- Default rules were improved,
xxeand hard_rand on, along with relaxed restrictions on what files extension can be included. Session cookies are also coming with the
SameSiteflag on, killing CSRF!
- Because managing immutable websites is non-trivial, we added an option to generate rules without hashes, only based on file names.
- Php uses
phararchives for various reasons, so we made snuffleupagus'
filenamefilter accept pathes that are starting with
- The harden rand feature was ignoring parameters in some cases, it's not the case anymore
- Fix possible crashes/hangs when using php-fpm's pools, reported by sriccioa, who answered the resolution of the issue with "Thanks a lot for this. I've tried this in a sandbox system, now time to see how it will react on a shared hosting production server with ca. 200 pools :)" ♥
- Fix an infinite loop on echo hook, related to the previous point.
- Fix an issue with filename filter, because we didn't managed to wrap our head
around the multitude of functions prodived by php to deal with
- Apparently, people are reading our documentation and found some typos for us to dix.
- Arch Linux's PKGBUILD is working again.
If you want to help, as usual, we have some low hanging fruits ♥
See you in your PHP stack!