Terrapin weakness mitigation
The attack is only possible when one of the following OpenSSH ciphers is in use:
firstname.lastname@example.org(symmetric encryption cipher)
Fortunately, in practice, the actual impact of the weakness on most SSH implementation seems to be negligible. No version of Rebex SSH relies on RFC 8308 extension negotiation mechanism yet, so this weakness can only be used by an attacker to disrupt authentication, causing the SSH session to fail.
Strict key exchange extension is enabled by default. It can be disabled using
Please note that this extension only resolves the weakness if both the client and server SSH implementation support it. When connecting
a vulnerable client to an updated server (or vice versa), Terrapin attack is still possible. To mitigate this as well, disable the three
ciphers listed above.
Improved Native AOT compatibility
This update improves compatibility with .NET 8's Native AOT deployment model, which makes it possible to compile applications to native code ahead-of-time (AOT). Most common features should already work in Native AOT mode.
For a detailed list of changes, see the release history.