Bump org.apache.sshd:sshd-sftp from 2.9.2 to 2.15.0

[dependabot]

Bumps org.apache.sshd:sshd-sftp from 2.9.2 to 2.15.0.

Release notes

Sourced from org.apache.sshd:sshd-sftp's releases.

Apache MINA SSHD 2.15.0

What's Changed

• GH-618: Fix reading an OpenSshCertificate from a Buffer by @​tomaswolf in apache/mina-sshd#619
• Add interface to configure details of JGit's pack implementation by @​JohnnyJayJay in apache/mina-sshd#617
• ML-KEM key exchanges using Bouncy Castle 1.79 by @​tomaswolf in apache/mina-sshd#629
• GH-628: Fix reading directories with trailing blanks in the name by @​tomaswolf in apache/mina-sshd#630
• GH-626: Enable Streaming.Async for ChannelDirectTcpip by @​tomaswolf in apache/mina-sshd#631
• Sftp server ‘ls’ command timeout by @​Main-Tomi in apache/mina-sshd#634
• GH-636: Handle unknown key types in known_hosts by @​tomaswolf in apache/mina-sshd#638
• GH-643: provide interfaces for caching file attributes on paths by @​tomaswolf in apache/mina-sshd#645
• Bouncy Castle EdDSA / Ed25519 Support by @​ianjoneill in apache/mina-sshd#639
• Abstract revoked key handling in KnownHostsServerKeyVerifier by @​joeljohansson99 in apache/mina-sshd#653

New Contributors

• @​JohnnyJayJay made their first contribution in apache/mina-sshd#617
• @​Main-Tomi made their first contribution in apache/mina-sshd#634
• @​ianjoneill made their first contribution in apache/mina-sshd#639
• @​joeljohansson99 made their first contribution in apache/mina-sshd#653

Full Changelog: apache/mina-sshd@sshd-2.14.0...sshd-2.15.0

SSHD 2.14.0

Full Changelog: apache/mina-sshd@sshd-2.13.2...sshd-2.14.0

Bug Fixes

• GH-524 Performance improvements
• GH-533 Fix multi-step authentication
• GH-582 Fix filtering in NamedFactory
• GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession
• GH-590 Better support for FIPS
• GH-597 Pass on Charset in ClientSession.executeRemoteCommand()

New Features

• New utility methods SftpClient.put(Path localFile, String remoteFileName) and SftpClient.put(InputStream in, String remoteFileName) facilitate SFTP file uploading.

GH-590 Better support for FIPS

Besides fixing a bug with bc-fips (the RandomGenerator class exists in normal Bouncy Castle, but not in the FIPS version, but Apache MINA sshd referenced it even if only bc-fips was present), support was improved for running in an environment restricted by FIPS.

There is a new system property org.apache.sshd.security.fipsEnabled. If set to true, a number of crypto-algorithms not approved by FIPS 140 are disabled:

• key exchange methods sntrup761x25519-sha512, sntrup761x25519-sha512@​openssh.com, curve25519-sha256, curve25519-sha256@​libssh.org, curve448-sha512.
• the chacha20-poly1305 cipher.
• the bcrypt KDF used in encrypted private key files in OpenSSH format.

... (truncated)

Changelog

Sourced from org.apache.sshd:sshd-sftp's changelog.

Previous Versions

• Version 2.1.0 to 2.2.0
• Version 2.2.0 to 2.3.0
• Version 2.3.0 to 2.4.0
• Version 2.4.0 to 2.5.0
• Version 2.5.0 to 2.5.1
• Version 2.5.1 to 2.6.0
• Version 2.6.0 to 2.7.0
• Version 2.7.0 to 2.8.0
• Version 2.8.0 to 2.9.0
• Version 2.9.0 to 2.9.1
• Version 2.9.1 to 2.9.2
• Version 2.9.2 to 2.10.0
• Version 2.10.0 to 2.11.0
• Version 2.11.0 to 2.12.0
• Version 2.12.0 to 2.12.1
• Version 2.12.1 to 2.13.0
• Version 2.13.0 to 2.13.1
• Version 2.13.1 to 2.13.2
• Version 2.13.2 to 2.14.0

Latest Released Version

• Version 2.14.0 to 2.15.0

Planned for Next Version

Bug Fixes

• GH-650 Use the correct key from a user certificate in server-side pubkey auth

• GH-663 Fix racy IoSession creation

• GH-664 Skip MAC negotiation if an AEAD cipher was negotiated

• GH-677 Fix current directory handling in ScpShell for WinSCP

• GH-678 ScpShell: write month names in English for WinSCP

• GH-690 Handle append mode for buggy SFTP v3 servers

• GH-700 Fix race in AbstractCloseable.doCloseImmediately()

• GH-709 AbstractChannel: Handle keep-alive channel messages sent by an old OpenSSH server

• GH-727 Supply default port 22 for proxy jump hosts for which there is no HostConfigEntry

• GH-733 Fix SftpRemotePathChannel.transferTo() (avoid NPE)

• GH-751 Fix SFTP v3 "long name" if SFTP server uses an SftpFileSystem to another server

• SSHD-1343 Correct documentation in ChannelDataReceiver

New Features

• GH-705 New method TcpipServerChannel.getPort() returning the ChannelToPortHandler

... (truncated)

Commits

• c651f7c [maven-release-plugin] prepare release sshd-2.15.0
• 2835991 Bump version to 2.15.0-SNAPSHOT
• 909b5e2 Abstract revoked key handling in KnownHostsServerKeyVerifier
• 11a9277 Update documentation
• 3427b21 Bump Bouncy Castle 1.79 -> 1.80
• e59dd00 GH-654: sshd-contrib: use test scope for assertj dependency
• e5f805e OpenSshmlKemTest: use alpine 3.21
• 7b19f6b Update CHANGES.md
• fb21e1f Merge pull request #639 from ianjoneill/f-ed25519-bc
• 9c49609 Update docs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #63.