OpenSSH 10.4 is now available, bringing security improvements, bug fixes, and a couple of new features to this suite of secure networking tools. Among the notable additions, the release introduces experimental support for a composite post-quantum signature scheme that combines ML-DSA 44 and Ed25519. This cryptographic feature is not enabled by default and requires manual configuration. Alongside advancements in cryptography, OpenSSH 10.4 replaces its wildcard pattern matcher with a new implementation based on a non-deterministic finite automaton. This update prevents exponential worst-case performance scenarios seen in the previous design. Addressing several SFTP-related vulnerabilities, the update fixes an issue where a malicious SFTP server could cause files to be downloaded to unintended locations, as well as a scenario allowing file placement in the parent directory during cross-remote transfers. Internal-sftp now correctly processes long command lines, no longer discarding options...
Related
Design tool Penpot brings background blur, better WebGL rendering & design token upgrades
Penpot 2.17 launches just one month after the 2.16 update, delivering several high-impact updates to this open source design platform. Building on the new WebGL rendering engine, t...
Tiptap AI Toolkit
Empower your AI to directly edit documents in real time. Discussion | Link
Apple launches iOS 27 public beta with the new Siri AI and Apple Intelligence updates
Apple has launched the iOS 27 public beta, giving all iPhone users early access to its next major software update ahead of the final release this fall, and just a couple of weeks a...