summaryrefslogtreecommitdiff
path: root/debian/changelog
blob: 3cab41183fa37c58ae5fe91def447fde234bb227 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

snuffleupagus (0.4.1) UNRELEASED; urgency=medium

  * Improve and clarify the documentation
  * Add support for PHP7.3
  * Improve the coverage, we have now reached 99% of coverage
  * Improve the `mb_string` hooking logic 
  * The script that check uploaded file is now available in PHP
  * Fix segfault on 32-bit for PHP7.3
  * Fix segfault when using `sloppy_comparison` feature with array

 -- kkadosh <snuffleupagus@nbs-system.com>  Fri, 21 Dec 2018 11:50:00 +0200

snuffleupagus (0.4.0) UNRELEASED; urgency=medium

  [ jvoisin ]
  * Add the possibility to whitelist `stream wrappers`
  * Snuffleupagus is now using php's logging mechanisms, instead of outputting its log directly into the syslog.
  * PHP is now prevented from ever disabling certificate verification thanks to a few lines in our default configuration.
  * Significant code simplification for cookies handling
  * Our `sloppy comparison` feature is now complete
  * Snuffleupagus won't start with an invalid config anymore, except if the `sp.allow_broken_configuration` is set.
  * It's now possible to place virtual-patches on the return value of user-defined functions.
  * Since Snuffleupagus is used by more and more organisations, we added a bunch of them in our propaganda page.
  * Add some missing pieces of documentation and fix some links
  * Fix the `make install` command
  * Fix various compilation warnings
  * Snuffleupagus is now running on platforms that aren't using the glibc

 -- jvoisin <snuffleupagus@nbs-system.com>  Fri, 31 Aug 2018 16:50:00 +0200

snuffleupagus (0.3.1) UNRELEASED; urgency=medium

  * Disable XXE and harden PRNG by default
  * Use SameSite on PHP's session cookie in the default rules
  * Relax a bit what files can be included in the default rules  
  * Add the possibility to ignore files hashes when generating rules
  * The filename filter is now accepting phar paths  
  * The harden rand_feature is not ignoring parameters anymore in function calls
  * Fix possible crashes/hangs when using php-fpm's pools  
  * Fix an infinite loop on echo hook
  * Fix an issue with filename filter
  * Fix some documentation issues
  * Fix the Arch Linux's PKGBUILD

 -- he2ss <snuffleupagus@nbs-system.com>  Tue, 20 Aug 2018 15:00:00 +0200

snuffleupagus (0.3.0) UNRELEASED; urgency=medium

  * Session cookies can now be encrypted
  * Some occurrences of type juggling can now be eradicated
  * It's now possible to hook echo and print
  * The .filename() filter is now matching on the file where the function is called instead on the one where it's defined.
  * Vastly optimize the way native functions are hooked
  * The format of the logs has been streamlined to ease their processing
  * Better handling of filters for built-in functions
  * Fix various possible integer overflows
  * Fix an annoying memory leak

 -- kkadosh <snuffleupagus@nbs-system.com>  Tue, 17 Jul 2018 15:00:00 +0200

snuffleupagus (0.2.2) UNRELEASED; urgency=medium
  * Add some assertions in the code
  * The `.dump()` filter is now supported for `unserialize`, `readonly_exec`, and `eval` black/whitelist
  * Add more rules examples
  * Provide a script to check for malicious file uploads
  * Significant performances improvement (at least +20%)
  * Significantly improve the performances of our default rules set
  * Our readme file is now shinier
  * Minor code simplification
  * Fix a crash related to variadic functions

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 12 Mar 2018 10:00:00 +0200

snuffleupagus (0.2.1) UNRELEASED; urgency=medium
  * The testsuite can now be successfully run as root
  * Fix a double execution when snuffleupagus is used with some other extensions
  * Fix an execution-context related crash
  * Support PCRE2, since it's required for PHP7.3
  * Improve a bit the portability of the code
  * Minor code simplification

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 07 Feb 2018 11:00:00 +0200

snuffleupagus (0.2.0) UNRELEASED; urgency=medium

  * Glob support in `sp.configuration_file`
  * Whitelist/blacklist functions in `eval`
  * `phpinfo` shows is the configuration is valid or not
  * Off-by-one in configuration parsing fixed
  * Minor cookie-encryption related memory leaks fixes
  * Various crashes fixes
  * Configuration files with windows EOL are correctly handled
  * General code clean-up
  * Documentation overhaul
  * Compilation on FreeBSD and CentOS
  * Select which cookies to encrypt via regular expressions
  * Match on return values from user-defined functions
  * Simplification and clean up of our linked-list implementation

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 18 Jan 2018 13:00:00 +0200

snuffleupagus (0.1.0) UNRELEASED; urgency=medium

  * Initial release.

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 04 Jul 2017 17:51:31 +0200