Woolly Mammoth

New features

• Compatibility with PHP8.1
• Check for unsupported PHP version
• Backport of Suhosin-ng patches:
  • Maximum stack depth/recursion limit
  • Maximum length for session id
  • $_SERVER strip/encode
  • Configuration dump
  • Support for conditional rules
  • INI settings protection
  • Output SP logs to stderr
  • Ported Suhosin rules to SP

Improvements

• Massive simplification of the configuration parser
• Better memory management
• Removal of internal calls to call_user_func
• Increased portability of the default rules access different version of PHP
• Start SP as late as possible, to hook as many things as possible

Bug fixes

• XML and Session support are now checked at runtime instead of at compile time

Breaking changes

• disable_xxe is renamed xxe_protection