Skip to content

v0.3.5

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 12 Dec 00:33
v0.3.5
This tag was signed with the committer’s verified signature.
AkihiroSuda Akihiro Suda
GPG key ID: 49524C6F9F638F1A
Learn about vigilant mode.
cedcbf9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Changes

This release silences a dependabot alert (#92) about a vulnerability of golang.org/x/crypto: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. (CVE-2024-45337/GO-2024-3321)

This vulnerability is NOT exploitable for sshocker (and Lima), as golang.org/x/crypto/ssh is not used.

Full changes: v0.3.4...v0.3.5

Install

curl -o sshocker --fail -L https://github.com/lima-vm/sshocker/releases/download//sshocker-$(uname -s)-$(uname -m)
chmod +x sshocker

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/lima-vm/sshocker/actions/runs/12287350284

Assets 8
Loading