(mina-site) branch master updated: Complete 2.18.0 changes list

[twolf]

This is an automated email from the ASF dual-hosted git repository.

tomaswolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 90d58b1e5 Complete 2.18.0 changes list
90d58b1e5 is described below

commit 90d58b1e56c7515b29782c9f50bda59672cb63d8
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Thu May 28 09:15:04 2026 +0200

    Complete 2.18.0 changes list
    
    Add the "New Features" and "Potential Compatibility Issues" sections.
---
 source/sshd-project/download_2.18.0.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/source/sshd-project/download_2.18.0.md 
b/source/sshd-project/download_2.18.0.md
index 96ae71714..964581abb 100644
--- a/source/sshd-project/download_2.18.0.md
+++ b/source/sshd-project/download_2.18.0.md
@@ -13,6 +13,32 @@ version: 2.18.0
  * [GH-879](https://github.com/apache/mina-sshd/issues/879) Close SSH channel 
gracefully on exception in port forwarding
  * Improve handling of repository paths in `sshd-git`.
 
+## New Features
+
+* [GH-892](https://github.com/apache/mina-sshd/issues/892) Align handling 
certificates without principals with OpenSSH 10.3
+
+Wildcard principals in host certificates are handled now.
+
+* Putty keys with non-ASCII passphrases
+
+The passphrase needs to be converted to a byte sequence to compute a 
decryption key for an encrypted private key. This
+conversion depends on the character encoding. Putty on Windows uses the ANSI 
codepage set when the key was generated.
+Apache MINA SSHD now tries multiple encodings in sequence: UTF-8, then the OS 
encoding, and finally ISO-8859-1 as a
+last-chance fallback.
+
+## Potential Compatibility Issues
+
+* [GH-892](https://github.com/apache/mina-sshd/issues/892) Align handling 
certificates without principals with OpenSSH 10.3
+
+OpenSSH 10.3 changed the way such certificates are handled; see the [OpenSSH 
10.3 release notes](https://www.openssh.org/txt/release-10.3).
+In Apache MINA SSHD, there is a new flag 
`CoreModuleProperties.ALLOW_EMPTY_CERTIFICATE_PRINCIPALS` (by default `false`)
+that can be set on an `SshClient` or `SshServer` or also on a `Session` 
directly. If the value is `false`, certificates
+without principals are rejected as in OpenSSH 10.3; if it is `true`, such 
certificates are considered to match any
+user or host name as in OpenSSH &lt; 10.3.
+
+Set the flag on an `SshClient` or `ClientSession` to determine the handling of 
host certificates. Set it on an
+`SshServer` or `ServerSession` to govern the handling of user certificates.
+
 # Getting the Distributions
 
 * Source distributions: