0.7927 Aug 2023 07:25
Windows installer scope is back to the normal 'per machine'
Setting, reverting 0.78's security workaround... Note: this means that installing the 0.79 or later Windows
Installer will. not automatically uninstall 0.78, if 0.78 was
Installed using its default 'per user' scope. In that situation we
Recommend uninstalling 0.78 first, if possible. If both end up
Installed, uninstalling both and then re-installing the new version
Will things up.. Terminal mouse tracking: support for mouse movements which are not
Drags.. Terminal mouse tracking: support for horizontal scroll events
e.g. generated by trackpads).. Backwards compatibility : certificate-based user authentication.
Now works with OpenSSH 7.7 and earlier.. : in a session using the 'Raw' protocol, pressing D twice
in the terminal window could cause an assertion failure.. : terminal output could hang if a resize control sequence
Was sent by the server (and was not disabled in the Features panel)
But PuTTY's window was set to non-resizable in the Window panel.. : GTK PuTTY could fail an assertion if a resize control
Sequence was sent by the server while the window was docked to one
Half of the screen in KDE.. : GTK PuTTY could fail an assertion if you tried to change
The font size while the window was maximised.. : the 'bell overload' timing settings were misinterpreted
by Unix PuTTY and pterm 0.77/0.78; if any settings were saved using
These versions, confusion can persist with newer versions.. : SSH authentication banners were not reliably printed if a
Server sent one immediately before closing the connection (e.g.
Intended as a user-visible explanation for the connection
Closure).. : the '' command in PSFTP always reported failure, so
That ending a. psftp -b batch script with it would cause
PSFTP as a whole to believe it had failed, even if everything worked
Fine.. : certificate handling would do the wrong thing, for RSA
Keys only, if you specified a detached certificate to go with a PPK
File that had a diffe
0.7830 Oct 2022 03:17
Support for OpenSSH certificates, for both user authentication
Keys and host keys.
New SSH proxy modes, for running a custom shell command or.
Subsystem on the proxy server instead of forwarding a port through it.
New plugin system to allow a helper program to provide responses.
in. keyboard-interactive authentication, intended to
Automate one-time password systems.
Support for NTRU Prime post-quantum key exchange.
Support for AES-GCM (in the OpenSSH style rather than RFC 5647).
Support for more forms of Diffie-Hellman key exchange: new larger.
Integer groups (such as group16 and group18), and support for using
Those and ECDH with GSSAPI.
the 32-bit Windows build now runs on Windows XP again.
server-controlled window title setting now works again.
Even if the character set is ISO 8859 (or a few other affected
Single-byte character sets).
certain forms of OSC escape sequences could cause PuTTY to crash.
the. -pwfile /. -pw options no.
Longer affect local key passphrase prompts, and no longer suppress
Plink's anti-spoofing measures.
Note: installing the 0.78 or later Windows installer will. not automatically uninstall 0.77 or earlier, due to a.
Change we've made to work around a. We recommend uninstalling
The old version first, if possible. If both end up installed,
Uninstalling both and then re-installing the new version will things up.
0.7728 May 2022 03:16
Major improvements to network proxy support: Support for interactively prompting the user if the proxy server
Built-in support for proxying via another SSH server, so that.
PuTTY will SSH to the proxy and then automatically forward a port
Through it to the destination host. (Similar to running. plink
nc as a subprocess, but more convenient to set up, and allows.
You to answer interactive prompts presented by the proxy.)
Support for HTTP Digest authentication, when talking to HTTP.
Introduced. pterm.exe, a PuTTY-like wrapper program.
For Windows command prompts (or anything else running in a Windows
Console). Not yet included in the installer, but available as a..exe file from the Download page.
Updated Unicode and bidi support to Unicode 14.0.0.
New command-line option. -pwfile, like. -pw except that it reads the password from a file so that.
it doesn't show up on the command line.
Windows Pageant: option. --openssh-config to allow.
Easy interoperation with Windows's. ssh.exe.
pw (and. -pwfile ) now do not fall back.
to interactively prompting for a password if the provided password
Fails. (That was the original intention.)
New configuration options for keyboard handling: Option to control handling of Shift + arrow keys.
Extra mode in the function-keys option, for modern xterm (v216 and above).
workaround flag to wait for the server's SSH greeting before.
Sending our own, for servers (or proxies) that lose outgoing data
Before seeing any incoming data.
Crypto update: added side-channel resistance in probabilistic RSA.
Crypto update: retired the use of short Diffie-Hellman exponents.
just in case).
reconfiguring remote port forwardings more than once no.
terminal output processing is now paused while handling a.
Remote-controlled terminal resize, so that the subsequent screen
Redraw is interpreted relative to the new terminal size instead of the old.
Windows PuTTYgen's mouse-based entropy collecti
0.7618 Jul 2021 12:45
New option to abandon an SSH connection if the server allows you
to authenticate in a trivial manner.
Windows PuTTY crashed when the 'Use system colours'.
Option was used.
crash on Windows when using MIT Kerberos together with.
Windows PuTTY leaked named pipes after contacting.
Windows PuTTY didn't update the window while you held.
Down the scrollbar arrow buttons long enough to 'key-repeat'.
user colour-palette reconfiguration via 'Change Settings'.
server colour-palette reconfigurations were sometimes.
a tight loop could occur on reading a truncated private.
the Windows Pageant GUI key list didn't display key.
0.7509 May 2021 23:25
Security : on Windows, a server could DoS the whole Windows GUI
by telling the PuTTY window to change its title repeatedly at high
Pageant now supports loading a key still encrypted, and decrypting.
it later by prompting for the passphrase on first use.
Upgraded default SSH key fingerprint format to OpenSSH-style SHA-256.
Upgraded private key file format to PPK3, with improved passphrase.
Hashing and no use of SHA-1.
Terminal now supports ESC 9 m for strikethrough text.
New protocols: bare ssh-connection layer for use over.
Already-secure IPC channels, and SUPDUP for talking to very old
Systems such as PDP-10s.
PuTTYgen now supports alternative provable-prime generation.
Algorithm for RSA and DSA.
The Unix tools can now connect directly to a Unix-domain socket.
0.7429 Jun 2020 00:45
Security : if an SSH server accepted an offer of a public key
And then rejected the signature, PuTTY could access freed memory, if
The key had come from an SSH agent.. Security feature: new config option to disable PuTTY's dynamic
Host key preference policy, if you prefer to avoid giving away to
Eavesdroppers which hosts you have stored keys for.. : the installer UI was illegible in Windows high-contrast
Mode.. : console password input failed on Windows 7.. in the terminal: one instance of the dreaded
line==NULL" error box, and two other assertion failures.. : potential memory-consuming loop in -compatible padding.
of an RSA signature from an agent.. : PSFTP's buffer handling worked badly with some servers
particularly proftpd's. mod_sftp ).. : cursor could be wrongly positioned when restoring from.
The alternate terminal screen. (A of this type was in 0.59;
This is a case that that missed.). : character cell height could be a pixel too small when
Running GTK PuTTY on Ubuntu 20.04 (or any other system with a
Similarly up-to-date version of Pango).. : old-style (low resolution) scroll wheel events did not
Work in GTK 3 PuTTY. This could stop the scroll wheel working at all
0.7330 Sep 2019 16:25
Security : on Windows, other applications were able to bind to the same TCP port as a PuTTY local port forwarding.
Security : in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.
Windows Plink would crash on startup if it was acting as a connection-sharing downstream.
Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised.
tweaked terminal handling to prevent lost characters at the ends of lines in gcc's coloured error messages.
removed a bad interaction between the 'clear scrollback' operation and mouse selection that could give rise to the dreaded "line==NULL" assertion box.
0.7221 Jul 2019 12:25
Security found by the EU-funded bounty: two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant.
crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows).
crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange.
trust sigils were never turned off in SSH-1 or Rlogin.
trust sigils were never turned back on if you used Restart Session.
PSCP in SCP download mode could create files with a spurious newline at the end of their names.
PSCP in SCP download mode with the. -p option would generate spurious complaints about illegal file renaming.
the initial instruction message was never printed during SSH. keyboard-interactive authentication.
pasting very long lines through connection sharing could crash the downstream PuTTY window.
in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key.
PuTTYgen could generate RSA keys with a modulus one bit shorter than requested.
0.7117 Mar 2019 11:05
Security found by an EU-funded bounty programme: a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
potential recycling of random numbers used in cryptography.
on Windows, hijacking by a malicious help file in the same directory as the executable.
on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding.
multiple denial-of-service attacks that can be triggered by writing to the terminal.
Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened: keystrokes typed before authentication has finished will be buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older GSSAPI authentication system which can keep your forwarded Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence, true colour, and SGR 2 dim text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight to the top or bottom of the terminal scrollback.
0.7011 Jul 2017 01:25
Security : the Windows PuTTY binaries should no longer be
Vulnerable to hijacking by specially named DLLs in the same directory,
Even a name we missed when we thought we'd this in 0.69.
Windows PuTTY should be able to print again, after our DLL.
Hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside the.
Current code page, after our DLL hijacking defences broke that too.
0.6726 Mar 2016 21:15
Security fix: a buffer overrun in the old-style SCP protocol when receiving the header of each file downloaded from the server is fixed. See vuln-pscp-sink-sscanf.
Windows PuTTY now sets its process ACL more restrictively, in an attempt to defend against malicious other processes reading sensitive data out of its memory.
Assorted other robustness fixes for crashes and memory leaks.
We have started using Authenticode to sign our Windows executables and installer.