Hardening-Patch v0.3.1 released




6. July 2005

The Hardening-Patch v0.3.1 has been released. It comes with a few compilation bugfixes (that were provided by Michal Lukaszek <prismpld-linux.org>) and a few new features.

The most important new feature is that the header() function will no longer allow multiple HTTP headers at once. This means it is no longer possible to perfom any kind of HTTP response splitting attacks on applications running on your server.

This feature is activated by default, but can be switched off if there
really is an application that makes use of this "bug" in PHP.

For a list of all new features see here.
You can download the new version here.
© Hardened PHP Project