Bug 2342851

Summary: upgrade jsch to 0.2.23
Product: [Fedora] Fedora Reporter: Chris Cheney <ccheney>
Component: jschAssignee: Markku Korkeala <markku.korkeala>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 42CC: java-sig-commits, markku.korkeala, mizdebsk
Target Milestone: ---Flags: mizdebsk: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Cheney 2025-01-29 19:54:39 UTC 
The original jsch upsteam appears to be dead and has not updated the program in 7 years. Fedora is still using this dead version instead of the current up to date fork.

So the original also hasn't kept up to date with ssh, and as the original upstream is dead its not clear if this might also be a potential security issue.


   http://www.jcraft.com/jsch/
   https://mvnrepository.com/artifact/com.jcraft/jsch

      0.1.55 - Nov 26, 2018

It was forked here and maintained for the past 5 years

   https://github.com/mwiede/jsch/releases
   https://github.com/mwiede/jsch

      0.2.23 - Jan 25, 2025
      0.1.58 - Jun 24, 2020


Reproducible: Always
Comment 1 Aoife Moloney 2025-02-26 13:49:35 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 42 development cycle.
Changing version to 42.
Comment 2 Markku Korkeala 2025-04-02 13:21:10 UTC 
Hi, thanks for the bug report! As there is different author and groupId, I think it would probably be best to package this separately and then migrate using libraries and applications.