This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: * Version 31: * New Features: * Added maven-checkstyle-plugin to pluginManagement * Improvements: * Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins * Using an SPDX identifier as the license name is recommended by Maven * Use properties to define the versions of plugins * Bugs fixed: * Updated documentation for previous changes apache-sshd was updated from version 2.7.0 to 2.12.0: * Security issues fixed: * CVE-2023-48795: Implemented OpenSSH "strict key exchange" protocol in apache-sshd version 2.12.0 * CVE-2022-45047: Java unsafe deserialization vulnerability fixed in apache- sshd version 2.9.2 * Other changes in version 2.12.0: * Bugs fixed: * SCP client fails silently when error signalled due to missing file or lacking permissions * Ignore unknown key types from agent or in OpenSSH host keys extension * New Features: * Support GIT protocol-v2 * Other changes in version 2.11.0: * Bugs fixed: * Added configurable timeout to DefaultSftpClient * Compare file keys in ModifiableFileWatcher. * Fixed channel pool in SftpFileSystem. * Use correct default OpenOptions in SftpFileSystemProvider.newFileChannel. * Use correct lock modes for SFTP FileChannel.lock. * ScpClient: support issuing commands to a server that uses a non-UTF-8 locale. * SftpInputStreamAsync: fix reporting EOF on zero-length reads. * Work-around a bug in WS_FTP and less than = 12.9 SFTP clients. * SFTP performance fix: override FilterOutputStream.write. * Fixed a race condition to ensure SSH_MSG_CHANNEL_EOF is always sent before SSH_MSG_CHANNEL_CLOSE. * Fixed error handling while flushing queued packets at end of KEX. * Fixed wrong log level on closing an Nio2Session. * Fixed detection of Android O/S from system properties. * Consider all applicable host keys from the known_hosts files. * SftpFileSystem: do not close user session. * ChannelAsyncOutputStream: remove write future when done. * SSHD-1332 Resolve ~ in IdentityFile file names in HostConfigEntry. * New Features: * Use KeepAliveHandler global request instance in client as well * Publish snapshot maven artifacts to the Apache Snapshots maven repository. * Bundle sshd-contrib has support classes for the HAProxy protocol V2. * Other changes in version 2.10.0: * Bugs fixed: * Connection attempt not canceled when a connection timeout occurs * Possible OOM in ChannelPipedInputStream * SftpRemotePathChannel.transferFrom ignores position argument * Rooted file system can leak informations * Failed to establish an SSH connection because the server identifier exceeds the int range * Improvements: * Password in clear in SSHD server"s logs * Other changes in version 2.9.2: * Bugs fixed: * SFTP worker threads got stuck while processing PUT methods against one specific SFTP server * Use the maximum packet size of the communication partner * ExplicitPortForwardingTracker does not unbind auto-allocated one * Default SshClient FD leak because Selector not closed * Reading again from exhausted ChannelExec#getInvertedOut throws IOException instead of returning -1 * Keeping error streams and input streams separate after ChannelExec#setRedirectErrorStream is called * Nio2Session.shutdownOutput should wait for writes in progress * Test: * Research intermittent failure in unit tests using various I/O service factories * Other changes in version 2.9.1: * Bugs fixed: * ClientSession.auth.verify is terminated with timeout * 2.9.0 release broken on Java 8 * Infinite loop in org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead * Deadlock during session exit * Race condition is logged in ChannelAsyncOutputStream * Other changes in version 2.9.0: * Bugs fixed: * Deadlock on disconnection at the end of key-exchange * Remote port forwarding mode does not handle EOF properly * Public key authentication: wrong signature algorithm used * Client fails window adjust above Integer.MAX_VALUE * class loader fails to load org.apache.sshd.common.cipher.BaseGCMCipher * Shell is not getting closed if the command has already closed the OutputStream it is using. * Sometimes async write listener is not called * Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to SocketTimeoutException * different host key algorithm used on rekey than used for the initial connection * OpenSSH certificate is not properly encoded when critical options are included * TCP/IP remote port forwarding with wildcard IP addresses doesn"t work with OpenSSH * UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from an agent * New Features: * Added support for Argon2 encrypted PUTTY key files * Added support for merged inverted output and error streams of remote process * Improvements: * Added support for "limits at openssh.com" SFTP extension * Support host-based pubkey authentication in the client * Send environment variable and open subsystem at the same time for SSH session * Other changes in version 2.8.0: * Bugs fixed: * Fixed wrong server key algorithm choice * Expiration of OpenSshCertificates needs to compare timestamps as unsigned long * SFTP Get downloads empty file from servers which supports EOF indication after data * skip doesn"t work properly in SftpInputStreamAsync * OpenMode and CopyMode is not honored as expected in version greater than 4 of SFTP api * SftpTransferTest sometimes hangs * Race condition in KEX * Fix the ciphers supported documentation * Update tarLongFileMode to use POSIX * WinsCP transfer failure to Apache SSHD Server * Pubkey auth: keys from ssh-agent are used even if HostConfigEntry.isIdentitiesOnly is true * Support RSA SHA2 signatures via SSH agent * NOTICE: wrong copyright year range * Wrong creationTime in writeAttrs for SFTP * sshd-netty logs all traffic on INFO level * New Features: * Add support for chacha20-poly1305 at openssh.com * Parsing of ~/.ssh/config Host patterns fails with extra whitespace * Support generating OpenSSH client certificates * Improvements: * Add support for curve25519-sha256 at libssh.org key exchange * OpenSSH certificates: check certificate type * OpenSSHCertificatesTest: certificates expire in 2030 * Display IdleTimeOut in more user-friendly format * sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in ChannelAsyncOutputStream constructor configurable from outside using variable/config file * Intercepting the server exception message from server in SSHD client * Implement RFC 8332 server-sig-algs on the server * Slow performance listing huge number of files on Apache SSHD server * SFTP: too many LSTAT calls * Support key constraints when adding a key to an SSH agent * Add SFTP server side file custom attributes hook