wolfSSH v1.4.12 Release

wolfSSL are proud to announce a new incremental update to wolfSSH: v1.4.12!

In this release, we have wolfSSHD running. It seamlessly fits in where other SSHDs are, and is able to parse and make use of existing sshd_config files that are in place.

We are also proud to announce that wolfSSH builds and runs in the Green Hills Software INTEGRITY environment. It takes advantage of INTEGRITY’s POSIX API. You can run a shell through it, or upload files to the local filesystem using SFTP.

For the cutting edge, wolfSSH adds Hybrid ECDH-P256 Kyber-Level1 for post-quantum hybrid key exchange.

The release information from the change log is reposted below:

New Feature Additions and Improvements

  • Support for Green Hills Software's INTEGRITY
  • wolfSSHd Release (https://github.com/wolfSSL/wolfssh/pull/453 rounds off testing and additions)
  • Support for RFC 6187, using X.509 Certificates as public keys
  • OCSP and CRL checking for X.509 Certificates (uses wolfSSL CertManager)
  • Add callback to the server for reporting userauth result
  • FPKI profile checking support
  • chroot jailing for SFTP in wolfSSHd
  • Permission level changes in wolfSSHd
  • Add Hybrid ECDH-P256 Kyber-Level1
  • Multiple server keys
  • Makefile updates
  • Remove dependency on wolfSSL being built with public math enabled

Fixes

  • Fixes for compiler complaints using GHS compiler
  • Fixes for compiler complaints using GCC 4.0.2
  • Fixes for the directory path cleanup function for SFTP
  • Fixes for SFTP directory listing when on Windows
  • Fixes for large file transfers with SFTP
  • Fixes for port forwarding
  • Fix for building with QNX
  • Fix for the wolfSSHd grace time alarm
  • Fixes for Yocto builds
  • Fixes for issues found with fuzzing

Vulnerabilities

  • The vulnerability fixed in wolfSSH v1.4.8 finally issued CVE-2022-32073

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.