Changelog:
2007.03.04: Version 0.9.17
* Added a suhosin.ini example configuration. Thanks to Mandriva Linux for supplying us with one
* Added new logging device: file
* Fixed that suhosin.filter.action did not affect POST limits
* Fixed behaviour of request variable limit to be an upper limit
* for the other settings instead of being additive limit
* Fixed hard_memory_limit bypass due to casting bug in PHP. Problem was found by: Ilia Alshanetsky
* Fixed some sql prefix/postfix problems
* Added experimental SQL injection heuristic
2006.12.02: Version 0.9.16
* Added suhosin.stealth which controls if suhosin loads in stealth mode when it is not the only zend_extension (Required for full compatibility with certain encoders that consider open source untrusted. e.g. ionCube, Zend)
* Activate suhosin.stealth by default
* Fixed that Suhosin tries handling functions disabled by disable_function. In v0.9.15 it was impossible to disable phpinfo() with disable_function. Problem was found by: Thorsten Schifferdecker
2006.11.28: Version 0.9.15
* Added a transparent protection for open phpinfo() pages by adding an HTML META ROBOTS tag to the output that forbids indexing and archiving
DESCR:
Suhosin is an advanced protection system for PHP installations. It was
designed to protect servers and users from known and unknown flaws in
PHP applications and the PHP core. Suhosin comes in two independent
parts, that can be used separately or in combination. The first part is
a small patch against the PHP core, that implements a few low-level
protections against bufferoverflows or format string vulnerabilities and
the second part is a powerful PHP extension that implements all the other
protections.
Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP
installation, which means it is compatible to 3rd party binary extension
like ZendOptimizer.
