Core Shell / Core Tunnel 1.4.5 – Security Enhanced

Security and privacy are our number one priority.

The Core Shell / Core Tunnel 1.4.5 updates focus on security, all shipped binaries are now protected by the Hardened Runtime which was introduced in macOS Mojave.

Hardened Runtime

In macOS Mojave, Apple has introduced support for Hardened Runtime:

Applications cannot debug other apps or be debugged themselves unless they explicitly declare that capability

Attempts to access protected resources without predeclaring intent will result in a crash

Add the appropriate entitlement for each protected resource that your apps needs to access

Access still subject to user approval

Excerpt From: Your Apps and the Future of macOS Security - WWDC 2018

The hardened runtime prevents malicious software from accessing internal runtime data of the app, the drawback is this capability only available in macOS v10.14 and later.

Core Shell Specific

Dock Menu

Quick open a new window from dock menu:


Suggested by @chrisj60 :

Extended New Window / Tab Menu


Suggested by @chrisj60:

Show Dimensions of the Terminal Window in Title

Suggested by @chrisj60:

SIGSEGV crash issue

Reported by @chrisj60:

Restore the frame of last closed window

The size and position of last closed main window should be remembered, reported by @chrisj60:

Core Tunnel Specific

Reverse Dynamic Port Forwarding

Please refer to section "Reverse Dynamic Port Forwarding" in post What is port forwarding, and how it works:

Common Changes for Both

OpenSSH Related

  • SSH: update the codebase of embedded OpenSSH XPC component from version 7.5 to 7.9
  • SSH: add RemoteCommand option to specify a command that will be executed on the remote host
  • SSH: add two new settings for StrictHostKeyChecking option: "accept-new" and "off"
  • SSH: add a BindInterface option to allow binding the outgoing connection to an interface's address
  • SSH: add a SetEnv directive to request that the server sets an environment variable in the session
  • SSH: add a CASignatureAlgorithms option to allow control over which signature formats are allowed for CAs to sign certificates


For password and interactive information items stored in system Keychain, the unique key should be the combination of login username, host address and port number.

Reported by @network:


  • Internal sensitive runtime data exchanging is encrypted by asymmetric encryption
  • Reduce the app startup time
  • Other minor bug fixes
  • Add Chris Jenkins(@chrisj60), Brad Freeman(@network) to special thanks

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.