Vulnerabilities

• [Critical] CVE-2025-14942. wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to...

Vulnerabilities

• [Critical] CVE-2025-11625 The client's host verification can be bypassed by a malicious server, and client credentials leaked. This affects client applications with wolfSSH version 1.4.20 and earlier. Users of wolfSSH on the client side must update or apply the fix patch and it’s recommended to update credentials used. Fixed in PR (https://github.com/wolfSSL/wolfssh/pull/84...

New Features

• Added DH Group 16 and HMAC-SHA2-512 support (PR 768)
• Added RFC-4256 keyboard-interactive authentication support (PR 763)

Enhancements and Fixes

• Enhancement to pass dynamic memory heap hint to init RNG call (PR 749)
• Update SCP example to properly free memory upon failure (PR 750)
• Address memory management during socket timeouts in wolfSSHd (PR 752)
• Modify...

To download the release bundle of wolfSSH visit the download page at www.wolfssl.com/download/

New Features

• Add DH Group 14 with SHA256 KEX support (PR 731)

Improvements

• Use of the new SSH-KDF function in wolfCrypt (PR 729)
• Adds macro guards to the non-POSIX value checks and updates with TTY modes (PR 739)
• Add CI test against master and last two wolfSSL releases (PR 7...

wolfSSH v1.4.18 (July 22, 2024)

New Features

• Add wolfSSL style static memory pool allocation support.
• Add Ed25519 public key support.
• Add Banner option to wolfSSHd configuration.
• Add non-blocking socket support to the example SCP client.

Improvements

• Documentation updates.
• Update the Zephyr test action.
• Add a no-filesystem build to the Zephyr port.
• Update...