Copssh version 7.2.0 installers come with OpenSSH 8.2p, LibreSSL 3.0.2 and most recent versions of Cygwin and GNU tools. We have also updated Copssh Control Panel with some minor fixes.

-- Incompatibility note for Copssh versions 6.x and earlier --

As of version 7.0, Copssh uses Cygwin 3.x libraries, introducing major and backwards-incompatible changes, thus requiring a reinstallation. You can follow our instructions here, to refresh your installation withour losing your existing setup.

Thanks to major changes in Cygwin, Copssh doesn't need a dedicated service account any longer and is run by the local system account.

The logic behind the sftp home directory isolation is now improved by introducing symbolic link folders: Each activated user gets a symbolic link folder /home/___username , pointing to the home directory provided via the User Activation wizard, resulting with a more stable and less error-prone solution.  A small patch avoiding messages "bad ownership or modes for chroot directory" (non-relevant for a Copssh installation), is also introduced. NB! As always mentioned, even if the home directory isolation works as expected, you should use NTFS permissions on your file systems to achieve better security.

--- Potentially-incompatible changes in OpenSSH 8.2.0

This release includes a number of changes that may affect existing
configurations:

* ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted
CASignatureAlgorithms list.

* ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
from the default key exchange proposal for both the client and
server.

* ssh-keygen(1): the command-line options related to the generation
and screening of safe prime numbers used by the
diffie-hellman-group-exchange-* key exchange algorithms have
changed. Most options have been folded under the -O flag.

* sshd(8): the sshd listener process title visible to ps(1) has
changed to include information about the number of connections that
are currently attempting authentication and the limits configured
by MaxStartups.

* ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one). It needs to be installed
in the expected path, typically under /usr/libexec or similar.

Copssh version 7.1.0 installers come with OpenSSH 8.1 with some security related updates:

• ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program.
• ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).

LibreSSL is also updated to 3.0.1, including  a port of Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1.

-- Incompatibility note for Copssh versions 6.x and earlier --

As of version 7.0, Copssh uses Cygwin 3.x libraries, introducing major and backwards-incompatible changes, thus requiring a reinstallation. You can follow our instructions here, to refresh your installation withour losing your existing setup.

Thanks to major changes in Cygwin, Copssh doesn't need a dedicated service account any longer and is run by the local system account.

The logic behind the sftp home directory isolation is now improved by introducing symbolic link folders: Each activated user gets a symbolic link folder /home/___username , pointing to the home directory provided via the User Activation wizard, resulting with a more stable and less error-prone solution.  A small patch avoiding messages "bad ownership or modes for chroot directory" (non-relevant for a Copssh installation), is also introduced. NB! As always mentioned, even if the home directory isolation works as expected, you should use NTFS permissions on your file systems to achieve better security.

Copssh version 7.0.0 installers come with the latest Cygwin 3.x libraries, introducing major and backwards-incompatible changes, requiring a reinstallation. You can follow our instructions here, to refresh your installation withour losing your existing setup.

Thanks to major changes in Cygwin, Copssh doesn't need a dedicated service account any longer and is run by the local system account.

The logic behind the sftp home directory isolation is now improved by introducing symbolic link folders: Each activated user gets a symbolic link folder /home/___username , pointing to the home directory provided via the User Activation wizard, resulting with a more stable and less error-prone solution.  A small patch(link is external) avoiding messages "bad ownership or modes for chroot directory" (non-relevant for a Copssh installation), is also introduced. NB! As always mentioned, even if the home directory isolation works as expected, you should use NTFS permissions on your file systems to achieve better security.

Copssh version 6.5.0 installers come with OpenSSH 8.0p1, which contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111), in addition to many new features and bug fixes. SSL Library LibreSSL is also updated to its latest available version, 2.9.1. Copssh Control Panel displays now related eventlog entries in local time instead of GMT, and the password length for the service account and the privilege separation account is increased to 36 chars (lower and uppercase and digits). The Copssh product bundle has now only installers with 64-bit binaries. 32-bit binaries are not offered any longer.

Copssh version 6.4.0 installers come with OpenSSH 7.9p1 which is primarily a bug fix release. SSL Library LibreSSL is also updated to its latest available version, 2.8.2., in addition to Cygwin and GNU tools which have got a major refresh.