp and scp plugins was not honored. Please refer to CVE-2023-45140 for impact and mitigation details.
Upgrading to this version is sufficient to fix the issue, but please read through the specific upgrading instructions of this version.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

  • feat: support JIT MFA through plugins, including sftp and scp (fixes CVE-2023-45140)
  • feat: add configuration option for plugins to override the global lock/kill timeout
  • enh: setup-gpg.sh: allow importing multiple public keys at once
  • enh: connect.pl: report empty ttyrec as ttyrec_empty instead of ttyrec_error
  • enh: orphaned homedirs: adjust behavior on master instances
  • fix: check_collisions: don't report orphan uids on slave, just use their name
  • fix: scp: adapt wrapper and tests to new scp versions requiring -O
  • meta: dev: add devenv docker, pre-commit info, and documentation on how to use them, along with how to write integration tests

⏩ Upgrading

Assets 2
Loading