Download Latest Version
v0.3.8 source code.tar.gz (27.1 kB)
Get an email when there's a new version of gliderlabs/ssh
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2024-12-12 | 695 Bytes | |
| v0.3.8 source code.tar.gz | 2024-12-12 | 27.1 kB | |
| v0.3.8 source code.zip | 2024-12-12 | 39.3 kB | |
| Totals: 3 Items | 67.1 kB | 1 | |
This bumps x/crypto to 0.31.0 to resolve CVE-2024-45337. The API has not changed, which means there are still a number of ways you could be vulnerable if your code improperly uses the PublicKeyHandler.
Note that this may result in a performance regression, as the PublicKeyHandler may be called multiple times for the same key. The last time it is called will be the key the user is actually using.
Note that if you are using Permissions to pass information about the public key out of the handler, you need to make sure you always overwrite all relevant stored map keys in order to avoid being vulnerable.
Full Changelog: https://github.com/gliderlabs/ssh/compare/v0.3.7...v0.3.8
