Version 0.30

中文说明

Breaking changes

• Java agent
  • Debug level option debug_level now renamed to debug.level

New features

• Add support of PHP 5.X server
  • Linux 5.3 ~ 5.6
  • Windows 5.6
  • Mac homebrew PHP 5.6
• PHP security baseline
  • INI entry auditing
    • allow_url_include
    • expose_php
    • display_errors
    • yaml.decode
  • Detect the use of high privileged database account, e.g root, psql
  • Slow query detection
• Testcases enhancement
  • Add PHP testcases
  • Add a navgiation page
  • Make all links clickable (testing with cURL has become optional)
• Add performance test report for PHP agents
  • 2% performance reduction under heavy load (Discuz and Wordpress tested)

API changes

• Add stack parameter for both directory and ssrf hook points

Algorithm improvements

• SQLi detections
  • Block UNION NULL queries
  • Block blind injection releated functions, e.g ord、chr
• Java - Anti deserialize exploits
  • Block command execution via YsoSerial payloads
• PHP - china chopper detection
  • Block suspicious file manager, command execution via stack validation algorithm
  • Block simple webshells that directly evaluate user inputs
• PHP - block unusual callbacks
  • Please refer to openrasp.callable_blacklists for more details