- [2020.07.20] First stable release for the phpMussel v3 Core.
Why "v3.0.0" instead of "v1.0.0?" Prior to phpMussel v3, the "phpMussel Core", "phpMussel CLI-mode", "phpMussel Front-End", and "phpMussel Uploads Handler" ("phpMussel Web") were all bundled together as a single repository (phpMussel/phpMussel). Since phpMussel v3, these each all have their own, separate repositories. I've opted to start releases at this repository (phpMussel/Core) at v3.0.0, in order to avoid confusion with previous versions of the "phpMussel Core" which exist outside this repository.
- [2020.10.01]: Discovered that the image chameleon attack detection could generate false positives against Mac OS X thumbnails; Fixed. Refer #223.
- [2020.07.31]: Improved the way that the (generated by ...) notice, displayed at the footer of HTML pages, is rendered.
- [2020.08.05]: Addressed a potential compatibility problem with some specific kinds of symlinked installations.
- [2020.10.01; v10mthibault]: Typo in Loader.php; Trying to call function sprint instead of sprintf which leads to an error; Fixed.
- [2020.10.15]: Wrong number of files reported when recursively scanning through directories; Fixed. Refer #225.
- [2020.10.18]: A small, minor scan optimisation mechanism found to be faulty, causing signatures to sometimes be skipped when not intended; Removed it. Refer #224.
- [2020.11.20]: Added partial support for detecting objects and files embedded within pdf files (due to the nature of how this has been implemented, for the purpose of scanning these embedded objects and files, phpMussel will regard pdf as an archive format; this is intentional).
- [2020.11.26]: Ditched external test frameworks in favour of GitHub Actions. Replaced existing tests. (More work needs to eventually be done towards tests. This will eventually happen at some point).
- [2020.11.27]: Some minor code-style cleanup.
- [2020.12.04]: Maintenance release (dependencies update, repository cleanup, etc).
- [2021.01.10]: Separated the code for performing outbound requests through cURL out to its own independent class.
- [2021.02.05]: The default timeout for external requests is now configurable.
- [2021.02.07]: Added the ability to hide the phpMussel version used.
- [2021.04.19]: BuildPath could potentially trigger warnings when open_basedir is defined, causing logging, among various other internal file operations, to fail (related to PHP bug 69240); Fixed.
- [2021.05.01]: Log truncation not being calculated properly; Fixed.
- [2021.05.28]: Wrong casing used for some variables would cause undefined variable errors to occur; Fixed (#3).
- [2021.03.11]: Added some missing return type declarations.
- [2021.05.28]: Performed some minor refactoring.
- [2021.06.10]: Added a flag for successful hits against blacklisted filetypes (needed by the upload handler for a newly added configuration directive). Also did some very minor refactoring.
- [2021.09.05]: Precaution against potential future undefined index added to fallback method.
- [2021.10.30]: Code-style cleanup: Public before private properties, magic before public before private methods.
- [2021.10.31]: Added the ability to segregate cache data on the basis of prefixes specified by the instance. This could be useful for when different installations are utilising the same caching mechanisms at the same server.
- [2022.02.01]: Failed to correctly determine the client's IP address under certain circumstances (e.g., multiple choices available via HTTP_X_FORWARDED_FOR); Fixed.
- [2021.11.27]: At the front-end configuration page, configuration directives relying on specific extensions (specifically, at this time, the supplementary cache options) will now include a notice as to whether the extensions relied upon are available.
- [2022.03.11]: Shorthand data was quoted, but needed to be defined as literals in order to avoid being unentitised prior to being parsed as regular expression partials, in order to avoid breaking those expressions and potentially triggering fatal errors; Fixed.
- [2022.03.24]: Fixed a bottleneck in the scan process caused by the readFileBlocks method (phpMussel/phpMussel#231).
- [2022.02.21]: Improved IP address resolution strategy.
- [2022.02.21]: Added a default caching prefix.
- [2022.06.16]: Warning generated since PHP 8.1 for parse functionality; Fixed.
- [2022.08.18]: Added L10N for Persian/Farsi, Hebrew, Malay, and Ukrainian.
- [2022.09.26]: Configuration multiline support added (necessary in order to properly facilitate the custom headers/footers feature introduced earlier today).
- [2022.10.12; BaseMax]: Improved L10N for Persian/Farsi.
- [2022.10.25]: Hardened some configuration constraints.
- [2022.10.28]: Reworked how the configuration page deals with volume-based configuration.
- [2022.11.20]: Avoid packaging unnecessary files into dist.
- [2022.12.26]: PDF files were sometimes being flagged as images; Fixed.
- [2022.11.30]: Adjusted minimum value for some port directives from 1 to 0.
- [2023.01.21]: Better value definitions for
vt_suspicion_level. - [2023.02.14]: Slightly improved client-specified language overrides.
- [2023.03.24]: Typo in the readFileContent call for the channels data; Fixed.
- [2023.04.25]: Explicitly defining the region for the configured L10N where deferment may be available but the region for the corresponding listed configuration choice not included could've caused the L10N loader to simply use fallbacks instead; Fixed.
- [2023.03.24]: Added the ability to log outbound requests.
- [2023.03.31]: Eliminated a low-risk potential performance bottleneck at the loadL10N method.
- [2023.04.01]: Reworked the loadL10N method, how it handles HTTP_ACCEPT_LANGUAGE, improved rule assignment, added some assumptions for supported L10N, and added the ability to defer non-supported L10N to supported L10N where sufficiently similar to be acceptable.
- [2023.04.25]: Split the existing L10N for Portuguese into two variants, Brazilian and European.
- [2023.05.01~03]: Added L10N for Bulgarian, Czech, and Punjabi.
- [2023.09.03]: Added L10N for Afrikaans and Romanian.
- [2023.09.04]: Added colouration to phpMussel's CLI mode (some code has been added to the core to facilitate this). The atHit method has been migrated from the Loader class to the Scanner class.
- [2023.09.16~18]: Significantly refactored all L10N data.
- [2023.09.18]: Better resource guarding.
- [2023.09.25]: Unified the methods for reading files to a singular method.
- [2022.11.22]: Maintenance release.
- [2023.12.12]: Added a method to check whether a name is reserved, and applied it as a guard at the point where signature files are read in. Attempting to perform file operations on reserved names under Windows and some other operating systems could cause the underlying file system to attempt to communicate with a serial port instead of the intended file. PHP is likely to then wait indefinitely for a response it's unlikely to ever receive, thus locking up the process and preventing further requests unless the process is restarted. Although it's infinitesimally unlikely that a user would actually want to use a reserved name for one of their signature files, as the solution is exceedingly simple, with no particular performance impact, I've implemented it accordingly.
- [2023.12.01]: Improved escaping. Added support for specifying a Redis database number to the supplementary cache options.
- [2024.03.11]: Added L10N for Bosnian, Catalan, Galician, Gujarati, Croatian, and Serbian.
- [2024.03.21; jedso]: Changed
$this->IPAddrto$this->Loader->IPAddrinScanner.php.
- [2024.07.13]: If the client-specified language was the same as the configured language, the client-specified preferred variant would be ignored, even if it wasn't the same as the configured preferred variant; Fixed.
- [2024.07.02]: Refactored the
loadL10Nmethod. Merged zh and zh-TW L10N, and dropped region designations (e.g., CN, TW) in favour of script designations (e.g., Hans, Hant). - [2024.08.06]: Updated the default filetype blacklist (#7).
- [2024.09.02]: Code-style patch.
- [2024.09.10]: Added L10N for Marathi.
- [2024.09.13]: Added L10N for Malayalam.
- [2024.10.15]: Added support to optionally disable adding new hash cache entries when a specific instance cache flag is used.
- [2024.10.15]: Added support to inform the user via an optional instance cache flag which flags were set by the switch file during the scan when scanning via CLI.
- [2024.10.15]: Added MP4 file type detection and modified PHP file type detection to reduce the risk of false positives (e.g., see phpMussel/phpMussel#241).
- [2024.10.15]: Improved the phpMussel switch file.
- [2024.11.06]: When phpMussel encountered a sufficiently zip-like file which isn't a valid zip file (e.g., any non-zip file beginning with the 'PK' header) and consequently attempted to read that non-zip file using ZipHandler, ZipHandler's destructor would generate a fatal error per invalid/uninitialised Zip object when invoked; Fixed. Refer #242.
- [2024.11.06]: Added PHP 8.4 to workflows.
- [2024.11.06]: Improved encrypted zip file detection.