diff options
| author | Stefan Esser | 2012-01-14 19:32:14 +0100 |
|---|---|---|
| committer | Stefan Esser | 2012-01-14 19:32:14 +0100 |
| commit | 3b6c6af3faa6a66e4f5337a769baed32f404b82b (patch) | |
| tree | 54c4cfe5a6a764fe44e6faac7b3eba21bcb9059f /Changelog | |
| parent | 491c7e914bb972e097565d0fd40141ebb10b6107 (diff) | |
Use new suhosin_getenv() function in all places
Add protection against mbstring
Add detection of incompatible extensions that change POST handlers
Diffstat (limited to 'Changelog')
| -rw-r--r-- | Changelog | 6 |
1 files changed, 5 insertions, 1 deletions
| @@ -1,5 +1,9 @@ | |||
| 1 | 2012-01-11 - 0.9.33-dev | 1 | 2012-01-14 - 0.9.33-dev |
| 2 | 2 | ||
| 3 | - Make clear that suhosin is incompatible to mbstring.encoding_translation=On | ||
| 4 | - Stop mbstring extension from replacing POST handlers | ||
| 5 | - Added detection of extensions manipulating POST handlers | ||
| 6 | - Fixed environment variables for logging do not go through the filter extension anymore | ||
| 3 | - Fixed stack based buffer overflow in transparent cookie encryption (see separate advisory) | 7 | - Fixed stack based buffer overflow in transparent cookie encryption (see separate advisory) |
| 4 | - Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers | 8 | - Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers |
| 5 | - Removed crypt() support - because not used for PHP >= 5.3.0 anyway | 9 | - Removed crypt() support - because not used for PHP >= 5.3.0 anyway |