Skip to main content

PHP agent release notes

Release date: November 14, 2022

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Identify Drupal modules not installed via Composer.

  • Added support for PHP 8.0.

Bug fixes:

  • Use the web server root directory as the working directory when running with PHP-FPM on Red Hat Enterprise. (PHP-679)

Release date: September 20, 2022

Language versions currently supported: PHP 7.4., 8.1

New and improved:

  • Initial support for PHP 8.1.

Release date: August 30, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Added initial Assess support for Drupal 8 and 9.

  • Added SCA support for Drupal 8 and 9 when installing modules using Composer packages.

Release date: June 28, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Added support for LDAP injection rules.

  • Added support for NoSQL injection rules for MongoDB and Redis.

Release date: June 13, 2022

Language versions currently supported: PHP 7.4

Bug fixes:

  • Fixes minor issue with route discovery logs.

Release date: June 06, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Initial triggers for redos rule.

  • Provides packages for arm64/aarch64.

Bug fixes:

  • Includes fixes previously released in 1.3.1 and 1.3.2.

Release date: May 26, 2022

Language versions currently supported: PHP 7.4

Release date: May 25, 2022

Language versions currently supported: PHP 7.4

Bug fixes:

  • Better error handling for request shutdown hook. (PHP-576)

Release date: May 24, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Initial support for nosql-injection rule: initial support is for the Datastax Cassandra CQL driver for PHP.

  • Support for capturing full stack traces and relevant common configuration options.

Bug fixes:

  • Fixed issue when using relative agent log path. (PHP-540)

  • Fixed issue with route discovery when running under php-fpm. (PHP-528)

Release date: May 11, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Agent is now disabled by default with PHP command-line interface (CLI) in order to prevent accidental analysis of PHP scripts and commands.

  • Added diagnostic script contrast-php-util to agent package along with experimental commands for enabling/disabling agent to ease onboarding.

  • Added support for reflection-injection rule.

Bug fixes:

  • Contains fixes for configuration of Assess and API certificates that were included in previous individual bugfix releases.

Release date: April 26, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Add certificate configuration option for Contrast API.

Release date: April 25, 2022

Language versions currently supported: PHP 7.4

Bug fixes:

  • Agent now defers to Contrast web interface setting for enabling Assess if omitted from configuration. Previously the agent required Assess to be explicitly enabled locally as well.

Release date: April 21, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Improvements to trace event rendering in the Contrast web interface.

  • Added coverage to unsafe-code-execution for extract function.

Bug fixes:

  • Fixed issue with configuration file discovery paths. (PHP-496)

  • Fixed issue with json_decode propagation. (PHP-482)

Release date: April 4, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Assess and SCA feature support for PHP applications.

  • Support for the Laravel framework.