PHP agent release notes
Release date: August 15, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
Bug fixes:
Addresses two issues that caused a segmentation fault in the PHP extension when parsing certain framework files. (SUP-4910)
Release date: August 14, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
Bug fixes:
Addressed the issue of incorrectly named proxy configuration items. (PHP-828)
Release date: August 10, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Added ability to specify a proxy to use for TeamServer communication.
Release date: July 13, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Added logging around setting the temporary path for the network communication layer.
Release date: June 29, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
Bug fixes:
Fixed an issue where setting the request logging feature (
api.log_requests
) to true while usingSTDOUT
as the log output path would result in no logging of network requests.
Release date: May 31, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
Bug fixes:
Fixed issue with seg fault when running with PHP 8.0 and Laravel 9.
Fixed issue with passthrough module not loading on versions 8.0 and 8.1.
Release date: May 17, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Updated internal packages to address a security flaw.
Removed an unused configuration setting.
Bug fixes:
Fixed an issue where certain PHP files would cause a segmentation fault in the agent. Improved overall agent robustness.
Release date: April 28, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Updated internal library versions.
Release date: April 17, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Added Jammy as a Debian distribution package.
Release date: March 30, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Detection of Symfony framework and version.
Added instrumentation for Doctrine when using Symfony.
Bug fixes:
Updated the copyright date for the license file.
Ensured that group, metadata, and session_metadata values from the configuration file are properly parsed for automatic application onboarding.
Release date: February 17, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Added support for Symfony framework.
Release date: January 26, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Added SCA analysis for custom Drupal modules (not installed via Composer).
Bug fixes:
Fixed a potential crash in the agent when encountering PHP code that consists of a coalesce call and a closure.
Updated the data provided to TeamServer to ensure that it contains a valid stack trace.
Eliminated some potential false positive reflected-xss reports from request headers.
Release date: November 14, 2022
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Identify Drupal modules not installed via Composer.
Added support for PHP 8.0.
Bug fixes:
Use the web server root directory as the working directory when running with PHP-FPM on Red Hat Enterprise. (PHP-679)
Release date: September 20, 2022
Language versions currently supported: PHP 7.4., 8.1
New and improved:
Initial support for PHP 8.1.
Release date: August 30, 2022
Language versions currently supported: PHP 7.4
New and improved:
Added initial Assess support for Drupal 8 and 9.
Added SCA support for Drupal 8 and 9 when installing modules using Composer packages.
Release date: June 28, 2022
Language versions currently supported: PHP 7.4
New and improved:
Added support for LDAP injection rules.
Added support for NoSQL injection rules for MongoDB and Redis.
Release date: June 13, 2022
Language versions currently supported: PHP 7.4
Bug fixes:
Fixes minor issue with route discovery logs.
Release date: June 06, 2022
Language versions currently supported: PHP 7.4
New and improved:
Initial triggers for
redos
rule.Provides packages for arm64/aarch64.
Bug fixes:
Includes fixes previously released in 1.3.1 and 1.3.2.
Release date: May 26, 2022
Language versions currently supported: PHP 7.4
Release date: May 25, 2022
Language versions currently supported: PHP 7.4
Bug fixes:
Better error handling for request shutdown hook. (PHP-576)
Release date: May 24, 2022
Language versions currently supported: PHP 7.4
New and improved:
Initial support for
nosql-injection
rule: initial support is for the Datastax Cassandra CQL driver for PHP.Support for capturing full stack traces and relevant common configuration options.
Bug fixes:
Fixed issue when using relative agent log path. (PHP-540)
Fixed issue with route discovery when running under
php-fpm
. (PHP-528)
Release date: May 11, 2022
Language versions currently supported: PHP 7.4
New and improved:
Agent is now disabled by default with PHP command-line interface (CLI) in order to prevent accidental analysis of PHP scripts and commands.
Added diagnostic script
contrast-php-util
to agent package along with experimental commands for enabling/disabling agent to ease onboarding.Added support for
reflection-injection
rule.
Bug fixes:
Contains fixes for configuration of Assess and API certificates that were included in previous individual bugfix releases.
Release date: April 26, 2022
Language versions currently supported: PHP 7.4
New and improved:
Add certificate configuration option for Contrast API.
Release date: April 25, 2022
Language versions currently supported: PHP 7.4
Bug fixes:
Agent now defers to Contrast web interface setting for enabling Assess if omitted from configuration. Previously the agent required Assess to be explicitly enabled locally as well.
Release date: April 21, 2022
Language versions currently supported: PHP 7.4
New and improved:
Improvements to trace event rendering in the Contrast web interface.
Added coverage to
unsafe-code-execution
forextract
function.
Bug fixes:
Fixed issue with configuration file discovery paths. (PHP-496)
Fixed issue with
json_decode
propagation. (PHP-482)
Release date: April 4, 2022
Language versions currently supported: PHP 7.4
New and improved:
Assess and SCA feature support for PHP applications.
Support for the Laravel framework.