Version 1.16

Version 1.16 of PHPCredlocker has been released and can be obtained from https://github.com/bentasker/PHPCredLocker

 

Release Notes

Version 1.16 is an interim release, implementing a number of key changes and security fixes.

  • Minor fixes to the BTTLS implementation (keylength calculations)
  • Improved protection against injected Sessions
  • Added configuration option to explicitly specify the cookie domain
  • Added basic support for the X-Forwarded-For header
  • Fixed a Minor Information Disclosure Vulnerability (PHPCRED-35)
  • Implemented new logging types
  • Replaced Mersenne Twister based key generation with use of /dev/urandom
  • Implemented utility script to re-generate all crypto keys

 

Upgrade Path

Upgrading from Version 1.15 is as simple as overwriting the files within your install with those in the repository (make a backup of your database and configuration directory first though).

An upgrade path from Versions < 1.15 has been designed and is currently being tested

 
 Share