- Fixes potential XSS exploit reported by @0xmitsurugi
- Fixes broken heat map and domstream playback
- Converted owa_overlay cookie store to JSON string for uniformity with other cookies.
- removes the use of antiquated input filter class for input sanitization.
- Removes hostip as the default geolocation provider
This release fixes numerous bugs including a XSS vulnerability reported by @strukt93.
In addtion, this is the first release that includes a refactoring of the core event processing pipeline which includes the following features:
- PHP 5.3 is now a requirement.
- All event properties are now filterable.
- Events processing can be hooked in several places in order to operate on the event before/during/after processing
- When events are queued, OWA does does the absolute minimum to new events before writing them to the incoming_tracking_events queue.