Version 1.16 is an interim release, implementing a number of key changes and security fixes.
- Minor fixes to the BTTLS implementation (keylength calculations)
- Improved protection against injected Sessions
- Added configuration option to explicitly specify the cookie domain
- Added basic support for the X-Forwarded-For header
- Fixed a Minor Information Disclosure Vulnerability (PHPCRED-35)
- Implemented new logging types
- Replaced Mersenne Twister based key generation with use of /dev/urandom
- Implemented utility script to re-generate all crypto keys
Upgrading from Version 1.15 is as simple as overwriting the files within your install with those in the repository (make a backup of your database and configuration directory first though).
An upgrade path from Versions < 1.15 has been designed and is currently being tested