Hardening-Patch v0.4.12 released




19. July 2006

The Hardened-PHP Project is proud to announce the availibilty of version 0.4.12 of our Hardening-Patch for PHP.

The new version incorporates a bunch of fixes for security hole in current PHP 4.4.2 and 5.1.4 versions. Some of these fixes are not within the PHP CVS and will most probably not be fixed in php.net's upcoming releases, although some of these vulnerabilities have been reported to php.net several months ago by us or 3rd parties.

Additionally the Hardening-Patch now comes with a protection against certain header attack on the mail() function. (See the documentation of hphp.mail.protect for further information)

Finally the Hardened-PHP Project wants to thank Pavel Stano for his report, that allowed fixing a problem with URL blacklists, that could result in endless loops.

Download:
  • as patch against the released PHP tarball
  • NEW: as prepatched tarball
© Hardened PHP Project