CIDRAM (Classless Inter-Domain Routing Access Manager) Changelog.
=== VERSION RELEASE GUIDELINES ===
CIDRAM adopts and adheres to SemVer (Semantic Versioning). For more information
about SemVer, please refer to:
- https://semver.org/
Detailed version release guidelines for CIDRAM can be found at:
- https://github.com/CIDRAM/CIDRAM/blob/v2/CONTRIBUTING.md#cidram-version-release-guidelines
=== Changes made since last versioned release ===
- [2019.09.04; Maikuolan]: Added *partial* internal language support for
Latvian, Polish, and Tamil (thank you to naveen17797 for the Tamil
translations). Will sync it all up with the other translations when there's
time.
- [2019.09.06; Bug-fix; Maikuolan]: Found a way to trigger an invalid argument
warning at the front-end updates page in some contexts; Fixed.
- [2019.09.17; Maikuolan]: Added an events orchestrator and refactored.
- [2019.09.18; Maikuolan]: Added an error handler event to be able to catch and
report errors more effectively.
=== Version/Release 2.1.0 ===
MINOR RELEASE.
- [2019.08.13; Maikuolan]: Search engine and social media verification can now
leverage the report orchestrator to report spoofing.
- [2019.08.17; Maikuolan]: CIDRAM can now honour HTTP_ACCEPT_LANGUAGE values
specified by the client for the Access Denied page, and a new configuration
directive, "lang_override", has been added to enable/disable it.
- [2019.08.23; Maikuolan]: Slightly refactored the front-end updates page,
related closures and other related functionality, and added the ability to
install/activate or to deactivate/uninstall with a single action (previously,
these actions had to be done separately, as two actions). Added some new
switches/filters.
- [2019.08.24; Maikuolan]: Added last modified date/time to the file listings
at the front-end file manager and fixed a possible issue with correct icon
display for some not yet used file formats.
Caleb M (Maikuolan),
August 31, 2019.
=== Version/Release 2.0.1 ===
PATCH RELEASE.
- [2019.06.07; Maikuolan]: The front-end IP test page is now capable of
catching and reporting some basic types of errors caused by problematic
auxiliary rules and modules.
- [2019.06.17; Maikuolan]: Added the ability to optionally update only all
signature files to the front-end updates page (as opposed to updating
everything at once).
- [2019.06.18-23; DanielRuf]: Added unit test suite (BDD testing and unit
testing with Codeception and PHPUnit).
Refer github.com/CIDRAM/CIDRAM/pull/130
- [2019.06.26; Maikuolan]: Improved the way that CIDRAM generates block event
entry IDs (before they were incremental; now they're based on microtime and
high resolution time).
Refer github.com/CIDRAM/CIDRAM/issues/131
- [2019.06.27; Maikuolan]: Shifted responsibility for number formatting out
from the front-end functions file, into its own, distinct class.
- [2019.06.30; Maikuolan]: Added search engine verification support for Mojeek.
- [2019.07.10; Maikuolan]: The front-end updates page now sets "verify" as the
default option for components, to help reduce the risk that users select
"uninstall" or "deactivate" by accident.
- [2019.07.10; Maikuolan]: Slightly improved front-end pie chart colouring.
- [2019.07.11; Maikuolan]: Added a configuration directive to control whether a
cookie warning should be displayed alongside reCAPTCHA instances for when
cookies are to be set ("show_cookie_warning").
Refer github.com/CIDRAM/CIDRAM/issues/133
- [2019.07.15; Maikuolan]: Added support for resolving Teredo and ISATAP
addresses and did some minor refactoring for the output generator and a few
of the closures in the front-end functions file.
- [2019.07.15; Bug-fix; Maikuolan]: Search engine verification and social media
verification were ignoring whitelist status for requests; Fixed.
Refer github.com/CIDRAM/CIDRAM/issues/137
- [2019.07.15; Maikuolan]: Added a switch to the front-end IP test page to be
able to optionally select whether to test against search engine and social
media verification.
- [2019.07.21; Maikuolan]: Added some buttons to the auxiliary rules page to
be able to move rules to the top or the bottom of the list.
- [2019.07.24-25; Maikuolan]: Performed various prepwork necessary in order to
provide some of the functionality needed by some newly created optional
modules. Modules and signature files can now provide their own configuration
directives to CIDRAM. Added a report orchestrator to CIDRAM, allowing modules
to optionally create and send reports based on the collective behaviour of
all enabled signature files and modules as a whole.
- [2019.07.26; Maikuolan]: Added condition to ensure that "delete" should never
be the default option selected for files shown at the front-end file manager.
Caleb M (Maikuolan),
August 1, 2019.
=== Version/Release 2.0.0 ===
MAJOR RELEASE (BACKWARDS INCOMPATIBLE).
- [2019.05.05-08; Maikuolan]: Slightly improved the log data sanitisation
process and added a new configuration directive, "log_sanitisation", to
allow users to modify the default log data sanitisation behaviour.
- [2019.05.08; MAJOR CODE CHANGE; Maikuolan]: Removed CIDRAM's CLI-mode and all
related assets, configuration options, L10N data, etc. Removed PHP 5.4
polyfills, thereby immediately upping the minimum PHP version requirement for
the upcoming release. Updated the loader, upping the hardcoded minimum PHP
version requirement to PHP 7.2, and removed some no longer needed code.
Removed some extraneous .htaccess files (only really need our main .htaccess
file in the base of the vault nowadays; the extra .htaccess files in some of
the vault's subdirectories aren't necessary). Split the CIDRAM "component"
into three distinct components; the "Core", the "Front-End", and the "Common
Classes Package" (this should make future updates slightly more manageable).
- [2019.05.10-11; Maikuolan]: Slightly refactored a handful of closures, fixed
some PHPDoc typos, and added PHP7-style type hinting and return type
declarations wherever applicable. Updated all common classes package classes
to the latest compatible versions.
- [2019.05.11; Bug-fix; Maikuolan]: Wrong default parameter types supplied to
the Request closure by signature file webhook functionality, and to the
DNS-Resolve closure by hostname lookup functionality (detected after adding
type hinting); Fixed.
- [2019.05.17; Bug-fix; Maikuolan]: Wrong type hints specified for some of the
closures used by the front-end updates page (for activating, deactivating,
etc); Fixed.
Refer github.com/CIDRAM/CIDRAM/issues/112
Refer github.com/CIDRAM/CIDRAM/issues/113
- [2019.05.26; Maikuolan]: Renamed a number of configuration directives in
order to better comply with the CIDRAM code style guidelines regarding the
use of snake_case for configuration directives. Also performed some minor
refactoring.
- [2019.05.31; NEW FEATURE; Maikuolan]: Added the ability to automatically
switch between different channels when requesting a remote resource (e.g.,
when the front-end updates page attempts to update something, or attempts to
retrieve the latest available component metadata), for whenever such a
request fails (e.g., due to server errors, the requested resource no longer
existing at a particular location, etc), and added a new configuration
directive, "disabled_channels", to optionally prevent CIDRAM from ever
requesting resources from particular, specific channels.
Caleb M (Maikuolan),
June 1, 2019.
=== Version/Release 1.12.0 ===
MINOR RELEASE.
- [2019.04.02-07; NEW FEATURE; Maikuolan]: Implemented a new, unified caching
system to the package, optionally allowing package users to choose from a
range of different caching mechanisms supported by the new caching system,
currently consisting of APCu, Memcached, Redis, and PDO-based caching,
alternatively deferring back to the package's existing flatfile caching
mechanism when no other mechanisms are otherwise chosen.
- [2019.04.09; Maikuolan]: Slightly adjusted the file reading part of the cache
handler to account for some potential edge-case problems on some servers.
- [2019.04.17; Maikuolan]: The front-end homepage now checks and displays
whether various extensions that can be used by CIDRAM are installed and
available (APCu, Memcached, Redis, PDO, PCRE, cURL, etc).
- [2019.04.19; Maikuolan]: Slightly refactored the front-end updater and made
some changes to the executor (needed for a smooth v2 transition).
- [2019.04.21; Bug-fix; Maikuolan]: Found a small bug affecting RTL users that
could potentially cause text to align incorrectly in some cases; Fixed.
- [2019.04.21; NEW FEATURE; Maikuolan]: Rewrote and ported the signature
validator/fixer to the front-end.
- [2019.04.28; Maikuolan]: Implemented a new class, "Demojibakefier", to give
CIDRAM the ability to detect whether data conforms to a specific character
encoding.
Caleb M (Maikuolan),
April 30, 2019.
=== Version/Release 1.11.1 ===
PATCH RELEASE.
- [2019.03.02; Bug-fix; Maikuolan]: The loader would sometimes fail to
correctly distinguish between direct requests and indirect requests, an
ability currently needed to be able to access the front-end; Fixed.
- [2019.03.03; Maikuolan]: Added search engine verification support for
Teoma Bot (Ask Jeeves).
- [2019.03.06; Maikuolan]: Slightly improved the front-end updates page
component verification feature. The distinction between failed integrity
checks and failed sanity checks should be a little more obvious now.
- [2019.03.26; Maikuolan]: Added an option to the IP aggregator to preserve
tags and comments when aggregating, and updated common classes.
- [2019.03.29; Maikuolan]: Redesigned the front-end cache data page. It should
now be a little easier to navigate the page and to interpret its data.
Caleb M (Maikuolan),
March 31, 2019.
=== Version/Release 1.11.0 ===
MINOR RELEASE.
- [2019.02.06; Maikuolan]: Completely overhauled the way that L10N data is
processed and handled. A new class has been written to handle all L10N data,
and L10N data is now processed and handled in an entirely object-oriented
way. L10N data isn't stored as PHP files anymore, to be required into the
package. Instead, L10N data is now stored entirely as YAML files. Using YAML
instead of PHP should theoretically be a little safer in certain, edge-case
scenarios, and should be much easier to work with for when introducing new
translations into the package in the future (i.e., for translators which
aren't familiar or aren't comfortable working with PHP). This overhaul also
serves as a small stepping stone towards a future, more object-oriented major
version release.
- [2019.02.07; Maikuolan]: Added suggested values for ipaddr as selectable
options to the front-end configuration page.
- [2019.02.14; Bug-fix; Maikuolan]: A mechanism on the front-end updates page
to ensure that interdependent components updated simultaneously sometimes
wouldn't trigger properly; Fixed.
- [2019.02.14; Maikuolan]: Added search engine verification support for
SeznamBot and removed various signatures from modules and signature file that
could've potentially blocked it outright.
- [2019.02.25; Maikuolan]: Reorganised the "some useful links" list on the
front-end homepage a little (should look a little nicer now).
Caleb M (Maikuolan),
March 1, 2019.
=== Version/Release 1.10.0 ===
MINOR RELEASE.
- [2019.01.09; Maikuolan]: The IP aggregator now sorts its input differently,
as such that IPv4 and IPv6 output isn't thoroughly mixed together anymore.
The IP aggregator now supports netmasks, both as input and as output.
- [2019.01.17; Maikuolan]: Added the ability to disable logging for specific
requests as a possible option to auxiliary rules.
- [2019.01.19; Maikuolan]: Updated the minimum safe PHP version fallback
information. Slightly refactored.
- [2019.01.25; Maikuolan]: The YAML handler has been migrated away from the
main functions file and into its own, dedicated class file (this class file
will also be released as part of a separate package in the near future).
Improved the UI for the front-end updates page verification feature.
- [2019.01.29; Bug-fix; Maikuolan]: For some configuration directives where
predefined multiple choices are available, the front-end configuration page
was ignoring custom defined values; Fixed.
Caleb M (Maikuolan),
January 30, 2019.
=== Version/Release 1.9.0 ===
MINOR RELEASE.
- [2018.11.04; Documentation; Maikuolan]: Added some missing information to the
Composer installation instructions.
- [2018.12.10; NEW FEATURE; Maikuolan]: Added support for rate limiting to
CIDRAM. This feature was added due to significant user interest, but isn't a
feature I'd readily recommend using (please refer to the documentation).
Refer github.com/CIDRAM/CIDRAM/issues/78
- [2018.12.19; Sub-minor code change; Maikuolan]: Split apart the YAML handler
a little more (doesn't change anything functionally, but should help to
slightly reduce complaints sometimes made by certain code quality checkers
and such). It's also less messy now to use an integer value of zero as a key.
- [2019.01.05; Sub-minor code change; Maikuolan]: Changed the default value of
"pseudonymise_ip_addresses" from "false" to "true" in order to strengthen
GDPR compliance.
- [2019.01.06; Sub-minor code change; Maikuolan]: Added the ability to check
IPs in IP tracking against auxiliary rules.
- [2019.01.07; Sub-minor code change; Maikuolan]: Improved the front-end file
manager, making items in the components list clickable, to display further
relevant information.
Caleb M (Maikuolan),
January 8, 2019.
=== Version/Release 1.8.0 ===
MINOR RELEASE.
- [2018.08.08; Maikuolan]: Performed some early legwork for future email
functionality and future two-factor authentication functionality (neither
things are prime-time ready yet though). A handful of new configuration
directives have been added (currently marked as experimental/unstable) which
won't do anything yet, but which are related to this future functionality.
- [2018.08.09; Sub-minor code change; Maikuolan]: Slightly improved front-end
logging.
- [2018.08.10; Bug-fixes; Maikuolan]: Fixed a missing L10N string. Fixed a
weakness in the fallback for fetching the IP address of inbound requests.
- [2018.08.10; NEW FEATURE; Maikuolan]: Added support for deference tags (these
will allow users to defer specific signature sections when specific signature
files are installed; more information available in the documentation).
- [2018.08.11-12; NEW FEATURE; Maikuolan]: Added support for two-factor
authentication by email for when logging into the front-end! It is strongly
recommended that all users using the front-end should use this new feature
for improved front-end security (documentation explaining how to use this
properly will be available in the near future).
- [2018.08.26; NEW FEATURE; Maikuolan]: Added a configuration directive which
allows users to specify via the configuration whether to include or omit
empty fields from logging and output display.
- [2018.08.27; Minor code change; Maikuolan]: Repurposed the front-end sections
list page as a means for users to ignore or unignore sections with a single
click via the front-end.
- [2018.09.12; Sub-minor code change; Maikuolan]: Replaced some real typecasts
with float due to the anticipated deprecation of the real type for PHP 7.4.
- [2018.09.19; Sub-minor code change; Maikuolan]: Added a new safety mechanism
for when dealing with the front-end database or CIDRAM cache file.
- [2018.09.21; Bug-fix; Maikuolan]: Webfont cleanup procedure removed wrong
part from template files when webfonts not clearly marked; Fixed.
- [2018.09.22; Sub-minor code change; Maikuolan]: Slightly refactored all the
HTML template files, slightly reducing indenting and improving readability.
- [2018.09.23; Sub-minor code change; Maikuolan]: Removed capitalisation from
front-end username display (doesn't always play nice with non-ANSI data).
- [2018.09.22-25; NEW FEATURE; Maikuolan]: A new subsystem, "Auxiliary Rules",
has been implemented into CIDRAM, which allows users to easily create new
rules via the front-end to block, bypass, greylist, and whitelist requests
on the basis of arbitrary data pertinent to the request (IP address, user
agent, referrer, etc). Auxiliary rules execute after all signature files and
modules have already finished executing, don't require any configuration, and
utilise a simple, human-readable YAML structure (1.8.0-DEV+18267804).
Refer github.com/CIDRAM/CIDRAM/issues/79
- [2018.09.26; Sub-minor code change; Maikuolan]: Front-end L10N slightly
refactored (1.8.0-DEV+18268592).
Caleb M (Maikuolan),
October 6, 2018.
=== Version/Release 1.7.0 ===
MINOR RELEASE.
- [2018.06.02; Sub-minor code change; Maikuolan]: Added some additional safety
and sanity checks to the updater. Improved the display order of logfiles
listed on the logs page.
- [2018.06.06; Sub-minor code change; Maikuolan]: Updated the front-end
homepage to include some links to repository backup locations.
- [2018.06.07; Bug-fix; Maikuolan]: Fixed a possible "undefined index" error
that could occur when updating CIDRAM via Cronable.
- [2018.06.08; Bug-fix; Maikuolan]: Discovered an aesthetic bug whereby the
logs page would stretch sometimes because of non-breaking log entries; Fixed.
Refer github.com/CIDRAM/CIDRAM/issues/71
- [2018.06.09; Sub-minor code change; Maikuolan]: Slight refactor to allow for
a slightly greater range of options for HTTP status codes and messages to
send with blocked requests. "forbid_on_block" also now only accepts integers;
boolean (true/false) values won't be accepted anymore (technically this may
pose a backwards-compatibility problem for some pre-v1 installations, but as
pre-v1 installations aren't on the same major version as the current latest
version anyhow, this shouldn't necessitate bumping our major version number).
- [2018.06.10; Sub-minor code change; Maikuolan]: Added the ability to generate
hash tables to the front-end updates page (useful mostly for when verifying
the integrity of components or for when preparing for future updates).
- [2018.06.13; Sub-minor code change; Maikuolan]: Refactoring again.
- [2018.06.24; Signatures; Maikuolan]: Fixed some false positives via the
default signature bypasses.
- [2018.06.24-27; Documentation; Maikuolan]: Added an entry to the FAQ
regarding protection against DDoS attacks.
- [2018.06.28; Bug-fix; Maikuolan]: Found a small typo in one of the JavaScript
functions on the front-end accounts page; Fixed.
- [2018.07.01; Sub-minor code change; Maikuolan]: It's now possible for users
to specify their own sort order for when the updater activates or deactivates
signature files and modules.
- [2018.07.04; NEW FEATURE; Maikuolan]: Added new a configuration directive,
"social_media_verification". When enabled, and when possible, CIDRAM will
attempt to verify requests from social media platforms, and will block any
requests that it identifies as attempts to ghost/masquerade as those
platforms. This is effectively the same thing as the already existing search
engine verification feature, except that it instead focuses on social media
platforms, thus allowing the already existing search engine verification
feature to maintain its existing focus.
- [2018.07.04; Sub-minor code change; Maikuolan]: Added a new bypass for
Embed.ly requests.
- [2018.07.10; Sub-minor code change; Maikuolan]: Integrated Pinterest
verification to the CIDRAM core (the Pinterest verifier module is thus hereby
deprecated, but will continue to function normally). Split the security
extras module into two distinct modules (user agents associated with bots and
nefarious activity, and then everything else). L10N data and etc updated
accordingly. Added Grapeshot verification.
- [2018.07.14; Minor code change; Maikuolan]: Split some of the hardcoded data
for search engine and social media verification out from the main functions
file (functions.php) and into its own file (verification.yaml). This improves
extensibility by eliminating the need to mess with the main functions file in
the future event that we want to add support for other platforms to be
verified at some point.
- [2018.07.23; Maikuolan]: Misc. small corrections and improvements to search
engine verification + a new bypass needed for DDG + some changed IPs.
Caleb M (Maikuolan),
July 28, 2018.
=== Version/Release 1.6.0 ===
MINOR RELEASE.
- [2018.05.07-09; NEW FEATURE; Maikuolan]: Added log rotation to CIDRAM. With
log rotation, it's possible to specify a maximum number of logfiles that
should exist in the vault, and optionally delete or archive them when that
limit is exceeded.
- [2018.05.09; Bug-fix; Maikuolan]: Attempting to log into the front-end via
ports other than port 80 would fail due to the way that cookies were being
set; Fixed.
- [2018.05.10; Bug-fix; Maikuolan]: Log rotation not properly implemented to
the reCAPTCHA module; Fixed.
- [2018.05.14; Sub-minor code change; Maikuolan]: Logs page can now access
GZ-compressed logfiles.
- [2018.05.16; Sub-minor code change; Maikuolan]: Changed the default value of
the "disable_webfonts" directive from "false" to "true" (meaning they should
now be disabled by default). Removed support for "double banning" (this was
something used only by some very specific, custom modules anyway, none which
are still supported anymore, and none of the standard features or functions
included in the package used it). Slightly refactored the expressions used
for expanding IP addresses.
- [2018.05.16; NEW FEATURES; Maikuolan]: Added support for pseudonymising IP
addresses when logging. Added the ability to include a privacy policy link
in the footer of the Access Denied page.
- [2018.05.17; NEW FEATURES; Maikuolan]: Added support for omitting IP
addresses, hostnames, and/or user agents from logs.
- [2018.05.18; Minor code change; Maikuolan]: Refactored most of the procedures
for the front-end updates page, splitting some large closures and slightly
reducing filesize footprint. Added some new internal executor abilities for
components metadata to the front-end updates page, allowing for theoretical
smoother transitions when update channels change. Added an executor
instruction to update the components metadata to reflect a recent change to
the optional blocklists update channel.
- [2018.05.19; Sub-minor code change; Maikuolan]: "Some useful links" list
slightly modified. Added some basic confirmation prompts to some of the
"clear all" buttons on some front-end pages (may expand this in the future).
- [2018.05.20; Bug-fix; Maikuolan]: Bug found by mikeruss1 whereby infraction
counts could silently escalate without any Access Denied page being produced
if module signatures are subsequently triggered after a reCAPTCHA instance is
successfully passed; Fixed.
- [2018.05.22; Bug-fix; Maikuolan]: Bug found by soumsps whereby reCAPTCHA logs
weren't pseudonymising IPs correctly; Fixed.
- [2018.05.24; Documentation; Maikuolan]: Added a "legal information" section
to the documentation to address the collection and processing of PII, and how
it relates to users, third parties, logging, etc, including some basic
information about GDPR/DSGVO and some related links for further information.
Refer github.com/CIDRAM/CIDRAM/issues/66
- [Supported Versions] Because this release contains changes which may improve
the legal compliancy of the package for some users, all previous versions of
the package are hereby marked EoL/unsupported on the "compatibility charts".
Refer maikuolan.github.io/Compatibility-Charts/
Caleb M (Maikuolan),
May 25, 2018.
=== Version/Release 1.5.1 ===
PATCH RELEASE.
- [2018.04.18; Sub-minor code change; Maikuolan]: Slightly refactored L10N data
and adjusted how the updates page pulls L10N data, and "used with" hints can
now be declared independently of "extended description" for the updates page.
- [2018.04.30; Signatures; Maikuolan]: Updated the default ignore.dat file.
- [2018.05.01; Sub-minor code change; Maikuolan]: Added a new shorthand entry,
"Legal". Fixed some small L10N mistakes and improved some wording. Slightly
refactored the CheckFactors closure. Clarified in L10N+docs that the
directives and signature files related to blocking proxies also blocks VPNs.
- [2018.05.03; Sub-minor code change; Maikuolan]: Added the ability for links
to be appended to the Access Denied page when specific CIDR signatures are
triggered (typically invoked via YAML appended to the signature sections).
- [2018.05.04; Sub-minor code change; Maikuolan]: Added a new shorthand entry,
"Malware" (currently just used by some IPs linked to ZeuS, but may expand in
the future, maybe).
Caleb M (Maikuolan),
May 5, 2018.
=== Version/Release 1.5.0 ===
MINOR RELEASE.
- [2018.03.03; Minor code change; Maikuolan]: Added a new front-end page,
"Cache Data", enabling users to review the contents of their cache.
- [2018.03.13; Signatures; Maikuolan]: BingBot search engine verification will
no longer occur when Azure signatures are triggered (too many false positives
and related problems had been occurring).
- [2018.03.13; Sub-minor code change; Maikuolan]: Shifted the code responsible
for search engine verification from the outgen generator to the functions
file, and added support for search engine verification to the IP test page.
- [2018.03.15; Minor code change; Maikuolan]: Added a new directive to enable
users to toggle whether the package version should be included in logs and
page output.
- [2018.03.15; Bug-fix; Maikuolan]: Discovered some specific conditions that
could cause an "undefined index" notice to occur; Fixed.
- [2018.03.22; NEW FEATURE; Maikuolan]: Added a "Range Tables" page to the
front-end (parses active signature files to generate basic statistical
information about the CIDR/IP ranges that they cover).
- [2018.03.25; Bug-fix; Maikuolan]: "VersionCompare" function gave incorrect
results when comparing against certain, specific Ubuntu builds of PHP; Fixed.
- [2018.03.31; Bug-fix; Maikuolan]: Slightly modified the "DNS-Reverse-Forward"
closure in response to #50 ("More search engine verification woes").
- [2018.04.02; Documentation; Maikuolan]: Added an index to the FAQ.
- [2018.04.05; Sub-minor code change; Maikuolan]: Added "client information" to
the front-end homepage (currently just lists your IP address and user agent).
- [2018.04.06; Sub-minor code change; Maikuolan]: Modified logging mechanisms
as so that new directories will now be automatically generated when necessary
when writing new log data.
- [2018.04.08; Documentation; Maikuolan]: Added information to the FAQ about
possible values for "default_dns".
- [2018.04.10; Documentation; Maikuolan]: Added information to the FAQ about
using CIDRAM with other technologies and about potential problems relating to
CDNs and caching services.
Caleb M (Maikuolan),
Apr 10, 2018.
=== Version/Release 1.4.1 ===
PATCH RELEASE.
- [2018.02.06; Maikuolan]: The support forum for the project hosted by Spambot
Security has effectively become inoperable and defunct due to unmitigable
circumstances concerning its server. Accordingly, the project support forum
is hereby deprecated, and all references to the project support forum and to
Spambot Security have been removed from the codebase and all documentation.
The issues page for the project at GitHub remains as the uncontested primary
support endpoint for the project.
- [2018.02.14; Sub-minor code change; Maikuolan]: Some very subtle front-end UI
improvements; Support for asynchronous requests added to some front-end
pages.
- [2018.02.15; Sub-minor code change; Maikuolan]: Component update/installation
via Cronable should fail if unit tests fail; Added code for this accordingly.
- [2018.02.20; Bug-fix; Maikuolan]: The closures for activating and
deactivating components via the front-end updates page would fail if non-CRLF
linebreaks were used by the configuration file (thanks to senky for reporting
this bug); Fixed.
Refer github.com/phpMussel/phpMussel/issues/151
- [2018.02.25; Documentation; Maikuolan]: Added a new section to the
documentation, "KNOWN COMPATIBILITY PROBLEMS" (8).
Refer github.com/CIDRAM/CIDRAM/issues/52
Caleb M (Maikuolan),
Feb 26, 2018.
=== Version/Release 1.4.0 ===
MINOR RELEASE.
- [2017.12.24; Sub-minor code change; Maikuolan]: Signature file extended run
rule closures can now return exit codes to trigger greylist or whitelist
mechanisms. Improved default signature bypasses so that CIDRAM can play more
nicely with Bingbot (occasional false positives with requests originating
from Azure ranges). Slightly improved logs filtering and search mechanism.
- [2017.12.26; Sub-minor code change; Maikuolan]: Root check safeguard added to
the "DNS-Reverse" closure.
- [2017.12.27; Minor code change; Maikuolan]: Optional fallback added to
"DNS-Reverse" closure for "gethostbyaddr" (can be toggled via a newly added
configuration directive).
- [2017.12.30; NEW FEATURE; Maikuolan]: Added flag support to the front-end
logs page (it should now be possible to filter log entries on the basis of
country flags, if any were indicated by the signatures triggered for them).
- [2018.01.11; Sub-minor code change; Maikuolan]: Not technically a bug, but
DNS lookups shouldn't be performed on localhost addresses due to the risk of
false positives. Code modified accordingly.
- [2018.01.14; NEW FEATURE; Maikuolan]: Added a "Sections List" page to the
front-end (lists all the sections in the signature files and counts the total
number of sections and signatures throughout all the signature files).
- [2018.01.16; Bug-fix; Maikuolan]: Direct closure sometimes produced errors
when running CIDRAM via Cron (e.g., via Cronable) due to SCRIPT_FILENAME
sometimes not being defined in that context; Fixed via isset check.
- [2018.01.18; Sub-minor code change; Maikuolan]: Performed some minor
refactoring. Added checks for origin tags to the CLI signature file validator
and fixer. Sections list now checks whether sections have been ignored.
- [2018.01.20; Sub-minor code change; Maikuolan]: Slightly improved CLI-mode
help information.
Caleb M (Maikuolan),
Jan 20, 2018.
=== Version/Release 1.3.0 ===
MINOR RELEASE.
- [2017.10.30; Bug-fix; Maikuolan]: Cancelled or pending CI tests sometimes
wouldn't display correctly on the updates page; Fixed.
- [2017.11.07; Minor code change; Maikuolan]: Added a new directive,
"force_hostname_lookup" (normally, hostname lookups occur on the basis of
necessity; e.g., when a module requires hostname information to check against
hostname-based signatures; this new directive allows users to force hostname
lookups to occur for all requests). Removed hardcoded references to fields
from the main template files in favour of having fields generated entirely by
the output generator (thus enabling greater control over which fields are
generated and displayed for any given instance). Empty fields are now omitted
from block events (Access Denied page, logfiles, etc). reCAPTCHA fields are
now omitted if reCAPTCHA is entirely disabled. A hostname field is now
included in the fields if it isn't empty for any given instance (Access
Denied page, logfiles, etc). Added the ability to resolve 6to4 IPv6 addresses
to their IPv4 counterparts, and automatically check these resolved addresses
against the signature files, alongside the original unresolved IP addresses;
This should help to abate the risk of clients attempting to connect through
6to4 as a means to avoid being blocked by IPv4 signatures (technically this
shouldn't be possible to do when a network is configured correctly anyhow,
but I've recently encountered a few requests that appeared as if they may be
such attempts; requests on networks that should only support IPv4, but seemed
to occasionally allow requests from non-blocked 6to4 addresses that resolved
back to blocked IPv4 addresses).
- [2017.11.15; Bug-fix; Maikuolan]: Run commands in signature files encountered
consequent to resolving 6to4 addresses were being ignored in some cases (such
as in the case of the default signature bypass files); Fixed.
- [2017.11.20; Bug-fix; Maikuolan]: The IP test page wasn't checking IPs
against modules (it was only checking against signature files); Added an
option to the IP test page to allow users to check IPs against either just
the signature files, or against both the signature files and modules, fixing
the problem (thanks to Dibbyo456 for reporting this bug).
Refer github.com/CIDRAM/CIDRAM/issues/43
- [2017.11.23; Bug-fix; Maikuolan]: Bug found by Dibbyo456 whereby the failsafe
for ipaddr values correponding to non-existent variables would sometimes
prevent modification of ipaddr value via the front-end configuration page,
and would cause the default value to always be displayed, instead of the
correctly assigned value; Fixed.
Refer github.com/CIDRAM/CIDRAM/issues/44
- [2017.11.24; Sub-minor code change; Maikuolan]: Refactored the code for the
reCAPTCHA module and slightly improved its UI.
- [2017.12.01; Minor code change; Maikuolan]: Added a new directive,
"signature_limit", allowing users to specify via configuration the maximum
number of signatures allowed to be triggered when a reCAPTCHA instance is to
be offered. Previously, this value was hardcoded to 1 (which remains the
default value for this new directive).
Refer github.com/CIDRAM/CIDRAM/issues/45
- [2017.12.01; Bug-fix; Maikuolan]: PHP version warnings on the front-end
homepage weren't always displaying correctly; Fixed.
- [2017.12.03; Documentation; Maikuolan]: Extended the "SIGNATURE FORMAT" (7)
section of the documentation with additional subsections "BASICS (FOR
MODULES)" (7.4), "MODULE FUNCTIONALITY" (7.5), and "MODULE VARIABLES" (7.6).
This should be helpful for users wanting to create their own custom modules.
- [2017.12.05; Minor code change; Maikuolan]: Improved Cronable API, allowing
updates to occur without sending external requests (uses different methods).
Shifted a number of update closures from the front-end handler to the
front-end functions file for slightly improved efficiency.
- [2017.12.06; Bug-fix; Maikuolan]: Fixed a CRITICAL bug introduced yesterday
that could result in the updates page deleting files pertinent to components
being updated, thus corrupting those components and potentially rendering
the package inoperable.
- [2017.12.06; Sub-minor code change; Maikuolan]: Added a component file
verification option to the updates page. Removed the hotfixes file (this
file was intended to fix a number of older problems from previous versions of
the package that aren't relevant anymore).
- [2017.12.12; NEW FEATURE; Maikuolan]: Added the ability to filter logfile
entries displayed via the front-end logs page and improved the overall
aesthetics of the logs page.
- [2017.12.17; Minor code change; Maikuolan]: Rewrote and improved the code for
performing reverse DNS lookups.
- [2017.12.21; NEW FEATURE; Maikuolan]: Added support for invisible reCAPTCHA.
- [2017.12.22; Bug-fix; Maikuolan]: Bug fixed whereby entries in the ignore.dat
would sometimes themselves be ignored, based on their position in the file.
- [2017.12.23; NEW FEATURE; Maikuolan]: Added the ability to tally logfile data
to the front-end logs page.
Caleb M (Maikuolan),
23rd December 2017.
=== Version/Release 1.2.0 ===
MINOR RELEASE.
- [2017.08.26; Sub-minor code change; Maikuolan]: The front-end updates page
now reports the number of added/removed bytes and the total time required for
when updating/installing/uninstalling components.
- [2017.09.08; NEW FEATURE; Maikuolan]: Added support for Argon2 hashing for
passwords and sessions (requires PHP => 7.2.0; updating from older versions
of the package won't affect compatibility with older PHP versions, but the
option for using Argon2 simply won't be provided for versions < 7.2.0). A
new configuration directive ("default_algo") has been added, to allow users
to switch between the defined PHP default password hashing algorithm, BCRYPT,
and Argon2 (all options are still considered cryptographically secure at this
time and remain safe to use, but adding this additional support provides
additional choice and control to the end-user regarding encryption). Also
rewrote the code for the front-end accounts page accordingly.
- [2017.09.17; Sub-minor code change; Maikuolan]: Reworked page filters. Added
some new page filters to the IP tracking page to filter out unwanted data and
better control the way that data is displayed.
- [2017.09.19; NEW FEATURE; Maikuolan]: Built and implemented an aggregator
into the front-end for aggregating IPs and CIDRs. It can handle both IPv4 and
IPv6, and its addition should make it much easier to cleanly update signature
files without needing to rely on external aggregators.
- [2017.09.24; Sub-minor code change; Maikuolan]: Added internal language
support for Bangla (20 language localisations now completed and available).
- [2017.09.25; Sub-minor code change; Maikuolan]: Added rollback capability to
the front-end updates page for failed updates/installs (this should help to
prevent any corruption or broken installs from occurring due to unforeseen
problems, failed connectivity, etc). Added disk space/usage information to
the front-end file manager. Added links to vulnerability and compatibility
charts onto the front-end homepage.
- [2017.09.27; Minor code change; Maikuolan]: Added a pie chart to the file
manager, allowing users to visually interpret the footprint imposed by the
various files attributed to CIDRAM and its components (requires installing
Chart.js via the front-end updates page). Also did some general refactoring
of the front-end code.
- [2017.09.27; Bug-fix; Maikuolan]: See issue #39 (update bug preventing some
specific components from updating at all).
- [2017.09.29; Sub-minor code change; Maikuolan]: Added internal language
support for Norwegian (21 language localisations now completed and
available).
- [2017.10.02; Sub-minor code change; Maikuolan]: Slightly improved the way
that the front-end logs page behaves.
- [2017.10.03; NEW FEATURE; Maikuolan]: Added a new page to the front-end for
viewing CIDRAM usage statistics, and a corresponding configuration directive
to enable/disable tracking CIDRAM usage statistics.
- [2017.10.07; Sub-minor code change; Maikuolan]: Added a simple metadata
cleanup routine to the front-end updates page.
- [2017.10.08; Sub-minor code change; Maikuolan]: Refactored code.
- [2017.10.09; Sub-minor code change; Maikuolan]: Added the ability to fetch
component names and extended descriptions from the L10N data.
- [2017.10.14; Sub-minor code change; Maikuolan]: Added internal language
support for Swedish (22 language localisations now completed and available).
- [2017.10.15; Sub-minor code change; Maikuolan]: Improved L10N pluralisation.
- [2017.10.26; Sub-minor code change; Maikuolan]: Added CI reports/tests to the
front-end updates page. Split the functions file into two distinct files (one
containing closures specifically intended for the front-end, and one for
everything else; this should increase code maintainability and make things
less confusing for future contributors).
- [2017.10.27; Sub-minor code change; Maikuolan]: Removed old PHP < 5.4.0 array
syntax in favour of newer, short array syntax.
- [2017.10.28; Sub-minor code change; Maikuolan]: Added cookie notice to the
front-end login page. Made the categories on the front-end configuration page
collapsable/expandable (this should help to make the page look less cluttered
and easier to navigate).
- [2017.10.28; Bug-fix; Maikuolan]: Bug found preventing the activation or
deactivation of components via the front-end updates page for multi-domain
installations when certain specific conditions were met; Fixed.
- [2017.10.29; NEW FEATURE; Maikuolan]: Added an API for Cronable, allowing
CIDRAM to be updated automatically via cron.
Caleb M (Maikuolan),
29th October 2017.
=== Version/Release 1.1.0 ===
MINOR RELEASE.
- [2017.07.29; NEW FEATURES; Maikuolan]: Added the ability to execute closures
and specific commands when specific conditions are met when using the
front-end updates page (installing, uninstalling components, etc). Added a
configuration directive to modify the font magnification for the front-end
and the Access Denied page. Added information to the front-end homepage about
latest stable, unstable, and branch versions for CIDRAM and PHP.
- [2017.07.30; Minor code change; Maikuolan]: Added a configuration directive
for specifying the preferred way to localise numbers when displaying numeric
information via the front-end and any other relevant means. Number L10N is
now independent of language choice, and has also been improved upon somewhat.
- [2017.08.14; Sub-minor code change; Maikuolan]: CheckFactors closure slightly
modified in order to reduce read/write operations when reading signature
files and to slightly improve the loading speed for the front-end IP Tracking
and IP Test pages.
- [2017.08.15; NEW FEATURE; Maikuolan]: Added a new directive for specifying
how email addresses should be displayed to users ("emailaddr_display_style").
- [2017.08.16; Sub-minor code change; Maikuolan]: Front-end updates page
components false positives risk label now determined by a new, separate entry
in the YAML files, which should make it easier in the future to create new
components due to not needing to translate these entries in the extended
description anymore, and should help to reduce the size of these files.
- [2017.08.17; Minor code change; Maikuolan]: Added a configuration directive
for temporarily disabling everything except the front-end
("maintenance_mode"). Might be useful in some situations when updating CMS,
frameworks, forum systems, etc.
Caleb M (Maikuolan),
20th August 2017.
=== Version/Release 1.0.1 ===
PATCH RELEASE.
- [2017.06.03]: Repository migrated from "Maikuolan/CIDRAM" to "CIDRAM/CIDRAM".
All files, documentation, etc, updated accordingly. No disruptions are
anticipated as a result of this migration, but if you encounter any, please
let us know.
- [2017.06.22; Sub-minor code change; Maikuolan]: Slightly improved L10N
support (rendering numbers correctly, some punctuation fixes, etc).
- [2017.07.23; Sub-minor code change; Maikuolan]: The front-end homepage now
warns users if they're using a PHP version with known severe vulnerabilities
and exploits ("severe", in this context, defined as vulnerabilities and
exploits with a CVSS >= 9.0) and/or a PHP version that isn't actively
supported anymore (as determined by the php.net Supported Versions page). The
associated code for this is hardcoded manually, and therefore only updates
when the package updates (meaning that lack of warning should not necessarily
be perceived as a lack of vulnerabilities/exploits nor as an indication of
continued active support).
Caleb M (Maikuolan),
27th July 2017.
=== Version/Release 1.0.0 ===
MAJOR RELEASE (BACKWARDS COMPATIBLE).
- [2017.04.10; Sub-minor code change; Maikuolan]: Added internal language
support for Thai (17 language localisations now completed and available).
- [2017.04.11; Minor code change; Maikuolan]: Added a new directive,
"timeFormat", to specify the date/time notation format used by CIDRAM.
- [2017.04.12; Sub-minor code change; Maikuolan]: Temporarily removed donate
buttons from all project files (possibly may reinstate at a later date).
Made some subtle aesthetic improvements to the front-end.
- [2017.04.12; Documentation; Furqan Akbar]: Completed translation for the
CIDRAM README documentation into Urdu. This totals 16 different language
versions of the README documentation now available.
- [2017.04.21; Sub-minor code change; Maikuolan]: Improved support for
fractions/floats/reals/decimals/etc for configuration directives. Added some
basic system information to the front-end homepage, to help with debugging.
- [2017.04.22; NEW FEATURE; Maikuolan]: Added the ability to truncate logfiles
after they reached a certain size, specified by the newly added "truncate"
directive.
- [2017.04.22; Bug-fix; Maikuolan]: Fixed a bug whereby version information for
certain PHP release candidates would be compared incorrectly when using the
front-end updates page (only affects a small number of users).
- [2017.04.23; Sub-minor code change; Maikuolan]: Added "previewers" to the
front-end configuration page in order to make it easier for users to handle
configuration directives that deal with time and byte measurements.
- [2017.04.24; NEW FEATURE; Maikuolan]: Added a new configuration directive
allowing users to override the default timezone set by PHP. Changed the way
that configuration directives dealing with byte measurements are handled as
such that the unit now may be specified alongside the directive value (i.e.,
byte measurements are no longer locked to predefined units); These byte
measurements will default to kilobytes when no unit has been specified.
- [2017.04.27; NEW FEATURE; Maikuolan]: Added the ability to optionally
override configuration directive values on the basis of HTTP_HOST. This
should be useful for users running multi-domains installations as a way of
enforcing different values for different configuration directives for
different domains and sub-domains when necessary.
Refer github.com/CIDRAM/CIDRAM/issues/15
- [2017.04.28; Sub-minor code change; Tolga Koçy?ld?r]: Added internal language
support for Turkish (18 language localisations now completed and available).
- [2017.04.29; Minor code change; Maikuolan]: Added filtering to the
configuration defaults, in order to allow the front-end configuration page to
omit any problematic value choices (for example; attempting to switch to a
new default language after having deleted its associated language files).
- [2017.05.01; Sub-minor code change; Maikuolan]: Subtle improvements for
mobile display ("responsiveness").
- [2017.05.04; Sub-minor code change; Maikuolan]: Added internal language
support for Hindi (19 language localisations now completed and available).
- [2017.05.11; Sub-minor code change; Maikuolan]: Added a simple formatter for
displaying log data via the front-end logs page.
- [2017.05.19; NEW FEATURE; Maikuolan]: Added full support for custom themes!
This expands upon the theme support already previously provided which allowed
users to specify custom CSS files to use for the "Access Denied" page, by way
of adding full support for custom themes which will now also apply to the
front-end, allowing a richer level of customisation, and can be installed via
the front-end updates page.
- [2017.05.24; Sub-minor code change; Maikuolan]: Slightly improved caching for
front-end assets (CSS files, images, etc).
- [2017.05.27; Minor code change; Maikuolan]: Added the ability to the
front-end updates page to update all components at once, with a single click.
Caleb M / Maikuolan,
31st May 2017.
=== Version/Release 0.9.0 ===
MINOR RELEASE.
- [2017.03.01; Bug-fix; Maikuolan]: Fixed a bug whereby a negative signature
count could result in a block event occurring (this shouldn't happen); Fixed.
- [2017.03.03; Minor code change; Maikuolan]: Added a directive to optionally
enable/disable search engine verification.
- [2017.03.05; NEW FEATURE; Maikuolan]: Signature files and modules can now be
activated/deactivated directly from the front-end updates page.
- [2017.03.08; Documentation; Maikuolan]: New additions to the FAQ.
- [2017.03.26; Sub-minor code change; Maikuolan]: Implemented some of Google's
webfonts and slightly increased the text size for both the front-end and the
default template file; This should significantly improve text readability for
CIDRAM (previously, in some situations, it was very difficult to properly
read on-screen text produced by CIDRAM). Also implemented some other very
small design tweaks in order to improve text readability.
- [2017.03.27; Minor code change; Maikuolan]: Added a directive to optionally
enable/disable webfonts.
- [2017.03.28; Bug-fix; Maikuolan]: Bug introduced 2017.03.05; Fixed.
- [2017.03.30; Sub-minor code change; Maikuolan]: Some small, aesthetic
improvements done to the front-end.
- [2017.04.04; Sub-minor code change; Furqan Akbar]: Added internal language
support for Urdu (16 language localisations now completed and available).
- [2017.04.04; Sub-minor code change; Maikuolan]: Slightly improved support for
switching between RTL/LTR.
Caleb M / Maikuolan,
7th April 2017.
=== Version/Release 0.8.0 ===
MINOR RELEASE.
- [2017.02.06; Documentation; Maikuolan]: Completed translation for the CIDRAM
README documentation into Arabic (fuzzy and poor quality though). This totals
14 different language versions of the README documentation now available.
- [2017.02.06; Documentation; Maikuolan]: Completed translation for the CIDRAM
README documentation into Korean (fuzzy). This totals 15 different language
versions of the README documentation now available.
- [2017.02.07; Sub-minor code change; Maikuolan]: Slightly improved template
files; Replaced all existing doctype declarations with the doctype
declaration recommended for HTML5, and slightly improved HTML5 compliance.
Added an extra safeguard against bad IPv6 factoring.
- [2017.02.11; Sub-minor code change; Maikuolan]: Improved future compatibility
with PHP >= 8 ("each" function has been identified as targetted for
deprecation as of PHP 7.2.0).
Refer wiki.php.net/rfc/deprecations_php_7_2
- [2017.02.12-13; Sub-minor code change; Maikuolan]: Some subtle refactoring.
- [2017.02.17; Bug-fix; Maikuolan]: Whitelisting IPs/CIDRs via IPv4/IPv6
signature files wasn't resulting in those IPs/CIDRs being whitelisted against
being blocked by module files; Fixed.
- [2017.02.17; Sub-minor code change; Maikuolan]: Slightly relaxed some of the
restrictions enforced for which filenames can be worked with via the
front-end. Added a "hotfix" to automatically detect and update the plugin
version cited in the plugins dashboard for when CIDRAM is running as a
WordPress plugin.
- [2017.02.19; Documentation; Maikuolan]: Front-end documentation added.
- [2017.02.20; NEW FEATURE; Maikuolan]: Added a new page to the front-end to
allow users to check and revoke bans via IP tracking.
- [2017.02.21; NEW FEATURE; Maikuolan]: Added the ability to attach webhooks to
signatures and signature sections.
- [2017.02.21; Bug-fix; Maikuolan]: Fixed a bug whereby extended expiry dates
for bans via IP tracking could be reduced to the default tracktime under some
circumstances.
- [2017.02.21; Sub-minor code change; Maikuolan]: Added a safeguard to the
DNS-Reverse-IPv4 closure to accommodate for allow_url_fopen or fsockopen
being disabled by the PHP configuration.
- [2017.02.24; Bug-fix; Maikuolan]: Fixed a bug whereby the front-end login
logger would sometimes overwrite instead of appending to the front-end logs.
- [2017.02.28; Sub-minor code change; Maikuolan]: Small additional safeguard
added to the hostname lookup closure function.
Caleb M / Maikuolan,
28th February 2017.
=== Version/Release 0.7.0 ===
MINOR RELEASE.
- [2016.12.15; Bug-fix; Maikuolan]: Files containing underscores weren't
deleting when uninstalling components; Fixed.
- [2016.12.20; NEW FEATURE; Maikuolan]: Added support for simple CSV signature
files (integrated directly into the already existing functionality for
processing signature files; CIDRAM should be able to automatically detect
whether a signature file uses the normal, default format, or CSV format).
Additionally, added support for using single IPs in signature files directly,
without the need for them to use complete CIDR notation (IPs that don't
include a range will be interpreted seamlessly as 32's for in the case of
IPv4 signature files and as 128's for in the case of IPv6 signature files).
- [2016.12.31; NEW FEATURE; Maikuolan]: Added support for optionally including
additional modules into CIDRAM to run after checking IPv4/IPv6 signatures.
- [2017.01.02; Minor code change; Maikuolan]: Added the ability to track and to
temporarily ban IP addresses blocked by modules.
- [2017.01.05; Bug-fix; Maikuolan]: Fixed a bug related to the dislay of
reCAPTCHA instances which could arise in some specific situations when some
specific configurations are used in combination with specially marked
sections.
- [2017.01.05; Minor code change; Maikuolan]: Added a new directive to control
the maximum number of infractions an IP is allowed to incur before it is
banned by IP tracking ("infraction_limit"). Improved the readability of the
front-end configuration page by including directive names alongside their
descriptions and formatting accordingly. Rewrote the "Direct" closure in the
loader (nothing was broken, changed functionality, and patching not required;
just changed due to that a code quality checking tool I sometimes use was
complaining about the way it was written before).
- [2017.01.10; Minor code change; Maikuolan]: Added several new directives:
"ban_override", which allows overriding the value for "forbid_on_block" when
requests from banned IPs are blocked, and allows skipping processing for the
template files when processing blocked requests from banned IPs;
"log_banned_ips", which allows specifying whether to include blocked requests
from banned IPs in the logfiles; and "track_mode", which allows specifying
whether to only track IPs blocked by modules, or to track IPs blocked for any
reasons (eg, via the standard signature files as well as via the modules).
- [2017.01.12; NEW FEATURE; Maikuolan]: Added the ability to distinguish
between bots masquerading as popular search engines (eg, Googlebot, Bingbot,
Yahoo! Slurp) and their real, legitimate counterparts. From herein, these
fake search engine bots will be blocked by default upon detection, whereas
their legitimate counterparts will have IP tracking disabled by default upon
detection, therefore rendering them unbannable. Added the ability to perform
timed DNS lookups, both forward and reverse, along with the ability to cache
the results of these lookups. Added a new directive: "default_dns".
- [2017.01.15; Bug-fixes; Maikuolan]: Bug found whereby false positives against
search engines could occasionally be generated as a result of failed and
incorrect DNS lookups (possible since the 2017.01.12 update); Code therefore
modified as such to prevent this from occurring; Timeout limit increased and
timed out lookups now result in no action being taken. Bug found whereby
logging banned IPs which had exceeded the infraction limit could result in no
log entry ID being parsed into log entries; Fixed.
- [2017.01.23; Sub-minor code change; Maikuolan]: "default_dns" can now be a
comma delimited list, allowing fallback servers to be used for DNS lookups.
- [2017.01.24; Signatures; Maikuolan]: Further split the signature files, to
keep signatures for cloud services, signatures for dangerous and spammy ISPs,
and other signatures separate from each other, and to further improve
modularisation.
- [2017.01.25; Sub-minor code change; Maikuolan]: Improved component ordering
mechanism for the updates page.
- [2017.01.26; NEW FEATURE; Maikuolan]: Added a CIDR calculator to the
front-end.
- [2017.01.27; Bug-fix; Maikuolan]: When used, "ban_override" would trigger any
time any block occurred, instead of only when the infraction limit had been
exceeded; Fixed.
- [2017.01.29; Bug-fix; Maikuolan]: Some versions of the DAT files used by the
front-end updater for updating various components, signature files, modules,
blocklists, etc, would sometimes glitch out and save several dozen duplicates
of the same component entries when newly released components were detected as
available for download, when those DAT files contained terminating markers at
unexpected points in the file, when they contained too many terminating
markers, and/or when they contained inappropriate formatting; Fixed.
- [2017.01.30; Documentation; Maikuolan]: Completed translation for the CIDRAM
README documentation into Japanese (fuzzy). This totals 13 different language
versions of the README documentation now available.
- [2017.01.31; Minor code change; Maikuolan]: Added a new directive to control
whether the protections normally provided by CIDRAM are applied to the
front-end ("protect_frontend"). Possibly useful in cases where users may be
at risk of blocking themselves due to experimenting with new signatures, new
modules, etc.
Caleb M / Maikuolan,
1st February 2017.
=== Version/Release 0.6.1 ===
PATCH RELEASE.
- [2016.11.29; Bug-fix; Maikuolan]: Some notices occasionally generated to the
error logs by undefined indexes when accessing the updater; Fixed.
- [2016.12.02; Sub-minor code change; Maikuolan]: Added some polyfills to
extend compatibility with CIDRAM to PHP 5.4.x (the newly introduced front-end
feature for CIDRAM makes use of the password_hash and password_verify
functions, of which are only available natively to PHP versions 5.5.0 and
above).
- [2016.12.03; Sub-minor code change; Maikuolan]: Improved mechanism for making
determinations between requests via direct access and requests via hooks.
- [2016.12.05; Bug-fixes; Maikuolan]: Bug found whereby incorrect filenames
would sometimes be reported by the updater for the optional country-wide
blocklists; Fixed. Bug found whereby the active/inactive status for signature
files would sometimes be incorrectly reported by the updater; Fixed.
- [2016.12.06; Bug-fixes; Maikuolan]: Bug found whereby the install option
would sometimes not be displayed for some components; Fixed. Bug found
whereby cells would sometimes be incorrectly rendered for newly discovered
components; Fixed.
- [2016.12.08; Sub-minor code change; Maikuolan]: Improved mechanism for
accessing logfiles via the front-end.
- [2016.12.11; Sub-minor code change; Maikuolan]: Removed "matchElement" (never
used; redundant; better to use "in_array" instead anyway). Improved some of
the docBlock comments. Did some subtle refactoring. Slightly tweaked some of
the front-end aesthetics.
- [2016.12.12; Documentation; Maikuolan]: Completed translation for the CIDRAM
README documentation into German (fuzzy and quite likely erroneous, though).
This totals 12 different language versions of the README documentation now
available.
Caleb M / Maikuolan,
12th December 2016.
=== Version/Release 0.6.0 ===
MINOR RELEASE.
- [2016.10.18; Minor code change; Maikuolan]: Created a "configuration handler"
file so as to move everything away from the loader (this'll be important for
being able to self-update in the future). Slightly improved the YAML closure.
Fallbacks no longer hardcoded with PHP at the time of loading the
configuration file; Fallbacks now determined via a separate configuration
defaults file written using YAML.
- [2016.11.03; Signatures; Maikuolan]: Split signature files, to keep the bogon
signatures to their own separate signature files (this may help to improve
performance for any users that don't want to block bogons).
- [2016.11.05; Documentation; Maikuolan]: Completed translation for the CIDRAM
README documentation into Russian (fuzzy and quite likely erroneous, though).
This totals 11 different language versions of the README documentation now
available.
- [2016.11.28; NEW FEATURE; Maikuolan]: Finished building the CIDRAM front-end!
Using the CIDRAM front-end, you can update CIDRAM directly from your browser,
install and update components and custom signature files, including the
optional country-wide blocklists provided by MacMathan, language packs and
more; You can modify core CIDRAM files, upload new files to your vault, view
and download logfiles, and via the accounts page, selectively grant access to
others either to administrate CIDRAM on your behalf, or to a more limited
degree, to access the CIDRAM logfiles directly from the browser; You can test
batches of IP addresses directly from your browser, to confirm whether
they're blocked by whichever signature files you have installed at any given
time; And you can update the CIDRAM configuration directly from your browser,
too. Front-end access is disabled by default for security reasons, but you
can enable it via the relevant newly created configuration directives
pertaining to it.
Caleb M / Maikuolan,
28th November 2016.
=== Version/Release 0.5.1 ===
PATCH RELEASE.
No notable changes to the CIDRAM codebase have been made since the previously
released version. This patch release exists due to numerous significant changes
that've been made to the signature files of CIDRAM since the previously
released version. Updating the working code of CIDRAM from the previously
released version to this version release is not necessary, but updating all
signature files is strongly recommended.
In addition, it is strongly recommended for users updating to this release from
the previous release, to carefully review the changes made to the "ignore.dat"
file prior to doing so; There are some new instructions included in the
"ignore.dat" as of this release which correspond mostly to some new signature
sections introduced into the signature files as of this release, which may or
may not be desired by users, depending on the needs of and the demographics
targeted by the user (updating the signature files, and/or updating to this
release from the previous release, without first reviewing the changes made to
the "ignore.dat" file, may potentially risk an increase in the number of false
positives encountered by the user).
Caleb M / Maikuolan,
1st October 2016.
=== Version/Release 0.5.0 ===
MINOR RELEASE.
- [2016.08.11; Sub-minor code change; Maikuolan]: Revisited the changes made as
of the previous versioned release (0.4.1) regarding the slightly improved RTL
text support (there were some rendering problems for some languages caused by
the approach taken; this has been corrected).
- [2016.08.11; Non-core change (Wordpress plugin); Maikuolan]: Added code to
ensure that CIDRAM will be loaded before any other plugins in order to help
avoid conflicts associated with caching plugins and other caching systems
which could sometimes prevent requests from being blocked.
- [2016.08.14; NEW FEATURE; Maikuolan]: Added reCAPTCHA support to CIDRAM! It's
now (optionally) possible to allow users to bypass the normal "Access Denied"
page by submitting a reCAPTCHA form. This should help mitigate some of the
risks associated with blocking any CIDRs that may potentially carry human
users/traffic. Due to some of the functionality required by this feature, the
minimum version of PHP required in order to execute CIDRAM has been raised
from "5.3.0" to "5.5.0" (that said though, "5.5.0" itself reached official
"End of Life" status 24 days ago, so it would extremely advisable for users
to not be using any versions of PHP older than that version anyhow).
Additionally, this feature has resulted in the creation of some new
configuration directives and some new files added to the vault (but the
changes are entirely backwards-compatible).
- [2016.08.17; Minor code change; Maikuolan]: Improved SoC for the reCAPTCHA
feature (split into its own file and improved modularisation); Added code to
allow certain specific HTML tags within the block information (requested by
some users; these would've previously been broken by the anti-XSS
sanitisation); Added some additional configuration options for the reCAPTCHA
feature.
- [2016.08.18; Sub-minor code change; Maikuolan]: Adjusted auto-typecasting
closure (change required to accommodate some of the newer configuration
directives); Salts made to be optional; Some subtle refactoring; Added
support for user-free bypasses.
Caleb M / Maikuolan,
24th August 2016.
=== Version/Release 0.4.1 ===
PATCH RELEASE.
- [2016.08.03; Sub-minor code change; Maikuolan]: Added internal language
support for Korean (15 language options now supported in total, not including
CLI-mode support; Done with machine assistance, I'm not fluent, and it hasn't
yet been audited, so, the new translation should be regarded as fuzzy).
- [2016.08.06; Sub-minor code change; Maikuolan]: Slightly improved RTL text
support; Adjusted the template file to compensate for display problems
associated LTR/RTL mixed content.
- [2016.08.06; Documentation; Maikuolan]: More work done on the documentation
translations; Slightly closer to completing the translations for all targeted
languages.
- [2016.08.06; Non-core change (Wordpress plugin); Maikuolan]: Opted to remove
action hook call and instead load everything immediately, as to avoid
conflicts associated with caching plugins and other caching systems which
could sometimes prevent requests from being blocked.
- [2016.08.07; Sub-minor code change; Maikuolan]: Slightly improved/optimised
the template file.
Caleb M / Maikuolan,
7th August 2016.
=== Version/Release 0.4.0 ===
MINOR RELEASE.
- [2016.07.22; Sub-minor code change; Maikuolan]: Added code to perform some
simple sanitisation to the block information; This should help to prevent
some obscure types of XSS attacks.
- [2016.07.23; Minor code change; Maikuolan]: Added internal language support
for Japanese (14 language options now supported in total, not including
CLI-mode support; I'm not fluent and it hasn't yet been audited, so, the new
translation should be regarded as fuzzy). Added a new function: "Greylist";
This can be used in the same way that whitelisting is used, but for escaping
a CIDR from a single file, rather than from all files. Slightly improved the
signature validator/fixer (can now detect broken/invalid ranges).
- [2016.07.26; NEW FEATURE; Maikuolan]: Added some basic support for YAML-like
data (note: not a true YAML implementation) to be read from signature files,
which can used to specify and modify the values of configuration directives
for separate signature sections.
Refer github.com/CIDRAM/CIDRAM/issues/6
- [2016.07.30; Bug-fix; Maikuolan]: Fixed a bug whereby some configuration
directives (in particular, "forbid_on_block") would sometimes be incorrectly
typecasted, resulting in unexpected behaviour contrary to the documentation.
Caleb M / Maikuolan,
31st July 2016.
=== Version/Release 0.3.1 ===
PATCH RELEASE.
- [2016.06.18; Bug-fix; Maikuolan]: A bug was found by joe38 whereby some of
the provider-specific bypasses included in the default CIDRAM signatures
would trigger an error instead of the expected CIDRAM Access Denied message,
and additionally, some bypasses weren't written with the considerations
appropriate to the execution context required from which they were executing;
Fixed.
- [2016.07.04; Documentation; Maikuolan]: Completed translation for the CIDRAM
README documentation into Vietnamese. This totals 10 different language
versions of the README documentation now available.
Caleb M / Maikuolan,
9th July 2016.
=== Version/Release 0.3.0 ===
MINOR RELEASE.
- [2016.04.25; Minor code change; Maikuolan]: Signature files can now be
specified via the configuration file (and so, modifying core script files in
order to add additional custom signature files is no longer required).
- [2016.04.27; Sub-minor code change; Maikuolan]: An additional custom rules
file added for additional bypasses.
- [2016.05.12; Sub-minor code change; Maikuolan]: Added internal language
support for Vietnamese (now supported: English, Spanish, French, Indonesian,
Italian, Dutch, Portuguese, Vietnamese, Chinese [simplified and
traditional]; 10 language options now supported in total).
- [2016.05.13; Sub-minor code change; Maikuolan]: Added internal language
support for German (11 language options now supported in total).
- [2016.05.13; Sub-minor code change; Maikuolan/m7mdtiger]: Added internal
language support for Arabic (12 language options now supported in total).
- [2016.05.26; Minor code change; Maikuolan]: Added a new i18n shorthand value
for "Deny": "Proxy" (for blocking private and anonymous proxies).
- [2016.05.27; Minor code change; Maikuolan]: Added the ability to use dated
logfiles! Now, some simple variables ({dd}, {mm}, {yyyy}/{yy}, {hh}) can be
included when specifying the names to use for logfiles in order to organise
logfiles by date/time. Added a new directive ("timeOffset") to account for
the possibility of discrepancies between servers and the local time of those
using CIDRAM.
- [2016.06.13; Minor code change; Maikuolan]: Added the ability to ignore
signature sections by identifying their section tags to an ignore file.
Refactored a number of closures to reduce code duplication and to improve the
their process logic; Some old closures renamed and split into multiple new
closures. Added internal language support for Russian (13 language options
now supported in total, not including CLI-mode support).
Caleb M / Maikuolan,
14th June 2016.
=== Version/Release 0.2.0 ===
MINOR RELEASE.
- [2016.03.15; Signatures; Maikuolan]: Added Microsoft Azure CIDRs to the IPv4
signatures file; Updating several sections; Changed the "example" CIDRs in
the IPv4 custom signatures file to reduce ambiguity (because the previous
examples used CIDRs that wouldn't normally be triggered; fixed).
- [2016.03.17; Signatures; Maikuolan]: Removed all references to HostExploit
and SiteVet from CIDRAM. These two services appear to have not been updated
in over a year and a half, and emails I've sent to them to ask whether their
services are actively maintained and/or up-to-date seem to have been ignored,
as I've not received any replies from them for any of the emails I'd sent. I
don't think we should rely on outdated information. I've opted, instead, to
include references to and information about the Google Malware Dashboard,
which appears to be being updated on a daily basis, have a greater depth of
information available and appears to be more reliable, so far. I've already
added some new sections for new ASNs to block based upon the information they
have available, and may possibly remove and/or modify some old sections in
the future based on the information they have available.
- [2016.03.18; Minor code change; Maikuolan]: Renamed all "INC" files to "PHP"
files and changed all references to them accordingly.
Refer github.com/CIDRAM/CIDRAM/issues/3
- [2016.03.19; Sub-minor code change; Maikuolan]: Changed the default value of
the "block_bogons" directive from true to false. Added a new directive,
"disable_cli", to optionally disable the CLI mode implementation for CIDRAM.
Added a fallback to help deal with situations where multiple IP address
server variables may be in use.
- [2016.03.21; Bug-fix; Maikuolan]: Improved the way in which we can detect
whether we're in CLI-mode (there was a problem previously whereby cronjobs
could sometimes be blocked in certain circumstances, and this shouldn't
happen normally, thus qualifying this problem as a bug; this improvement
corrects this problem).
Refer github.com/CIDRAM/CIDRAM/issues/4
- [2016.03.25; Sub-minor code change; Maikuolan]: Removed references to the
"package" tag from all phpDoc page blocks in the package (we don't need
these, because we already have README documentation and don't use api-docs).
Refer github.com/phpMussel/phpMussel/issues/85
- [2016.03.27; Minor code change; Maikuolan]: Added a "Why Blocked" field for
the "Access Denied" page and for logging, to act as a debug mechanism to help
track line/offset/section values for triggered signatures. Added code to
allow CIDRAM to handle Windows-style linebreaks within the signature files,
as so that it can now correctly interpret more than just Unix-style
linebreaks.
Refer github.com/CIDRAM/CIDRAM/issues/3
- [2016.03.28; Minor code change; Maikuolan]: Added support for section tags!
It's now possible to uniquely identify specific signature sections from the
signature files by tagging sections with a section tag; These section tags
will be included in the logfiles whenever any of the signatures from the
tagged sections are triggered and will appear alongside debug information
for the user whenever they're blocked.
Refer github.com/CIDRAM/CIDRAM/issues/3
- [2016.03.31; Signatures; Maikuolan]: Renamed "ipv4_custom.dat" to
"ipv4_custom.dat.RenameMe" and renamed "ipv6_custom.dat" to
"ipv6_custom.dat.RenameMe". The reason for appending ".RenameMe" onto the end
of the names of the custom signature files is to prevent accidentally
overwriting these files whenever someone updates CIDRAM blindly (such as via
a dependency manager, installer or auto-updater; The custom signature files
should be renamed back to their original former names by the user to activate
them). Shell-style hashing implemented to all signature files for all
comments and for all non-signature and non-syntactical entries; This won't
be enforced onto users, but is recommended to improve readability for IDEs
and text editors. Added some information from Spamhaus to help users gage the
merit of blocking or not blocking some particular ASNs. Numerous new
signature sections added to both the IPv4 and IPv6 signature files.
Refer github.com/CIDRAM/CIDRAM/issues/3
- [2016.04.01; Minor code change; Maikuolan]: Renamed "config.ini" to
"config.ini.RenameMe". The reason here is the same as the reason for having
recently done the same thing to the custom signature files (to prevent
accidentally overwriting this file whenever someone updates CIDRAM blindly).
Additionally, the configuration file is now optional; The script has
fallbacks implemented for all configuration directives and no longer dies an
error to the user/client when the configuration file is unavailable. Added a
"Reconstructed URL" field for the "Access Denied" page and for logging, to
determine which resource was being requested at the time of a user/client
being blocked.
Refer github.com/CIDRAM/CIDRAM/issues/3
- [2016.04.02; Bug-fix; Maikuolan]: A bug was found by GaffNet whereby custom
whitelist signatures were ignored by the script as of the latest version of
the codebase due to the way that whitelist signatures were handled; This has
been fixed.
Refer github.com/CIDRAM/CIDRAM/issues/7
- [2016.04.03; Minor code change; Maikuolan]: Added support for Apache-style
logging and for serialised logging (this could help any users wanting to
integrate CIDRAM with packages such as fail2ban, which require Apache-style
logs), and two related new configuration directives. Extended the
"forbid_on_block" directive to allow 503 header responses. Added the ability
to silently redirect blocked access attempts instead of displaying the usual
"Access Denied" page. Did some more minor code refactoring.
Refer github.com/CIDRAM/CIDRAM/issues/3
- [2016.04.04; Minor code change; Maikuolan]: Added support for custom themes;
A new directive has been added to the configuration file allowing users to
stipulate a custom CSS file to apply to the HTML output template; This and
the new custom themes support for CIDRAM will work in the exact same way that
custom themes for phpMussel works. Implemented a validator/fixer for checking
and fixing signature files; Currently a work-in-progress and a BETA, but
seems to function correctly and as intended; Currently only available in CLI,
but will be available via other means after work has been completed.
Refer github.com/CIDRAM/CIDRAM/issues/9
- [2016.04.10; Minor code change; Maikuolan]: Added support for section expiry!
It's now possible to mark signature sections with an expiry date, to ensure
that any signatures they contain won't be triggered after a specified date.
This feature is optional; Unmarked signature sections won't expire.
- [2016.04.10; Signatures; Maikuolan]: Added numerous new signature sections to
the signature files, covering a number of different new ASNs. Added IPs from
ZeuS C&C tracker.
- [2016.04.12; Minor code change; Maikuolan]: Split the language data files
into two dinstinct files per each language; Standard language data and CLI
language data.
- [2016.04.17; Minor code change; divinity76]: Stricter loading for the
configuration file (CIDRAM will now return an error if the configuration file
isn't readable).
Caleb M / Maikuolan,
18th April 2016.
=== Version/Release 0.1.2 ===
PATCH RELEASE.
- [2016.03.11; Sub-minor code change; Maikuolan]: When converting all functions
to closures (anonymous functions) for the previous release, I missed the
"matchElement" function. I'd thought I'd got them all, but I'd missed this
one (this function wasn't yet being used anywhere anyhow, so, missing it
wouldn't have been particularly problematic, anyhow); In any case, this has
now been corrected.
- [2016.03.13; Documentation; Maikuolan]: Completed translation for the CIDRAM
README documentation into Chinese. This totals 9 different language versions
of the README documentation now available.
- [2016.03.14; Bug-fix; Maikuolan]: A bug was found within the IPv6Test closure
function (used for calculating IPv6 CIDRs), caused by some excess spaces in
the code that existed where they shouldn't have existed; Fixed.
Refer github.com/CIDRAM/CIDRAM/issues/2
Caleb M / Maikuolan,
14th March 2016.
=== Version/Release 0.1.1 ===
PATCH RELEASE.
- [2016.03.03-2016.03.06; Documentation; Maikuolan]: Completed translations for
the CIDRAM README documentation (written originally in English) into Spanish,
French, Indonesian, Italian, Portuguese and Dutch (none of these translations
have been checked/audited by a native/fluent speaker yet, but they should be
at least accurate enough to be understood). This totals 7 different language
versions of the README documentation now available.
- [2016.03.07; Sub-minor code change; Maikuolan]: Converted all functions to
closures (anonymous functions), in order to be able to unset them from memory
after the script execution has finished (we shouldn't leave unrequired data
in the memory after execution has finished). Changed the blocksize for reading
files with the "ReadFile" function from 48KB to 128KB (we can afford this,
and this should *slightly* increase the speed of the script).
Caleb M / Maikuolan,
7th March 2016.
=== Version/Release 0.1.0 ===
MINOR RELEASE (FIRST BETA).
- [2015.12.12; Documentation; Maikuolan]: Added a changelog; Added READMEs.
Caleb M / Maikuolan,
27th February 2016.
Versions < 0.1.0 are ALPHAs.
|