Changelog for phpMussel (>= v1.0.0, < v2.0.0), "Changelog-v1.txt".
=== VERSIONING GUIDELINES ===
phpMussel adheres to the SemVer guidelines for versioning.
Versioning guidelines for SemVer can be found at: https://semver.org/
=== Changes made since last versioned release ===
(none)
=== Version/Release 1.10.0 ===
MINOR RELEASE.
- [2019.04.02; Maikuolan]: Changed a misleading variable name.
- [2019.04.02-07; NEW FEATURE; Maikuolan]: Implemented a new, unified caching
system to the package, optionally allowing package users to choose from a
range of different caching mechanisms supported by the new caching system,
currently consisting of APCu, Memcached, Redis, and PDO-based caching,
alternatively deferring back to the package's existing flatfile caching
mechanism when no other mechanisms are otherwise chosen.
- [2019.04.09; Maikuolan]: Slightly adjusted the file reading part of the cache
handler to account for some potential edge-case problems on some servers.
- [2019.04.17; Maikuolan]: The front-end homepage now checks and displays
whether various extensions that can be used by phpMussel are installed and
available (APCu, Memcached, Redis, PDO, PCRE, cURL, etc).
- [2019.04.19; Maikuolan]: Slightly refactored the front-end updater and made
some changes to the executor (needed for a smooth v2 transition).
- [2019.04.21; Bug-fix; Maikuolan]: Found a small bug affecting RTL users that
could potentially cause text to align incorrectly in some cases; Fixed.
- [2019.04.28; Maikuolan]: Implemented a new class, "Demojibakefier", to give
phpMussel the ability to detect whether data conforms to a specific character
encoding.
- [2019.04.29; Maikuolan]: Added some colours to the "fancy formatting" mode of
the front-end logs page, to make it a little fancier (it was looking kind of
boring before).
Caleb M (Maikuolan),
April 30, 2019.
=== Version/Release 1.9.1 ===
PATCH RELEASE.
- [2019.03.02; Bug-fix; Maikuolan]: The loader would sometimes fail to
correctly distinguish between direct requests and indirect requests, an
ability currently needed to be able to access the front-end; Fixed.
- [2019.03.06; Maikuolan]: Slightly improved the front-end updates page
component verification feature. The distinction between failed integrity
checks and failed sanity checks should be a little more obvious now.
- [2019.03.19; Maikuolan]: Added a number of new plugin hooks:
"ArchiveRecursor_start", "before_chameleon_detections",
"before_domains_api_lookup", "before_vt", "DataHandler_start",
"MetaDataScan_start", "new_sigfile", "new_sigfile_type", "Recursor_start".
Refer to the v1 plugin boilerplate for more information about where these
hooks are executed.
- [2019.03.22; Maikuolan]: Added a new malware type shorthand entry (Miner).
- [2019.03.29; Maikuolan]: Redesigned the front-end cache data page. It should
now be a little easier to navigate the page and to interpret its data.
Caleb M (Maikuolan),
March 31, 2019.
=== Version/Release 1.9.0 ===
MINOR RELEASE.
- [2019.02.06; Maikuolan]: Completely overhauled the way that L10N data is
processed and handled. A new class has been written to handle all L10N data,
and L10N data is now processed and handled in an entirely object-oriented
way. L10N data isn't stored as PHP files anymore, to be required into the
package. Instead, L10N data is now stored entirely as YAML files. Using YAML
instead of PHP should theoretically be a little safer in certain, edge-case
scenarios, and should be much easier to work with for when introducing new
translations into the package in the future (i.e., for translators which
aren't familiar or aren't comfortable working with PHP). This overhaul also
serves as a small stepping stone towards a future, more object-oriented major
version release.
- [2019.02.07; Maikuolan]: Added suggested values for ipaddr as selectable
options to the front-end configuration page.
- [2019.02.11; Maikuolan]: Slightly refactored the loader.
- [2019.02.14; Bug-fix; Maikuolan]: A mechanism on the front-end updates page
to ensure that interdependent components updated simultaneously sometimes
wouldn't trigger properly; Fixed.
- [2019.02.24; Maikuolan]: Added a new vendor shorthand entry (Malware.Expert).
- [2019.02.24; Maikuolan]: Added SHA1 and SHA256 support to the code for
processing hash signatures (there wasn't anything other than MD5 signatures
to process prior to now, so there wasn't any need to add support for other
hash algos; some SHA1 and SHA256 hash signatures were recently added to some
signatures files though, warranting that this support now be added).
- [2019.02.25; Maikuolan]: Reorganised the "some useful links" list on the
front-end homepage a little (should look a little nicer now). Added a generic
"hash" command to CLI-mode in favour of the various former individual hash
commands, in order to be able to properly leverage all algos available to PHP
at any time without the need to implement support for specific algos in the
future (these various former individual hash commands will still work, but
should be considered deprecated, and will be dropped when v2 is released).
- [2019.02.26-27; NEW FEATURE; Maikuolan]: Added the ability to flag or block
archives that contain a number of files exceeding a specified limit. This
limit can be specified using a newly added configuration directive,
"max_files_in_archives".
Caleb M (Maikuolan),
February 28, 2019.
=== Version/Release 1.8.0 ===
MINOR RELEASE.
- [2018.10.22; Maikuolan]: Slightly refactored and a new safety check added.
- [2018.11.04; Documentation; Maikuolan]: Added some missing information to the
Composer installation instructions.
- [2018.11.15; Sub-minor code change; Maikuolan]: Slightly improved quine
detection.
- [2018.12.12; Maikuolan]: Added Crx (Chrome Extension Package) support and
slightly refactored again.
- [2018.12.19; Sub-minor code change; Maikuolan]: Split apart the YAML handler
a little more (doesn't change anything functionally, but should help to
slightly reduce complaints sometimes made by certain code quality checkers
and such). It's also less messy now to use an integer value of zero as a key.
- [2019.01.05; Sub-minor code change; Maikuolan]: Changed the default value of
"pseudonymise_ip_addresses" from "false" to "true" in order to strengthen
GDPR compliance.
- [2019.01.07; Sub-minor code change; Maikuolan]: Improved the front-end file
manager, making items in the components list clickable, to display further
relevant information.
- [2019.01.19; Sub-minor code change; Maikuolan]: Refactored logging to provide
slightly better L10N, plus various other minor refactoring done elsewhere.
Updated the minimum safe PHP version fallback information.
- [2019.01.25; Maikuolan]: The YAML handler has been migrated away from the
main functions file and into its own, dedicated class file (this class file
will also be released as part of a separate package in the near future).
Improved the UI for the front-end updates page verification feature.
- [2019.01.29; Bug-fix; Maikuolan]: For some configuration directives where
predefined multiple choices are available, the front-end configuration page
was ignoring custom defined values; Fixed.
Caleb M (Maikuolan),
January 29, 2019.
=== Version/Release 1.7.0 ===
MINOR RELEASE.
- [2018.10.12-17; Maikuolan]: Completely dropped all support for scanning phar
files with phpMussel, due to vulnerabilities discovered in the way that the
phar wrapper was implemented in phpMussel (with no safer, more secure
alternative known at this time for handling phar files, I neither plan nor
anticipate ever reintroducing phar support in the future). Deprecated and
completely removed the allow_symlinks configuration directive (we don't need
this anymore, because it was intended to address a problem in phar, which we
won't be using anymore anyway). Dropped the max_recursion default value from
10 down to 3 as a means to tighten security and improve safety for when
handling archives. Completely overhauled the way that phpMussel deals with
archives during a scan event, ditching almost all code associated with the
archive phase of scanning, and implementing a separate, newly created archive
handler, compression handler, and temporarily file handler. phpMussel now
partially utilises OOP for handling archives, and includes a small number of
classes in its codebase (a possible stepping stone towards a future v2.0.0).
File decompression is now implicit, rather than explicit. Slightly improved
the aesthetic for displayed scan results in CLI where archives are concerned.
The recursor closure isn't responsible for the code associated with the
archive phase of scanning anymore. Instead, a new, separate archive recursor
closure has been created to deal with the code associated with the archive
phase of scanning. Zip archive scanning is now fully recursive. Rar archive
scanning is now fully supported (can scan recursively, can detect encryption,
etc). Added quine detection. Added a table to the documentation to clarify
which compression and archive formats are and aren't supported, and removed
some otherwise ambiguous wording about it from the documentation and L10N
data. Refactored all chameleon attack detection code.
- [2018.10.20; Bug-fix; Maikuolan]: Missing filename extension information in
archive recursor prevented detection of OLE objects; Fixed.
Caleb M (Maikuolan),
October 20, 2018.
=== Version/Release 1.6.0 ===
MINOR RELEASE.
- [2018.08.08; Maikuolan]: Performed some early legwork for future email
functionality and future two-factor authentication functionality (neither
things are prime-time ready yet though). A handful of new configuration
directives have been added (currently marked as experimental/unstable) which
won't do anything yet, but which are related to this future functionality.
- [2018.08.09; Sub-minor code change; Maikuolan]: Slightly improved front-end
logging.
- [2018.08.10; Bug-fixes; Maikuolan]: Fixed a weakness in the fallback for
fetching the IP address of inbound requests. Fixed some wrong variables used.
- [2018.08.11-12; NEW FEATURE; Maikuolan]: Added support for two-factor
authentication by email for when logging into the front-end! It is strongly
recommended that all users using the front-end should use this new feature
for improved front-end security (documentation explaining how to use this
properly will be available in the near future).
- [2018.09.12; Sub-minor code change; Maikuolan]: Replaced some real typecasts
with float due to the anticipated deprecation of the real type for PHP 7.4.
- [2018.09.19; Sub-minor code change; Maikuolan]: Added a new safety mechanism
for when dealing with the front-end database.
- [2018.09.21; Bug-fix; Maikuolan]: Webfont cleanup procedure removed wrong
part from template files when webfonts not clearly marked; Fixed.
- [2018.09.22; Sub-minor code change; Maikuolan]: Slightly refactored all the
HTML template files, slightly reducing indenting and improving readability.
- [2018.09.23; Sub-minor code change; Maikuolan]: Removed capitalisation from
front-end username display (doesn't always play nice with non-ANSI data).
- [2018.09.26; Sub-minor code change; Maikuolan]: Front-end L10N slightly
refactored (1.6.0-DEV+18268592).
- [2018.10.01; Sub-minor code change; Maikuolan]: Slightly improved the
interface for the front-end upload test page (1.6.0-DEV+18273100).
- [2018.10.02; Bug-fix; Maikuolan]: Wrong variable used in a foreach loop
belonging to the URL scanner, preventing it from correcting catching URLs;
Fixed (1.6.0-DEV+18273842). Thanks to nemiq for identifying this bug. :-)
Refer github.com/phpMussel/phpMussel/issues/171
IMPORTANT: Archive checking has been temporarily forcibly disabled for this
release in response to a security vulnerability. However, archive checking will
be completely overhauled in the near future as a more permanent solution to
this problem, at which point it should be safe to reenable archive checking.
Caleb M (Maikuolan),
October 6, 2018.
=== Version/Release 1.5.0 ===
MINOR RELEASE.
- [2018.06.02; Sub-minor code change; Maikuolan]: Added some additional safety
and sanity checks to the updater. Improved the display order of logfiles
listed on the logs page.
- [2018.06.06; Sub-minor code change; Maikuolan]: Updated the front-end
homepage to include some links to repository backup locations.
- [2018.06.07; Bug-fix; Maikuolan]: Fixed a possible "undefined index" error
that could occur when updating phpMussel via Cronable.
- [2018.06.08; Bug-fix; Maikuolan]: Discovered an aesthetic bug whereby the
logs page would stretch sometimes because of non-breaking log entries; Fixed.
- [2018.06.10; Sub-minor code change; Maikuolan]: The logs page now displays
the total processing time required for the request. Added the ability to
generate hash tables to the front-end updates page (useful mostly for when
verifying the integrity of components or for when preparing for future
updates).
- [2018.06.13; Sub-minor code change; Maikuolan]: Refactoring again.
- [2018.06.17; NEW FEATURE; Maikuolan]: Added a new page to the front-end for
viewing some basic information about an installation's currently active
signatures such as the number of signatures from specific vendors, what
they're targeting, the type of malware they correspond to, etc.
- [2018.06.20; Sub-minor code change; Maikuolan]: Split shorthand data out to
its own file to improve logic and reduce duplication.
- [2018.06.26; NEW FEATURE; Maikuolan]: Added an optional directive to specify
the maximum number of files allowed to exist in the quarantine.
- [2018.06.28; Bug-fix; Maikuolan]: Found a small typo in one of the JavaScript
functions on the front-end accounts page; Fixed.
- [2018.07.01; Sub-minor code change; Maikuolan]: It's now possible for users
to specify their own sort order for when the updater activates or deactivates
signature files.
- [2018.07.11; Bug-fix; Maikuolan]: Wrong vendor name shown for some detections
due to a missing check (non-critical); Fixed.
- [2018.07.12; Minor code change; Maikuolan]: Removed an unnecessary check that
was being performed on the names of files in archives. Added a new
configuration directive to optionally enable/disable that same check
elsewhere.
- [2018.07.19; Minor code change; Maikuolan]: Added a configuration directive
allowing users to specify which file extensions should be accepted as PHP
files during a scan. Also performed some subtle refactoring of various parts
of the codebase.
- [2018.07.31; NEW FEATURE; Maikuolan]: Added the ability to block files that
contain macros and a new corresponding directive. Refactored various parts of
the codebase. Removed an old closure that wasn't needed anymore. Updated the
OLE testfile.
Caleb M (Maikuolan),
August 1, 2018.
=== Version/Release 1.4.0 ===
MINOR RELEASE.
- [2018.05.07-09; NEW FEATURE; Maikuolan]: Added log rotation to phpMussel.
With log rotation, it's possible to specify a maximum number of logfiles that
should exist in the vault, and optionally delete or archive them when that
limit is exceeded.
- [2018.05.09; Bug-fix; Maikuolan]: Attempting to log into the front-end via
ports other than port 80 would fail due to the way that cookies were being
set; Fixed.
- [2018.05.14; Sub-minor code change; Maikuolan]: Logs page can now access
GZ-compressed logfiles.
- [2018.05.16; Sub-minor code change; Maikuolan]: Changed the default value of
the "disable_webfonts" directive from "false" to "true" (meaning they should
now be disabled by default).
- [2018.05.16; NEW FEATURES; Maikuolan]: Added support for pseudonymising IP
addresses when logging. Added the ability to include a privacy policy link
in the footer of the Access Denied page.
- [2018.05.18; Minor code change; Maikuolan]: Refactored most of the procedures
for the front-end updates page, splitting some large closures and slightly
reducing filesize footprint. Added some new internal executor abilities for
components metadata to the front-end updates page, allowing for theoretical
smoother transitions when update channels change.
- [2018.05.19; Sub-minor code change; Maikuolan]: Added some basic confirmation
prompts to some of the "clear all" and "delete all" buttons on some front-end
pages (may expand this in the future).
- [2018.05.24; Documentation; Maikuolan]: Added a "legal information" section
to the documentation to address the collection and processing of PII, and how
it relates to users, third parties, logging, etc, including some basic
information about GDPR/DSGVO and some related links for further information.
Refer github.com/CIDRAM/CIDRAM/issues/66
- [Supported Versions] Because this release contains changes which may improve
the legal compliancy of the package for some users, all previous versions of
the package are hereby marked EoL/unsupported on the "compatibility charts".
Refer maikuolan.github.io/Compatibility-Charts/
Caleb M (Maikuolan),
May 25, 2018.
=== Version/Release 1.3.1 ===
PATCH RELEASE.
- [2018.04.16; Sub-minor code change; Maikuolan]: Slightly refactored some of
the front-end code.
- [2018.04.25; Bug-fix; Maikuolan]: Found a problem whereby the way that the
data handler split signatures into their constituent parts (signature name,
detection criteria, etc) during the scan process could result in expression
compilation failures and an inability to utilise the affected signatures;
Fixed. Refer github.com/phpMussel/phpMussel/issues/157
Caleb M (Maikuolan),
Apr 25, 2018.
=== Version/Release 1.3.0 ===
MINOR RELEASE.
- [2018.02.06; Maikuolan]: The support forum for the project hosted by Spambot
Security has effectively become inoperable and defunct due to unmitigable
circumstances concerning its server. Accordingly, the project support forum
is hereby deprecated, and all references to the project support forum and to
Spambot Security have been removed from the codebase and all documentation.
The issues page for the project at GitHub remains as the uncontested primary
support endpoint for the project.
- [2018.02.14; Sub-minor code change; Maikuolan]: Some very subtle front-end UI
improvements; Support for asynchronous requests added to some front-end
pages.
- [2018.02.15; Sub-minor code change; Maikuolan]: Component update/installation
via Cronable should fail if unit tests fail; Added code for this accordingly.
- [2018.02.20; Bug-fix; Maikuolan]: The closures for activating and
deactivating components via the front-end updates page would fail if non-CRLF
linebreaks were used by the configuration file (thanks to senky for reporting
this bug); Fixed.
Refer github.com/phpMussel/phpMussel/issues/151
- [2018.02.27; Sub-minor code change; Maikuolan]: Added internal language
support for Bangla (20 language localisations now completed and available).
Translation is very fuzzy though (auditing/checking is invited/encouraged).
- [2018.02.27; Sub-minor code change; senky]: Added a new plugin hook,
"frontend_before", executed towards the beginning of the front-end handler.
- [2018.02.28; Minor code change; Maikuolan]: Added a new front-end page,
"Cache Data", enabling users to review the contents of their cache.
- [2018.03.25; Partial bug-fix; Maikuolan]: Coded a workaround to partially
address the dotless phar file bug, allowing users to scan dotless ZIP files.
Refer github.com/phpMussel/phpMussel/issues/155
- [2018.03.25; Bug-fix; Maikuolan]: "VersionCompare" function gave incorrect
results when comparing against certain, specific Ubuntu builds of PHP; Fixed.
- [2018.04.02; Documentation; Maikuolan]: Added an index to the FAQ. Added some
information to the FAQ regarding the issue described by #61.
- [2018.04.03; Sub-minor code change; Maikuolan]: Various small improvements to
L10N data and its representation by the package in output.
- [2018.04.05; NEW FEATURE; Maikuolan]: Added the ability for phpMussel to
access files indirectly via symlinks, which could assist phpMussel in being
able to read files when doing so directly isn't possible (this feature is
disabled by default, but can be enabled via configuration).
Refer github.com/phpMussel/phpMussel/issues/156
- [2018.04.05; Sub-minor code change; Maikuolan]: Added "client information" to
the front-end homepage (currently just lists your IP address and user agent).
- [2018.04.06; Sub-minor code change; Maikuolan]: Modified logging mechanisms
as so that new directories will now be automatically generated when necessary
when writing new log data.
- [2018.04.12; Documentation; Maikuolan]: Added information to the FAQ to add
some clarity regarding blacklists, whitelists, and greylists (may build on
this later, but it should be adequate for now).
Caleb M (Maikuolan),
Apr 12, 2018.
=== Version/Release 1.2.0 ===
MINOR RELEASE.
- [2017.10.30; Bug-fix; Maikuolan]: Cancelled or pending CI tests sometimes
wouldn't display correctly on the updates page; Fixed.
- [2017.12.01; Bug-fix; Maikuolan]: PHP version warnings on the front-end
homepage weren't always displaying correctly; Fixed.
- [2017.12.05; Minor code change; Maikuolan]: Improved Cronable API, allowing
updates to occur without sending external requests (uses different methods).
Shifted a number of update closures from the front-end handler to the
front-end functions file for slightly improved efficiency.
- [2017.12.06; Bug-fix; Maikuolan]: Fixed a CRITICAL bug introduced yesterday
that could result in the updates page deleting files pertinent to components
being updated, thus corrupting those components and potentially rendering
the package inoperable.
- [2017.12.06; Sub-minor code change; Maikuolan]: Added a component file
verification option to the updates page. Removed the hotfixes file (this
file was intended to fix a number of older problems from previous versions of
the package that aren't relevant anymore).
- [2018.01.16; Bug-fix; Maikuolan]: Direct closure sometimes produced errors
when running phpMussel via Cron (e.g., via Cronable) due to SCRIPT_FILENAME
sometimes not being defined in that context; Fixed via isset check.
- [2018.01.17; Sub-minor code change; Maikuolan]: Performed some minor
refactoring. Added checks for whether there's been any changes to the list of
active signature files, or for whether they've been updated, which clears out
the hash cache if found to be the case.
Caleb M (Maikuolan),
Jan 20, 2018.
=== Version/Release 1.1.0 ===
MINOR RELEASE.
- [2017.08.22; Minor code change; Maikuolan]: Improved ability to scan within
specific PE sections (can identify PE sections intended for being scanned and
confine source data to the associated offsets). Added new options for offsets
in signatures.
- [2017.08.26; Sub-minor code change; Maikuolan]: The front-end updates page
now reports the number of added/removed bytes and the total time required for
when updating/installing/uninstalling components.
- [2017.09.01; Minor code change; Maikuolan]: Added an optional directive to
determine whether to detect and block encrypted files ("detect_encryption").
- [2017.09.01; Bug-fix; Maikuolan]: Found and fixed a bug introduced on
2017.08.22 relating to signature offsets.
- [2017.09.08; NEW FEATURE; Maikuolan]: Added support for Argon2 hashing for
passwords and sessions (requires PHP => 7.2.0; updating from older versions
of the package won't affect compatibility with older PHP versions, but the
option for using Argon2 simply won't be provided for versions < 7.2.0). A
new configuration directive ("default_algo") has been added, to allow users
to switch between the defined PHP default password hashing algorithm, BCRYPT,
and Argon2 (all options are still considered cryptographically secure at this
time and remain safe to use, but adding this additional support provides
additional choice and control to the end-user regarding encryption). Also
rewrote the code for the front-end accounts page accordingly.
- [2017.09.25; Sub-minor code change; Maikuolan]: Added rollback capability to
the front-end updates page for failed updates/installs (this should help to
prevent any corruption or broken installs from occurring due to unforeseen
problems, failed connectivity, etc). Added disk space/usage information to
the front-end file manager. Added links to vulnerability and compatibility
charts onto the front-end homepage.
- [2017.09.27; Minor code change; Maikuolan]: Added a pie chart to the file
manager, allowing users to visually interpret the footprint imposed by the
various files attributed to phpMussel and its components (requires installing
Chart.js via the front-end updates page). Also did some general refactoring
of the front-end code.
- [2017.09.27; Bug-fix; Maikuolan]: See issue #138 (update bug preventing some
specific components from updating at all).
- [2017.10.02; Sub-minor code change; Maikuolan]: Slightly improved the way
that the front-end logs page behaves.
- [2017.10.03; NEW FEATURE; Maikuolan]: Added a new page to the front-end for
viewing phpMussel usage statistics, and a corresponding configuration
directive to enable/disable tracking phpMussel usage statistics.
- [2017.10.07; Sub-minor code change; Maikuolan]: Added a simple metadata
cleanup routine to the front-end updates page.
- [2017.10.09; Sub-minor code change; Maikuolan]: Added the ability to fetch
component names and extended descriptions from the L10N data.
- [2017.10.15; Sub-minor code change; Maikuolan]: Improved L10N pluralisation.
- [2017.10.16; NEW FEATURE; Maikuolan]: Added a new page to the front-end for
viewing and handling quarantined files.
- [2017.10.26; Sub-minor code change; Maikuolan]: Added CI reports/tests to the
front-end updates page. Split the functions file into two distinct files (one
containing closures specifically intended for the front-end, and one for
everything else; this should increase code maintainability and make things
less confusing for future contributors).
- [2017.10.27; Sub-minor code change; Maikuolan]: Removed old PHP < 5.4.0 array
syntax in favour of newer, short array syntax.
- [2017.10.28; Sub-minor code change; Maikuolan]: Added cookie notice to the
front-end login page. Made the categories on the front-end configuration page
collapsable/expandable (this should help to make the page look less cluttered
and easier to navigate).
- [2017.10.28; Bug-fix; Maikuolan]: Bug found preventing the activation or
deactivation of components via the front-end updates page for multi-domain
installations when certain specific conditions were met; Fixed.
- [2017.10.29; NEW FEATURE; Maikuolan]: Added an API for Cronable, allowing
phpMussel to be updated automatically via cron.
Caleb M (Maikuolan),
29th October 2017.
=== Version/Release 1.0.0 ===
MAJOR RELEASE (BACKWARDS INCOMPATIBLE).
IMPORTANT NOTICE FOR THOSE UPDATING FROM A PREVIOUS VERSION: THIS RELEASE IS
NOT BACKWARDS COMPATIBLE WITH THE PREVIOUS RELEASE! PLEASE CAREFULLY REVIEW
THE DOCUMENTATION TO KNOW WHAT HAS CHANGED, IMPORTANT DIFFERENCES, ETC.
- [2016.03.18; Documentation]: Deleted the version zero changelog and created
a new changelog for our new major version one, "Changelog-v1.txt".
- [2016.03.18; Minor code change; Maikuolan]: Renamed all "INC" files to "PHP"
files and changed all references to them accordingly.
- [2016.03.18; MAJOR CODE CHANGE; Maikuolan]: Removed all deprecated < v1.0.0
functions.
- [2016.03.19; MAJOR CODE CHANGE; Maikuolan]: Converted all functions to
closures to help towards a fat-free implementation of phpMussel. Removed the
old "phpMussel_mail()" function from phpMussel entirely (this function would
make more sense as a plugin or an extension, rather than as part of the core
of phpMussel). Removed the update handler and all of its associated
components from phpMussel. Abandoned the use of globals entirely in favour of
using "use" for closures to reference our former globals.
- [2016.03.21; Sub-minor code change; Maikuolan]: Improved the way in which we
can detect whether we're in CLI-mode.
- [2016.03.22; Minor code change; Maikuolan]: Added an obfuscation closure in
order to avoid needing to directly call some certain potentially blocked
in-built PHP functions that are known to sometimes trigger false positives
for some certain potentially overzealous server-based security solutions.
Modified our normalisation closure to make use of our new obfuscation closure
in favour of using problematic falsing in-built functions as was previously
the case.
Refer github.com/phpMussel/phpMussel/issues/87
- [2016.03.24; Sub-minor code change; Maikuolan]: Removed references to the
"package" tag from all phpDoc page blocks in the package (we don't need
these, because we already have README documentation and don't use api-docs).
Refer github.com/phpMussel/phpMussel/issues/85
- [2016.03.24; Minor code change; Maikuolan]: Updated the plugin system as so
that hooks can now be registered for closures as well as functions (whereas
previously, they could only be registered for functions; note that this
partially reintroduces the use of globals, which in this case is used purely
for destructing unrequired closures when phpMussel terminates). This allows
the use of both functions and closures together (and to that extent, is
backwards-compatible); However, the prior change of the function for
registering hooks from being a function to being closure means that at least
that part of pre-v1 plugins must be modified to function correctly post-v1.
- [2016.04.18; Sub-minor code change; Maikuolan]: Slightly improved the error
handling for the configuration file.
- [2016.05.06; NEW FEATURE; Maikuolan]: Support for performing lookups to the
Google Safe Browsing API has now been implemented to a functional state;
Lookups to the Google Safe Browsing API can be enabled by including an API
key in the phpMussel configuration file (cURL is required in order for it to
work correctly).
Refer github.com/phpMussel/phpMussel/issues/65
- [2016.05.12; Sub-minor code change; DanielRuf/Maikuolan]: Improved the
"ReadFile" closure; It's now possible for developers/users to specify custom
block sizes for file reading.
Refer github.com/phpMussel/phpMussel/issues/89
- [2016.05.15; Sub-minor code change; DanielRuf/Maikuolan]: Improved the
"implode_bits" and "explode_bits" closures; Both these closures now return
strings rather than arrays (although these strings are still manipulated in
the same ways as before) and both these closures now execute about ~2.5-~2.7
times faster than they did before.
Refer github.com/phpMussel/phpMussel/issues/91
- [2016.05.18-22; MAJOR CODE CHANGE; Maikuolan]: Removed "compressor" as a
possible value for "$container". Completely rewrote the way that archives
are handled and processed by phpMussel (phpMussel will now attempt to parse
archives using in-built PHAR support prior to doing any further processing of
them; as a result, PHAR files are now supported by phpMussel). The code for
handling ZIP files has been removed in favour of simply using in-built PHAR
support, which also already supports ZIP files, TAR files and PHAR files (but
unfortunately, not recursively). The code for handling TAR files has been
heavily modified, but not removed (due to that this code could already handle
and process TAR files recursively; in-built PHAR support will be favoured for
handling these types of files, but the code for handling TAR files will be
used nonetheless when dealing with recursive TARs). Two new closures have
been added to the functions file [/vault/functions.php]; "BuildPharList" for
generating lists of the contents of files processed using the in-built PHAR
support, and "MetaDataScan", which will act as an intermediary wrapper for
the Data Handler whenever called from within the Recursor during the archive
scan phase. Some minor refactoring has occurred, removing some unrequired
error suppression and cleaning up duplicated code. Calls to "die" from within
closures have been removed in favour of using exceptions.
- [2016.05.25; Documentation; Nadeen Shawa / Maikuolan]: Completed translation
of the documentation to Arabic (documentation prep and markdown formatting by
Maikuolan/Caleb, but the actual translations were done by Nadeen Shawa). With
this translation completed, the phpMussel documentation is now available in
12 fully completed translations with 1 other translation near to completion.
- [2016.05.31; Documentation; m7mdtiger]: Completed audit/review/rewrite for
the Arabic translation of the README documentation.
- [2016.06.02; Minor code change; Maikuolan]: Added the ability to use dated
logfiles! Now, some simple variables ({dd}, {mm}, {yyyy}/{yy}, {hh}) can be
included when specifying the names to use for logfiles in order to organise
logfiles by date/time. Added a new directive ("timeOffset") to account for
the possibility of discrepancies between servers and the local time of those
using phpMussel.
- [2016.06.11; Documentation; Maikuolan/Vy]: Completed translation of the
documentation to Vietnamese. With this translation completed, the phpMussel
documentation is now available in 13 fully completed translations.
- [2016.06.13; Minor code change; Maikuolan]: Updated the Google Safe Browsing
API from v3.1 to v4; Did some more phpDoc work.
- [2016.06.22; Bug-fix; Maikuolan]: Incorrect language data entry used for some
upload errors; Fixed. Thanks to mtrefzer for spotting this. :-)
Refer github.com/phpMussel/phpMussel/issues/98
- [2016.06.24; Sub-minor code change; Maikuolan]: Changed the default value for
"forbid_on_block" from false to true (this should improve compatibility with
PJAX-based frameworks and systems).
- [2016.06.27; Bug-fix; Maikuolan]: Key value was being fetched from an
incorrect array for $HookID by the plugin hooks (affected all hooks); Fixed.
Thanks to mtrefzer for spotting this. :-)
Refer github.com/phpMussel/phpMussel/issues/99
- [2016.08.02; Documentation; Mie Shinohara]: Completed translation of the
documentation to Japanese. With this translation completed, the phpMussel
documentation is now available in 14 fully completed translations.
- [2016.08.07; Sub-minor code change; Maikuolan]: Slightly improved RTL text
support. Slightly improved/optimised the template file.
- [2016.12.02; Sub-minor code change; Maikuolan]: Added some polyfills to
extend compatibility with phpMussel to PHP 5.4.x (the newly introduced
front-end feature for phpMussel makes use of the password_hash and
password_verify functions, of which are only available natively to PHP
versions 5.5.0 and above).
- [2016.12.03; Sub-minor code change; Maikuolan]: Improved mechanism for making
determinations between requests via direct access and requests via hooks.
- [2017.02.11; MAJOR CODE CHANGE; Maikuolan]: Successfully completed building
the front-end for phpMussel! Using the phpMussel front-end, you can update
phpMussel directly from your browser, install/uninstall/update components,
signature files, and language packs, and more; You can modify core phpMussel
files, upload new files to your vault, view and download logfiles, and via
the accounts page, selectively grant access to others either to administrate
phpMussel on your behalf, or to a more limited degree, to access the
phpMussel logfiles directly from their browser; And you can update the
phpMussel configuration directly from your browser, too. Front-end access is
disabled by default for security reasons, but you can enable it via the
relevant newly created configuration directives pertaining to it. Completely
rewrote the configuration handler: Fallbacks aren't hardcoded with PHP at the
time of loading the configuration file anymore; Fallbacks are now determined
via a separate configuration defaults file written using YAML. Completely
dropped support for users overriding the default language specification until
further notice, and dropped the "lang_override" configuration directive (too
buggy at the moment; may reintroduce this feature back again later). Slightly
improved the template files. Completely removed support for archive metadata
signatures; This was long overdue, seeing as they'd already long since been
deprecated and removed from the ClamAV signatures set. Any relevant
signatures, where still applicable, have been converted to CoEx signatures.
Completely removed support for XML/XDP chunk signatures; They were unlikely
to be developed any further and were essentially irrelevant at this point
anyhow (associated vulnerabilities since patched, nothing new emerging, etc).
Testfiles for removed signature formats removed from the main repository (not
relevant anymore). Components files added/modified in order to better support
the newly completed front-end and to better accommodate changes to the
updates feature. Completely rewrote the scan process and completely rewrote
how all signatures are interpreted/read/used/etc. Major refactoring. Improved
future compatibility with PHP >= 8 ("each" function has been identified as
targetted for deprecation as of PHP 7.2.0). Temporarily dropped support for
whitelist signatures (this will be reintroduced again later). This update is
NOT backwards compatible with previous versions/commits for phpMussel.
- [2017.02.11; Signatures; Maikuolan]: IMPORTANT! Henceforth, phpMussel
signature files won't be included in the main repository nor in the package
downloads. In the future, phpMussel signature files can be installed either
via the front-end updates page, or via downloading from a separate, newly
created repository, located at "github.com/phpMussel/Signatures", manually
installing/uploading to the vault, and assigning the name of the signature
files to the relevant configuration directive.
- [2017.03.04; Documentation; Maikuolan]: Added front-end documentation.
- [2017.03.06-11; Sub-minor code change; Maikuolan]: Refactoring again.
- [2017.03.14; Documentation; Maikuolan]: Removed "future goals" from the
changelog.
- [2017.03.17; Documentation; Maikuolan]: New additions to the FAQ.
- [2017.03.24; Signatures; Maikuolan]: "General command detections" now
regarded in the same way as simply another type of signature file ("CSV").
Associated configuration directive removed. Functionality can be returned by
installing/enabling the relevant signature file for general command
detections.
- [2017.03.25; Documentation; Maikuolan]: Completed translation of the
documentation to Korean (very fuzzy though). With this translation completed,
the phpMussel documentation is now available in 15 different translations.
- [2017.03.26; Sub-minor code change; Maikuolan]: Added internal language
support for Korean (15 language options now supported in total). Implemented
some of Google's webfonts and slightly increased the text size for both the
front-end and the blocked upload template; This should significantly improve
text readability for phpMussel (previously, in some situations, it was very
difficult to properly read on-screen text produced by phpMussel). Also
implemented some other very small design tweaks in order to improve text
readability.
- [2017.03.27; Minor code change; Maikuolan]: Added a directive to optionally
enable/disable webfonts.
- [2017.03.28; Minor code change; Maikuolan]: Added the ability to install and
uninstall plugins via the front-end updater.
- [2017.03.30; Sub-minor code change; Maikuolan]: Some small, aesethetic
improvements done to the front-end.
- [2017.04.05; Sub-minor code change; Furqan Akbar]: Added internal language
support for Urdu (16 language localisations now completed and available).
- [2017.04.11; Minor code change; Maikuolan]: Added a new directive,
"timeFormat", to specify the date/time notation format used by phpMussel.
- [2017.04.12; Sub-minor code change; Maikuolan]: Temporarily removed donate
buttons from all project files (possibly may reinstate at a later date).
Made some subtle aesthetic improvements to the front-end.
- [2017.04.12; Documentation; Furqan Akbar]: Completed translation for the
phpMussel README documentation into Urdu. This totals 16 different language
versions of the README documentation now available.
- [2017.04.17; Sub-minor code change; Maikuolan]: Added internal language
support for Thai (17 language localisations now completed and available).
- [2017.04.21; Sub-minor code change; Maikuolan]: Improved support for
fractions/floats/reals/decimals/etc for configuration directives. Added some
basic system information to the front-end homepage, to help with debugging.
- [2017.04.22; NEW FEATURE; Maikuolan]: Added the ability to truncate logfiles
after they reached a certain size, specified by the newly added "truncate"
directive.
- [2017.04.22; Bug-fix; Maikuolan]: Fixed a bug whereby version information for
certain PHP release candidates would be compared incorrectly when using the
front-end updates page (only affects a small number of users).
- [2017.04.23; Sub-minor code change; Maikuolan]: Added "previewers" to the
front-end configuration page in order to make it easier for users to handle
configuration directives that deal with time and byte measurements.
- [2017.04.24; NEW FEATURE; Maikuolan]: Added a new configuration directive
allowing users to override the default timezone set by PHP. Changed the way
that configuration directives dealing with byte measurements are handled as
such that the unit now may be specified alongside the directive value (i.e.,
byte measurements are no longer locked to predefined units); These byte
measurements will default to kilobytes when no unit has been specified.
- [2017.04.27; NEW FEATURE; Maikuolan]: Added the ability to optionally
override configuration directive values on the basis of HTTP_HOST. This
should be useful for users running multi-domains installations as a way of
enforcing different values for different configuration directives for
different domains and sub-domains when necessary.
- [2017.04.29; Minor code change; Maikuolan]: Added filtering to the
configuration defaults, in order to allow the front-end configuration page to
omit any problematic value choices (for example; attempting to switch to a
new default language after having deleted its associated language files).
- [2017.05.01; Sub-minor code change; Maikuolan]: Subtle improvements for
mobile display ("responsiveness").
- [2017.05.19; NEW FEATURE; Maikuolan]: Added full support for custom themes!
This expands upon the theme support already previously provided which allowed
users to specify custom CSS files to use for the "Upload Denied" page, by way
of adding full support for custom themes which will now also apply to the
front-end, allowing a richer level of customisation, and can be installed via
the front-end updates page.
- [2017.05.24; Sub-minor code change; Maikuolan]: Slightly improved caching for
front-end assets (CSS files, images, etc).
- [2017.05.27; Minor code change; Maikuolan]: Added the ability to the
front-end updates page to update all components at once, with a single click.
- [2017.05.29; Sub-minor code change; Maikuolan]: Added internal language
support for Hindi (18 language localisations now completed and available).
- [2017.06.09]: Repository migrated from "Maikuolan/phpMussel" to
"phpMussel/phpMussel". All files, documentation, etc, updated accordingly. No
disruptions are anticipated as a result of this migration, but if you
encounter any, please let us know.
- [2017.06.18; Sub-minor code change; Maikuolan]: Improved debugging
functionality; Added a new method of debugging scan problems to phpMussel.
- [2017.06.22; Sub-minor code change; Maikuolan]: Slightly improved L10N
support (rendering numbers correctly, some punctuation fixes, etc).
- [2016.06.30; Bug-fix; Maikuolan]: Bug found whereby the URL scanner failed to
perform any API lookups when there weren't any active/installed/enabled URL
scanner signature files; Fixed.
- [2017.07.05; Sub-minor code change; Maikuolan]: Removed ini_get()/ini_set()
calls from the package (the loader). SensioLabs rating raised to "silver".
Alternative solutions for preventing uncontrolled PCRE backticking will be
sought and implemented prior to the v1.0.0 release.
- [2017.07.01-07; Sub-minor code change; Maikuolan]: More refactoring.
- [2017.07.09; Sub-minor code change; Maikuolan]: Added internal language
support for Turkish (19 language localisations now completed and available).
- [2017.07.13; MAJOR CODE CHANGE; Maikuolan]: Rewrote the way that plugin hooks
are handled by the package. The optional third parameter previously provided
with the hook register closure is now deprecated and no longer available (can
reference globally available variables via the "use" keyword when writing
closures to call variables between scopes when necessary, as an alternative).
A dedicated executor closure is now provided for executing hooks at
designated points in the codebase.
- [2017.07.14; Bug-fix; Maikuolan]: Bug found whereby some files would be
incorrectly processed by the switch file; Fixed.
- [2017.07.23; Sub-minor code change; Maikuolan]: The front-end homepage now
warns users if they're using a PHP version with known severe vulnerabilities
and exploits ("severe", in this context, defined as vulnerabilities and
exploits with a CVSS >= 9.0) and/or a PHP version that isn't actively
supported anymore (as determined by the php.net Supported Versions page). The
associated code for this is hardcoded manually, and therefore only updates
when the package updates (meaning that lack of warning should not necessarily
be perceived as a lack of vulnerabilities/exploits nor as an indication of
continued active support).
- [2017.07.29; NEW FEATURES; Maikuolan]: Added the ability to execute closures
and specific commands when specific conditions are met when using the
front-end updates page (installing, uninstalling components, etc). Added a
configuration directive to modify the font magnification for the front-end
and the Upload Denied page. Added information to the front-end homepage about
latest stable, unstable, and branch versions for phpMussel and PHP.
- [2017.07.30; Minor code change; Maikuolan]: Added a configuration directive
for specifying the preferred way to localise numbers when displaying numeric
information via the front-end and any other relevant means. Number L10N is
now independent of language choice, and has also been improved upon somewhat.
- [2017.08.09; Documentation; Maikuolan]: Instructions for installing phpMussel
have been slightly modified, and new information has been added to the
documentation regarding signature formats, signature file magic numbers,
information about SigTool, etc. Users performing fresh installs or updating
to v1.0.0 from older versions should re-read the installation instructions as
to be familiar with the changes.
- [2017.08.12; Sub-minor code change; Maikuolan]: Serialised logging now works
in CLI-mode (details about specific detections aren't listed yet, but
timestamps can be cross-referenced against standard logfiles to obtain this
information if required; plan to improve this in the future when possible).
- [2017.08.13; Bug-fix; Maikuolan]: Bug found whereby benign files would be
falsely identified as malicious if scanned within a period of time whereby
related cache entries exist due to the falsely identified file being
previously scanned alongside other files correctly identified as malicious
and thus collectively blocked; Fixed.
- [2017.08.17; Minor code change; Maikuolan]: Added a configuration directive
for temporarily disabling everything except the front-end
("maintenance_mode"). Might be useful in some situations when updating CMS,
frameworks, forum systems, etc.
Caleb M (Maikuolan),
20th August 2017.
======
"Changelog-v1.txt" contains changelog notes for versions => 1.0.0 < 2.0.0.
Changelog notes for versions => 2.0.0 < 3.0.0 can be found in the
"Changelog-v2.txt" file included with any relevant, corresponding releases.
Changelog notes for versions < 1.0.0 can be found in the "Changelog-v0.txt"
file or in the "_docs/change_log.txt" file included with any relevant,
corresponding releases.
|
Download
