These features are new in beta 0.57 (released 2005-02-20): * Security fixes: two vulnerabilities discovered by iDEFENSE, potentially allowing arbitrary code execution on an SFTP client by a malicious SFTP server (but only after host key verification), have been fixed. See vuln-sftp-readdir, vuln-sftp-string. * Fixed small bug with X forwarding to local displays. * Fixed crashing bug with remote port forwarding. * Fixed handling of SSH2 debug messages (embarrassingly, a bug introduced when fixing the previous vulnerability - it was more secure but didn't work any more!). These features are new in beta 0.56 (released 2004-10-26): * Security fix: a vulnerability discovered by iDEFENSE (advisory number 10-27-04), potentially allowing arbitrary code execution on the client by a malicious SSH2 server before host key verification, has been fixed. * Ability to restart a session within an inactive window, via a new menu option. * Minimal support for not running a shell or command at all in SSH protocol 2 (equivalent to OpenSSH's "-N" option). PuTTY/Plink still provide a normal window for interaction, and have to be explicitly killed. * Transparent support for CHAP cryptographic authentication in the SOCKS 5 proxy protocol. (Not in PuTTYtel.) * More diagnostics in the Event Log, particularly of SSH port forwarding. * Ability to request setting of environment variables in SSH (protocol 2 only). (However, we don't know of any servers that support this.) * Ability to send POSIX signals in SSH (protocol 2 only) via the "Special Commands" menu. (Again, we don't know of any servers supporting this.) * Bug fix: The PuTTY tools now more consistently support usernames containing "@" signs. * Support for the Polish character set "Mazovia". * When logging is enabled, the log file is flushed more frequently, so that its contents can be viewed before it is closed. * More flexibility in SSH packet logging: known passwords and session data can be omitted from the log file. Passwords are omitted by default. (This option isn'tr perfect for removing sensitive details; you should still review log files before letting them out of your sight.) * Unix-specific changes: * Ability to set environment variables in pterm. * PuTTY and pterm attempt to use a UTF-8 line character set by default if this is indicated by the locale; however, this can be overridden. These features are new in beta 0.55 (released 2004-08-03): * Security fix: a vulnerability discovered by Core Security Technologies (advisory number CORE-2004-0705), potentially allowing arbitrary code execution on the client by a malicious server before host key verification, has been fixed. * Bug fix: General robustness of the SSH1 implementation has been improved, which may have fixed further potential security problems although we are not aware of any specific ones. * Bug fix: Random noise generation was hanging some computers and interfering with other processes' precision timing, and should now not do so. * Bug fix: dead key support should work better. * Bug fix: a terminal speed is now sent to the SSH server. * Bug fix: removed a spurious diagnostic message in Plink. * Bug fix: the `-load' option in PSCP and PSFTP should work better. * Bug fix: X forwarding on the Unix port can now talk to Unix sockets as well as TCP sockets. * Bug fix: various crashes and assertion failures fixed.. These features were new in beta 0.54 (released 2004-02-12): * Port to Unix! * Dynamic SSH port forwarding. * Ability to leave DNS lookups to the proxy, when using a proxy. * Sped up PSFTP. * Fixed various bugs, notably one which was impeding port-forwarding of SMB. * Some default settings changes: SSH and SSH2 are now default, BCE is off.