🍀 The Luck of the Irish Edition 🍀

Added

• Add configuration option to restrict connections to specified subnets thanks to @Mierdin
• favicon
  • added module serve-favicon to serve favicon from root if pre-fetched by browser
  • added link rel=icon line in client.htm to serve favico.ico out of /ssh/

Changed

• removed express compression feature, added no real value.
• module updates
  • ssh2 to 0.8.6 -> 0.8.8 - comparison at ssh2 repo
  • xterm 4.2.0 -> 4.4.0 - comparison at xtermjs repo
  • read-config-ng 3.0.1 - (taking over abandoned repo)n
• development module updates (does not impact production, only for development and rebuilding)
  • fortawesome/fontawesome-svg-core 1.2.27
  • fortawesome/free-solid-svg-icons 5.12.1
  • standard-version 7.1.0
  • webpack 4.42.0
    • webpack-cli 3.3.11
    • terser-webpack-plugin 2.3.5
    • copy-webpack-plugin 5.1.1
    • cross-env 7.0.2
    • css-loader 3.4.2
    • file-loader 5.1.0
    • style-loader 1.1.3
    • url-loader 3.0.0

Potentially Breaking Changes

• Move all child resources to start from under /ssh
  • /socket.io -> /ssh/socket.io
  • /webssh2.css -> /ssh/webssh2.css
  • /webssh2.bundle.js -> /ssh/webssh2.bundle.js
  • /reauth -> /ssh/reauth
  • perhaps more

Fixes

• Typo in config.json.sample, thanks @wuchihsu, fixes #173

Housekeeping

• Removed irrelavant build scripts from /scripts

Update app.js and mitigate js-yaml issue

Changes

• Missing require('fs') in server/app.js See issue #135
• Patched read-config to mitigate vulnerability in js-yaml
  • issue not exploitable on webssh2 implementation
  • patched anyway
  • sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
  • See nodeca/js-yaml#475 for more detail

0.2.8

Changes

• Fixes issue if no password is entered, browser must be closed and restart to attempt to re-auth. See issue #118. Thanks @smilesm2 for the idea.
• fixes broken npm run (build|builddev)
  • update font-awesome fonts to 5.6.3
  • update webpack and dependancies
  • update xterm to 3.8.0

Fixes

• ILX workspace may not always import properly due to symbolic links (specifically ./node_modules/.bin). This is removed from the ILX package

options.allowreauth fix, updates

Changes

• config.reauth was not respected if initial auth presented was incorrect, regardless of reauth setting in config.json reauth would always be attempted. fixes #117
• BREAKING moved app files to /app, this may be a breaking change
• Updated dockerfile for new app path
• Updated app dependancies
  • xterm v3.8.0
    • https://github.com/xtermjs/xterm.js/releases/tag/3.8.0
  • basic-auth v2.0.1
    • https://github.com/jshttp/basic-auth/releases/tag/v2.0.1
  • express v4.16.4
    • https://github.com/expressjs/express/releases/tag/4.16.4
  • validator v10.9.0
    • https://github.com/chriso/validator.js/releases/tag/10.9.0
• Updated dev dependancies
  • snazzy v8.0.0
  • standard v12.0.1
  • uglifyjs-webpack-plugin v2.0.1
  • ajv v6.5.5
  • copy-webpack-plugin v4.6.0
  • css-loader v1.0.1
  • nodemon v1.18.6
  • postcss-discard-comments v4.0.1
  • snyk v1.108.2
  • url-loader v1.1.2
  • webpack v4.25.1
  • webpack-cli v3.1.2

Reauth Update

Changes

• Reauth didn't work if intial auth presented was incorrect, (see issue #112) fixed thanks @vvalchev
• Update node version supported to >=6 (PR #115) thanks @perlun
• Update packages
  • developer dependencies

Allow reauth option

[0.2.5] 20180911

Added

• Reauth function thanks to @vbeskrovny and @vvalchev (9bbc116)
  • Controlled by config.json option options.allowreauth true presents reauth dialog and false hides dialog

Changed

• options.challengeButton enabled
  • previously this configuration option did nothing, this now enables the Credentials button site-wide regardless of the allowreplay header value
• Updated debug module to v4

WebSSH2 Update /

Added

• Browser title window now changes with xterm escape sequences (see http://tldp.org/HOWTO/Xterm-Title-3.html)
• Added bellStyle options
  • GET var: bellStyle - string - Style of terminal bell: ("sound"|"none"). Default: "sound". Enforced Values: "sound", "none"
  • config.json: terminal.bellStyle - string - Style of terminal bell: (sound|none). Default: "sound".
  • workspace folder on GITHUB for BIG-IP specific fixes/changes

Changed

• Updated xterm.js to 3.1.0
  • https://github.com/xtermjs/xterm.js/releases/tag/3.1.0
• Default listen IP in config.json changed back to 127.0.0.1

Fixed

• ESC]0; is now removed from log files when using the browser-side logging feature

Resize and Browser Updates

Change Log

[0.2.0] 2018-02-10

Mostly client (browser) related changes in this release

Added

• Menu system
• Fontawesome icons
• Resizing browser window sends resize events to terminal container as well as SSH session (pty)
• New terminal options (config.json as well as GET vars)
  • terminal.cursorBlink - boolean - Cursor blinks (true), does not (false) Default: true.
  • terminal.scrollback - integer - Lines in the scrollback buffer. Default: 10000.
  • terminal.tabStopWidth - integer - Tab stops at n characters Default: 8.
• New serverside (nodejs) terminal configuration options (cursorBlink, scrollback, tabStopWidth)
• Logging of MRH session (unassigned if not present)
• Express compression feature

Changed

• Updated xterm.js to 3.0.2
  • See https://github.com/xtermjs/xterm.js/releases/tag/3.0.2
  • See https://github.com/xtermjs/xterm.js/releases/tag/3.0.1
  • See https://github.com/xtermjs/xterm.js/releases/tag/3.0.0
• Moved javascript events out of html into javascript
• Changed asset packaging from grunt to Webpack to be inline with xterm.js direction
• Moved logging and credentials buttons to menu system
• Removed non-minified options (if you need to disable minification, modify webpack scripts and 'npm run build')

Fixed

• Resolved loss of terminal foucs when interacting with option buttons (Logging, etc...)

BIG-IP Notes

The attached BIG-IP-ILX-WebSSH2-20180210-0.2.0.tgz file may be imported to as an iRulesLX Workspace on a BIG-IP v12.1+ with iRules LX provisioned.

iRulesLX streaming interface is not yet supported, so this will just run as a daemon essentially.

Instructions for deploying on a BIG-IP may be found at: https://github.com/billchurch/WebSSH2/wiki/Deploying-to-a-BIG-IP-running-12.1-or-13.0

SHA-256 hashes:
733a9aa1f9db001e469a8e825d304c497dc9c743f46e6a7d973927015d5fb765 BIG-IP-ILX-WebSSH2-current.tgz

733a9aa1f9db001e469a8e825d304c497dc9c743f46e6a7d973927015d5fb765 BIG-IP-ILX-WebSSH2-20180210-0.2.0.tgz

Keepalive support

[0.1.4] 2018-01-30

Changed

• Moved socket and util out of folders into .js in root.
• added keepaliveInterval and keepaliveCountMax config options

BIG-IP Notes

The attached BIG-IP-ILX-WebSSH2-20180130-0.1.4.tgz file may be imported to as an iRulesLX Workspace on a BIG-IP v12.1+ with iRules LX provisioned.

iRulesLX streaming interface is not yet supported, so this will just run as a daemon essentially.

Instructions for deploying on a BIG-IP may be found at: https://github.com/billchurch/WebSSH2/wiki/Deploying-to-a-BIG-IP-running-12.1-or-13.0

b9b41e3c07df916c498c98c4f112778aaad5ae8f0930ca2e5f7a3f24f8bf3c0f BIG-IP-ILX-WebSSH2-20180130-0.1.4.tgz

Updated packages for ReDoS

Changed

• Upgrade to debug@3.1 to eliminate ReDoS in %o formatter
• Upgrade Express to 4.15.5 for ReDOS
• Upgrade basic-auth to v2.0

BIG-IP Notes

The attached BIG-IP-ILX-WebSSH2-20170928-0.1.3.tgz file may be imported to as an iRulesLX Workspace on a BIG-IP v12.1+ with iRules LX provisioned.

iRulesLX streaming interface is not yet supported, so this will just run as a daemon essentially.

Instructions for deploying on a BIG-IP may be found at: https://github.com/billchurch/WebSSH2/wiki/Deploying-to-a-BIG-IP-running-12.1-or-13.0

SHA-256 signature:
b3be2a816d74f32ba6abf4f65c2b89152591d2fc76bce6236831c339cba9d673 *BIG-IP-ILX-WebSSH2-20170928-0.1.3.tgz