Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss]

Snuffleupagus 0.4.0 - Oliphant Chuckerbutty
Sat 01 September 2018 — download

snuffleupagus logo

We just did a new release of Snuffleupagus, the 0.4.0, named Oliphant Chuckerbutty , after Soorjo Alexander William Langobard Oliphant Chuckerbutty (1884–1960), who was an English composer and an organist. You can listen at some of his compositions on youtube.

It's likely the latest release that I'll do myself; now that other people know the drill. This new version brings some invasive changes: new hardening features, a new logging system, several important refactorings, … and although we did our very best to find and fix every single bugs, odds are that we didn't catch them all. Should you find any, please do open an issue on our bugtracker.

It's fun to note that the project gained something like 50 stars on Github in less than 2 days, because we implemented a feature asked by Scott almost one year ago, and apparently, he and some of his twitter followers are kind of famous in PHP's little world. Maybe we'll soon see a sudden rise in the number of our users.

While this release has been mainly done by caillou and me (mostly caillou to be honest), we had several external contributors, who opened issue, are trying to Snuffleupagus on significant scales, submitted patches, tested it on various platforms and configurations, questioned our assumptions, … it's nice to see that people aren't just users, but are eager to help the project move forward. Hurray for Free software!

Changelog

New features

  • While it's not possible to do it in PHP7+ vanilla, it's now possible to whitelist stream wrappers in Snuffleupagus!
  • Turning off certificate verification is a common development practise, and forgetting to turn it back on is equally common. This is why we added a couple of lines to our default configuration to prevent PHP code from ever turning verification off.
  • Snuffleupagus is now using php's internal logging functions (instead of outputing everything directly into the syslog), allowing administrators to tune precisely how many verbosity they want, and where should the logs go.

Improvements

  • It's now possible to completely forbid type-juggling, even in functions like in_array, array_search or array_keys.
  • More and more people are using Snuffleupagus, so we added some new entries to our propaganda page.
  • It's now possible to patch user-defined functions on their return value.
  • Snuffleupagus won't start with an invalid config anymore, except if the sp.allow_broken_configuration parameter is set.
  • Significant code simplification for cookies handling thanks to Remi Collet

Bug fixes

  • Missing documentation has been added, especially regarding new features
  • The make install has been fixed.
  • Almost all the compilation warnings have been fixed.
  • Various typos in comments and in the documentation have been corrected
  • Snuffleupags is now working on systems without glibc, like Alpine Linux with musl, thanks to Antoine Tenart.

As usual, if you want to help, we have some low hanging fruits

See you in your PHP stack!