Title: Snuffleupagus 0.9.0 - Elephant seal Date: 2023-01-03 20:25 [![snuffleupagus logo]({static}/images/sp.png)](https://snuffleupagus.readthedocs.org) I just published a new release of [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/releases/tag/v0.9.0), the hardening module for php7+ and php8+, version `0.9.0`, codename "Elephant seal", named after a majestic [seal species](https://en.wikipedia.org/wiki/Elephant_seal). Adding support for [PHP 8.2](https://www.php.net/releases/8.2/en.php) in Snuffleupagus was *relatively* straightforward: - A few function prototypes changed signatures. - A broken macro, namely `ZEND_HASH_FOREACH_END_DEL` can't be used with `ZEND_HASH_REVERSE_FOREACH_KEY_PTR`, so it was replaced with `ZEND_HASH_FOREACH_END`. Since `ZEND_HASH_FOREACH_END_DEL` isn't used anywhere in PHP's codebase, nor anywhere else actually, to my knowledge, except in Snuffleupagus, it's no wonder that nobody noticed it to be completely broken. - The test suite was broken due to the `--CLEAN--` part loading Snuffleupagus, but not obeying the `--INI--` part, leading to error logs being outputted, breaking the tests making use of `--CLEAN--`. This was "fixed" by moving the cleaning parts before/after the actual tests. - `zend_atol` is deprecated, and was replaced with `ZEND_STRTOL`. - Amusingly, `PHP_VERSION_ID` for PHP 8.2 isn't `82000`, but `80200`. This wasn't a source of confusion at all, as usual. There is also a new mitigation: [`unserialize_noclass`](https://snuffleupagus.readthedocs.io/config.html#unserialize-noclass), available on PHP8+. As its name implies, it disables the deserialization of objects via `unserialize`, the equivalent of setting the `options` parameter of `unserialize` to `false` for every call. It was suggested by [Nextgens](https://florent.daigniere.com). ## Changelog * Compatibility with PHP8.2 * Add the ability block object unserialization globally. As usual, if you want to help, we have some [low hanging fruits]( https://github.com/jvoisin/snuffleupagus/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) ♥ See you in your PHP stack!