PHP agent release notes
Release date: February 17, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Added support for Symfony framework.
Release date: January 26, 2023
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Added SCA analysis for custom Drupal modules (not installed via Composer).
Bug fixes:
Fixed a potential crash in the agent when encountering PHP code that consists of a coalesce call and a closure.
Updated the data provided to TeamServer to ensure that it contains a valid stack trace.
Eliminated some potential false positive reflected-xss reports from request headers.
Release date: November 14, 2022
Language versions currently supported: PHP 7.4, 8.0, 8.1
New and improved:
Identify Drupal modules not installed via Composer.
Added support for PHP 8.0.
Bug fixes:
Use the web server root directory as the working directory when running with PHP-FPM on Red Hat Enterprise. (PHP-679)
Release date: September 20, 2022
Language versions currently supported: PHP 7.4., 8.1
New and improved:
Initial support for PHP 8.1.
Release date: August 30, 2022
Language versions currently supported: PHP 7.4
New and improved:
Added initial Assess support for Drupal 8 and 9.
Added SCA support for Drupal 8 and 9 when installing modules using Composer packages.
Release date: June 28, 2022
Language versions currently supported: PHP 7.4
New and improved:
Added support for LDAP injection rules.
Added support for NoSQL injection rules for MongoDB and Redis.
Release date: June 13, 2022
Language versions currently supported: PHP 7.4
Bug fixes:
Fixes minor issue with route discovery logs.
Release date: June 06, 2022
Language versions currently supported: PHP 7.4
New and improved:
Initial triggers for
redosrule.Provides packages for arm64/aarch64.
Bug fixes:
Includes fixes previously released in 1.3.1 and 1.3.2.
Release date: May 26, 2022
Language versions currently supported: PHP 7.4
Release date: May 25, 2022
Language versions currently supported: PHP 7.4
Bug fixes:
Better error handling for request shutdown hook. (PHP-576)
Release date: May 24, 2022
Language versions currently supported: PHP 7.4
New and improved:
Initial support for
nosql-injectionrule: initial support is for the Datastax Cassandra CQL driver for PHP.Support for capturing full stack traces and relevant common configuration options.
Bug fixes:
Fixed issue when using relative agent log path. (PHP-540)
Fixed issue with route discovery when running under
php-fpm. (PHP-528)
Release date: May 11, 2022
Language versions currently supported: PHP 7.4
New and improved:
Agent is now disabled by default with PHP command-line interface (CLI) in order to prevent accidental analysis of PHP scripts and commands.
Added diagnostic script
contrast-php-utilto agent package along with experimental commands for enabling/disabling agent to ease onboarding.Added support for
reflection-injectionrule.
Bug fixes:
Contains fixes for configuration of Assess and API certificates that were included in previous individual bugfix releases.
Release date: April 26, 2022
Language versions currently supported: PHP 7.4
New and improved:
Add certificate configuration option for Contrast API.
Release date: April 25, 2022
Language versions currently supported: PHP 7.4
Bug fixes:
Agent now defers to Contrast web interface setting for enabling Assess if omitted from configuration. Previously the agent required Assess to be explicitly enabled locally as well.
Release date: April 21, 2022
Language versions currently supported: PHP 7.4
New and improved:
Improvements to trace event rendering in the Contrast web interface.
Added coverage to
unsafe-code-executionforextractfunction.
Bug fixes:
Fixed issue with configuration file discovery paths. (PHP-496)
Fixed issue with
json_decodepropagation. (PHP-482)
Release date: April 4, 2022
Language versions currently supported: PHP 7.4
New and improved:
Assess and SCA feature support for PHP applications.
Support for the Laravel framework.