http://open-source-security-software.net/organization/Mozilla/releases.atom 2024-11-15T08:19:07.427309+00:00 python-feedgen ssh_scan 0.0.8 2016-08-09T15:15:07+00:00 - Add RSA fingerprinting (md5,sha1,sha256) - Add auth_method detection (publickey, password, etc.) - Special thanks to @jinankjain for #56 - Add OS fingerprinting (Ubuntu, Debian, FreeBSD, etc.) - Add sshlib fingerprinting (openssh, libssh) - Add IPv6 support - Small tweaks/bug fixes Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.8 2016-08-09T15:15:07+00:00 ssh_scan 0.0.9 2016-08-16T17:51:21+00:00 - Fix Ubuntu OS fingerprint typo (#60) - Fix hard failure in host-key fingerprinting (#67, #81, #83) - Special thanks to @jvehent - Fix typos/bugs in README (#72, #82, #90) - Special thanks to @knweiss - Fix net-ssh port specification bug (#73) - Special thanks to @comfreak - Fix spacing in recommendations output (#70) - Special thanks to @anantshri - Improvements to source installation documentation (#80) - Special thanks to @pjackowski - Add unit-test for ssh_scan versioning (#62) - Add RedHat/Windows OS fingerprints (#63) - Add 2.2.0 and 2.3.0 Rubies to CI builds (#68, #75) - Add preliminary support for multi-ip scanning (#65, #69, #76) - Special thanks to @jinankjain - Add docker build process for travis-ci (#85, #88) - Special thanks to @jvehent Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.9 2016-08-16T17:51:21+00:00 ssh_scan 0.0.10 2016-08-26T15:11:18+00:00 - Fix bugs where encryption or host-key support for net-ssh is incompatible (#93, #94, #95) - Special thanks to @dguido - Refactored scan_engine internals, again (#98) - Add policy references to policies and output (#102, #103) - Add integration tests (#106) - Add multiple docker capabilities (build|test|deploy pipeline end-to-end and docs) to ssh_scan (#85, #88, #114) - Special thanks to @jvehent (https://twitter.com/jvehent/status/767759613387309057) - Add custom target parser for NMAP style targeting (#96, #109) - Special thanks to @jinankjain - Add timeout functionality when hosts are slow or not there (#92) - Special thanks to @agaurav77 and @jinankjain - Add multi-threaded scanning architecture (#97, #120, #121) - Special thanks to @jinankjain Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.10 2016-08-26T15:11:18+00:00 ssh_scan 0.0.11 2016-08-31T18:27:35+00:00 - Fixed unit-test spec name typo which caused target parser specs not to run (#128) - Fixed copy pasta bug in KeyExchangeInit#compression_algorithms_server_to_client (https://github.com/mozilla/ssh_scan/pull/129/files#diff-3dd8436c2d07f530e2f8374c58e9a99eR144) - Add support for IPv4 fallback when IPv6 cannot be established (#74, #132) - Special thanks to @jinankjain - Add support for Ubuntu OS version fingerprinting (#131) - Special thanks to @agaurav77 - Add support to use output.json as input for targeting on rescans (#124, #125) - Special thanks to @royalharsh and @agaurav77 - Add support for custom port specification in input files (#125) - Special thanks to @royalharsh - Make SSHScan::KeyExchangeInit objects buildable and transparent to contributors (#129) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.11 2016-08-31T18:27:35+00:00 ssh_scan 0.0.12 2016-09-02T01:51:57+00:00 - Fix bug in -h on Linux OS's (#140) - Special thanks to @christophprokop and @jinankjain - Add policy hooks for auth_methods (#142, #144) - Special thanks to @yashmehrotra - Add integration coverage for gem releases (#147) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.12 2016-09-02T01:51:57+00:00 ssh_scan 0.0.13 2016-09-07T18:20:57+00:00 - Fixed multiple exception handling bugs (#146, #149, #158, #161, #170) - Special thanks to @jinankjain - Fixed port specification bugs (#130) - Special thanks to @jinankjain and @agaurav77 - Refactored unit-testing harness for fingerprinting (#157, #173) - Special thanks to @agaurav77 - Added glitter badge/room for ssh_scan discussion/collaboration (#174) - Special thanks to @jinankjain and @jvehent - Added os and ssh fingerprint for dopra (#167 #153) - Special thanks to @rishabhs95 - Added os and ssh fingerprints for ROS (#164 #152) - Special thanks to @jinankjain - Added os and ssh fingerprints for Dropbear (#165) - Special thanks to @agaurav77 - Added os and ssh fingerprints for Cisco (#155) - Added a standard logging facility (#159 #169 #163) - Special thanks to @jinankjain Also, special thanks to Tom Sellers for catching our failed twitter announcement of v0.0.13 as v0.0.12 (https://twitter.com/TomSellers/status/773583022830432257) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.13 2016-09-07T18:20:57+00:00 ssh_scan 0.0.14 2016-09-17T04:00:27+00:00 - Fix bug in ssh_scan client (#186, #187) - Special thanks to @jinankjain - Fix bug in ssh_scan banner (#180) - Refactor host-key fingerprinting (#84, #185) - Special thanks to @agaurav77 - Add ssh_version as a policy control ( #154, #176, #177, #183, #184) - Special thanks to @yashmehrotra - Add start/end/duration values to JSON output (#178, #181) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.14 2016-09-17T04:00:27+00:00 ssh_scan 0.0.15 2016-09-21T17:54:26+00:00 - Fix exception handling bug in client #get_kex_result (#191, #192) - Fix host key verification exceptions (#135, #136, #189) - Move compliance to a decorator strategy (#194, #195, #196) - Add persistent host key fingerprint tracking and reporting (#193, #194, #197) - Add more ubuntu fingerprints/tests (#204, #205) - Add gem update warnings/status (#208, #210) - Add github page stub for blogging and documentation (#199) - Special thanks to @jinankjain Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.15 2016-09-21T17:54:26+00:00 ssh_scan 0.0.16 2016-10-19T18:40:47+00:00 - Fix openssh fingerprinting bug (#229) - Fix bug in ubuntu fingerprinting (#212) - Special thanks to @agaurav77 - Fix content type bug to force plain content for ssh_scan_api (#234) - Add unit-test for string_ext (#200, #232) - Special thanks to @flash1452 - Add portable binary capability via Traveling Ruby (#201, #237) - Special thanks to @rishabhs95 - Add initial ssh_scan_api binary (#230) - Special thanks to @agaurav77 - Add web security basics to ssh_scan_api (#234) - Add a bunch of banner fingerprints (#231, #229, #218) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.16 2016-10-19T18:40:47+00:00 ssh_scan 0.0.17.pre 2017-03-02T05:22:55+00:00 A pre-release gem to test out the splitting of the API functionality out into it's own repo 2017-03-02T05:22:55+00:00 ssh_scan 0.0.17 2017-03-17T18:49:13+00:00 - Perform hostname lookups for IP-only targeting (#336) - Broke ssh_scan_api into it's own unique [project](https://github.com/mozilla/ssh_scan_api) (#334) - Add stats interface to API (#324, #323, #322) * Special thanks to @royalharsh - Allow workers/users on localhost to bypass authentication (#331) - Fix bug in worker authentication (#331, #329) - Fix bug in data requirement in gemspec (#331) - Add scan caching feature to increase performance and reduce abuse likihood (#305) * Special thanks to @rishabhs95 - Add worker authentication (#331) * Special thanks to @rishabhs95 and @royalharsh - Refactored DB/API/Worker interfaces multiple times over (#291, #284, #313, #312) * Special thanks to @rishabhs95 and @royalharsh - Added DB support for MongoDB (#291) * Special thanks to @royalharsh - Tons of code quality and style clean up using Rubocop (#257, #271) * Special thanks to @rishabhs95 - Added coveralls to improve test coverage visibility (#314, #315, #316, #317, #318) - Improved file-based configuration controls for API/Worker (#269, #268) * Special thanks to @rishabhs95 and @royalharsh - Improved loggins for API/Worker (#300) - Added options for HTTP/HTTPS configurability with nginx (#299) * Special thanks to @Rajat-Goyal - Added contribute.json to API (#298) - Fixed logic bug in compliance policy (#282) - Add authentication to API (#270) - Extend SSH fingerprints to include DSA (#235) - Add heartbeat route for API (#241) * Special thanks to @Rajat-Goyal - Fixed ordering bug in cmd-line argument processing (#166) * Special thanks to @agaurav77 - Fixed logic bug in policy manager (#292) * Special thanks to @agaurav77 Would like to add a special note to thank the 2016/2017 MWoS ssh_scan team for all that they've done here. These release notes don't begin to describe how much they improved this project over the past 4 months! Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.17 2017-03-17T18:49:13+00:00 ssh_scan 0.0.18 2017-03-24T15:05:00+00:00 - Adds support for [ssh-badkey](https://github.com/rapid7/ssh-badkeys) consumption/detection (#345) * Special thanks to @averagesecurityguy and @hdm - Fix bug in base64 name-spacing in Puppet environments (#347) * Special thanks to @petems - Fix spelling mistakes in comments and helper script (#348) * Special thanks to @petems - Fix bug in unit-tests for localhost resolution (#349) * Special thanks to @petems - Remove deprecated --listen switch and help/README clean up (#339, #341, #338) * Special thanks to @amgrice - Restores persistent host-key fingerprinting DB feature (#342) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.18 2017-03-24T15:05:00+00:00 ssh_scan 0.0.19 2017-04-19T03:25:35+00:00 Fix bug in duplicate fingerprint detection (#352, #357, #351) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.19 2017-04-19T03:25:35+00:00 ssh_scan 0.0.20 2017-05-12T16:20:52+00:00 - Add Mozilla License - Add 2.4 Ruby CI Coverage and drop coverage for legacy Rubies - Move worker to ssh_scan_api project Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.20 2017-05-12T16:20:52+00:00 ssh_scan 0.0.21 2017-05-25T18:39:37+00:00 - Fix wording on recommendations * Special thanks to @april - Re-add packaging rake-tasking * Special thanks @rishabhs95 - Add YARD docs * Special thanks to @agaurav77 Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.21 2017-05-25T18:39:37+00:00 ssh_scan 0.0.22 2017-06-08T17:57:54+00:00 - Add grades to compliance (A-F) * Special thanks to @april - Refactor results store to it's own class - Add better exception handling when target hostname is unresolvable - Add integration testing for docker builds * Special thanks to @jammasterj89 - Some README clean up Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.22 2017-06-08T17:57:54+00:00 ssh_scan 0.0.23 2017-06-14T19:45:35+00:00 - Refactor results handling - Fix bug in grader Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.23 2017-06-14T19:45:35+00:00 ssh_scan 0.0.24 2017-06-15T14:55:59+00:00 - Fix exception feedback - Fix socket errors when falling back from IPv6 => IPv4 Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.24 2017-06-15T14:55:59+00:00 ssh_scan 0.0.25 2017-07-03T16:35:13+00:00 - Update README - Added unit-tests for results - Fix exception handing in bannner grabbing Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.25 2017-07-03T16:35:13+00:00 ssh_scan 0.0.26 2017-07-20T16:02:42+00:00 - Fix attribute aliasing comparisons (#405) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.26 2017-07-20T16:02:42+00:00 ssh_scan 0.0.27 2017-08-25T19:08:58+00:00 - Add better exception handling for for Net::SSH resets (#413) - Force SSHScan::Client to actually listen to timeouts (#413) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.27 2017-08-25T19:08:58+00:00 ssh_scan 0.0.28 2017-09-06T14:15:28+00:00 - Fix command-injection bug in ssh-keyscan calls (#344, #417, mozilla/ssh_scan_api#109) - please note that upon further post-release review, this was not actually an exploitable command injection bug at all, but we still believe the code fix is an overall improvement on how we handle ssh-keyscan call outs. * Special thanks @caggle Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.28 2017-09-06T14:15:28+00:00 ssh_scan 0.0.29 2017-10-02T19:51:17+00:00 ssh_scan v0.0.29 release - Fix no method error when using --unit-test (#419) * Special thanks @jvehent Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.29 2017-10-02T19:51:17+00:00 ssh_scan 0.0.30 2018-01-19T15:53:27+00:00 ssh_scan v0.0.30 release - Binds netaddr to version 1.5.1 to avoid breaking changes (https://github.com/mozilla/ssh_scan/pull/424) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.30 2018-01-19T15:53:27+00:00 ssh_scan 0.0.31 2018-01-19T20:03:43+00:00 ssh_scan v0.0.31 release - Fixes a bug that was preventing grades/recommendations from showing up in output (https://github.com/mozilla/ssh_scan/pull/426) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.31 2018-01-19T20:03:43+00:00 ssh_scan 0.0.32 2018-01-19T21:11:09+00:00 ssh_scan v0.0.32 release - Fixes a bug that was preventing grades/recommendations from showing up in output (https://github.com/mozilla/ssh_scan/pull/426) Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.32 2018-01-19T21:11:09+00:00 ssh_scan 0.0.33 2018-02-13T16:00:58+00:00 ssh_scan v0.0.33 release - Fixes a bug when custom ports are passed down to keyscan (https://github.com/mozilla/ssh_scan/issues/429) * Special thanks @mariobranco, @ondrejkelemen, and @jinankjain Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.33 2018-02-13T16:00:58+00:00 ssh_scan 0.0.34 2018-02-26T19:34:29+00:00 ssh_scan v0.0.34 release - Fixes a regression when custom ports are passed down to keyscan (#433) * Special thanks @jumanjiman and @jinankjain Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.33 2018-02-26T19:34:29+00:00 ssh_scan 0.0.35 2018-06-04T17:56:34+00:00 ssh_scan v0.0.35 release - Fixes an unbound dependancy on net-ssh, which recently released breaking changes in 5.x (#435) * Special thanks @exploide Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.35 2018-06-04T17:56:34+00:00 ssh_scan 0.0.36 2018-12-19T20:16:32+00:00 ssh_scan v0.0.36 release - Bumps net-ssh version to support 5.x (#437, #441) Special thanks @fmjgomes Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.36 2018-12-19T20:16:32+00:00 ssh_scan 0.0.37 2019-01-15T18:12:53+00:00 ssh_scan v0.0.37 release - Fixed deprecated bundler switches (--no-ri --no-rdoc) - Moved fingerprint cache storage to user home dir to avoid permissions issues when running as non-root user - Fixed a bug where fingerprint cache was being overwritten during each run - Removed legacy constant values that were left overs from port to ssh_scan_api effort - Fixed a bug in ssh-keyscan runs where by stderr output was getting mixed in stdout and thus corrupting or breaking fingerprint detection Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.37 2019-01-15T18:12:53+00:00 ssh_scan 0.0.38 2019-01-17T14:35:15+00:00 ssh_scan v0.0.38 release - Fix a type error introduced in 0.0.37 with the switch to subprocess code (#478) - Special thanks to @exploide and @Allaman - Added support for YAML output to ssh_scan binary (#480) - Special thanks to @exploide Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.38 2019-01-17T14:35:15+00:00 ssh_scan 0.0.39 2019-01-18T15:39:03+00:00 ssh_scan v0.0.39 release - Refactor key/fingerprint handling (#484) - Special thanks to @exploide Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.39 2019-01-18T15:39:03+00:00 ssh_scan 0.0.40 2019-01-18T18:38:12+00:00 ssh_scan v0.0.40 release - Add support for ecdsa and ed25519 keys (#487) - Special thanks to @exploide Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.40 2019-01-18T18:38:12+00:00 ssh_scan 0.0.41 2019-05-03T13:24:45+00:00 ssh_scan v0.0.41 release - Fix NoMethod error in Result key defaults (#499) - Special thanks to @electrical and @jstangroome Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.41 2019-05-03T13:24:45+00:00 ssh_scan 0.0.42 2019-08-27T14:03:44+00:00 ssh_scan v0.0.42 release - Better exception handling in client.rb (#504) - Special thanks to @J12934 Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.42 2019-08-27T14:03:44+00:00 ssh_scan 0.0.43 2020-05-27T22:02:23+00:00 ssh_scan v0.0.43 release - Add support for ed25519 (https://github.com/mozilla/http-observatory-website/issues/220 and #519) - Special thanks to @532910 Gem release: https://rubygems.org/gems/ssh_scan/versions/0.0.43 2020-05-27T22:02:23+00:00 ssh_scan 0.0.44 2021-05-20T14:48:09+00:00 ssh_scan v0.0.44 release - Add Ruby 3.x support - Update Docker image to support Ruby 3.x - Update bundler to 2.x - Switch to IPSocket.getaddress - Update net-ssh 6.x and switch to new verifier status - Update rake to a new version 2021-05-20T14:48:09+00:00