v0.54.6

Commits

• 140e482: Add ML-KEM post-quantum hybrid key exchange support (#585) (Kenny Root)

v0.54.5

Changes

• 6878bf1: A send_ping method for measuring latency (#576) (Môshe van der Sterre) #576
• adhere to ssh_config more strictly (#570) #570 (Philippe Laflamme)

Fixes

• strict kex sequence number check should only apply to initial exchange (#577) #577 (Kenny Root)
• add compile_error! when no crypto backend is enabled (#569) #569 (DCjanus)
• use sha256 as the default hashing algorithm when running agent tests (#573) #573 (Simon THOBY)
• handle empty ssh config files (#578) #578 (Philippe Laflamme)
• b6a446d: Update globset in russh-config to 0.4 (#568) (Pierce Bartine) #568
• e491140: [FIX] Ignore window adjustment after channel EOF (#580) (Eric Rodrigues Pires) #580
• 00b80b5: Addresses race condition from #226 (#579) (Lucy) #579

v0.54.4

Fixes

• 1ed8ca7: pageant fixes

v0.54.2

Fixes

• 98b7e91: fixed #558 - zlib compression fails after key renegotiation
• f0881aa: fixed #500 - Including TTY_OP_END in terminal_modes triggers ‘Packet integrity error’ due to duplicate sentinel

v0.54.1

Security fixes

• 0eb5e40: fixed CVE-2025-54804 - missing overflow check in channel window adjust
  • This vulnerability has allowed a malicious authenticated client or server to trigger a Rust panic in the russh server/client via a checked integer overflow

Fixes

• 2d0a418: Fix channels being closed prematurely (#554) (Eric Rodrigues Pires) #554

v0.54.0

Features

• 75459ca: Graceful server shutdown (#539)
  • run_on_socket now returns RunningServer instead of an opaque Future.
  • Call RunningServer.handle() to obtain an asynchronous handle.
  • Use RunningServerHandle.shutdown() to request a graceful server shutdown which will send MSG_DISCONNECT to all clients and wait for the sessions to close.
• make Config Clone (#544) (Philippe Laflamme)
• add a feature toggle for rsa (#550) (Philippe Laflamme)
• 43a09c9: Add Config.nodelay option for client (#551) (Tom) #551

Bug Fixes

• allow Stream to connect to multiple addresses (#545) (Philippe Laflamme)
• 5c3ac6e: Fix off-by-one error for keepalive timer (#543) (Eric Rodrigues Pires) #543

v0.53.0

Major changes

• c41d4f6: Use aws-lc-rs/ring implementation for AEAD ciphers (#535) (Eric Rodrigues Pires) #535

This improves AES-GCM encryption/decryption performance by 10x and ChaCha20-Poly1305 by at least 2x on commonly used targets.

aws-lc-rs is the default implementation, but you can opt to use ring instead by enabling the ring crate feature. On WASM, you will have to use russh with default-features = false, features = ["ring"] as the default features cannot be controlled per target, and aws-lc-rs does not support WASM.

Fixes

• 1d7e52f: Fail when accept() returns an Error (#518) (Pascal Grange) #518
• Dead loop when client receives messages (#524) #524 (wyhaya)
• 052109c: fixed #531 - merge fix from RustCrypto/SSH#351 (Eugene)

Features

• 04e529e: added [email protected] cipher support (#526) (handewo) #526
• cfe45e5: Support sending "[email protected]" requests (#527) (handewo) #527
• 1d49e7d: #323 - direct-streamlocal support on server side (#529) (Eugene) #529

v0.53.0-beta.1

Major changes

• c41d4f6: Use aws-lc-rs/ring implementation for AEAD ciphers (#535) (Eric Rodrigues Pires) #535

This improves AES-GCM encryption/decryption performance by 10x and ChaCha20-Poly1305 by at least 2x on commonly used targets.

aws-lc-rs is the default implementation, but you can opt to use ring instead by enabling the ring crate feature. On WASM, you will have to use russh with default-features = false, features = ["ring"] as the default features cannot be controlled per target, and aws-lc-rs does not support WASM.

Fixes

• 1d7e52f: Fail when accept() returns an Error (#518) (Pascal Grange) #518
• Dead loop when client receives messages (#524) #524 (wyhaya)
• 052109c: fixed #531 - merge fix from RustCrypto/SSH#351 (Eugene)

Features

• 04e529e: added [email protected] cipher support (#526) (handewo) #526
• cfe45e5: Support sending "[email protected]" requests (#527) (handewo) #527
• 1d49e7d: #323 - direct-streamlocal support on server side (#529) (Eugene) #529

v0.52.1

Fixes

• 5e91396: fixed #515 - unexpected pre-kex message causing panic #516

v0.52.0

Features

• make ChannelWriteHalf::make_writer[_ext] public, fix #498 (#499) #499 (Mingwei Samuel)
• add ChannelReadHalf::make_reader[_ext], #498 (#502) #502 (Mingwei Samuel)
• ec273f8: Add Handle::send_keepalive (#511) (Uli Schlachter) #511
• fd9da16: Added client::Handle::debug (#510) (Pascal Grange) #510
• 3d09c20: Support of SSH 1.99 (#514) (Jacob Van Brunt) #514

Fixes

• 20ea6a0: Handle unexpected EOF as expected in session closure (#495) (lgmugnier) #495
• 6a6fa80: make ChannelCloseOnDrop async
• c2fa2df: fixed #506 - removed faulty server-sig-algs timeout on wasm (#508) #508