Software Details:
Version: 0.9.38 updated
Upload Date: 4 Jun 15
Distribution Type: Freeware
Downloads: 23
Suhosin extends built-in PHP security mechanisms, by adding detection, prevention and fixes for known PHP security risks and flaws.
Suhosin is made up of various low-level protection patches.
It can prevent bufferoverflows or format string vulnerabilities, along with other problems.
It also includes a powerful PHP extension, an extension that includes various smaller protection methods.
What is new in this release:
- Added SQL injection protection for Mysqli and several test cases
- Added wildcard matching for SQL username
- Added check for SQL username to only contain valid characters (>= ASCII 32)
- Test cases for user_prefix and user_postfix
- Added experimental PDO support
- SQL checks other than mysql (Mysqli + old-style) must be enabled with configure --enable-suhosin-experimental, e.g. MSSQL.
- disallow_ws now matches all single-byte whitespace characters
- remove_binary and disallow_binary now optionally allow UTF-8.
- Introduced suhosin.upload.allow_utf8 (experimental)
- Reimplemented suhosin_get_raw_cookies()
- Fixed potential segfault for disable_display_errors=fail (only on ARM)
- Fixed potential NULL-pointer dereference with func.blacklist and logging
- Logging timestamps are localtime instead of gmt now
- Added new array index filter (character whitelist/blacklist)
- Set default array index blacklist to '"+-<>;()
- Added option to suppress date/time for suhosin file logging (suhosin.log.file.time=0)
- Added simple script to create binary Debian package
- Fixed additional recursion problems with session handler
- Suhosin now depends on php_session.h instead of version-specific struct code
What is new in version 0.9.37.1:
- Added SQL injection protection for Mysqli and several test cases
- Added wildcard matching for SQL username
- Added check for SQL username to only contain valid characters (>= ASCII 32)
- Test cases for user_prefix and user_postfix
- Added experimental PDO support
- SQL checks other than mysql (Mysqli + old-style) must be enabled with configure --enable-suhosin-experimental, e.g. MSSQL.
- disallow_ws now matches all single-byte whitespace characters
- remove_binary and disallow_binary now optionally allow UTF-8.
- Introduced suhosin.upload.allow_utf8 (experimental)
- Reimplemented suhosin_get_raw_cookies()
- Fixed potential segfault for disable_display_errors=fail (only on ARM)
- Fixed potential NULL-pointer dereference with func.blacklist and logging
- Logging timestamps are localtime instead of gmt now
- Added new array index filter (character whitelist/blacklist)
- Set default array index blacklist to '"+-<>;()
- Added option to suppress date/time for suhosin file logging (suhosin.log.file.time=0)
- Added simple script to create binary Debian package
- Fixed additional recursion problems with session handler
- Suhosin now depends on php_session.h instead of version-specific struct code
What is new in version 0.9.37-dev:
- Added check for SQL username to only contain valid characters (>= ASCII 32)
- Test cases for user_prefix and user_postfix
- Added experimental PDO support
- SQL checks other than mysql (Mysqli + old-style) must be enabled with configure --enable-suhosin-experimental, e.g. MSSQL.
- Disallow_ws now matches all single-byte whitespace characters
- Remove_binary and disallow_binary now optionally allow UTF-8.
What is new in version 0.9.33:
- Stop mbstring extension from replacing POST handlers
- Added detection of extensions manipulating POST handlers
- Fixed environment variables for logging do not go through the filter extension anymore
- Fixed stack based buffer overflow in transparent cookie encryption (see separate advisory)
- Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers
- Removed crypt() support - because not used for PHP >= 5.3.0 anyway
Comments not found