- sftp-server(8): in read-only mode, sftp-server was incorrectly permitting creation of zero-length files. Reported by Michal Zalewski.
Potentially-incompatible changes in OpenSSH:
This release includes a number of changes that may affect existing configurations:
- ssh(1): delete SSH protocol version 1 support, associated configuration options and documentation.
- ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.
- ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST ciphers.
- Refuse RSA keys <1024 bits in length and improve reporting for keys that do not meet this requirement.
- ssh(1): do not offer CBC ciphers by default.