Update to 2.4.2
- New upstream release 2.4.2
- Fix exploit (GH#1283, CVE-2018-1000805) in Paramiko’s server mode (not
client mode) where hostile clients could trick the server into thinking
they were authenticated without actually submitting valid authentication
- Modify protocol message handling such that Transport does not respond to
MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED; this behavior probably
didn’t cause any outright errors, but it doesn’t seem to conform to the
RFCs and could cause (non-infinite) feedback loops in some scenarios
(usually those involving Paramiko on both ends)
- Add *.pub files to the MANIFEST so distributed source packages contain
some necessary test assets (GH#1262)
- Test suite now requires mock ≥ 2.0.0