Upgrade to latest version:
2008.01.14: Version 0.9.23
Fixed suhosin extension now compiles with snapshots of PHP 5.3
Fixed crypt() behaves like normal again when there is no salt supplied
Removed LFS warning message because it crashed on several systems
2007.11.30: Version 0.9.21
Fixed function_exists() now checks the Suhosin permissions
Fixed crypt() salt no longer uses Blowfish by default
Fixed .htaccess/perdir support
Fixed compilation problem on OS/X
Added protection against some attacks through _SERVER variables
Added suhosin.server.strip and suhosin.server.encode
Added error message that warns about the LFS binary incompatibility
CVs: ----------------------------------------------------------------------
Changelog:
2007.03.04: Version 0.9.17
* Added a suhosin.ini example configuration. Thanks to Mandriva Linux for supplying us with one
* Added new logging device: file
* Fixed that suhosin.filter.action did not affect POST limits
* Fixed behaviour of request variable limit to be an upper limit
* for the other settings instead of being additive limit
* Fixed hard_memory_limit bypass due to casting bug in PHP. Problem was found by: Ilia Alshanetsky
* Fixed some sql prefix/postfix problems
* Added experimental SQL injection heuristic
2006.12.02: Version 0.9.16
* Added suhosin.stealth which controls if suhosin loads in stealth mode when it is not the only zend_extension (Required for full compatibility with certain encoders that consider open source untrusted. e.g. ionCube, Zend)
* Activate suhosin.stealth by default
* Fixed that Suhosin tries handling functions disabled by disable_function. In v0.9.15 it was impossible to disable phpinfo() with disable_function. Problem was found by: Thorsten Schifferdecker
2006.11.28: Version 0.9.15
* Added a transparent protection for open phpinfo() pages by adding an HTML META ROBOTS tag to the output that forbids indexing and archiving
DESCR:
Suhosin is an advanced protection system for PHP installations. It was
designed to protect servers and users from known and unknown flaws in
PHP applications and the PHP core. Suhosin comes in two independent
parts, that can be used separately or in combination. The first part is
a small patch against the PHP core, that implements a few low-level
protections against bufferoverflows or format string vulnerabilities and
the second part is a powerful PHP extension that implements all the other
protections.
Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP
installation, which means it is compatible to 3rd party binary extension
like ZendOptimizer.
