Version 1.16

(updated )

Version 1.16 of PHPCredlocker has been released and can be obtained from https://github.com/bentasker/PHPCredLocker

 

Release Notes

Version 1.16 is an interim release, implementing a number of key changes and security fixes.

  • Minor fixes to the BTTLS implementation (keylength calculations)
  • Improved protection against injected Sessions
  • Added configuration option to explicitly specify the cookie domain
  • Added basic support for the X-Forwarded-For header
  • Fixed a Minor Information Disclosure Vulnerability (PHPCRED-35)
  • Implemented new logging types
  • Replaced Mersenne Twister based key generation with use of /dev/urandom
  • Implemented utility script to re-generate all crypto keys

 

Upgrade Path

Upgrading from Version 1.15 is as simple as overwriting the files within your install with those in the repository (make a backup of your database and configuration directory first though).

An upgrade path from Versions < 1.15 has been designed and is currently being tested

Share this post on Twitter Share this post on Reddit Share this post on LinkedIN Share this post via Whatsapp Share this post via Telegram Share this post via QQ Share this post via Email