Changelog ========= 0.3.1 - `Elephant Arch `__ 2018/08/20 ------------------------------------------------------------------------------------------------------ Improvements ^^^^^^^^^^^^ - Disable XXE and harden PRNG by default - Use ``SameSite`` on PHP's session cookie in the default rules - Relax a bit what files can be included in the default rules - Add the possibility to ignore files hashes when generating rules - The ``filename`` filter is now accepting phar paths Bug fixes ^^^^^^^^^ - The harden rand_feature is not ignoring parameters anymore in function calls - Fix possible crashes/hangs when using php-fpm's pools - Fix an infinite loop on ``echo`` hook - Fix an issue with ``filename`` filter - Fix some documentation issues - Fix the Arch Linux's PKGBUILD 0.3.0 - `Dentalium elephantinum `__ 2018/07/17 --------------------------------------------------------------------------------------------------------------- New features ^^^^^^^^^^^^ - Session cookies can now be `encrypted `__ - Some occurrences of `type juggling `__ can now be eradicated - It's `now possible `__ to hook `echo` and `print` Improvements ^^^^^^^^^^^^ - The `.filename()` filter is `now matching `__ on the file where the function is called instead on the one where it's defined. - Vastly `optimize `__ the way we hook native functions - The format of the logs has been streamlined to ease their processing Bug fixes ^^^^^^^^^ - Better handling of filters for built-in functions - Fix various possible integer overflows - Fix an `annoying memory leak `__ impacting mostly `mod_php` 0.2.2 - `Elephant Moraine `__ 2018/04/12 --------------------------------------------------------------------------------------------------------- New features ^^^^^^^^^^^^ - The `.dump()` filter is now supported for `unserialize`, `readonly_exec`, and `eval` black/whitelist Improvements ^^^^^^^^^^^^ - Add some assertions - Add more rules examples - Provide a script to check for malicious file uploads - Significant performances improvement (at least +20%) - Significantly improve the performances of our default rules set - Our readme file is now shinier - Minor code simplification Bug fixes ^^^^^^^^^ - Fix a crash related to variadic functions 0.2.1 - `Elephant Point `__ 2018/02/07 ------------------------------------------------------------------------------------------------------- Bug fixes ^^^^^^^^^ - The testsuite can now be successfully run as root - Fix a double execution when snuffleupagus is used with some other extensions - Fix an execution-context related crash Improvements ^^^^^^^^^^^^ - Support PCRE2, since it's `required for PHP7.3 `__ - Improve a bit the portability of the code - Minor code simplification 0.2.0 - `Elephant Rally `__ - 2018/01/18 --------------------------------------------------------------------------------------------------------- New features ^^^^^^^^^^^^ - `Glob `__ support in ``sp.configuration_file`` - Whitelist/blacklist functions in ``eval`` - ``phpinfo`` shows if the configuration is valid or not Bug fixes ^^^^^^^^^ - Off-by-one in configuration parsing fixed - Minor cookie-encryption related memory leaks fixes - Various crashes spotted by `fr33tux `__ fixes - Configuration files with windows EOL are correctly handled Improvements ^^^^^^^^^^^^ - General code clean-up - Documentation overhaul - Compilation on FreeBSD and CentOS - Select which cookies to encrypt via regular expressions - Match on return values from user-defined functions External contributions ^^^^^^^^^^^^^^^^^^^^^^ - Simplification and clean up of our linked-list implementation by `smagnin `__ 0.1.0 - `Mighty Mammoth `__ - 2017/12/21 --------------------------------------------------------------------------------------------------------- - Initial release