Itefix Changelogs

Back to software index

Copssh Server 7

Copssh server 7 changelog

Release history grouped from the itefix master release export.

Back to software index

Latest release summary

FieldValue
SoftwareCopssh server 7
Latest releaseCopssh server 7.23.1 (security)
Release date2026-02-04

Latest release components

component namecomponent versioncomponent license
OpenSSH10.2p1OpenSSH license
OpenSSL3.0.19OpenSSL license
Cygwin3.6.6Cygwin license (GPL/LGPL)
Copssh Server Admin GUI1.0.2Itefix EULA
Copssh server7.23.1Itefix EULA

Changelog history

2026-02-04 Copssh server 7.23.1 (security)

  • openssl 3.0.19 (security)
  • cygwin 3.6.6

2025-10-11 Copssh server 7.23.0

  • OpenSSH 10.2p1
  • OpenSSL 3.0.18
  • Cygwin 3.6.5

2025-10-08 Copssh server 7.22.0

  • OpenSSH 10.1p1

2025-09-08 Copssh server 7.21.2

  • All binaries are digitally signed with our Windows code signing certificate.

2025-07-23 Copssh server 7.21.1

  • OpenSSH 10.0p2
  • OpenSSL 3.0.17
  • Cygwin 3.6.4

2025-04-14 Copssh server 7.21.0

  • OpenSSH 10.0p1
  • OpenSSL 3.0.16
  • Cygwin 3.6.1
  • Updated GNU tools

2025-02-19 Copssh server 7.20.0 (security)

  • OpenSSH 9.9p2 with security patches

2025-02-02 Copssh server 7.19.3

  • Cygwin 3.5.7
  • Updated GNU tools

2025-01-16 Copssh server 7.19.2

  • Fixed - 7.19.1 has had version 9.8 of OpenSSH binaries, not 9.9 as announced.

2025-01-12 Copssh server 7.19.1

  • Remove tcpip service dependency for IPv6 only installations
  • Cygwin 3.5.5

2024-09-23 Copssh server 7.19.0

  • OpenSSH 9.9p1

2024-09-21 Copssh server 7.18.1

  • Cygwin 3.5.4
  • OpenSSL 3.0.15

2024-07-02 Copssh server 7.18.0 (security)

  • OpenSSH 9.8p1
  • Use OpenSSL instead of LibreSSL library

2024-06-07 Copssh server 7.17.2

  • LibreSSL 3.9.2
  • Cygwin 3.5.3

2024-04-09 Copssh server 7.17.1

  • LibreSSL 3.9.1

2024-03-11 Copssh server 7.17.0

  • OpenSSH 9.6p1
  • Cygwin 3.4.10

2023-12-19 Copssh server 7.16.0 (security)

  • OpenSSH 9.6p1

2023-12-04 Copssh server 7.15.1

  • LibreSSL 3.8.2

2023-10-09 Copssh server 7.15.0

  • OpenSSH 9.5

2023-09-25 Copssh server 7.14.2

  • Cygwin 3.4.9

2023-08-26 Copssh server 7.14.1

  • Cygwin 3.4.8 (fixes ‘Bad address’ issue when running DOS programs as non-privileged users)

2023-08-11 Copssh server 7.14.0

  • OpenSSH 9.4p1

2023-07-26 Copssh server 7.13.4 (security)

  • OpenSSH 9.3p2

2023-06-19 Copssh server 7.13.3

  • LibreSSL 3.7.3
  • Cygwin 3.4.7

2023-05-23 Copssh server 7.13.2

  • LibreSSL 3.7.2
  • Cygwin 3.4.6

2023-03-29 Copssh server 7.13.1

  • Fix - Installer finish page - Auto run doesn’t work
  • New - Installer finish page - Option to create shortcut at desktop

2023-03-20 Copssh server 7.13.0

  • OpenSSH 9.3p
  • LibreSSL 3.6.2

2023-03-04 Copssh server 7.12.1

  • Cygwin 3.4.5

2023-02-03 Copssh server 7.12.0 (security)

  • OpenSSH 9.2

2022-11-07 Copssh server 7.11.1

  • LibreSSL 3.6.1
  • Cygwin 3.3.6

2022-10-08 Copssh server 7.11.0

  • OpenSSH 9.1p

2022-06-21 Copssh server 7.10.1

  • LibreSSL 3.5.3
  • Cygwin 3.3.5
  • Major tool update

2022-04-13 Copssh server 7.10.0

  • OpenSSH 9.0p
  • LibreSSL 3.5.1
  • Cygwin 3.3.4

2022-03-02 Copssh server 7.9.0

  • OpenSSH 8.9p

2022-01-04 Copssh server 7.8.3

  • LibreSSL 3.4.2
  • Cygwin 3.3.3

2021-11-17 Copssh server 7.8.2

  • Cygwin 3.3.x ( 3.3.0 , 3.3.1 , 3.3.2 )

2021-10-26 Copssh server 7.8.1

  • LibreSSL 3.4.1

2021-09-27 Copssh server 7.8.0

  • OpenSSH 8.8p (Security)

2021-08-24 Copssh server 7.7.0

  • OpenSSH 8.7p

2021-05-04 Copssh server 7.6.0

  • OpenSSH 8.6p
  • LibreSSL 3.3.3
  • Cygwin 3.2.0

2021-03-07 Copssh server 7.5.0

  • OpenSSH 8.5p
  • LibreSSL 3.2.4

2021-02-03 Copssh server 7.4.2

  • Use a built-in password generator instead of an external tool

2020-12-29 Copssh server 7.4.1

  • LibreSSL 3.2.3

2020-10-01 Copssh server 7.4.0

  • Copssh version 7.4.0 installers come with OpenSSH 8.4p (link is external) and LibreSSL 3.1.4 (link is external) . Cygwin and GNU tools are also upgraded. Future deprecation notice ========================= It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the “ssh-rsa” public key signature algorithm by default in a near-future release. This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs. The better alternatives include: * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as “ssh-rsa” but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them. * The ssh-ed25519 signature algorithm. It has been supported in OpenSSH since release 6.5. * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These have been supported by OpenSSH since release 5.7. To check whether a server is using the weak ssh-rsa public key algorithm, for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)’s allowed list: ssh -oHostKeyAlgorithms=-ssh-rsa user@host If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded. We intend to enable UpdateHostKeys by default in the next OpenSSH release. This will assist the client by automatically migrating to better algorithms. Users may consider enabling this option manually. “SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust” Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf Security ======== * ssh-agent(1): restrict ssh-agent from signing web challenges for FIDO/U2F keys. When signing messages in ssh-agent using a FIDO key that has an application string that does not start with “ssh:”, ensure that the message being signed is one of the forms expected for the SSH protocol (currently public key authentication and sshsig signatures). This prevents ssh-agent forwarding on a host that has FIDO keys attached granting the ability for the remote side to sign challenges for web authentication using those keys too. Note that the converse case of web browsers signing SSH challenges is already precluded because no web RP can have the “ssh:” prefix in the application string that we require. * ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating a FIDO resident key. The recent FIDO 2.1 Client to Authenticator Protocol introduced a “credProtect” feature to better protect resident keys. We use this option to require a PIN prior to all operations that may retrieve a resident key from a FIDO token.