PHPIDS » Web Application Security 2.0

We are happy to announce the latest official release of the PHPIDS. This time we added tons of bug-fixes for issues reported by our users such as better compatibility with PHP 5.2.0 for the Debian Etch crowd, optimized caching features, a lot of tidying and of course fixes against latest filter rule circumventions. Credits and thanks go out to gwinger, thornmaker, Eduardo Vela, Gareth Heyes and Roberto Salgado. Of course also many thanks to all other users submitting bugs and improvements during the last weeks.

We also added the latest HTMLPurifier release and made the PHPIDS compatible with the new HTMLPurifier 4 branch. So if you see some E_USER_NOTICEs thrown after upgrading this might be due to the new config syntax used in the HTMLPurifier. Be sure to check this document to learn how to fix the issue.

Some might have noticed we were mentioned in one hell of a talk during Black Hat 2009. Be sure to have a look at the slides – if you are interested in latest XSS research this is definitely for you! Also there was a presentation held in London during an OWASP chapter by Gareth Heyes and me you might want to have a look at. It’s quite PHPIDS related and also filled with a lot of hopefully interesting XSS related material.

We hope you have fun with the new release – you can find it in the downloads section (like you wouldn’t know ). Contributions and feedback are welcome as usual.

Update:

We’ve made a mistake when packaging our release and played russian doll with our tarballs (stuck one tarball into another). For safety reasons (never change a released tarball!) we just released PHPIDS 0.6.1.1 which fixes this issue and removed 0.6.1 from distribution.

This entry was posted on Monday, August 17th, 2009 at 12:12 am and is filed under PHPIDS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.