snuffleupagus (0.5.1) UNRELEASED; urgency=medium

  [ jvoisin ]
  * Add support for syslog
  * Improve OSX support
  * Improve marginally of php8+ compatibility
  * Improve php7.4 compatibility
  * Improve the default ruleset
  * Improve the documentation
  * Improve the gitlab CI

 -- jvoisin <julien.voisin+snuffleupagus@dustri.org>  Sat, 20 Jun 2020 12:30:00 +0200


snuffleupagus (0.5.0) UNRELEASED; urgency=medium

  [ kkadosh ]
  * Tighten a bit a command-injection prevention rule in the default rules set
  * Increased the portability of the testsuite
  * Improved documentation
  * Usual code cleanup
  * Snuffleupagus will throw an informative error when compiled for PHP5
  * Snuffleupagus will throw an informative error when compiled for PHP5
  * The testsuite is now run on Alpine, Fedora, Debian and Ubuntu
  * Some rules against now-known vulnerabilities/techniques were added
  * PHP7.4 is fully supported, without any compilation warning
  * Snuffleupagus can now be used with PHP compiled without sessions support as a builtin (which is the case on Alpine)
  * Fix a compilation warning on FreeBSD
  * Cookies hardening is now supported on PHP7.3+


 -- kkadosh <snuffleupagus@nbs-system.com>  Wed, 12 Jun 2019 16:40:00 +0200

snuffleupagus (0.4.1) UNRELEASED; urgency=medium

  [ kkadosh ]
  * Improve and clarify the documentation
  * Add support for PHP7.3
  * Improve the coverage, we have now reached 99% of coverage
  * Improve the `mb_string` hooking logic 
  * The script that check uploaded file is now available in PHP
  * Fix segfault on 32-bit for PHP7.3
  * Fix segfault when using `sloppy_comparison` feature with array


 -- kkadosh <snuffleupagus@nbs-system.com>  Fri, 21 Dec 2018 11:50:00 +0200

snuffleupagus (0.4.0) UNRELEASED; urgency=medium

  [ jvoisin ]
  * Add the possibility to whitelist `stream wrappers`
  * Snuffleupagus is now using php's logging mechanisms, instead of outputting its log directly into the syslog.
  * PHP is now prevented from ever disabling certificate verification thanks to a few lines in our default configuration.
  * Significant code simplification for cookies handling
  * Our `sloppy comparison` feature is now complete
  * Snuffleupagus won't start with an invalid config anymore, except if the `sp.allow_broken_configuration` is set.
  * It's now possible to place virtual-patches on the return value of user-defined functions.
  * Since Snuffleupagus is used by more and more organisations, we added a bunch of them in our propaganda page.
  * Add some missing pieces of documentation and fix some links
  * Fix the `make install` command
  * Fix various compilation warnings
  * Snuffleupagus is now running on platforms that aren't using the glibc

 -- jvoisin <snuffleupagus@nbs-system.com>  Fri, 31 Aug 2018 16:50:00 +0200

snuffleupagus (0.3.1) UNRELEASED; urgency=medium

  * Disable XXE and harden PRNG by default
  * Use SameSite on PHP's session cookie in the default rules
  * Relax a bit what files can be included in the default rules  
  * Add the possibility to ignore files hashes when generating rules
  * The filename filter is now accepting phar paths  
  * The harden rand_feature is not ignoring parameters anymore in function calls
  * Fix possible crashes/hangs when using php-fpm's pools  
  * Fix an infinite loop on echo hook
  * Fix an issue with filename filter
  * Fix some documentation issues
  * Fix the Arch Linux's PKGBUILD

 -- he2ss <snuffleupagus@nbs-system.com>  Tue, 20 Aug 2018 15:00:00 +0200

snuffleupagus (0.3.0) UNRELEASED; urgency=medium

  * Session cookies can now be encrypted
  * Some occurrences of type juggling can now be eradicated
  * It's now possible to hook echo and print
  * The .filename() filter is now matching on the file where the function is called instead on the one where it's defined.
  * Vastly optimize the way native functions are hooked
  * The format of the logs has been streamlined to ease their processing
  * Better handling of filters for built-in functions
  * Fix various possible integer overflows
  * Fix an annoying memory leak

 -- kkadosh <snuffleupagus@nbs-system.com>  Tue, 17 Jul 2018 15:00:00 +0200

snuffleupagus (0.2.2) UNRELEASED; urgency=medium
  * Add some assertions in the code
  * The `.dump()` filter is now supported for `unserialize`, `readonly_exec`, and `eval` black/whitelist
  * Add more rules examples
  * Provide a script to check for malicious file uploads
  * Significant performances improvement (at least +20%)
  * Significantly improve the performances of our default rules set
  * Our readme file is now shinier
  * Minor code simplification
  * Fix a crash related to variadic functions

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 12 Mar 2018 10:00:00 +0200

snuffleupagus (0.2.1) UNRELEASED; urgency=medium
  * The testsuite can now be successfully run as root
  * Fix a double execution when snuffleupagus is used with some other extensions
  * Fix an execution-context related crash
  * Support PCRE2, since it's required for PHP7.3
  * Improve a bit the portability of the code
  * Minor code simplification

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 07 Feb 2018 11:00:00 +0200

snuffleupagus (0.2.0) UNRELEASED; urgency=medium

  * Glob support in `sp.configuration_file`
  * Whitelist/blacklist functions in `eval`
  * `phpinfo` shows is the configuration is valid or not
  * Off-by-one in configuration parsing fixed
  * Minor cookie-encryption related memory leaks fixes
  * Various crashes fixes
  * Configuration files with windows EOL are correctly handled
  * General code clean-up
  * Documentation overhaul
  * Compilation on FreeBSD and CentOS
  * Select which cookies to encrypt via regular expressions
  * Match on return values from user-defined functions
  * Simplification and clean up of our linked-list implementation

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 18 Jan 2018 13:00:00 +0200

snuffleupagus (0.1.0) UNRELEASED; urgency=medium

  * Initial release.

 -- jvoisin <snuffleupagus@nbs-system.com>  Tue, 04 Jul 2017 17:51:31 +0200
