Jump to content
Nytro

SektionEins releases Suhosin 0.9.37

Recommended Posts

SektionEins releases Suhosin 0.9.37

Posted: 2014-12-03 11:00 by Ben Fuhrmannek


SektionEins is proud to announce the release of the PHP security extension Suhosin version 0.9.37.

Suhosin (pronounced 'su-ho-shin') is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

This release improves stability and adds a number of useful features, such as

  • array index blacklist and whitelist to protect against attacks like this: http://.../foo.php?a[; or 1=1 --]
  • SQL injection protection for Mysqli
  • SQL username limits
  • experimental UTF-8 exemption for binary data detection
  • Debian package script
  • well documented configuration file
  • numerous new test cases

A complete list of changes can be found in the ChangeLog.

In addition there have been improvements to the online documentation:

Suhosin is officially supported to run with PHP 5.4, 5.5 and 5.6 on Linux. However for security reasons we recommend PHP 5.5 or above. The comprehensive test suite passes on Linux - Debian Wheezy and Ubuntu Trusty - MacOSX 10.9 and FreeBSD 10.1.

The default array index blacklist is set to the following characters: '"+-<>;(). With this change in mind, upgrading from previous versions should be smooth and seamless.

Download here: About | SUHOSIN

Professional Support: SektionEins provides professional support for Suhosin as well as security audits of web applications, consulting services and trainings. Please use our contact form for more information.

Ben Fuhrmannek

Sursa: https://www.sektioneins.de/en/blog/14-12-03-suhosin-release-0.9.37.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...