Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

build(deps): Upgrade ssh2 to latest version #355

Merged
merged 1 commit into from
Oct 27, 2022
Merged

build(deps): Upgrade ssh2 to latest version #355

merged 1 commit into from
Oct 27, 2022

Conversation

abmusse
Copy link
Member

@abmusse abmusse commented Oct 27, 2022
edited
Loading

Fixes #338

Previously we relied on 0.8.x this a major version upgrade.
Versions of ssh2 <1.4.0 are vulnerable to OS Command injection on Windows.
See GHSA-652h-xwhf-q4h6
Functional tests passed with latest ssh2 on both Linux and IBM i.

@abmusse
build(deps): Upgrade ssh2 to latest version
eb48635 
Update ssh2 to 1.11.0. Previous we relied on 0.8.x this a major version
upgrade.

Versions od ssh2 <1.4.0 are vulnerbale to OS Command injection on
Windows.

Functional tests passed with latest ssh2 on both linux and IBM i.
@abmusse abmusse requested a review from markdirish October 27, 2022 16:48
markdirish
markdirish approved these changes Oct 27, 2022
View reviewed changes
Copy link
Contributor

@markdirish markdirish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@abmusse abmusse merged commit b67bfcf into master Oct 27, 2022
@abmusse abmusse deleted the ssh2-v1.11.x-upgrade branch October 27, 2022 17:21
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@markdirish markdirish markdirish approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update ssh2 to the latest version
2 participants
@abmusse @markdirish