PHP agent release notes¶

Sqreen PHP extension¶

[1.16.1] 2019-05-01

Correct a warning caused when the agent look for installed.json outside of open_basedir's specification

[1.16.0] 2019-04-18

Improve the performance of the request shutdown
Improve the performance of attacks recording
Better limit the time taken by CRS
Better measure the performance impact of Sqreen

[1.15.0] 2019-03-22

Support for organization token
Improve SQL coverage on PostgreSQL
Improve compatibility with the upcomming Debian Buster, and with Ubuntu 18.04 and 18.10

[1.14.0] 2019-01-22

Support redirect_user action

[1.13.1] 2019-01-14

Fix sqreen-installer not recognizing php 7.3 installations
Better support for performance budget

[1.13.0] 2019-01-07

Support Sqreen performance budget

[1.12.0] 2018-12-20

Support performance metrics
Hooks for connections to mysql/pgsql and callbacks for generating metrics (in order to support database discovery)

[1.11.0] 2018-12-03

Support PHP 7.3
Performance improvement for redirect_ip and block_ip actions

[1.10.0] 2018-10-24

Fix segfault on restart for release builds on PHP 7/ZTS
Do not log fatal error when blocking
xss: read content-type in response, ignore non-html

[1.9.5] 2018-08-03

Remove XSS false positive for reflected JavaScript variable

[1.9.4] 2018-08-01

Support RunCloud in the installation script

[1.9.3] 2018-07-26

Improve XSS detection

[1.9.2] 2018-06-19

Improve block user security response behavior

[1.9.1] 2018-06-18

Improve compatibility with NewRelic

[1.9.0] 2018-06-12

Add support for block user security response.
Update security responses format.

[1.8.2] 2018-06-07

Improve PHP XSS security plugin detection

[1.8.1] 2018-05-24

Improve PHP binary detection in the sqreen-installer script

[1.8.0] 2018-05-17

Improve communication with the daemon
Add support for security responses
Improve launch_daemon behavior

[1.7.0] 2018-04-25

Add new SDK sqreen\track
Add a new hookpoint on the XML entity loader
Improve compatibility with Apache 2
Improve detection of Composer packages

[1.6.0] 2018-03-22

Improve Alpine packaging
Improve performance while blocking attacks on PHP FPM
Move OWASP WAF rule in the extension to improve performances
Launch the daemon from the extension

[1.5.6] 2018-03-16

Improve handling of network issue

[1.5.5] 2018-03-07

Better handling of blocked requests during php-fpm request_startup
Add connection timeout with the daemon

[1.5.4] 2018-02-28

Correctly handle headers without colon

[1.5.3] 2018-02-21

Better detection of PHP in sqreen-installer
Fix whitelist with XSS detection

[1.5.2] 2018-02-17

Fix PDO deinstrumentation on httpd-itk
Fix warning on old glibc (<2.17)
Fix install script on env without $PATH
Add set_ini option in sqreen-installer

[1.5.1] 2018-02-13

Support for debian wheezy
Add missing build for PHP 5.4

[1.5.0] 2018-01-31

Add support for PHP 5.3 And PHP 5.4
Add support for libmysqlclient
Fix error page display

[1.4.0] 2018-01-12

Support for SDK identify

[1.3.0] 2017-12-19

Support for PHP 7.2

[1.2.2] 2017-12-14

Fix an issue with userland function instrumentation
Display an error when no PHP installation found

[1.2.1] 2017-11-28

Better handling of CPanel installation
Fix RPM update

[1.2] 2017-11-21

Improve XSS protection
Improve installation on CPanel

[1.1.2] 2017-10-26

Fix include/eval hook bug in PHP 5.5
Correctly set sqreen-installer symlink on update

[1.1.1] 2017-10-26

Improve XSS detection

[1.1.0] 2017-10-20

Add support for Alpine package
Improve SQL detection when using Doctrine

[1.0.2] 2017-10-12

Improve XSS detection

[1.0.1] 2017-10-06

Logging improvement

[1.0] 2017-10-06

Fix log file permissions
Better handling of network issues
Fix spurious error messages

[0.12.2] 2017-10-05

Correctly close log file after apache2 reload

[0.12.1] 2017-10-03

Fix apache graceful restart
Log in only one file

[0.12] 2017-09-27

Add support for composer packages
Add support for the protection mode
Support for eval injection protection
Improve performance of backtrace fetching
Fix an issue with the PostreSQL hook
Fix wrong metrics being sent

[0.11] 2017-09-18

Support whitelist
Global performance improvement
Send parsed params to the daemon
Performance improvement on PHP processes creation
Support for PostgreSQL

[0.10.1] 2017-09-06

Fix Debian setup issues
Support backtraces
Better connection failure handling
Fix extension version dislpay
Do not require mysqnld anymore

[0.10] 2017-09-04

Faster XSS protection
Shell injection protection
Blacklist support
Extension is not enabled on CLI
Support for sqreen.disable option
Remove package dependencies

[0.9] 2017-08-24

Authentication SDK support
Improve memory management
Allow to use hostnames in daemon address

[0.8] 2017-08-21

Add support for PHP 5.5 and 5.6
Add support for ZTS
Fix memory leaks
Improve log management

[0.7.3] 2017-08-11

Fix MySQL instrumentation for PDO

[0.7.2] 2017-08-08

Improve TCP communication with the daemon

[0.7.1] 2017-08-06

Read configuration after module initialization

[0.7] 2017-08-03

Improve logs
Improve memory management
Improve reliability on agent / daemon communication
Add the ability to dynamically update the security rules

[0.6.6] 2017-07-27

Make build compatible with CentOS6
Fix closing socket on module exit

[0.6.5] 2017-07-18

Fix issue on request initialization endpoint

[0.6.4] 2017-07-17

Fix issue on path transmitted to the daemon

[0.5]

Fix HTTP headers read in FPM

[0.4] 2017-06-13

Public release of the PHP agent

Sqreen daemon for PHP¶

[1.13.0] 2019-04-18

Improve the performance of the request shutdown
Improve the performance of attack recording
Improve the management of an unstable link between the daemon and the extension
Add support for Ubuntu 19.04

[1.12.0] 2019-03-22

Support of organization token
Configurable PII scrubbing. Learn more about this: configuration
Improve the behaviour of the agent when our API experience difficulties
Improve compatibility with the upcomming Debian Buster, and with Ubuntu 18.04 and 18.10
Improve the handling of malformed IP addresses

[1.10.0] 2019-01-22

Support redirect_user action

[1.9.2] 2019-01-17

Support metrics on rules without daemon-side callbacks (db detection rules)

[1.9.1] 2019-01-14

Better support for performance budget

[1.9.0] 2019-01-07

Support Sqreen clock time overhead cap

[1.8.1] 2018-12-23

Improve stability when blocking multiple IPs

[1.8.0] 2018-12-20

Fix memory leaks
Reduce number of v8 isolates instantiated (less memory usage)
Improve performance of ip blocking
Support performance metrics sent by the PHP extension

[1.7.0] 2018-11-20

Improve CPU usage

[1.6.5] 2018-08-08

Improve startup performance

[1.6.4] 2018-08-03

Improve stability

[1.6.3] 2018-07-10

Strip sensitive data before sending them to the BackEnd

[1.6.2] 2018-07-03

Improve performance on high throughput application
Fix the IP blacklist for request without IP

[1.6.1] 2018-06-11

Update security plugin signature validation algorithm.
Update vendored dependencies.

[1.6.0] 2018-05-17

Improve communication with the BackEnd
Correctly forward security responses to the extension

[1.5.0] 2018-04-25

Handle track SDK
Minor performance improvement when executing security rules

[1.4.4] 2018-04-11

Add IP_HEADER option to configure on which header the IP is fetch

[1.4.3] 2018-04-09

Improve user-agent matching detection
Improve log messages
Make the binary compatible with prelink

[1.4.2] 2018-03-15

Check Sqreen BackEnd connection before accepting new connections
Read config file from /etc/default/sqreen-agent if the file exists

[1.4.1] 2018-03-12

Improve memory usage
Properly scale down unused processes

[1.4.0] 2018-03-05

Improve memory usage
Improve handling of disabled application
Fixed file descriptor leak

[1.3.1] 2018-02-16

Don't trigger logging code when logging is not enabled
Don't record broken pipe error

[1.3.0] 2018-01-12

Support for sdk identify

[1.2.3] 2018-01-11

Properly handle SIGTERM with multiple processes

[1.2.2] 2018-01-10

Start new process when handling lot of connections

[1.2.1] 2018-01-08

Improve performance when handling many connections

[1.2.1] 2018-01-08

Improve performance when handling many connection

[1.2.0] 2017-11-23

Update the user-agent used
Fix crash that can occurs on invalid payload
Smaller communication payloads

[1.1.2] 2017-10-27

Add more accurate log on error
Display extension version on log

[1.1.1] 2017-10-26

Remove exec requirement on /tmp

[1.1.0] 2017-10-25

Handle backtrace fetching during rule execution

[1.0.4] 2017-10-20

Relogin on PHP extension update

[1.0.3] 2017-10-18

Improve performance on long parameters

[1.0.2] 2017-10-16

Better handling of big payload
Fix encoding issues in JS callbacks
Improve IP address detection

[1.0.1] 2017-10-13

Correctly handle disconnected client
Better handling of IP address

[1.0.0] 2017-10-06

Better handling of network issues

[0.9.3] 2017-10-05

Correctly handle HTTP request without IP

[0.9.2] 2017-09-28

Better detection of vulnerability discovery

[0.9.1] 2017-09-21

Better connection failure handling

[0.9.0] 2017-09-18

Support record of PHP traceback
Global performance improvement

[0.8.2] 2017-09-08

Fix rules reload behaviour

[0.8.1] 2017-09-01

Correctly fetch the headers

[0.8.0] 2017-09-01

Correctly record IP address
Add whitelist support
Better handling of HTTP request
Memory improvement
Correctly handle systemd service

[0.7.9] 2017-08-25

Better handling of non unicode data
Better handling of error

[0.7.8] 2017-08-18

Prevent leak of file descriptor

[0.7.7] 2017-08-17

Be more resilient on socket creation

[0.7.6] 2017-08-16

Fix memory leak

[0.7.5] 2017-08-11

Correctly handle cargs

[0.7.4] 2017-08-10

Better handling of package removing
Better handling of invalid msg_pack command

[0.7.3] 2017-08-08

Improve TCP communication with the extension

[0.7.2] 2017-08-03

Remove unexpected logging messages

[0.7.1] 2017-08-03

Better logging when using a proxy

[0.7.0] 2017-08-03

Improve logging messages
Improve communication between the agent and the extension