Skip to content

Security bugfix release: All users are encouraged to upgrade to this version as soon as possible.

- removed code compatibility for PHP <5.4 (lots of code + ifdefs)
- allow https location for suhosin.filter.action
- fixed newline detection for suhosin.mail.protect
- Added suhosin.upload.max_newlines to protect againt DOS attack via many
MIME headers in RFC1867 uploads (CVE-2015-4024)
- mail related test cases now work on linux

Assets 2

This hotfix release changes the newly introduced array index blacklist to not block '-' by default due to incompatibilities with widely used software.
Also, the version string shows '' now (without '-dev').

Assets 2

@bef bef released this Dec 3, 2014 · 2 commits to 0.9.37 since this release


changelog for release 0.9.37
Assets 2

@bef bef released this Nov 24, 2014 · 8 commits to 0.9.37 since this release

First release candidate of Suhosin Extension 0.9.37

Assets 2

@stefanesser stefanesser released this Jun 11, 2014 · 146 commits to master since this release

Release of Suhosin Extension 0.9.36

Assets 2
Feb 24, 2014
Release of Suhosin Extension 0.9.35
Feb 15, 2014
First release candiate of Suhosin Extension 0.9.35
You can’t perform that action at this time.