Skip to main content

PHP agent release notes

Release date: February 20, 2024

Language versions currently supported: PHP 7.4, 8.0, 8.1, 8.2, 8.3

New and improved:

  • Initial support for PHP 8.3.

Release date: January 22, 2024

Language versions currently supported: PHP 7.4, 8.0, 8.1, 8.2

New and improved:

  • Added support for Symfony 6.4 and 7.0

Archive

Release date: December 4, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1, 8.2

New and improved:

  • Added support for doing route discovery on Symfony cached routes.

Release date: November 7, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1, 8.2

New and improved:

  • Added Bookworm as a Debian distribution package.

Release date: October 25, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1, 8.2

New and improved:

  • Added initial support for PHP 8.2.

Release date: October 23, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Added logging of environment variables to the agent log.

  • Added additional logging about unwritable log directories.

Release date: August 15, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

Bug fixes:

  • Addresses two issues that caused a segmentation fault in the PHP extension when parsing certain framework files. (SUP-4910)

Release date: August 14, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

Bug fixes:

  • Addressed the issue of incorrectly named proxy configuration items. (PHP-828)

Release date: August 10, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Added ability to specify a proxy to use for Contrast communication.

Release date: July 13, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Added logging around setting the temporary path for the network communication layer.

Release date: June 29, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

Bug fixes:

  • Fixed an issue where setting the request logging feature (api.log_requests) to true while using STDOUT as the log output path would result in no logging of network requests.

Release date: May 31, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

Bug fixes:

  • Fixed issue with seg fault when running with PHP 8.0 and Laravel 9.

  • Fixed issue with passthrough module not loading on versions 8.0 and 8.1.

Release date: May 17, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Updated internal packages to address a security flaw.

  • Removed an unused configuration setting.

Bug fixes:

  • Fixed an issue where certain PHP files would cause a segmentation fault in the agent. Improved overall agent robustness.

Release date: April 28, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Updated internal library versions.

Release date: April 17, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Added Jammy as a Debian distribution package.

Release date: March 30, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Detection of Symfony framework and version.

  • Added instrumentation for Doctrine when using Symfony.

Bug fixes:

  • Updated the copyright date for the license file.

  • Ensured that group, metadata, and session_metadata values from the configuration file are properly parsed for automatic application onboarding.

Release date: February 17, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Added support for Symfony framework.

Release date: January 26, 2023

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Added SCA analysis for custom Drupal modules (not installed via Composer).

Bug fixes:

  • Fixed a potential crash in the agent when encountering PHP code that consists of a coalesce call and a closure.

  • Updated the data provided to Contrast to ensure that it contains a valid stack trace.

  • Eliminated some potential false positive reflected-xss reports from request headers.

Release date: November 14, 2022

Language versions currently supported: PHP 7.4, 8.0, 8.1

New and improved:

  • Identify Drupal modules not installed via Composer.

  • Added support for PHP 8.0.

Bug fixes:

  • Use the web server root directory as the working directory when running with PHP-FPM on Red Hat Enterprise. (PHP-679)

Release date: September 20, 2022

Language versions currently supported: PHP 7.4., 8.1

New and improved:

  • Initial support for PHP 8.1.

Release date: August 30, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Added initial Assess support for Drupal 8 and 9.

  • Added SCA support for Drupal 8 and 9 when installing modules using Composer packages.

Release date: June 28, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Added support for LDAP injection rules.

  • Added support for NoSQL injection rules for MongoDB and Redis.

Release date: June 13, 2022

Language versions currently supported: PHP 7.4

Bug fixes:

  • Fixes minor issue with route discovery logs.

Release date: June 06, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Initial triggers for redos rule.

  • Provides packages for arm64/aarch64.

Bug fixes:

  • Includes fixes previously released in 1.3.1 and 1.3.2.

Release date: May 26, 2022

Language versions currently supported: PHP 7.4

Release date: May 25, 2022

Language versions currently supported: PHP 7.4

Bug fixes:

  • Better error handling for request shutdown hook. (PHP-576)

Release date: May 24, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Initial support for nosql-injection rule: initial support is for the Datastax Cassandra CQL driver for PHP.

  • Support for capturing full stack traces and relevant common configuration options.

Bug fixes:

  • Fixed issue when using relative agent log path. (PHP-540)

  • Fixed issue with route discovery when running under php-fpm. (PHP-528)

Release date: May 11, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Agent is now disabled by default with PHP command-line interface (CLI) in order to prevent accidental analysis of PHP scripts and commands.

  • Added diagnostic script contrast-php-util to agent package along with experimental commands for enabling/disabling agent to ease onboarding.

  • Added support for reflection-injection rule.

Bug fixes:

  • Contains fixes for configuration of Assess and API certificates that were included in previous individual bugfix releases.

Release date: April 26, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Add certificate configuration option for Contrast API.

Release date: April 25, 2022

Language versions currently supported: PHP 7.4

Bug fixes:

  • Agent now defers to Contrast web interface setting for enabling Assess if omitted from configuration. Previously the agent required Assess to be explicitly enabled locally as well.

Release date: April 21, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Improvements to trace event rendering in the Contrast web interface.

  • Added coverage to unsafe-code-execution for extract function.

Bug fixes:

  • Fixed issue with configuration file discovery paths. (PHP-496)

  • Fixed issue with json_decode propagation. (PHP-482)

Release date: April 4, 2022

Language versions currently supported: PHP 7.4

New and improved:

  • Assess and SCA feature support for PHP applications.

  • Support for the Laravel framework.