blob: 31d66ebe8ce3972ab97d823d52a6163c3d3557ca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
snuffleupagus (0.3.1) UNRELEASED; urgency=medium
* Disable XXE and harden PRNG by default
* Use SameSite on PHP's session cookie in the default rules
* Relax a bit what files can be included in the default rules
* Add the possibility to ignore files hashes when generating rules
* The filename filter is now accepting phar paths
* The harden rand_feature is not ignoring parameters anymore in function calls
* Fix possible crashes/hangs when using php-fpm's pools
* Fix an infinite loop on echo hook
* Fix an issue with filename filter
* Fix some documentation issues
* Fix the Arch Linux's PKGBUILD
-- he2ss <snuffleupagus@nbs-system.com> Tue, 20 Aug 2018 15:00:00 +0200
snuffleupagus (0.3.0) UNRELEASED; urgency=medium
* Session cookies can now be encrypted
* Some occurrences of type juggling can now be eradicated
* It's now possible to hook echo and print
* The .filename() filter is now matching on the file where the function is called instead on the one where it's defined.
* Vastly optimize the way native functions are hooked
* The format of the logs has been streamlined to ease their processing
* Better handling of filters for built-in functions
* Fix various possible integer overflows
* Fix an annoying memory leak
-- kkadosh <snuffleupagus@nbs-system.com> Tue, 17 Jul 2018 15:00:00 +0200
snuffleupagus (0.2.2) UNRELEASED; urgency=medium
* Add some assertions in the code
* The `.dump()` filter is now supported for `unserialize`, `readonly_exec`, and `eval` black/whitelist
* Add more rules examples
* Provide a script to check for malicious file uploads
* Significant performances improvement (at least +20%)
* Significantly improve the performances of our default rules set
* Our readme file is now shinier
* Minor code simplification
* Fix a crash related to variadic functions
-- jvoisin <snuffleupagus@nbs-system.com> Tue, 12 Mar 2018 10:00:00 +0200
snuffleupagus (0.2.1) UNRELEASED; urgency=medium
* The testsuite can now be successfully run as root
* Fix a double execution when snuffleupagus is used with some other extensions
* Fix an execution-context related crash
* Support PCRE2, since it's required for PHP7.3
* Improve a bit the portability of the code
* Minor code simplification
-- jvoisin <snuffleupagus@nbs-system.com> Tue, 07 Feb 2018 11:00:00 +0200
snuffleupagus (0.2.0) UNRELEASED; urgency=medium
* Glob support in `sp.configuration_file`
* Whitelist/blacklist functions in `eval`
* `phpinfo` shows is the configuration is valid or not
* Off-by-one in configuration parsing fixed
* Minor cookie-encryption related memory leaks fixes
* Various crashes fixes
* Configuration files with windows EOL are correctly handled
* General code clean-up
* Documentation overhaul
* Compilation on FreeBSD and CentOS
* Select which cookies to encrypt via regular expressions
* Match on return values from user-defined functions
* Simplification and clean up of our linked-list implementation
-- jvoisin <snuffleupagus@nbs-system.com> Tue, 18 Jan 2018 13:00:00 +0200
snuffleupagus (0.1.0) UNRELEASED; urgency=medium
* Initial release.
-- jvoisin <snuffleupagus@nbs-system.com> Tue, 04 Jul 2017 17:51:31 +0200
|
