cwRsync 5.4.1 installers and the free edition are updated with the latest versions of Cygwin (1.7.32), tools, OpenSSH (6.7p) and OpenSSL (1.0.1i).

Copssh version 5.0.0 contains the latest available OpenSSH version 6.7 with many features and bug fixes. Please pay special attention to backward-incompatible changes like removing unsafe algorithms from the default set of ciphers/MACs and removing support for tcpwrappers.

We have also updated most of the GNU Tools and Cygwin to their latest available versions, including bash coming with a ShellShock immune version:

You can now specify user-specific advanced options in the Copssh Control Panel (available only for the product version!):

We have updated our cwDup package with the latest available binaries. cwDup is a Duplicity implementation for Windows systems. Duplicity is an encrypted bandwidth-efficient backup solution using the rsync algorithm.

Nagwin version 2.3.0 contains the latest available Nagios Core 4.0.8 with feature enhancements and bug fixes. You can now experiment new JSON CGIs as well. Cygwin and GNU Tools are also updated to their latest versions, including OpenSSL 1.0.1i with nine security fixes.

Copssh version 4.9.4 comes with OpenSSL 1.0.1i fixing nine security vulnerabilities.  In addition, Cygwin and many GNU tools are updated to their latest versions.

Copssh version 4.9.3 comes with an updated Control Panel with following improvements:

• It is now possible to instruct the Control panel not to convert user names to lowercase. If you add the parameter below to the bin/copsshcp.config file, no conversion will find place:

[Options]
LowercaseUsername=0

The default behaviour is still conversion to lowercase.

• A chrooted sftp environment allowing isolated directories (access type Sftp) was only supported if the default service account (SvcCOPSSH) is selected. It is now supported for all kinds of service accounts including domain users.

• Copssh takes a service restart if a chrooted environment (access type Sftp) is specified during user activation, to avoid error messages about improper permissions on a chrooted directory.

cwRsync 5.4.0 installers contain the latest Rsync 3.1.1. It reintroduces socketpairs again in Cygwin setup as an attempt for better performance. We have also updated OpenSSL to 1.0.1h.

Changelog for Rsync 3.1.1

Nagwin version 2.2.1 contains the latest available Nagios Core 4.0.7 with bug fixes. It has also OpenSSH 1.0.1h addressing multiple security vulnerabilities (in the case you use Secure HTTPS via Nginx)

Changelog for Nagios Core:

FIXES

• Fixed bug #616: Unescape plugin output read from checkresult files, fix multiline perf data concatenation, and avoid extra memory allocation and copies. (Eric Mislivec)
• Fixed bug #609: Image on home page doesn't have correct image path prefix. (Derek Brewer)
• Fixed bug #608: Extra newline in service check timeout output string. (Mauno Pihelgas)
• Fixed bug #596: Crashes checking contact authorization for host escalations. (Alexey Dvoryanchikov - duplicates #590, #586)
• Fixed bug #496: Syntax error in exfoliation's common.css. (Karsten Weiss)

Copssh version 4.9.2 contains version 1.0.1h of OpenSSL addressing 6 security vulnerabilities announced recently.

The Secure Shell (SSH) is a different protocol from SSL or TLS.  OpenSSH relies on the OpenSSL library for access to the cryptographic primitives it provides, not for the TLS or SSL implementations.

Copssh is not vulnerable to those flaws.

Copssh 4.9.1 patch 1001 contains version 1.0.1h of OpenSSL addressing 7 security vulnerabilities announced recently. Even if most of the vulnerabilities affects the TLS implementation which are not used by Copssh, SSL/TLS MITM vulnerability (CVE-2014-0224) can affect ssl clients and servers.