v1.5.0

[1.5.0] — 2026-05-11

Added

• Connection groups/tags and reusable templates across the data model, database migration, add/edit flows and translations
• Bulk mount/dismount actions and a group filter in the main connection header
• Dedicated profile panel for end users to review their account and change their password
• Manual GitHub update checks with download progress and an install-on-exit flow
• Telemetry opt-in prompt, persisted telemetry settings and asynchronous telemetry submission

Changed

• Reworked the main window, settings screen and right-panel forms for the 1.5.0 release layout
• Connection cards now show group pills and compact host details with the drive letter in the subtitle
• Add/Edit connection flows now support templates explicitly and surface group metadata in the UI
• Replaced many native message boxes with a themed custom dialog for warnings, confirmations and success messages
• Pinned core Python dependency versions for the 1.5.0 release environment
• Updated visible application version strings in the main window, about dialog and single-instance mutex
• Reduced debug logging of sensitive command-line arguments in the PuTTY launcher
• Hardened in-memory handling of temporary password tokens used by SSH ASKPASS

Security

• Hardened SSH_ASKPASS password exchange by replacing plaintext environment transfer with one-time IPC tokens
• Relaxed first-contact host-key handling to OpenSSH accept-new for SSH and sysinfo flows while keeping changed-host failures
• Increased minimum password length from 6 to 8 characters in registration and user-management flows
• Restricted crash report file permissions so stack traces are no longer world-readable
• Masked PuTTY password arguments in debug logs to prevent credential leakage

Fixed

• Added password fallback when a stored SSH key fails but a password is still available for the same connection
• Unified destructive confirmation prompts and dirty-form handling through the styled dialog layer
• Corrected multiple German translation strings and save-label spellings used in the 1.5.0 UI

---

v1.4.1

What's Changed

Fixed

• Crash when clicking a mounted host (NameError: conn_id not defined in info panel lambdas)
• Copy button in error dialogs not working
• Loading state not clearing when ask-password dialog is cancelled
• Edit mode: section headers too bold compared to info panel
• Edit mode: password dots disproportionately large

Changed

• Info panel: drive badge replaced with folder SVG icon, only visible when host is mounted
• Edit mode now matches info panel field order, container structure and section labels
• Status badge (connected/disconnected pill) shown at top of edit mode for visual continuity
• Save button: floppy disk icon replaces checkmark
• Light mode: save button gets subtle green background; delete icon solid red for better contrast

Full Changelog: https://github.com/gregorkrebs/neosshwinmanager/blob/main/CHANGELOG.md

v1.4.0 — Security Hardening Release

Security

• Comprehensive Security Audit: Hardened credential storage, session handling, encryption routines and key derivation across auth_manager, crypto, database, ssh_launcher and sshfs_controller
• CWE-312 · Connection Metadata Encryption: Host, username, connection name and remote path are now encrypted with AES-256-GCM before being stored in the database. Existing entries are migrated automatically on first login.
• CWE-732 · Windows ACL hardened: win32security is now a hard module-level import — a missing pywin32 installation raises an explicit ImportError on startup rather than leaving the database file world-readable.
• CWE-307 · Brute-Force Protection: Login attempts are now rate-limited per username. After 5 consecutive failures the account is locked for 30 seconds; each subsequent block escalates (10 attempts → 10 min, 5 → 1 h, and further).
• CWE-362 · Session Race Condition fixed: Session._current_user is protected by a threading.RLock; enc_key updates after password changes are performed atomically.
• CWE-591 · Memory-Lock failures now visible: mlock_memory() / munlock_memory() now emit a WARNING log entry on failure instead of returning False silently.
• CWE-214 · CLI Key via stdin: --connect-cli - reads the access key from stdin, preventing exposure in process listings and shell history.
• CWE-78 · Shell Injection Prevention: Removed unsafe shell interpolation in ssh_launcher; added _is_safe_label() in sshfs_controller. SSH terminal now launched via cmd.exe + CREATE_NEW_CONSOLE instead of shell=True.
• CLI Keys Migration: Plaintext CLI-access-keys are automatically encrypted on first login after the update.
• SSH_ASKPASS for Password Auth: Passwords are passed via the SSH_ASKPASS mechanism — never exposed in the process list.
• Connection Name Validation: Names containing shell metacharacters are rejected before database insertion.
• MITM Fix (v1.3.1 omission corrected): StrictHostKeyChecking=yes was already applied in v1.3.1 but not documented. Installations running v1.3.0 or earlier are vulnerable — upgrade immediately.

Features

• PuTTY PPK Integration: Auto-detection and configurable PPK key path for PuTTY-based connections
• Native SSH Terminal Improvements: Overhauled terminal launch logic for both PuTTY and native OpenSSH
• SysInfo available with key or password: System information is retrieved whenever an SSH key or stored password is configured — the security level setting no longer gates sysinfo access.
• SysInfo Auth Overlay: A clear overlay is shown when neither key nor password is configured, instead of a generic error.
• Login Lockout Countdown: After a tier-boundary lockout, the login form shows a live countdown with human-readable time remaining.
• Login Button gated on input: The Sign-in button is disabled until both username and password (≥ 1 char each) are filled.
• About Dialog Redesign: Card layout with grouped clickable link buttons for project, documentation, GitHub and author links
• Sidebar About Button: Persistent About button in the sidebar

Fixed

• SSHFS Mass Disconnect Bug: Fixed a race condition in sshfs_controller that caused all mounted drives to disconnect simultaneously
• Drive Unmount Crash: Prevented a crash when a drive was unmounted while the UI still held a reference to it (#1)
• QMessageBox Dark Mode: Corrected background color of message boxes in dark mode (#3)
• F2 Crash on Non-Standard Widgets: Prevented crash when pressing F2 on non-standard widgets (#4)
• Form Scroll Behavior: Fixed scrolling in Add/Edit connection dialog on smaller screens
• Crash Report Path: Crash reports are now written to %APPDATA%\SSHWinManager\crash_report.txt
• Worker Thread Error Propagation: Mount/unmount worker threads now catch exceptions and emit a MountResult error instead of crashing silently

v1.3.1

What's new in v1.3.1

• Agent CLI key is now directly visible in the connection editor instead of being masked.
• Added two visible SVG actions for the CLI key: copy and regenerate.
• Added check-icon feedback after copying the key.
• Bumped desktop app and website metadata to 1.3.1.

v1.3.0 - Full UI Overhaul, Browser Simulation & Project Website

What's new in v1.3.0

UI Architecture Overhaul

• Full-screen Settings and User Management panels via QStackedWidget
• Sidebar navigation with active-state highlighting
• [i] button exclusively opens SSH live system-info panel
• Edit button always visible, disabled when connection is mounted

Theme and Visual Polish

• Primary buttons: gradient #00b4d8 to #0077b6, black text
• Title bar colour adapts to active theme via DwmSetWindowAttribute (Windows 11+)
• Checkbox checked indicator: 14x14px, white checkmark on red background
• Panel headers: 52px height, kicker labels removed, titles vertically centred

System-Info Panel Rewrite

• List-style layout with 4px colour-coded progress bars for CPU/RAM/Disk

Project Website

• Full static website in website/ (landing, features, docs, changelog, download)
• Interactive browser simulation (website/app.html) in pure HTML/CSS/JS
• No installation needed, deployable via GitHub Pages

Maintenance

• Removed legacy credential_store.py
• AppUserModelID prefix changed from dennis. to neo.
• Version bump to 1.3.0

NeoSSHWinManager 1.2.0

NeoSSHWinManager 1.2.0

• Add persisted light/dark theme support.
• Add ask-each-time authentication mode for connections.
• Improve connection card click behavior for mounting.
• Fix application icons for login and main windows.
• Bump application and Windows metadata to 1.2.0.

NEO SSH-Win Manager v1.1.0

NEO SSH-Win Manager v1.1.0

First release of NEO SSH-Win Manager - a modern Windows desktop app for mounting SSH filesystems as drive letters.

Downloads

• NeoSSHWinManager.exe - GUI application
• NeoSSHWinManager-cli.exe - CLI companion (console subsystem)