OpenSSH 10.4 adds composite post-quantum signature support & fixes several security issues

OpenSSH 10.4 is now available, bringing security improvements, bug fixes, and a couple of new features to this suite of secure networking tools. Among the notable additions, the release introduces experimental support for a composite post-quantum signature scheme that combines ML-DSA 44 and Ed25519. This cryptographic feature is not enabled by default and requires manual configuration. Alongside advancements in cryptography, OpenSSH 10.4 replaces its wildcard pattern matcher with a new implementation based on a non-deterministic finite automaton. This update prevents exponential worst-case performance scenarios seen in the previous design. Addressing several SFTP-related vulnerabilities, the update fixes an issue where a malicious SFTP server could cause files to be downloaded to unintended locations, as well as a scenario allowing file placement in the parent directory during cross-remote transfers. Internal-sftp now correctly processes long command lines, no longer discarding options...

Read Original

Related

Product Hunt tool 3h ago

Tiptap AI Toolkit

Empower your AI to directly edit documents in real time. Discussion | Link