• f1a0f18: fixed #716 - ensure dynamic AgentClient refs are generally Send (#717) (Eugene) #717
• 6dc4919: expose channel number from ChannelId (Eugene)

• support SEC1 EC keys with full domain parameters (#719) #719 (Moder Steven)
• aa48fa7: make DhGroup fields public (Eugene)
• ca8ae67: update auth_publickey_offered doc (Eugene)
• 761483a: fixed #720 - bump deps (#721) (Eugene) #721

When compression is negotiated, an attacker can craft a "ZIP bomb" style packet that would bypass the maximum packet size checks. This could allow the attacker to hit the OOM limit and either get the server process killed by the OS, or, prior to russh@0.58.0, aborted. A similar issue existed in the AgentClient as well, which could be triggered by a malformed SSH agent response.

• keys/agent: forward full agent signature blob for sk-ecdsa/sk-ed25519 keys (#701) #701 (ztbh)
• accept empty name-list in KEXINIT (RFC 4251 §5) (#710) #710 (Bernardo Meurer)

• 32fd46f: Reduce russh write-path copies with direct Bytes sends (#695) (Mika Cohen) #695

  • New APIs allow zero-copy writes into channels:
    • Channel::data_bytes
    • Channel::extended_data_bytes
    • ChannelWriteHalf::data_bytes
    • ChannelWriteHalf::extended_data_bytes

• deps: migrate to stable versions pkcs5 / pkcs8 / ed25519 and loosen prerelease pins (extends #697) (#702) #702 (escapecode)

• 72b250a: migrate to upstream ssh-key crate and update RustCrypto crates (#709) (Eugene) #709

Part of the hardening efforts by @mjc

• When a client changed their username between authentication requests, russh server implementation would not correctly reset its internal state (allowed methods and "partial success" state), which could lead to incorrect responses to the client.
  • Note that you still need to handle the case where the client sends a subsequent authentication request with a different username and reset any accumulated authentication state your application might have

• When a client sent a keyboard-interactive authentication request, the prompt counter was used to directly allocate memory without verifying it, which can lead to denial of service.

• russh server did not enfore the SSH protocol header validation strictly enough, allowing a client to hold the connection open indefinitely, wasting resources.

• "Name list" fields such as algorithm lists were only bounded by the packet size. While the SSH protocol does not impose a limit, in practice it could allow a client to waste resources by spamming huge KEXINIT messages via multiple connections.

• 4186cf2: Refactor block-cipher packet-length probing to avoid unsafe state duplication (#706) (Mika Cohen) #706
• reject trailing KEX and channel-open payloads (Mika Cohen)
• reject trailing encrypted message payloads (Mika Cohen)

• a2d48a7 (Mika Cohen)

When compression is negotiated, an attacker can craft a "ZIP bomb" style packet that would bypass the maximum packet size checks. This could allow the attacker to hit the OOM limit and either get the server process killed by the OS, or, prior to russh@0.58.0, aborted. A similar issue existed in the AgentClient as well, which could be triggered by a malformed SSH agent response.

• negotiation: exclude SHA-1 MACs from Preferred::DEFAULT (#690) #690 (Derek Zar—Codebridge)

• c31cbc9: Fix channel write ordering with pending data (#693) (Mika Cohen) #693
• 2a49916: fixed #697 - pin all pre-release dependencies (Eugene)

This DoS vulnerability allowed an unauthenticated user to trigger an out-of-memory condition in a russh based server if keyboard-interactive authentication is allowed. A malicious authentication packet could trigger a multi-GB memory allocation likely leading to the process getting killed by the OOM killer.

• a9057ed: fixed #687 - PKCS8 key encryption not working (#688) (Eugene) #688

• dad8de6: use rand 0.10 (#673) (Joe Grund) #673

• kex: separate GEX peer request validation from client config (#684) #684 (Artem Medvedev)

• auth: add certificate-based authentication via SSH agent (#632) #632 (wi-adam)
• 6996711: Replace libcrux-ml-kem with RustCrypto ml-kem (#660) (kpcyrd) #660

• 084dbcf: Replace Deprecated Function Calls to criterion::black_box() (#683) (Roger Knecht) #683
• debc93c: Update dev-dependencies (env_logger, clap, termion) (#671) (kpcyrd) #671
• 24d7527: Forward ChannelMsg::Close to channel before dropping sender (#674) (Corey Leavitt) #674
• bb9cc42: Fix and harden deferred channel EOF/CLOSE replay after rekey (#670) (Mika Cohen) #670
• 3047787: Reduce size of ReadSshIdBuffer, add unit tests (#672) (kpcyrd) #672
• bcdc9b9: Bump aws-lc-rs to fix RUSTSEC-2026-0044 and RUSTSEC-2026-0048 (#681) (Roger Knecht) #681

• 6270229: Update Rust dependencies (#676) (Roger Knecht) #676

• eliminate mlock/munlock overhead for non-secret buffers (~21% throughput improvement) (#653) #653 (Mika Cohen)

  • Non-sensitive data buffers are no longer wrapped in CryptoVec, reducing the performance overhead. A few public functions that took CryptoVec now take impl Into<Bytes> instead.

• 6f70150: Remove heap allocations from SshId (#656) (kpcyrd) #656

  • SshId::Standard() now contains a Cow<'static, str> instead of a String.

• 0f51860: Expose HostConfig fields to external consumers (#652) (François Bernier) #652

• e75de5a: Add russh/serde feature to enable serde on russh::keys::PublicKey (#655) (kpcyrd) #655

• replace memset with zeroize in resize() method (#634) #634 (Eric Rodrigues Pires)

• bump thiserror to latest version (#651) #651 (Roger Knecht)

• b7ce487: Remove Home Crate Dependency (#667) (Roger Knecht) #667

• bebe8c0: fixed #658 - make Handle::tcpip_forward and Handle::streamlocal_forward take &self (Eugene)

• use remote channel ID in CHANNEL_REQUEST replies (#662) #662 (Mota-Link)
• accept full 256k channel packets (#666) #666 (Mika Cohen)
• aa43795: Harden Windows memory locking: fix ERROR_WORKING_SET_QUOTA and edge cases (#661) (Corey Leavitt) #661

• prevent deadlock when using make_writer for large transfers (#630) #630 (wyebin)
• do not send keepalive before authentication (#642) #642 (Lyn)
• 46573ed: Fix zlib vs zlib@openssh.com compression timing (#564) (#646) (Guilherme Fontes) #646

• 591ec26: Improve CryptoVec performance (#627) (Eric Rodrigues Pires) #627