- Security fix: an integer overflow bug in the agent forwarding code. See vuln-agent-fwd-overflow.
- Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory (on versions of Windows where they previously were). See vuln-indirect-dll-hijack.
- Windows PuTTY no longer sets a restrictive process ACL by default, because this turned out to inconvenience too many legitimate applications such as NVDA and TortoiseGit. You can still manually request a restricted ACL using the command-line option -restrict-acl.
- The Windows PuTTY tools now come in a 64-bit version.
- The Windows PuTTY tools now have Windows's ASLR and DEP security features turned on.
- Support for elliptic-curve cryptography (the NIST curves and 25519), for host keys, user authentication keys, and key exchange.
- Support for importing and exporting OpenSSH's new private key format.
- Host key preference policy change: PuTTY prefers host key formats for which it already knows the key.
- Run-time option (from the system menu / Ctrl-right-click menu) to retrieve other host keys from the same server (which cross-certifies them using the session key established using an already-known key) and add them to the known host-keys database.
- The Unix GUI PuTTY tools can now be built against GTK 3.
- There is now a Unix version of Pageant.
|
