PHP agent release notes

Addresses two issues that caused a segmentation fault in the PHP extension when parsing certain framework files. (SUP-4910)

Addressed the issue of incorrectly named proxy configuration items. (PHP-828)

Added ability to specify a proxy to use for TeamServer communication.

Added logging around setting the temporary path for the network communication layer.

Fixed an issue where setting the request logging feature (api.log_requests) to true while using STDOUT as the log output path would result in no logging of network requests.

Fixed issue with seg fault when running with PHP 8.0 and Laravel 9.

Fixed issue with passthrough module not loading on versions 8.0 and 8.1.

Updated internal packages to address a security flaw.

Removed an unused configuration setting.

Fixed an issue where certain PHP files would cause a segmentation fault in the agent. Improved overall agent robustness.

Updated internal library versions.

Added Jammy as a Debian distribution package.

Detection of Symfony framework and version.

Added instrumentation for Doctrine when using Symfony.

Updated the copyright date for the license file.

Ensured that group, metadata, and session_metadata values from the configuration file are properly parsed for automatic application onboarding.

Added support for Symfony framework.

Added SCA analysis for custom Drupal modules (not installed via Composer).

Fixed a potential crash in the agent when encountering PHP code that consists of a coalesce call and a closure.

Updated the data provided to TeamServer to ensure that it contains a valid stack trace.

Eliminated some potential false positive reflected-xss reports from request headers.

Identify Drupal modules not installed via Composer.

Added support for PHP 8.0.

Use the web server root directory as the working directory when running with PHP-FPM on Red Hat Enterprise. (PHP-679)

Initial support for PHP 8.1.

Added initial Assess support for Drupal 8 and 9.

Added SCA support for Drupal 8 and 9 when installing modules using Composer packages.

Added support for LDAP injection rules.

Added support for NoSQL injection rules for MongoDB and Redis.

Fixes minor issue with route discovery logs.

Initial triggers for redos rule.

Provides packages for arm64/aarch64.

Includes fixes previously released in 1.3.1 and 1.3.2.

Better error handling for request shutdown hook. (PHP-576)

Initial support for nosql-injection rule: initial support is for the Datastax Cassandra CQL driver for PHP.

Support for capturing full stack traces and relevant common configuration options.

Fixed issue when using relative agent log path. (PHP-540)

Fixed issue with route discovery when running under php-fpm. (PHP-528)

Agent is now disabled by default with PHP command-line interface (CLI) in order to prevent accidental analysis of PHP scripts and commands.

Added diagnostic script contrast-php-util to agent package along with experimental commands for enabling/disabling agent to ease onboarding.

Added support for reflection-injection rule.

Contains fixes for configuration of Assess and API certificates that were included in previous individual bugfix releases.

Add certificate configuration option for Contrast API.

Agent now defers to Contrast web interface setting for enabling Assess if omitted from configuration. Previously the agent required Assess to be explicitly enabled locally as well.

Improvements to trace event rendering in the Contrast web interface.

Added coverage to unsafe-code-execution for extract function.

Fixed issue with configuration file discovery paths. (PHP-496)

Fixed issue with json_decode propagation. (PHP-482)

Assess and SCA feature support for PHP applications.

Support for the Laravel framework.