It’s just PHPIDS 0.5.3 mom…
Thursday, September 25th, 2008It’s been a while - two months to be precise - since we published the last release of the PHPIDS. But the time waiting was worth it - PHPIDS 0.5.3 brings a lot of features - most of them requested by our users.
Besides a numerous minor fixes this release ships support for the SQL Hex-Encodings like 0×426F6F21 - SQL Injection vectors utilizing this kind of obfuscation thus can now be detected and translated without any problems. The PHPIDS 0.5.3 also delivers JSON support - meaning you can flag certain fields as JSON in the Config.ini to make sure the are decoded properly before hitting the rules and neither generate false alerts nor smuggle payload nested in JSON properties. We were able to fix a hell lot of false alerts - mainly by the help of the guys from epublica, our fellow forum users and several other contributors. You won’t imagine how much trouble we had with smilies and other emoticons…
We also optimized the Centrifuge slightly and tweaked the nested base64 detection and translation - so again less false alerts and more impact when real attacks strike.
Max Romanovsky - another forum user reported a problem with AJAX requests and line breaks - and even submitted a valid fix which we of course included too. Gareth Heyes and David Lindsay found a handful of new XSS injections - and Johannes Dahse reported several SQL Injection vectors that bypassed the rules. Thanks for your great support! We also managed to make the rule files a little bit smaller again - just 3 bytes but we guess that’s better than nothing 
So - we hope as usual you have fun with this release. Don’t forget to give us some feedback on how the system works for you to help us making 0.5.4 even a little bit better.
