PowerShell and OpenSSH team investments for 2022
It’s time to discuss the team investments for 2022. For some areas we’ll be completing work we’ve already started, and in others we’ll be beginning on new projects.
Executive Order on Cybersecurity
One of the areas we’ve already spent significant effort on is adhering to the Executive Order on Cybersecurity. Due to the large number of repositories owned and maintained by the team, this has been a large but necessary work item. As the guidance and compliance requirements evolve, additional work may be needed throughout the year.
We’re continuing with our yearly release of new PowerShell 7 minor version updates. PowerShell 7.2 was released last year as our most recent LTS release. PowerShell 7.3 will be a stable version that will be supported for one year after General Availability, expected towards the end of this year.
Below, I cover some specific feature areas we expect to deliver in the 7.3 release beyond bug fixes and community contributions.
Move to .NET 7
We will continue to align with new .NET releases which means moving to .NET 7. We continue to work closely with the .NET team to align our releases, however we found some issues in .NET 7 preview 1 so we couldn’t ship PowerShell 7.3 preview 2 with .NET 7. As early adopters of .NET 7, we expect to hit issues on occasion with the intent to get them resolved before we consider a release candidate.
Local SessionConfiguration support
PowerShell JEA provides the ability to define a remote endpoint that restricts
administrative capabilities so that authenticated users have Just Enough Administration (JEA).
This capability is currently dependent on WinRM.
The Local SessionConfiguration feature would allow specifying a local session configuration file
to be used on start of
pwsh such that you can use this with SSH remoting.
Some capabilities that are built into WinRM such as running in a virtual or group managed account
will not be supported.
Additional Azure Mariner support
Mariner is the Azure supported Linux distribution intended for Microsoft teams that require Linux. Although Mariner already includes PowerShell 7 support, we need to add support for additional architectures like Windows ARM64.
Last year, we published a RFC on Custom ConnectionInfo. The idea was to allow the community to create cmdlets that would extend the capabilities of the current PowerShell remoting infrastructure. For example, one could create a cmdlet that performs Azure Active Directory authentication to establish a SSH connection and then PowerShell can perform remoting over that connection.
AMSI and WDAC enhancements
PowerShell continues to collaborate with the AMSI and WDAC teams to improve the PowerShell security posture. As the Windows Antimalware and Windows Application Control teams continue to improve their features, we will continue to enhance PowerShell 7 to leverage those new capabilities.
PowerShell 7 in Windows
We continue to explore and discuss with the Windows team how to make it easier to deploy PowerShell 7 on Windows. As noted previously, support lifecycle differences between Windows and .NET along with size constraints we don’t have the ability currently to ship PowerShell 7 in Windows. Previously we considered a bootstrapper to be a viable solution giving the experience of being inbox in Windows, however, it would have been a significant effort to implement. Instead, we are exploring shipping a cmdlet in Windows PowerShell to make it easy to install PowerShell 7. A new RFC will be published to discuss this.
More Windows ARM64 support
As Windows ARM64 continues to grow in usage, we’ve had customer and partner asks for a MSI package for installation instead of the current zip package that we publish today. In addition to producing a Windows ARM64 MSI package, additional work would be needed to make it Microsoft Update compatible.
Making it easier to find out what’s new in PowerShell
PowerShell 7 and modules we ship continue to ship with new features and capabilities (often thanks to community contributions).
However, we’ve found that users may not know what is new as not everyone follows us on Twitter nor read our blog posts.
We’d like to add a
Get-WhatsNew cmdlet to help users find out what’s new in PowerShell.
Expect a RFC about this cmdlet to be published in the near future.
In PSReadLine 2.1 along with PowerShell 7.1, we added the ability to have predictive intellisense. This is more than just tab-completion in that a predictor could leverage machine learning to predict what the user is typing to make them more productive or help them understand a complex command by pre-filling in arguments.
We initially partnered with the Azure PowerShell team to have them produce a predictor for Azure.
We’re now ready to make this available more broadly for developers to implement their own predictors. We have an example predictor that uses existing PowerShell completers that we’ll be releasing soon.
As the popularity of PowerShell 7 has grown, we’ve been getting feedback that modules are encountering dependency conflicts. By default, .NET only allows one version of an assembly to be loaded at a time. So if a module depends on a newer version, but an older version of the assembly is already loaded, then that module will fail to load. .NET provides a mechanism to allow multiple versions of an assembly to be loaded at the same time using an AssemblyLoadContext and we have some documentation on how to leverage this. However, this is still quite complicated. We’re working on some improvements in PowerShell 7 to make this easier along with sample code.
macOS Notarization support
We’ve been publishing macOS packages since PowerShell Core 6.0. However, Apple introduced a new Notarization capability that we have yet to adopt. We’ll have to do some work to support notarization making it easier to install new releases.
Work continues on PowerShellGet 3.0. This was a complete rewrite of PowerShellGet focusing on a few key areas:
- Simplify code base making it easier to enhance and fix bugs (which includes moving aware from dependency on PackageManagement)
- Address long standing usability issues that would have been breaking changes from v2
- Maintain compatibility for existing scripts written expecting v2
We’ve released a number of previews for PowerShellGet 3.0 and we’re getting closer to a potential release candidate.
PowerShell VSCode Extension
We’ve had some significant changes in the PowerShell VSCode extension on how threading works in order to improve performance and reliability of the extension. We’ll continue to fix bugs and focus on moving the preview release to a stable release.
The PowerShell Gallery was first announced more than 7 years ago and usage has grown surpassing our expectations. As we think about the continued growth and use of PowerShell Gallery, we’re exploring some significant architectural changes to the gallery to support scenarios for the next 7+ years. More specific details will come out later once we are ready to share them publicly.
We started work on PSDesiredStateConfiguration 3.0 last year and will continue this work.
With the release of Crescendo 1.0 RC last December, we expect a General Availability release soon.
PlatyPS is the tool used to generate update-able help files. We’ll continue to have more preview releases focusing on partner and community feedback expecting to have a General Availability release later this year.
OpenSSH for Windows
Our team continues to support the Windows port of OpenSSH. We continue to publish experimental beta releases on GitHub to get user feedback prior to updating the OpenSSH shipped in Windows. Expect new releases on GitHub to be MSI packages instead of zip packages making them easier to install and update. We’ll continue to fix bugs as well as add new parity features to the Windows port. There’s some other exciting work happening with SSH that we aren’t quite ready to discuss yet.
As you can see, we have lots of work on our plate Our plans are not set in stone and we’ll adjust them as new compliance or customer/partner requirements come in. Finally, thanks to the amazing community! Your feedback and contributions are greatly appreciated and results in a better product for everyone.