3 files changed, 80 insertions, 15 deletions
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index 6eaccd2..a406953 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -1,32 +1,76 @@
 Changelog
 =========
-0.8.0 - Woolly Mammoth
+0.8.2 - `Surus <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.2>`__ 2022/05/20
----------------------
+-------------------------------------------------------------------------------------------
- Massive simplification of the configuration parser
+Bug fixes
- Better memory management
+^^^^^^^^^
- Removal of internal calls to `call_user_func`
+* Fix compilation when ZTS is used
- Check for unsupported PHP version
+* Fix a possible infinite loop
- Compatibility with PHP8.1
- Suhosin features backports:
-  - Maximum stack depth/recursion limit
+0.8.1 - `Batyr <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.1>`__ 2022/05/16
-  - Maximum length for session id
+-------------------------------------------------------------------------------------------
+Bug fixes
+^^^^^^^^^
+* Fix the version number
+* Fix a test on PHP7
+Breaking Changes
+^^^^^^^^^^^^^^^^
+* `disable_xxe` is changed to `xxe_protection`
+0.8.0 - `Woolly Mammoth <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.0>`__ 2022/05/15
+-----------------------------------------------------------------------------------------------------
+New features
+^^^^^^^^^^^^
+* Compatibility with PHP8.1
+* Check for unsupported PHP version
+* Backport of Suhosin-ng patches:
+  * Maximum stack depth/recursion limit
+  * Maximum length for session id
+  * $_SERVER strip/encode
+  * Configuration dump
+  * Support for conditional rules
+  * INI settings protection
+  * Output SP logs to stderr
+  * Ported Suhosin rules to SP
+Improvements
+^^^^^^^^^^^^
+* Massive simplification of the configuration parser
+* Better memory management
+* Removal of internal calls to `call_user_func`
+* Increased portability of the default rules access different version of PHP
+* Start SP as late as possible, to hook as many things as possible
+Bug fixes
+^^^^^^^^^
+* XML and Session support are now checked at runtime instead of at compile time
 0.7.1 - `Proboscidea <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/08/02
 -------------------------------------------------------------------------------------------------
-* Fixed possible memory-leaks when hooking via regular expressions               
+Improvements
-* Modernise the code by removing usage of `strtok`                               
+^^^^^^^^^^^^
-* Prevent a possible crash during configuration reloading                        
-* Fix the default rules to catch dangerous `chmod` calls                         
 * Improve compatibility with various `libpcre` configurations/versions           
+* Modernise the code by removing usage of `strtok`                               
 * Improve the default rules' compatibility with php8                             
 * Prevent XXE in php8 as well                                                    
 * Improve a bit the verbosity of the logs
 * Add a rules file for php8
+Bug fixes
+^^^^^^^^^
+* Prevent a possible crash during configuration reloading                        
+* Fix the default rules to catch dangerous `chmod` calls                         
+* Fixed possible memory-leaks when hooking via regular expressions               
 0.7.0 - `Los Elefantes <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/01/02
 ---------------------------------------------------------------------------------------------------
@@ -46,7 +90,7 @@ Improvements
 Bug fixes
 ^^^^^^^^^
-* The strict mode is now disableable
+* The strict mode can now be disabled
 0.6.0 - `Elephant in the room <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.6.0>`__ 2020/11/06
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 0b7b7fd..d7f7f24 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -75,6 +75,19 @@ The terminating ``;`` is optional for now, but it should be used for future comp
 Miscellaneous
 -------------
+conditions
+^^^^^^^^^^
+It's possible to use conditions to have configuration portables accross
+several setups.
+::
+  @condition PHP_VERSION_ID < 80000;
+    # some rules
+  @condition PHP_VERSION_ID >= 80000;
+    # some other rules
+  @end_condition;
 global
 ^^^^^^
@@ -261,6 +274,9 @@ readonly_exec
 the execution of writeable PHP files.
 It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` mode.
+``extended_checks`` can be specified to abort the execution if the executed
+file or the folder containing it is owned by the user the PHP process is
+running under.
 ::
diff --git a/doc/source/papers.rst b/doc/source/papers.rst
index 3d043f0..d13f33a 100644
--- a/doc/source/papers.rst
+++ b/doc/source/papers.rst
@@ -123,9 +123,14 @@ Notable users
 - `AdwCleaner <https://www.malwarebytes.com/adwcleaner/>`__'s backend- a notorious anti-pup
 - `Alertot <https://www.alertot.com/>`__ - a Chilean continuous web security monitoring company
+- `Control Web Panel <https://control-webpanel.com/>`__ - a free modern and intuitive control panel for servers and VPS
+- `Mangadex <https://mangadex.dev/mangadex-v5-infrastructure-overview/>`__ - a major manga website
 - `NBS System <https://www.nbs-system.com/>`__ - a French hosting/security company and author of snuffleupagus
 - `Net4All <https://net4all.ch/>`__ - a Swiss hosting company
 - `Oceanet Technology <https://www.oceanet-technology.com/>`__ - a French hosting company
+- The `Swedish team <https://ccdcoe.org/news/2021/sweden-scored-highest-at-the-cyber-defence-exercise-locked-shields-2021/>`__
+  of the `NATO <https://www.nato.int/>`__'s `CCDCOE <https://ccdcoe.org/>`__ 
+  `Locked Shields <https://ccdcoe.org/exercises/locked-shields/>`__ exercise.
 - `SwissCenter <https://swisscenter.com>`__ - a Swiss datacenter & web hosting company
 - `Toolslib <https://toolslib.net/>`__ - an `Alexa top 10k <https://www.alexa.com/siteinfo/toolslib.net>`__ website
 - `cPanel <https://cpanel.net/>`__ - one of the most popular web hosting control panel

diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index 6eaccd2..a406953 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst
@@ -1,32 +1,76 @@
1	Changelog	1	Changelog
2	=========	2	=========
3		3
4	0.8.0 - Woolly Mammoth	4	0.8.2 - `Surus <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.2>`__ 2022/05/20
5	----------------------	5	-------------------------------------------------------------------------------------------
6		6
7	- Massive simplification of the configuration parser	7	Bug fixes
8	- Better memory management	8	^^^^^^^^^
9	- Removal of internal calls to `call_user_func`	9	* Fix compilation when ZTS is used
10	- Check for unsupported PHP version	10	* Fix a possible infinite loop
11	- Compatibility with PHP8.1	11
12	- Suhosin features backports:	12
13	- Maximum stack depth/recursion limit	13	0.8.1 - `Batyr <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.1>`__ 2022/05/16
14	- Maximum length for session id	14	-------------------------------------------------------------------------------------------
		15
		16	Bug fixes
		17	^^^^^^^^^
		18	* Fix the version number
		19	* Fix a test on PHP7
		20
		21	Breaking Changes
		22	^^^^^^^^^^^^^^^^
		23	* `disable_xxe` is changed to `xxe_protection`
		24
		25
		26	0.8.0 - `Woolly Mammoth <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.0>`__ 2022/05/15
		27	-----------------------------------------------------------------------------------------------------
		28
		29	New features
		30	^^^^^^^^^^^^
		31	* Compatibility with PHP8.1
		32	* Check for unsupported PHP version
		33	* Backport of Suhosin-ng patches:
		34	* Maximum stack depth/recursion limit
		35	* Maximum length for session id
		36	* $_SERVER strip/encode
		37	* Configuration dump
		38	* Support for conditional rules
		39	* INI settings protection
		40	* Output SP logs to stderr
		41	* Ported Suhosin rules to SP
		42
		43	Improvements
		44	^^^^^^^^^^^^
		45	* Massive simplification of the configuration parser
		46	* Better memory management
		47	* Removal of internal calls to `call_user_func`
		48	* Increased portability of the default rules access different version of PHP
		49	* Start SP as late as possible, to hook as many things as possible
		50
		51	Bug fixes
		52	^^^^^^^^^
		53	* XML and Session support are now checked at runtime instead of at compile time
15		54
16		55
17	0.7.1 - `Proboscidea <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/08/02	56	0.7.1 - `Proboscidea <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/08/02
18	-------------------------------------------------------------------------------------------------	57	-------------------------------------------------------------------------------------------------
19		58
20	* Fixed possible memory-leaks when hooking via regular expressions	59	Improvements
21	* Modernise the code by removing usage of `strtok`	60	^^^^^^^^^^^^
22	* Prevent a possible crash during configuration reloading
23	* Fix the default rules to catch dangerous `chmod` calls
24	* Improve compatibility with various `libpcre` configurations/versions	61	* Improve compatibility with various `libpcre` configurations/versions
		62	* Modernise the code by removing usage of `strtok`
25	* Improve the default rules' compatibility with php8	63	* Improve the default rules' compatibility with php8
26	* Prevent XXE in php8 as well	64	* Prevent XXE in php8 as well
27	* Improve a bit the verbosity of the logs	65	* Improve a bit the verbosity of the logs
28	* Add a rules file for php8	66	* Add a rules file for php8
29		67
		68	Bug fixes
		69	^^^^^^^^^
		70	* Prevent a possible crash during configuration reloading
		71	* Fix the default rules to catch dangerous `chmod` calls
		72	* Fixed possible memory-leaks when hooking via regular expressions
		73
30		74
31	0.7.0 - `Los Elefantes <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/01/02	75	0.7.0 - `Los Elefantes <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/01/02
32	---------------------------------------------------------------------------------------------------	76	---------------------------------------------------------------------------------------------------
@@ -46,7 +90,7 @@ Improvements
46		90
47	Bug fixes	91	Bug fixes
48	^^^^^^^^^	92	^^^^^^^^^
49	* The strict mode is now disableable	93	* The strict mode can now be disabled
50		94
51		95
52	0.6.0 - `Elephant in the room <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.6.0>`__ 2020/11/06	96	0.6.0 - `Elephant in the room <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.6.0>`__ 2020/11/06


diff --git a/doc/source/config.rst b/doc/source/config.rst index 0b7b7fd..d7f7f24 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst
@@ -75,6 +75,19 @@ The terminating ``;`` is optional for now, but it should be used for future comp
75	Miscellaneous	75	Miscellaneous
76	-------------	76	-------------
77		77
		78	conditions
		79	^^^^^^^^^^
		80
		81	It's possible to use conditions to have configuration portables accross
		82	several setups.
		83
		84	::
		85	@condition PHP_VERSION_ID < 80000;
		86	# some rules
		87	@condition PHP_VERSION_ID >= 80000;
		88	# some other rules
		89	@end_condition;
		90
78	global	91	global
79	^^^^^^	92	^^^^^^
80		93
@@ -261,6 +274,9 @@ readonly_exec
261	the execution of writeable PHP files.	274	the execution of writeable PHP files.
262		275
263	It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` mode.	276	It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` mode.
		277	``extended_checks`` can be specified to abort the execution if the executed
		278	file or the folder containing it is owned by the user the PHP process is
		279	running under.
264		280
265	::	281	::
266		282


diff --git a/doc/source/papers.rst b/doc/source/papers.rst index 3d043f0..d13f33a 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst
@@ -123,9 +123,14 @@ Notable users
123		123
124	- `AdwCleaner <https://www.malwarebytes.com/adwcleaner/>`__'s backend- a notorious anti-pup	124	- `AdwCleaner <https://www.malwarebytes.com/adwcleaner/>`__'s backend- a notorious anti-pup
125	- `Alertot <https://www.alertot.com/>`__ - a Chilean continuous web security monitoring company	125	- `Alertot <https://www.alertot.com/>`__ - a Chilean continuous web security monitoring company
		126	- `Control Web Panel <https://control-webpanel.com/>`__ - a free modern and intuitive control panel for servers and VPS
		127	- `Mangadex <https://mangadex.dev/mangadex-v5-infrastructure-overview/>`__ - a major manga website
126	- `NBS System <https://www.nbs-system.com/>`__ - a French hosting/security company and author of snuffleupagus	128	- `NBS System <https://www.nbs-system.com/>`__ - a French hosting/security company and author of snuffleupagus
127	- `Net4All <https://net4all.ch/>`__ - a Swiss hosting company	129	- `Net4All <https://net4all.ch/>`__ - a Swiss hosting company
128	- `Oceanet Technology <https://www.oceanet-technology.com/>`__ - a French hosting company	130	- `Oceanet Technology <https://www.oceanet-technology.com/>`__ - a French hosting company
		131	- The `Swedish team <https://ccdcoe.org/news/2021/sweden-scored-highest-at-the-cyber-defence-exercise-locked-shields-2021/>`__
		132	of the `NATO <https://www.nato.int/>`__'s `CCDCOE <https://ccdcoe.org/>`__
		133	`Locked Shields <https://ccdcoe.org/exercises/locked-shields/>`__ exercise.
129	- `SwissCenter <https://swisscenter.com>`__ - a Swiss datacenter & web hosting company	134	- `SwissCenter <https://swisscenter.com>`__ - a Swiss datacenter & web hosting company
130	- `Toolslib <https://toolslib.net/>`__ - an `Alexa top 10k <https://www.alexa.com/siteinfo/toolslib.net>`__ website	135	- `Toolslib <https://toolslib.net/>`__ - an `Alexa top 10k <https://www.alexa.com/siteinfo/toolslib.net>`__ website
131	- `cPanel <https://cpanel.net/>`__ - one of the most popular web hosting control panel	136	- `cPanel <https://cpanel.net/>`__ - one of the most popular web hosting control panel