Releases: billchurch/webssh2
Update app.js and mitigate js-yaml issue
Changes
- Missing require('fs') in
server/app.jsSee issue #135 - Patched read-config to mitigate vulnerability in js-yaml
- issue not exploitable on webssh2 implementation
- patched anyway
- sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
- See nodeca/js-yaml#475 for more detail
0.2.8
Changes
- Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue #118. Thanks @smilesm2 for the idea.
- fixes broken
npm run (build|builddev)- update font-awesome fonts to 5.6.3
- update webpack and dependancies
- update xterm to 3.8.0
Fixes
- ILX workspace may not always import properly due to symbolic links (specifically ./node_modules/.bin). This is removed from the ILX package
options.allowreauth fix, updates
Changes
config.reauthwas not respected if initial auth presented was incorrect, regardless ofreauthsetting inconfig.jsonreauth would always be attempted. fixes #117- BREAKING moved app files to /app, this may be a breaking change
- Updated dockerfile for new app path
- Updated app dependancies
- xterm v3.8.0
- basic-auth v2.0.1
- express v4.16.4
- validator v10.9.0
- Updated dev dependancies
- snazzy v8.0.0
- standard v12.0.1
- uglifyjs-webpack-plugin v2.0.1
- ajv v6.5.5
- copy-webpack-plugin v4.6.0
- css-loader v1.0.1
- nodemon v1.18.6
- postcss-discard-comments v4.0.1
- snyk v1.108.2
- url-loader v1.1.2
- webpack v4.25.1
- webpack-cli v3.1.2
Reauth Update
Allow reauth option
[0.2.5] 20180911
Added
- Reauth function thanks to @vbeskrovny and @vvalchev (9bbc116)
- Controlled by
config.jsonoptionoptions.allowreauthtrue presents reauth dialog and false hides dialog
- Controlled by
Changed
options.challengeButtonenabled- previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the
allowreplayheader value
- previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the
- Updated debug module to v4
WebSSH2 Update /
Added
- Browser title window now changes with xterm escape sequences (see http://tldp.org/HOWTO/Xterm-Title-3.html)
- Added bellStyle options
GET var: bellStyle - string - Style of terminal bell: ("sound"|"none"). Default: "sound". Enforced Values: "sound", "none"config.json: terminal.bellStyle - string - Style of terminal bell: (sound|none). Default: "sound".workspacefolder on GITHUB for BIG-IP specific fixes/changes
Changed
- Updated xterm.js to 3.1.0
- Default listen IP in
config.jsonchanged back to 127.0.0.1
Fixed
- ESC]0; is now removed from log files when using the browser-side logging feature
Resize and Browser Updates
Change Log
[0.2.0] 2018-02-10
Mostly client (browser) related changes in this release
Added
- Menu system
- Fontawesome icons
- Resizing browser window sends resize events to terminal container as well as SSH session (pty)
- New terminal options (config.json as well as GET vars)
- terminal.cursorBlink - boolean - Cursor blinks (true), does not (false) Default: true.
- terminal.scrollback - integer - Lines in the scrollback buffer. Default: 10000.
- terminal.tabStopWidth - integer - Tab stops at n characters Default: 8.
- New serverside (nodejs) terminal configuration options (cursorBlink, scrollback, tabStopWidth)
- Logging of MRH session (unassigned if not present)
- Express compression feature
Changed
- Updated xterm.js to 3.0.2
- Moved javascript events out of html into javascript
- Changed asset packaging from grunt to Webpack to be inline with xterm.js direction
- Moved logging and credentials buttons to menu system
- Removed non-minified options (if you need to disable minification, modify webpack scripts and 'npm run build')
Fixed
- Resolved loss of terminal foucs when interacting with option buttons (Logging, etc...)
BIG-IP Notes
The attached BIG-IP-ILX-WebSSH2-20180210-0.2.0.tgz file may be imported to as an iRulesLX Workspace on a BIG-IP v12.1+ with iRules LX provisioned.
iRulesLX streaming interface is not yet supported, so this will just run as a daemon essentially.
Instructions for deploying on a BIG-IP may be found at: https://github.com/billchurch/WebSSH2/wiki/Deploying-to-a-BIG-IP-running-12.1-or-13.0
SHA-256 hashes:
733a9aa1f9db001e469a8e825d304c497dc9c743f46e6a7d973927015d5fb765 BIG-IP-ILX-WebSSH2-current.tgz
733a9aa1f9db001e469a8e825d304c497dc9c743f46e6a7d973927015d5fb765 BIG-IP-ILX-WebSSH2-20180210-0.2.0.tgz
Keepalive support
[0.1.4] 2018-01-30
Changed
- Moved socket and util out of folders into .js in root.
- added keepaliveInterval and keepaliveCountMax config options
BIG-IP Notes
The attached BIG-IP-ILX-WebSSH2-20180130-0.1.4.tgz file may be imported to as an iRulesLX Workspace on a BIG-IP v12.1+ with iRules LX provisioned.
iRulesLX streaming interface is not yet supported, so this will just run as a daemon essentially.
Instructions for deploying on a BIG-IP may be found at: https://github.com/billchurch/WebSSH2/wiki/Deploying-to-a-BIG-IP-running-12.1-or-13.0
b9b41e3c07df916c498c98c4f112778aaad5ae8f0930ca2e5f7a3f24f8bf3c0f BIG-IP-ILX-WebSSH2-20180130-0.1.4.tgz
Updated packages for ReDoS
Changed
- Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
- Upgrade Express to 4.15.5 for ReDOS
- Upgrade basic-auth to v2.0
BIG-IP Notes
The attached BIG-IP-ILX-WebSSH2-20170928-0.1.3.tgz file may be imported to as an iRulesLX Workspace on a BIG-IP v12.1+ with iRules LX provisioned.
iRulesLX streaming interface is not yet supported, so this will just run as a daemon essentially.
Instructions for deploying on a BIG-IP may be found at: https://github.com/billchurch/WebSSH2/wiki/Deploying-to-a-BIG-IP-running-12.1-or-13.0
SHA-256 signature:
b3be2a816d74f32ba6abf4f65c2b89152591d2fc76bce6236831c339cba9d673 *BIG-IP-ILX-WebSSH2-20170928-0.1.3.tgz
Add readyTimeout option and get var, update packages, use strict
Added
- ssh.readyTimeout option in config.json (time in ms, default 20000, 20sec)
Changed
- Updated xterm.js to 2.9.2 from 2.6.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.2
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.9.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.1
- See https://github.com/sourcelair/xterm.js/releases/tag/2.8.0
- See https://github.com/sourcelair/xterm.js/releases/tag/2.7.0
- Updated ssh2 to 0.5.5 to keep current, no fixes impacting WebSSH2
- ssh-streams to 0.1.19 from 0.1.16
- Updated validator.js to 8.0.0, no fixes impacting WebSSH2
- Updated Express to 4.15.4, no fixes impacting WebSSH2
- Updated Express-session to 1.15.5, no fixes impacting WebSSH2
- Updated Debug to 3.0.0, no fixes impacting WebSSH2
- Running in strict mode ('use strict';)
BIG-IP Notes
The attached BIG-IP-ILX-WebSSH2-20170821-0.1.2.tgz file may be imported to as an iRulesLX Workspace on a BIG-IP v12.1+ with iRules LX provisioned.
iRulesLX streaming interface is not yet supported, so this will just run as a daemon essentially.
Instructions for deploying on a BIG-IP may be found at: https://github.com/billchurch/WebSSH2/wiki/Deploying-to-a-BIG-IP-running-12.1-or-13.0
SHA-256 signature:
e81e8e6aeb88e948316413ba69c2ca27f1b4a648dd6a2c2f53b239b2e9ff2fe5 *BIG-IP-ILX-WebSSH2-20170821-0.1.2.tgz