PHP Classes

File: Changelog.txt

Recommend this page to a friend!
  Classes of Caleb   CIDRAM   Changelog.txt   Download  
File: Changelog.txt
Role: Documentation
Content type: text/plain
Description: Documentation
Class: CIDRAM
Check if an IP address is a bad source of traffic
Author: By
Last change: Add an error handler event.

Changelog excerpt:

- Added an error handler event to be able to catch and report errors more
effectively.
Add an events orchestrator and refactor.
Bug-fix.

Invalid argument warning at the front-end updates page.
L10N patch.

- This commit adds *partial* internal language support for Latvian, Polish,
and Tamil (thank you to naveen17797 for the Tamil translations). Will
sync it all up with the other translations when there's time.
- Some minor miscellaneous refactoring/improvement of other L10N data.
Date: 5 years ago
Size: 79,761 bytes
 

Contents

Class file image Download
CIDRAM (Classless Inter-Domain Routing Access Manager) Changelog. === VERSION RELEASE GUIDELINES === CIDRAM adopts and adheres to SemVer (Semantic Versioning). For more information about SemVer, please refer to: - https://semver.org/ Detailed version release guidelines for CIDRAM can be found at: - https://github.com/CIDRAM/CIDRAM/blob/v2/CONTRIBUTING.md#cidram-version-release-guidelines === Changes made since last versioned release === - [2019.09.04; Maikuolan]: Added *partial* internal language support for Latvian, Polish, and Tamil (thank you to naveen17797 for the Tamil translations). Will sync it all up with the other translations when there's time. - [2019.09.06; Bug-fix; Maikuolan]: Found a way to trigger an invalid argument warning at the front-end updates page in some contexts; Fixed. - [2019.09.17; Maikuolan]: Added an events orchestrator and refactored. - [2019.09.18; Maikuolan]: Added an error handler event to be able to catch and report errors more effectively. === Version/Release 2.1.0 === MINOR RELEASE. - [2019.08.13; Maikuolan]: Search engine and social media verification can now leverage the report orchestrator to report spoofing. - [2019.08.17; Maikuolan]: CIDRAM can now honour HTTP_ACCEPT_LANGUAGE values specified by the client for the Access Denied page, and a new configuration directive, "lang_override", has been added to enable/disable it. - [2019.08.23; Maikuolan]: Slightly refactored the front-end updates page, related closures and other related functionality, and added the ability to install/activate or to deactivate/uninstall with a single action (previously, these actions had to be done separately, as two actions). Added some new switches/filters. - [2019.08.24; Maikuolan]: Added last modified date/time to the file listings at the front-end file manager and fixed a possible issue with correct icon display for some not yet used file formats. Caleb M (Maikuolan), August 31, 2019. === Version/Release 2.0.1 === PATCH RELEASE. - [2019.06.07; Maikuolan]: The front-end IP test page is now capable of catching and reporting some basic types of errors caused by problematic auxiliary rules and modules. - [2019.06.17; Maikuolan]: Added the ability to optionally update only all signature files to the front-end updates page (as opposed to updating everything at once). - [2019.06.18-23; DanielRuf]: Added unit test suite (BDD testing and unit testing with Codeception and PHPUnit). Refer github.com/CIDRAM/CIDRAM/pull/130 - [2019.06.26; Maikuolan]: Improved the way that CIDRAM generates block event entry IDs (before they were incremental; now they're based on microtime and high resolution time). Refer github.com/CIDRAM/CIDRAM/issues/131 - [2019.06.27; Maikuolan]: Shifted responsibility for number formatting out from the front-end functions file, into its own, distinct class. - [2019.06.30; Maikuolan]: Added search engine verification support for Mojeek. - [2019.07.10; Maikuolan]: The front-end updates page now sets "verify" as the default option for components, to help reduce the risk that users select "uninstall" or "deactivate" by accident. - [2019.07.10; Maikuolan]: Slightly improved front-end pie chart colouring. - [2019.07.11; Maikuolan]: Added a configuration directive to control whether a cookie warning should be displayed alongside reCAPTCHA instances for when cookies are to be set ("show_cookie_warning"). Refer github.com/CIDRAM/CIDRAM/issues/133 - [2019.07.15; Maikuolan]: Added support for resolving Teredo and ISATAP addresses and did some minor refactoring for the output generator and a few of the closures in the front-end functions file. - [2019.07.15; Bug-fix; Maikuolan]: Search engine verification and social media verification were ignoring whitelist status for requests; Fixed. Refer github.com/CIDRAM/CIDRAM/issues/137 - [2019.07.15; Maikuolan]: Added a switch to the front-end IP test page to be able to optionally select whether to test against search engine and social media verification. - [2019.07.21; Maikuolan]: Added some buttons to the auxiliary rules page to be able to move rules to the top or the bottom of the list. - [2019.07.24-25; Maikuolan]: Performed various prepwork necessary in order to provide some of the functionality needed by some newly created optional modules. Modules and signature files can now provide their own configuration directives to CIDRAM. Added a report orchestrator to CIDRAM, allowing modules to optionally create and send reports based on the collective behaviour of all enabled signature files and modules as a whole. - [2019.07.26; Maikuolan]: Added condition to ensure that "delete" should never be the default option selected for files shown at the front-end file manager. Caleb M (Maikuolan), August 1, 2019. === Version/Release 2.0.0 === MAJOR RELEASE (BACKWARDS INCOMPATIBLE). - [2019.05.05-08; Maikuolan]: Slightly improved the log data sanitisation process and added a new configuration directive, "log_sanitisation", to allow users to modify the default log data sanitisation behaviour. - [2019.05.08; MAJOR CODE CHANGE; Maikuolan]: Removed CIDRAM's CLI-mode and all related assets, configuration options, L10N data, etc. Removed PHP 5.4 polyfills, thereby immediately upping the minimum PHP version requirement for the upcoming release. Updated the loader, upping the hardcoded minimum PHP version requirement to PHP 7.2, and removed some no longer needed code. Removed some extraneous .htaccess files (only really need our main .htaccess file in the base of the vault nowadays; the extra .htaccess files in some of the vault's subdirectories aren't necessary). Split the CIDRAM "component" into three distinct components; the "Core", the "Front-End", and the "Common Classes Package" (this should make future updates slightly more manageable). - [2019.05.10-11; Maikuolan]: Slightly refactored a handful of closures, fixed some PHPDoc typos, and added PHP7-style type hinting and return type declarations wherever applicable. Updated all common classes package classes to the latest compatible versions. - [2019.05.11; Bug-fix; Maikuolan]: Wrong default parameter types supplied to the Request closure by signature file webhook functionality, and to the DNS-Resolve closure by hostname lookup functionality (detected after adding type hinting); Fixed. - [2019.05.17; Bug-fix; Maikuolan]: Wrong type hints specified for some of the closures used by the front-end updates page (for activating, deactivating, etc); Fixed. Refer github.com/CIDRAM/CIDRAM/issues/112 Refer github.com/CIDRAM/CIDRAM/issues/113 - [2019.05.26; Maikuolan]: Renamed a number of configuration directives in order to better comply with the CIDRAM code style guidelines regarding the use of snake_case for configuration directives. Also performed some minor refactoring. - [2019.05.31; NEW FEATURE; Maikuolan]: Added the ability to automatically switch between different channels when requesting a remote resource (e.g., when the front-end updates page attempts to update something, or attempts to retrieve the latest available component metadata), for whenever such a request fails (e.g., due to server errors, the requested resource no longer existing at a particular location, etc), and added a new configuration directive, "disabled_channels", to optionally prevent CIDRAM from ever requesting resources from particular, specific channels. Caleb M (Maikuolan), June 1, 2019. === Version/Release 1.12.0 === MINOR RELEASE. - [2019.04.02-07; NEW FEATURE; Maikuolan]: Implemented a new, unified caching system to the package, optionally allowing package users to choose from a range of different caching mechanisms supported by the new caching system, currently consisting of APCu, Memcached, Redis, and PDO-based caching, alternatively deferring back to the package's existing flatfile caching mechanism when no other mechanisms are otherwise chosen. - [2019.04.09; Maikuolan]: Slightly adjusted the file reading part of the cache handler to account for some potential edge-case problems on some servers. - [2019.04.17; Maikuolan]: The front-end homepage now checks and displays whether various extensions that can be used by CIDRAM are installed and available (APCu, Memcached, Redis, PDO, PCRE, cURL, etc). - [2019.04.19; Maikuolan]: Slightly refactored the front-end updater and made some changes to the executor (needed for a smooth v2 transition). - [2019.04.21; Bug-fix; Maikuolan]: Found a small bug affecting RTL users that could potentially cause text to align incorrectly in some cases; Fixed. - [2019.04.21; NEW FEATURE; Maikuolan]: Rewrote and ported the signature validator/fixer to the front-end. - [2019.04.28; Maikuolan]: Implemented a new class, "Demojibakefier", to give CIDRAM the ability to detect whether data conforms to a specific character encoding. Caleb M (Maikuolan), April 30, 2019. === Version/Release 1.11.1 === PATCH RELEASE. - [2019.03.02; Bug-fix; Maikuolan]: The loader would sometimes fail to correctly distinguish between direct requests and indirect requests, an ability currently needed to be able to access the front-end; Fixed. - [2019.03.03; Maikuolan]: Added search engine verification support for Teoma Bot (Ask Jeeves). - [2019.03.06; Maikuolan]: Slightly improved the front-end updates page component verification feature. The distinction between failed integrity checks and failed sanity checks should be a little more obvious now. - [2019.03.26; Maikuolan]: Added an option to the IP aggregator to preserve tags and comments when aggregating, and updated common classes. - [2019.03.29; Maikuolan]: Redesigned the front-end cache data page. It should now be a little easier to navigate the page and to interpret its data. Caleb M (Maikuolan), March 31, 2019. === Version/Release 1.11.0 === MINOR RELEASE. - [2019.02.06; Maikuolan]: Completely overhauled the way that L10N data is processed and handled. A new class has been written to handle all L10N data, and L10N data is now processed and handled in an entirely object-oriented way. L10N data isn't stored as PHP files anymore, to be required into the package. Instead, L10N data is now stored entirely as YAML files. Using YAML instead of PHP should theoretically be a little safer in certain, edge-case scenarios, and should be much easier to work with for when introducing new translations into the package in the future (i.e., for translators which aren't familiar or aren't comfortable working with PHP). This overhaul also serves as a small stepping stone towards a future, more object-oriented major version release. - [2019.02.07; Maikuolan]: Added suggested values for ipaddr as selectable options to the front-end configuration page. - [2019.02.14; Bug-fix; Maikuolan]: A mechanism on the front-end updates page to ensure that interdependent components updated simultaneously sometimes wouldn't trigger properly; Fixed. - [2019.02.14; Maikuolan]: Added search engine verification support for SeznamBot and removed various signatures from modules and signature file that could've potentially blocked it outright. - [2019.02.25; Maikuolan]: Reorganised the "some useful links" list on the front-end homepage a little (should look a little nicer now). Caleb M (Maikuolan), March 1, 2019. === Version/Release 1.10.0 === MINOR RELEASE. - [2019.01.09; Maikuolan]: The IP aggregator now sorts its input differently, as such that IPv4 and IPv6 output isn't thoroughly mixed together anymore. The IP aggregator now supports netmasks, both as input and as output. - [2019.01.17; Maikuolan]: Added the ability to disable logging for specific requests as a possible option to auxiliary rules. - [2019.01.19; Maikuolan]: Updated the minimum safe PHP version fallback information. Slightly refactored. - [2019.01.25; Maikuolan]: The YAML handler has been migrated away from the main functions file and into its own, dedicated class file (this class file will also be released as part of a separate package in the near future). Improved the UI for the front-end updates page verification feature. - [2019.01.29; Bug-fix; Maikuolan]: For some configuration directives where predefined multiple choices are available, the front-end configuration page was ignoring custom defined values; Fixed. Caleb M (Maikuolan), January 30, 2019. === Version/Release 1.9.0 === MINOR RELEASE. - [2018.11.04; Documentation; Maikuolan]: Added some missing information to the Composer installation instructions. - [2018.12.10; NEW FEATURE; Maikuolan]: Added support for rate limiting to CIDRAM. This feature was added due to significant user interest, but isn't a feature I'd readily recommend using (please refer to the documentation). Refer github.com/CIDRAM/CIDRAM/issues/78 - [2018.12.19; Sub-minor code change; Maikuolan]: Split apart the YAML handler a little more (doesn't change anything functionally, but should help to slightly reduce complaints sometimes made by certain code quality checkers and such). It's also less messy now to use an integer value of zero as a key. - [2019.01.05; Sub-minor code change; Maikuolan]: Changed the default value of "pseudonymise_ip_addresses" from "false" to "true" in order to strengthen GDPR compliance. - [2019.01.06; Sub-minor code change; Maikuolan]: Added the ability to check IPs in IP tracking against auxiliary rules. - [2019.01.07; Sub-minor code change; Maikuolan]: Improved the front-end file manager, making items in the components list clickable, to display further relevant information. Caleb M (Maikuolan), January 8, 2019. === Version/Release 1.8.0 === MINOR RELEASE. - [2018.08.08; Maikuolan]: Performed some early legwork for future email functionality and future two-factor authentication functionality (neither things are prime-time ready yet though). A handful of new configuration directives have been added (currently marked as experimental/unstable) which won't do anything yet, but which are related to this future functionality. - [2018.08.09; Sub-minor code change; Maikuolan]: Slightly improved front-end logging. - [2018.08.10; Bug-fixes; Maikuolan]: Fixed a missing L10N string. Fixed a weakness in the fallback for fetching the IP address of inbound requests. - [2018.08.10; NEW FEATURE; Maikuolan]: Added support for deference tags (these will allow users to defer specific signature sections when specific signature files are installed; more information available in the documentation). - [2018.08.11-12; NEW FEATURE; Maikuolan]: Added support for two-factor authentication by email for when logging into the front-end! It is strongly recommended that all users using the front-end should use this new feature for improved front-end security (documentation explaining how to use this properly will be available in the near future). - [2018.08.26; NEW FEATURE; Maikuolan]: Added a configuration directive which allows users to specify via the configuration whether to include or omit empty fields from logging and output display. - [2018.08.27; Minor code change; Maikuolan]: Repurposed the front-end sections list page as a means for users to ignore or unignore sections with a single click via the front-end. - [2018.09.12; Sub-minor code change; Maikuolan]: Replaced some real typecasts with float due to the anticipated deprecation of the real type for PHP 7.4. - [2018.09.19; Sub-minor code change; Maikuolan]: Added a new safety mechanism for when dealing with the front-end database or CIDRAM cache file. - [2018.09.21; Bug-fix; Maikuolan]: Webfont cleanup procedure removed wrong part from template files when webfonts not clearly marked; Fixed. - [2018.09.22; Sub-minor code change; Maikuolan]: Slightly refactored all the HTML template files, slightly reducing indenting and improving readability. - [2018.09.23; Sub-minor code change; Maikuolan]: Removed capitalisation from front-end username display (doesn't always play nice with non-ANSI data). - [2018.09.22-25; NEW FEATURE; Maikuolan]: A new subsystem, "Auxiliary Rules", has been implemented into CIDRAM, which allows users to easily create new rules via the front-end to block, bypass, greylist, and whitelist requests on the basis of arbitrary data pertinent to the request (IP address, user agent, referrer, etc). Auxiliary rules execute after all signature files and modules have already finished executing, don't require any configuration, and utilise a simple, human-readable YAML structure (1.8.0-DEV+18267804). Refer github.com/CIDRAM/CIDRAM/issues/79 - [2018.09.26; Sub-minor code change; Maikuolan]: Front-end L10N slightly refactored (1.8.0-DEV+18268592). Caleb M (Maikuolan), October 6, 2018. === Version/Release 1.7.0 === MINOR RELEASE. - [2018.06.02; Sub-minor code change; Maikuolan]: Added some additional safety and sanity checks to the updater. Improved the display order of logfiles listed on the logs page. - [2018.06.06; Sub-minor code change; Maikuolan]: Updated the front-end homepage to include some links to repository backup locations. - [2018.06.07; Bug-fix; Maikuolan]: Fixed a possible "undefined index" error that could occur when updating CIDRAM via Cronable. - [2018.06.08; Bug-fix; Maikuolan]: Discovered an aesthetic bug whereby the logs page would stretch sometimes because of non-breaking log entries; Fixed. Refer github.com/CIDRAM/CIDRAM/issues/71 - [2018.06.09; Sub-minor code change; Maikuolan]: Slight refactor to allow for a slightly greater range of options for HTTP status codes and messages to send with blocked requests. "forbid_on_block" also now only accepts integers; boolean (true/false) values won't be accepted anymore (technically this may pose a backwards-compatibility problem for some pre-v1 installations, but as pre-v1 installations aren't on the same major version as the current latest version anyhow, this shouldn't necessitate bumping our major version number). - [2018.06.10; Sub-minor code change; Maikuolan]: Added the ability to generate hash tables to the front-end updates page (useful mostly for when verifying the integrity of components or for when preparing for future updates). - [2018.06.13; Sub-minor code change; Maikuolan]: Refactoring again. - [2018.06.24; Signatures; Maikuolan]: Fixed some false positives via the default signature bypasses. - [2018.06.24-27; Documentation; Maikuolan]: Added an entry to the FAQ regarding protection against DDoS attacks. - [2018.06.28; Bug-fix; Maikuolan]: Found a small typo in one of the JavaScript functions on the front-end accounts page; Fixed. - [2018.07.01; Sub-minor code change; Maikuolan]: It's now possible for users to specify their own sort order for when the updater activates or deactivates signature files and modules. - [2018.07.04; NEW FEATURE; Maikuolan]: Added new a configuration directive, "social_media_verification". When enabled, and when possible, CIDRAM will attempt to verify requests from social media platforms, and will block any requests that it identifies as attempts to ghost/masquerade as those platforms. This is effectively the same thing as the already existing search engine verification feature, except that it instead focuses on social media platforms, thus allowing the already existing search engine verification feature to maintain its existing focus. - [2018.07.04; Sub-minor code change; Maikuolan]: Added a new bypass for Embed.ly requests. - [2018.07.10; Sub-minor code change; Maikuolan]: Integrated Pinterest verification to the CIDRAM core (the Pinterest verifier module is thus hereby deprecated, but will continue to function normally). Split the security extras module into two distinct modules (user agents associated with bots and nefarious activity, and then everything else). L10N data and etc updated accordingly. Added Grapeshot verification. - [2018.07.14; Minor code change; Maikuolan]: Split some of the hardcoded data for search engine and social media verification out from the main functions file (functions.php) and into its own file (verification.yaml). This improves extensibility by eliminating the need to mess with the main functions file in the future event that we want to add support for other platforms to be verified at some point. - [2018.07.23; Maikuolan]: Misc. small corrections and improvements to search engine verification + a new bypass needed for DDG + some changed IPs. Caleb M (Maikuolan), July 28, 2018. === Version/Release 1.6.0 === MINOR RELEASE. - [2018.05.07-09; NEW FEATURE; Maikuolan]: Added log rotation to CIDRAM. With log rotation, it's possible to specify a maximum number of logfiles that should exist in the vault, and optionally delete or archive them when that limit is exceeded. - [2018.05.09; Bug-fix; Maikuolan]: Attempting to log into the front-end via ports other than port 80 would fail due to the way that cookies were being set; Fixed. - [2018.05.10; Bug-fix; Maikuolan]: Log rotation not properly implemented to the reCAPTCHA module; Fixed. - [2018.05.14; Sub-minor code change; Maikuolan]: Logs page can now access GZ-compressed logfiles. - [2018.05.16; Sub-minor code change; Maikuolan]: Changed the default value of the "disable_webfonts" directive from "false" to "true" (meaning they should now be disabled by default). Removed support for "double banning" (this was something used only by some very specific, custom modules anyway, none which are still supported anymore, and none of the standard features or functions included in the package used it). Slightly refactored the expressions used for expanding IP addresses. - [2018.05.16; NEW FEATURES; Maikuolan]: Added support for pseudonymising IP addresses when logging. Added the ability to include a privacy policy link in the footer of the Access Denied page. - [2018.05.17; NEW FEATURES; Maikuolan]: Added support for omitting IP addresses, hostnames, and/or user agents from logs. - [2018.05.18; Minor code change; Maikuolan]: Refactored most of the procedures for the front-end updates page, splitting some large closures and slightly reducing filesize footprint. Added some new internal executor abilities for components metadata to the front-end updates page, allowing for theoretical smoother transitions when update channels change. Added an executor instruction to update the components metadata to reflect a recent change to the optional blocklists update channel. - [2018.05.19; Sub-minor code change; Maikuolan]: "Some useful links" list slightly modified. Added some basic confirmation prompts to some of the "clear all" buttons on some front-end pages (may expand this in the future). - [2018.05.20; Bug-fix; Maikuolan]: Bug found by mikeruss1 whereby infraction counts could silently escalate without any Access Denied page being produced if module signatures are subsequently triggered after a reCAPTCHA instance is successfully passed; Fixed. - [2018.05.22; Bug-fix; Maikuolan]: Bug found by soumsps whereby reCAPTCHA logs weren't pseudonymising IPs correctly; Fixed. - [2018.05.24; Documentation; Maikuolan]: Added a "legal information" section to the documentation to address the collection and processing of PII, and how it relates to users, third parties, logging, etc, including some basic information about GDPR/DSGVO and some related links for further information. Refer github.com/CIDRAM/CIDRAM/issues/66 - [Supported Versions] Because this release contains changes which may improve the legal compliancy of the package for some users, all previous versions of the package are hereby marked EoL/unsupported on the "compatibility charts". Refer maikuolan.github.io/Compatibility-Charts/ Caleb M (Maikuolan), May 25, 2018. === Version/Release 1.5.1 === PATCH RELEASE. - [2018.04.18; Sub-minor code change; Maikuolan]: Slightly refactored L10N data and adjusted how the updates page pulls L10N data, and "used with" hints can now be declared independently of "extended description" for the updates page. - [2018.04.30; Signatures; Maikuolan]: Updated the default ignore.dat file. - [2018.05.01; Sub-minor code change; Maikuolan]: Added a new shorthand entry, "Legal". Fixed some small L10N mistakes and improved some wording. Slightly refactored the CheckFactors closure. Clarified in L10N+docs that the directives and signature files related to blocking proxies also blocks VPNs. - [2018.05.03; Sub-minor code change; Maikuolan]: Added the ability for links to be appended to the Access Denied page when specific CIDR signatures are triggered (typically invoked via YAML appended to the signature sections). - [2018.05.04; Sub-minor code change; Maikuolan]: Added a new shorthand entry, "Malware" (currently just used by some IPs linked to ZeuS, but may expand in the future, maybe). Caleb M (Maikuolan), May 5, 2018. === Version/Release 1.5.0 === MINOR RELEASE. - [2018.03.03; Minor code change; Maikuolan]: Added a new front-end page, "Cache Data", enabling users to review the contents of their cache. - [2018.03.13; Signatures; Maikuolan]: BingBot search engine verification will no longer occur when Azure signatures are triggered (too many false positives and related problems had been occurring). - [2018.03.13; Sub-minor code change; Maikuolan]: Shifted the code responsible for search engine verification from the outgen generator to the functions file, and added support for search engine verification to the IP test page. - [2018.03.15; Minor code change; Maikuolan]: Added a new directive to enable users to toggle whether the package version should be included in logs and page output. - [2018.03.15; Bug-fix; Maikuolan]: Discovered some specific conditions that could cause an "undefined index" notice to occur; Fixed. - [2018.03.22; NEW FEATURE; Maikuolan]: Added a "Range Tables" page to the front-end (parses active signature files to generate basic statistical information about the CIDR/IP ranges that they cover). - [2018.03.25; Bug-fix; Maikuolan]: "VersionCompare" function gave incorrect results when comparing against certain, specific Ubuntu builds of PHP; Fixed. - [2018.03.31; Bug-fix; Maikuolan]: Slightly modified the "DNS-Reverse-Forward" closure in response to #50 ("More search engine verification woes"). - [2018.04.02; Documentation; Maikuolan]: Added an index to the FAQ. - [2018.04.05; Sub-minor code change; Maikuolan]: Added "client information" to the front-end homepage (currently just lists your IP address and user agent). - [2018.04.06; Sub-minor code change; Maikuolan]: Modified logging mechanisms as so that new directories will now be automatically generated when necessary when writing new log data. - [2018.04.08; Documentation; Maikuolan]: Added information to the FAQ about possible values for "default_dns". - [2018.04.10; Documentation; Maikuolan]: Added information to the FAQ about using CIDRAM with other technologies and about potential problems relating to CDNs and caching services. Caleb M (Maikuolan), Apr 10, 2018. === Version/Release 1.4.1 === PATCH RELEASE. - [2018.02.06; Maikuolan]: The support forum for the project hosted by Spambot Security has effectively become inoperable and defunct due to unmitigable circumstances concerning its server. Accordingly, the project support forum is hereby deprecated, and all references to the project support forum and to Spambot Security have been removed from the codebase and all documentation. The issues page for the project at GitHub remains as the uncontested primary support endpoint for the project. - [2018.02.14; Sub-minor code change; Maikuolan]: Some very subtle front-end UI improvements; Support for asynchronous requests added to some front-end pages. - [2018.02.15; Sub-minor code change; Maikuolan]: Component update/installation via Cronable should fail if unit tests fail; Added code for this accordingly. - [2018.02.20; Bug-fix; Maikuolan]: The closures for activating and deactivating components via the front-end updates page would fail if non-CRLF linebreaks were used by the configuration file (thanks to senky for reporting this bug); Fixed. Refer github.com/phpMussel/phpMussel/issues/151 - [2018.02.25; Documentation; Maikuolan]: Added a new section to the documentation, "KNOWN COMPATIBILITY PROBLEMS" (8). Refer github.com/CIDRAM/CIDRAM/issues/52 Caleb M (Maikuolan), Feb 26, 2018. === Version/Release 1.4.0 === MINOR RELEASE. - [2017.12.24; Sub-minor code change; Maikuolan]: Signature file extended run rule closures can now return exit codes to trigger greylist or whitelist mechanisms. Improved default signature bypasses so that CIDRAM can play more nicely with Bingbot (occasional false positives with requests originating from Azure ranges). Slightly improved logs filtering and search mechanism. - [2017.12.26; Sub-minor code change; Maikuolan]: Root check safeguard added to the "DNS-Reverse" closure. - [2017.12.27; Minor code change; Maikuolan]: Optional fallback added to "DNS-Reverse" closure for "gethostbyaddr" (can be toggled via a newly added configuration directive). - [2017.12.30; NEW FEATURE; Maikuolan]: Added flag support to the front-end logs page (it should now be possible to filter log entries on the basis of country flags, if any were indicated by the signatures triggered for them). - [2018.01.11; Sub-minor code change; Maikuolan]: Not technically a bug, but DNS lookups shouldn't be performed on localhost addresses due to the risk of false positives. Code modified accordingly. - [2018.01.14; NEW FEATURE; Maikuolan]: Added a "Sections List" page to the front-end (lists all the sections in the signature files and counts the total number of sections and signatures throughout all the signature files). - [2018.01.16; Bug-fix; Maikuolan]: Direct closure sometimes produced errors when running CIDRAM via Cron (e.g., via Cronable) due to SCRIPT_FILENAME sometimes not being defined in that context; Fixed via isset check. - [2018.01.18; Sub-minor code change; Maikuolan]: Performed some minor refactoring. Added checks for origin tags to the CLI signature file validator and fixer. Sections list now checks whether sections have been ignored. - [2018.01.20; Sub-minor code change; Maikuolan]: Slightly improved CLI-mode help information. Caleb M (Maikuolan), Jan 20, 2018. === Version/Release 1.3.0 === MINOR RELEASE. - [2017.10.30; Bug-fix; Maikuolan]: Cancelled or pending CI tests sometimes wouldn't display correctly on the updates page; Fixed. - [2017.11.07; Minor code change; Maikuolan]: Added a new directive, "force_hostname_lookup" (normally, hostname lookups occur on the basis of necessity; e.g., when a module requires hostname information to check against hostname-based signatures; this new directive allows users to force hostname lookups to occur for all requests). Removed hardcoded references to fields from the main template files in favour of having fields generated entirely by the output generator (thus enabling greater control over which fields are generated and displayed for any given instance). Empty fields are now omitted from block events (Access Denied page, logfiles, etc). reCAPTCHA fields are now omitted if reCAPTCHA is entirely disabled. A hostname field is now included in the fields if it isn't empty for any given instance (Access Denied page, logfiles, etc). Added the ability to resolve 6to4 IPv6 addresses to their IPv4 counterparts, and automatically check these resolved addresses against the signature files, alongside the original unresolved IP addresses; This should help to abate the risk of clients attempting to connect through 6to4 as a means to avoid being blocked by IPv4 signatures (technically this shouldn't be possible to do when a network is configured correctly anyhow, but I've recently encountered a few requests that appeared as if they may be such attempts; requests on networks that should only support IPv4, but seemed to occasionally allow requests from non-blocked 6to4 addresses that resolved back to blocked IPv4 addresses). - [2017.11.15; Bug-fix; Maikuolan]: Run commands in signature files encountered consequent to resolving 6to4 addresses were being ignored in some cases (such as in the case of the default signature bypass files); Fixed. - [2017.11.20; Bug-fix; Maikuolan]: The IP test page wasn't checking IPs against modules (it was only checking against signature files); Added an option to the IP test page to allow users to check IPs against either just the signature files, or against both the signature files and modules, fixing the problem (thanks to Dibbyo456 for reporting this bug). Refer github.com/CIDRAM/CIDRAM/issues/43 - [2017.11.23; Bug-fix; Maikuolan]: Bug found by Dibbyo456 whereby the failsafe for ipaddr values correponding to non-existent variables would sometimes prevent modification of ipaddr value via the front-end configuration page, and would cause the default value to always be displayed, instead of the correctly assigned value; Fixed. Refer github.com/CIDRAM/CIDRAM/issues/44 - [2017.11.24; Sub-minor code change; Maikuolan]: Refactored the code for the reCAPTCHA module and slightly improved its UI. - [2017.12.01; Minor code change; Maikuolan]: Added a new directive, "signature_limit", allowing users to specify via configuration the maximum number of signatures allowed to be triggered when a reCAPTCHA instance is to be offered. Previously, this value was hardcoded to 1 (which remains the default value for this new directive). Refer github.com/CIDRAM/CIDRAM/issues/45 - [2017.12.01; Bug-fix; Maikuolan]: PHP version warnings on the front-end homepage weren't always displaying correctly; Fixed. - [2017.12.03; Documentation; Maikuolan]: Extended the "SIGNATURE FORMAT" (7) section of the documentation with additional subsections "BASICS (FOR MODULES)" (7.4), "MODULE FUNCTIONALITY" (7.5), and "MODULE VARIABLES" (7.6). This should be helpful for users wanting to create their own custom modules. - [2017.12.05; Minor code change; Maikuolan]: Improved Cronable API, allowing updates to occur without sending external requests (uses different methods). Shifted a number of update closures from the front-end handler to the front-end functions file for slightly improved efficiency. - [2017.12.06; Bug-fix; Maikuolan]: Fixed a CRITICAL bug introduced yesterday that could result in the updates page deleting files pertinent to components being updated, thus corrupting those components and potentially rendering the package inoperable. - [2017.12.06; Sub-minor code change; Maikuolan]: Added a component file verification option to the updates page. Removed the hotfixes file (this file was intended to fix a number of older problems from previous versions of the package that aren't relevant anymore). - [2017.12.12; NEW FEATURE; Maikuolan]: Added the ability to filter logfile entries displayed via the front-end logs page and improved the overall aesthetics of the logs page. - [2017.12.17; Minor code change; Maikuolan]: Rewrote and improved the code for performing reverse DNS lookups. - [2017.12.21; NEW FEATURE; Maikuolan]: Added support for invisible reCAPTCHA. - [2017.12.22; Bug-fix; Maikuolan]: Bug fixed whereby entries in the ignore.dat would sometimes themselves be ignored, based on their position in the file. - [2017.12.23; NEW FEATURE; Maikuolan]: Added the ability to tally logfile data to the front-end logs page. Caleb M (Maikuolan), 23rd December 2017. === Version/Release 1.2.0 === MINOR RELEASE. - [2017.08.26; Sub-minor code change; Maikuolan]: The front-end updates page now reports the number of added/removed bytes and the total time required for when updating/installing/uninstalling components. - [2017.09.08; NEW FEATURE; Maikuolan]: Added support for Argon2 hashing for passwords and sessions (requires PHP => 7.2.0; updating from older versions of the package won't affect compatibility with older PHP versions, but the option for using Argon2 simply won't be provided for versions < 7.2.0). A new configuration directive ("default_algo") has been added, to allow users to switch between the defined PHP default password hashing algorithm, BCRYPT, and Argon2 (all options are still considered cryptographically secure at this time and remain safe to use, but adding this additional support provides additional choice and control to the end-user regarding encryption). Also rewrote the code for the front-end accounts page accordingly. - [2017.09.17; Sub-minor code change; Maikuolan]: Reworked page filters. Added some new page filters to the IP tracking page to filter out unwanted data and better control the way that data is displayed. - [2017.09.19; NEW FEATURE; Maikuolan]: Built and implemented an aggregator into the front-end for aggregating IPs and CIDRs. It can handle both IPv4 and IPv6, and its addition should make it much easier to cleanly update signature files without needing to rely on external aggregators. - [2017.09.24; Sub-minor code change; Maikuolan]: Added internal language support for Bangla (20 language localisations now completed and available). - [2017.09.25; Sub-minor code change; Maikuolan]: Added rollback capability to the front-end updates page for failed updates/installs (this should help to prevent any corruption or broken installs from occurring due to unforeseen problems, failed connectivity, etc). Added disk space/usage information to the front-end file manager. Added links to vulnerability and compatibility charts onto the front-end homepage. - [2017.09.27; Minor code change; Maikuolan]: Added a pie chart to the file manager, allowing users to visually interpret the footprint imposed by the various files attributed to CIDRAM and its components (requires installing Chart.js via the front-end updates page). Also did some general refactoring of the front-end code. - [2017.09.27; Bug-fix; Maikuolan]: See issue #39 (update bug preventing some specific components from updating at all). - [2017.09.29; Sub-minor code change; Maikuolan]: Added internal language support for Norwegian (21 language localisations now completed and available). - [2017.10.02; Sub-minor code change; Maikuolan]: Slightly improved the way that the front-end logs page behaves. - [2017.10.03; NEW FEATURE; Maikuolan]: Added a new page to the front-end for viewing CIDRAM usage statistics, and a corresponding configuration directive to enable/disable tracking CIDRAM usage statistics. - [2017.10.07; Sub-minor code change; Maikuolan]: Added a simple metadata cleanup routine to the front-end updates page. - [2017.10.08; Sub-minor code change; Maikuolan]: Refactored code. - [2017.10.09; Sub-minor code change; Maikuolan]: Added the ability to fetch component names and extended descriptions from the L10N data. - [2017.10.14; Sub-minor code change; Maikuolan]: Added internal language support for Swedish (22 language localisations now completed and available). - [2017.10.15; Sub-minor code change; Maikuolan]: Improved L10N pluralisation. - [2017.10.26; Sub-minor code change; Maikuolan]: Added CI reports/tests to the front-end updates page. Split the functions file into two distinct files (one containing closures specifically intended for the front-end, and one for everything else; this should increase code maintainability and make things less confusing for future contributors). - [2017.10.27; Sub-minor code change; Maikuolan]: Removed old PHP < 5.4.0 array syntax in favour of newer, short array syntax. - [2017.10.28; Sub-minor code change; Maikuolan]: Added cookie notice to the front-end login page. Made the categories on the front-end configuration page collapsable/expandable (this should help to make the page look less cluttered and easier to navigate). - [2017.10.28; Bug-fix; Maikuolan]: Bug found preventing the activation or deactivation of components via the front-end updates page for multi-domain installations when certain specific conditions were met; Fixed. - [2017.10.29; NEW FEATURE; Maikuolan]: Added an API for Cronable, allowing CIDRAM to be updated automatically via cron. Caleb M (Maikuolan), 29th October 2017. === Version/Release 1.1.0 === MINOR RELEASE. - [2017.07.29; NEW FEATURES; Maikuolan]: Added the ability to execute closures and specific commands when specific conditions are met when using the front-end updates page (installing, uninstalling components, etc). Added a configuration directive to modify the font magnification for the front-end and the Access Denied page. Added information to the front-end homepage about latest stable, unstable, and branch versions for CIDRAM and PHP. - [2017.07.30; Minor code change; Maikuolan]: Added a configuration directive for specifying the preferred way to localise numbers when displaying numeric information via the front-end and any other relevant means. Number L10N is now independent of language choice, and has also been improved upon somewhat. - [2017.08.14; Sub-minor code change; Maikuolan]: CheckFactors closure slightly modified in order to reduce read/write operations when reading signature files and to slightly improve the loading speed for the front-end IP Tracking and IP Test pages. - [2017.08.15; NEW FEATURE; Maikuolan]: Added a new directive for specifying how email addresses should be displayed to users ("emailaddr_display_style"). - [2017.08.16; Sub-minor code change; Maikuolan]: Front-end updates page components false positives risk label now determined by a new, separate entry in the YAML files, which should make it easier in the future to create new components due to not needing to translate these entries in the extended description anymore, and should help to reduce the size of these files. - [2017.08.17; Minor code change; Maikuolan]: Added a configuration directive for temporarily disabling everything except the front-end ("maintenance_mode"). Might be useful in some situations when updating CMS, frameworks, forum systems, etc. Caleb M (Maikuolan), 20th August 2017. === Version/Release 1.0.1 === PATCH RELEASE. - [2017.06.03]: Repository migrated from "Maikuolan/CIDRAM" to "CIDRAM/CIDRAM". All files, documentation, etc, updated accordingly. No disruptions are anticipated as a result of this migration, but if you encounter any, please let us know. - [2017.06.22; Sub-minor code change; Maikuolan]: Slightly improved L10N support (rendering numbers correctly, some punctuation fixes, etc). - [2017.07.23; Sub-minor code change; Maikuolan]: The front-end homepage now warns users if they're using a PHP version with known severe vulnerabilities and exploits ("severe", in this context, defined as vulnerabilities and exploits with a CVSS >= 9.0) and/or a PHP version that isn't actively supported anymore (as determined by the php.net Supported Versions page). The associated code for this is hardcoded manually, and therefore only updates when the package updates (meaning that lack of warning should not necessarily be perceived as a lack of vulnerabilities/exploits nor as an indication of continued active support). Caleb M (Maikuolan), 27th July 2017. === Version/Release 1.0.0 === MAJOR RELEASE (BACKWARDS COMPATIBLE). - [2017.04.10; Sub-minor code change; Maikuolan]: Added internal language support for Thai (17 language localisations now completed and available). - [2017.04.11; Minor code change; Maikuolan]: Added a new directive, "timeFormat", to specify the date/time notation format used by CIDRAM. - [2017.04.12; Sub-minor code change; Maikuolan]: Temporarily removed donate buttons from all project files (possibly may reinstate at a later date). Made some subtle aesthetic improvements to the front-end. - [2017.04.12; Documentation; Furqan Akbar]: Completed translation for the CIDRAM README documentation into Urdu. This totals 16 different language versions of the README documentation now available. - [2017.04.21; Sub-minor code change; Maikuolan]: Improved support for fractions/floats/reals/decimals/etc for configuration directives. Added some basic system information to the front-end homepage, to help with debugging. - [2017.04.22; NEW FEATURE; Maikuolan]: Added the ability to truncate logfiles after they reached a certain size, specified by the newly added "truncate" directive. - [2017.04.22; Bug-fix; Maikuolan]: Fixed a bug whereby version information for certain PHP release candidates would be compared incorrectly when using the front-end updates page (only affects a small number of users). - [2017.04.23; Sub-minor code change; Maikuolan]: Added "previewers" to the front-end configuration page in order to make it easier for users to handle configuration directives that deal with time and byte measurements. - [2017.04.24; NEW FEATURE; Maikuolan]: Added a new configuration directive allowing users to override the default timezone set by PHP. Changed the way that configuration directives dealing with byte measurements are handled as such that the unit now may be specified alongside the directive value (i.e., byte measurements are no longer locked to predefined units); These byte measurements will default to kilobytes when no unit has been specified. - [2017.04.27; NEW FEATURE; Maikuolan]: Added the ability to optionally override configuration directive values on the basis of HTTP_HOST. This should be useful for users running multi-domains installations as a way of enforcing different values for different configuration directives for different domains and sub-domains when necessary. Refer github.com/CIDRAM/CIDRAM/issues/15 - [2017.04.28; Sub-minor code change; Tolga Koçy?ld?r]: Added internal language support for Turkish (18 language localisations now completed and available). - [2017.04.29; Minor code change; Maikuolan]: Added filtering to the configuration defaults, in order to allow the front-end configuration page to omit any problematic value choices (for example; attempting to switch to a new default language after having deleted its associated language files). - [2017.05.01; Sub-minor code change; Maikuolan]: Subtle improvements for mobile display ("responsiveness"). - [2017.05.04; Sub-minor code change; Maikuolan]: Added internal language support for Hindi (19 language localisations now completed and available). - [2017.05.11; Sub-minor code change; Maikuolan]: Added a simple formatter for displaying log data via the front-end logs page. - [2017.05.19; NEW FEATURE; Maikuolan]: Added full support for custom themes! This expands upon the theme support already previously provided which allowed users to specify custom CSS files to use for the "Access Denied" page, by way of adding full support for custom themes which will now also apply to the front-end, allowing a richer level of customisation, and can be installed via the front-end updates page. - [2017.05.24; Sub-minor code change; Maikuolan]: Slightly improved caching for front-end assets (CSS files, images, etc). - [2017.05.27; Minor code change; Maikuolan]: Added the ability to the front-end updates page to update all components at once, with a single click. Caleb M / Maikuolan, 31st May 2017. === Version/Release 0.9.0 === MINOR RELEASE. - [2017.03.01; Bug-fix; Maikuolan]: Fixed a bug whereby a negative signature count could result in a block event occurring (this shouldn't happen); Fixed. - [2017.03.03; Minor code change; Maikuolan]: Added a directive to optionally enable/disable search engine verification. - [2017.03.05; NEW FEATURE; Maikuolan]: Signature files and modules can now be activated/deactivated directly from the front-end updates page. - [2017.03.08; Documentation; Maikuolan]: New additions to the FAQ. - [2017.03.26; Sub-minor code change; Maikuolan]: Implemented some of Google's webfonts and slightly increased the text size for both the front-end and the default template file; This should significantly improve text readability for CIDRAM (previously, in some situations, it was very difficult to properly read on-screen text produced by CIDRAM). Also implemented some other very small design tweaks in order to improve text readability. - [2017.03.27; Minor code change; Maikuolan]: Added a directive to optionally enable/disable webfonts. - [2017.03.28; Bug-fix; Maikuolan]: Bug introduced 2017.03.05; Fixed. - [2017.03.30; Sub-minor code change; Maikuolan]: Some small, aesthetic improvements done to the front-end. - [2017.04.04; Sub-minor code change; Furqan Akbar]: Added internal language support for Urdu (16 language localisations now completed and available). - [2017.04.04; Sub-minor code change; Maikuolan]: Slightly improved support for switching between RTL/LTR. Caleb M / Maikuolan, 7th April 2017. === Version/Release 0.8.0 === MINOR RELEASE. - [2017.02.06; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Arabic (fuzzy and poor quality though). This totals 14 different language versions of the README documentation now available. - [2017.02.06; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Korean (fuzzy). This totals 15 different language versions of the README documentation now available. - [2017.02.07; Sub-minor code change; Maikuolan]: Slightly improved template files; Replaced all existing doctype declarations with the doctype declaration recommended for HTML5, and slightly improved HTML5 compliance. Added an extra safeguard against bad IPv6 factoring. - [2017.02.11; Sub-minor code change; Maikuolan]: Improved future compatibility with PHP >= 8 ("each" function has been identified as targetted for deprecation as of PHP 7.2.0). Refer wiki.php.net/rfc/deprecations_php_7_2 - [2017.02.12-13; Sub-minor code change; Maikuolan]: Some subtle refactoring. - [2017.02.17; Bug-fix; Maikuolan]: Whitelisting IPs/CIDRs via IPv4/IPv6 signature files wasn't resulting in those IPs/CIDRs being whitelisted against being blocked by module files; Fixed. - [2017.02.17; Sub-minor code change; Maikuolan]: Slightly relaxed some of the restrictions enforced for which filenames can be worked with via the front-end. Added a "hotfix" to automatically detect and update the plugin version cited in the plugins dashboard for when CIDRAM is running as a WordPress plugin. - [2017.02.19; Documentation; Maikuolan]: Front-end documentation added. - [2017.02.20; NEW FEATURE; Maikuolan]: Added a new page to the front-end to allow users to check and revoke bans via IP tracking. - [2017.02.21; NEW FEATURE; Maikuolan]: Added the ability to attach webhooks to signatures and signature sections. - [2017.02.21; Bug-fix; Maikuolan]: Fixed a bug whereby extended expiry dates for bans via IP tracking could be reduced to the default tracktime under some circumstances. - [2017.02.21; Sub-minor code change; Maikuolan]: Added a safeguard to the DNS-Reverse-IPv4 closure to accommodate for allow_url_fopen or fsockopen being disabled by the PHP configuration. - [2017.02.24; Bug-fix; Maikuolan]: Fixed a bug whereby the front-end login logger would sometimes overwrite instead of appending to the front-end logs. - [2017.02.28; Sub-minor code change; Maikuolan]: Small additional safeguard added to the hostname lookup closure function. Caleb M / Maikuolan, 28th February 2017. === Version/Release 0.7.0 === MINOR RELEASE. - [2016.12.15; Bug-fix; Maikuolan]: Files containing underscores weren't deleting when uninstalling components; Fixed. - [2016.12.20; NEW FEATURE; Maikuolan]: Added support for simple CSV signature files (integrated directly into the already existing functionality for processing signature files; CIDRAM should be able to automatically detect whether a signature file uses the normal, default format, or CSV format). Additionally, added support for using single IPs in signature files directly, without the need for them to use complete CIDR notation (IPs that don't include a range will be interpreted seamlessly as 32's for in the case of IPv4 signature files and as 128's for in the case of IPv6 signature files). - [2016.12.31; NEW FEATURE; Maikuolan]: Added support for optionally including additional modules into CIDRAM to run after checking IPv4/IPv6 signatures. - [2017.01.02; Minor code change; Maikuolan]: Added the ability to track and to temporarily ban IP addresses blocked by modules. - [2017.01.05; Bug-fix; Maikuolan]: Fixed a bug related to the dislay of reCAPTCHA instances which could arise in some specific situations when some specific configurations are used in combination with specially marked sections. - [2017.01.05; Minor code change; Maikuolan]: Added a new directive to control the maximum number of infractions an IP is allowed to incur before it is banned by IP tracking ("infraction_limit"). Improved the readability of the front-end configuration page by including directive names alongside their descriptions and formatting accordingly. Rewrote the "Direct" closure in the loader (nothing was broken, changed functionality, and patching not required; just changed due to that a code quality checking tool I sometimes use was complaining about the way it was written before). - [2017.01.10; Minor code change; Maikuolan]: Added several new directives: "ban_override", which allows overriding the value for "forbid_on_block" when requests from banned IPs are blocked, and allows skipping processing for the template files when processing blocked requests from banned IPs; "log_banned_ips", which allows specifying whether to include blocked requests from banned IPs in the logfiles; and "track_mode", which allows specifying whether to only track IPs blocked by modules, or to track IPs blocked for any reasons (eg, via the standard signature files as well as via the modules). - [2017.01.12; NEW FEATURE; Maikuolan]: Added the ability to distinguish between bots masquerading as popular search engines (eg, Googlebot, Bingbot, Yahoo! Slurp) and their real, legitimate counterparts. From herein, these fake search engine bots will be blocked by default upon detection, whereas their legitimate counterparts will have IP tracking disabled by default upon detection, therefore rendering them unbannable. Added the ability to perform timed DNS lookups, both forward and reverse, along with the ability to cache the results of these lookups. Added a new directive: "default_dns". - [2017.01.15; Bug-fixes; Maikuolan]: Bug found whereby false positives against search engines could occasionally be generated as a result of failed and incorrect DNS lookups (possible since the 2017.01.12 update); Code therefore modified as such to prevent this from occurring; Timeout limit increased and timed out lookups now result in no action being taken. Bug found whereby logging banned IPs which had exceeded the infraction limit could result in no log entry ID being parsed into log entries; Fixed. - [2017.01.23; Sub-minor code change; Maikuolan]: "default_dns" can now be a comma delimited list, allowing fallback servers to be used for DNS lookups. - [2017.01.24; Signatures; Maikuolan]: Further split the signature files, to keep signatures for cloud services, signatures for dangerous and spammy ISPs, and other signatures separate from each other, and to further improve modularisation. - [2017.01.25; Sub-minor code change; Maikuolan]: Improved component ordering mechanism for the updates page. - [2017.01.26; NEW FEATURE; Maikuolan]: Added a CIDR calculator to the front-end. - [2017.01.27; Bug-fix; Maikuolan]: When used, "ban_override" would trigger any time any block occurred, instead of only when the infraction limit had been exceeded; Fixed. - [2017.01.29; Bug-fix; Maikuolan]: Some versions of the DAT files used by the front-end updater for updating various components, signature files, modules, blocklists, etc, would sometimes glitch out and save several dozen duplicates of the same component entries when newly released components were detected as available for download, when those DAT files contained terminating markers at unexpected points in the file, when they contained too many terminating markers, and/or when they contained inappropriate formatting; Fixed. - [2017.01.30; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Japanese (fuzzy). This totals 13 different language versions of the README documentation now available. - [2017.01.31; Minor code change; Maikuolan]: Added a new directive to control whether the protections normally provided by CIDRAM are applied to the front-end ("protect_frontend"). Possibly useful in cases where users may be at risk of blocking themselves due to experimenting with new signatures, new modules, etc. Caleb M / Maikuolan, 1st February 2017. === Version/Release 0.6.1 === PATCH RELEASE. - [2016.11.29; Bug-fix; Maikuolan]: Some notices occasionally generated to the error logs by undefined indexes when accessing the updater; Fixed. - [2016.12.02; Sub-minor code change; Maikuolan]: Added some polyfills to extend compatibility with CIDRAM to PHP 5.4.x (the newly introduced front-end feature for CIDRAM makes use of the password_hash and password_verify functions, of which are only available natively to PHP versions 5.5.0 and above). - [2016.12.03; Sub-minor code change; Maikuolan]: Improved mechanism for making determinations between requests via direct access and requests via hooks. - [2016.12.05; Bug-fixes; Maikuolan]: Bug found whereby incorrect filenames would sometimes be reported by the updater for the optional country-wide blocklists; Fixed. Bug found whereby the active/inactive status for signature files would sometimes be incorrectly reported by the updater; Fixed. - [2016.12.06; Bug-fixes; Maikuolan]: Bug found whereby the install option would sometimes not be displayed for some components; Fixed. Bug found whereby cells would sometimes be incorrectly rendered for newly discovered components; Fixed. - [2016.12.08; Sub-minor code change; Maikuolan]: Improved mechanism for accessing logfiles via the front-end. - [2016.12.11; Sub-minor code change; Maikuolan]: Removed "matchElement" (never used; redundant; better to use "in_array" instead anyway). Improved some of the docBlock comments. Did some subtle refactoring. Slightly tweaked some of the front-end aesthetics. - [2016.12.12; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into German (fuzzy and quite likely erroneous, though). This totals 12 different language versions of the README documentation now available. Caleb M / Maikuolan, 12th December 2016. === Version/Release 0.6.0 === MINOR RELEASE. - [2016.10.18; Minor code change; Maikuolan]: Created a "configuration handler" file so as to move everything away from the loader (this'll be important for being able to self-update in the future). Slightly improved the YAML closure. Fallbacks no longer hardcoded with PHP at the time of loading the configuration file; Fallbacks now determined via a separate configuration defaults file written using YAML. - [2016.11.03; Signatures; Maikuolan]: Split signature files, to keep the bogon signatures to their own separate signature files (this may help to improve performance for any users that don't want to block bogons). - [2016.11.05; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Russian (fuzzy and quite likely erroneous, though). This totals 11 different language versions of the README documentation now available. - [2016.11.28; NEW FEATURE; Maikuolan]: Finished building the CIDRAM front-end! Using the CIDRAM front-end, you can update CIDRAM directly from your browser, install and update components and custom signature files, including the optional country-wide blocklists provided by MacMathan, language packs and more; You can modify core CIDRAM files, upload new files to your vault, view and download logfiles, and via the accounts page, selectively grant access to others either to administrate CIDRAM on your behalf, or to a more limited degree, to access the CIDRAM logfiles directly from the browser; You can test batches of IP addresses directly from your browser, to confirm whether they're blocked by whichever signature files you have installed at any given time; And you can update the CIDRAM configuration directly from your browser, too. Front-end access is disabled by default for security reasons, but you can enable it via the relevant newly created configuration directives pertaining to it. Caleb M / Maikuolan, 28th November 2016. === Version/Release 0.5.1 === PATCH RELEASE. No notable changes to the CIDRAM codebase have been made since the previously released version. This patch release exists due to numerous significant changes that've been made to the signature files of CIDRAM since the previously released version. Updating the working code of CIDRAM from the previously released version to this version release is not necessary, but updating all signature files is strongly recommended. In addition, it is strongly recommended for users updating to this release from the previous release, to carefully review the changes made to the "ignore.dat" file prior to doing so; There are some new instructions included in the "ignore.dat" as of this release which correspond mostly to some new signature sections introduced into the signature files as of this release, which may or may not be desired by users, depending on the needs of and the demographics targeted by the user (updating the signature files, and/or updating to this release from the previous release, without first reviewing the changes made to the "ignore.dat" file, may potentially risk an increase in the number of false positives encountered by the user). Caleb M / Maikuolan, 1st October 2016. === Version/Release 0.5.0 === MINOR RELEASE. - [2016.08.11; Sub-minor code change; Maikuolan]: Revisited the changes made as of the previous versioned release (0.4.1) regarding the slightly improved RTL text support (there were some rendering problems for some languages caused by the approach taken; this has been corrected). - [2016.08.11; Non-core change (Wordpress plugin); Maikuolan]: Added code to ensure that CIDRAM will be loaded before any other plugins in order to help avoid conflicts associated with caching plugins and other caching systems which could sometimes prevent requests from being blocked. - [2016.08.14; NEW FEATURE; Maikuolan]: Added reCAPTCHA support to CIDRAM! It's now (optionally) possible to allow users to bypass the normal "Access Denied" page by submitting a reCAPTCHA form. This should help mitigate some of the risks associated with blocking any CIDRs that may potentially carry human users/traffic. Due to some of the functionality required by this feature, the minimum version of PHP required in order to execute CIDRAM has been raised from "5.3.0" to "5.5.0" (that said though, "5.5.0" itself reached official "End of Life" status 24 days ago, so it would extremely advisable for users to not be using any versions of PHP older than that version anyhow). Additionally, this feature has resulted in the creation of some new configuration directives and some new files added to the vault (but the changes are entirely backwards-compatible). - [2016.08.17; Minor code change; Maikuolan]: Improved SoC for the reCAPTCHA feature (split into its own file and improved modularisation); Added code to allow certain specific HTML tags within the block information (requested by some users; these would've previously been broken by the anti-XSS sanitisation); Added some additional configuration options for the reCAPTCHA feature. - [2016.08.18; Sub-minor code change; Maikuolan]: Adjusted auto-typecasting closure (change required to accommodate some of the newer configuration directives); Salts made to be optional; Some subtle refactoring; Added support for user-free bypasses. Caleb M / Maikuolan, 24th August 2016. === Version/Release 0.4.1 === PATCH RELEASE. - [2016.08.03; Sub-minor code change; Maikuolan]: Added internal language support for Korean (15 language options now supported in total, not including CLI-mode support; Done with machine assistance, I'm not fluent, and it hasn't yet been audited, so, the new translation should be regarded as fuzzy). - [2016.08.06; Sub-minor code change; Maikuolan]: Slightly improved RTL text support; Adjusted the template file to compensate for display problems associated LTR/RTL mixed content. - [2016.08.06; Documentation; Maikuolan]: More work done on the documentation translations; Slightly closer to completing the translations for all targeted languages. - [2016.08.06; Non-core change (Wordpress plugin); Maikuolan]: Opted to remove action hook call and instead load everything immediately, as to avoid conflicts associated with caching plugins and other caching systems which could sometimes prevent requests from being blocked. - [2016.08.07; Sub-minor code change; Maikuolan]: Slightly improved/optimised the template file. Caleb M / Maikuolan, 7th August 2016. === Version/Release 0.4.0 === MINOR RELEASE. - [2016.07.22; Sub-minor code change; Maikuolan]: Added code to perform some simple sanitisation to the block information; This should help to prevent some obscure types of XSS attacks. - [2016.07.23; Minor code change; Maikuolan]: Added internal language support for Japanese (14 language options now supported in total, not including CLI-mode support; I'm not fluent and it hasn't yet been audited, so, the new translation should be regarded as fuzzy). Added a new function: "Greylist"; This can be used in the same way that whitelisting is used, but for escaping a CIDR from a single file, rather than from all files. Slightly improved the signature validator/fixer (can now detect broken/invalid ranges). - [2016.07.26; NEW FEATURE; Maikuolan]: Added some basic support for YAML-like data (note: not a true YAML implementation) to be read from signature files, which can used to specify and modify the values of configuration directives for separate signature sections. Refer github.com/CIDRAM/CIDRAM/issues/6 - [2016.07.30; Bug-fix; Maikuolan]: Fixed a bug whereby some configuration directives (in particular, "forbid_on_block") would sometimes be incorrectly typecasted, resulting in unexpected behaviour contrary to the documentation. Caleb M / Maikuolan, 31st July 2016. === Version/Release 0.3.1 === PATCH RELEASE. - [2016.06.18; Bug-fix; Maikuolan]: A bug was found by joe38 whereby some of the provider-specific bypasses included in the default CIDRAM signatures would trigger an error instead of the expected CIDRAM Access Denied message, and additionally, some bypasses weren't written with the considerations appropriate to the execution context required from which they were executing; Fixed. - [2016.07.04; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Vietnamese. This totals 10 different language versions of the README documentation now available. Caleb M / Maikuolan, 9th July 2016. === Version/Release 0.3.0 === MINOR RELEASE. - [2016.04.25; Minor code change; Maikuolan]: Signature files can now be specified via the configuration file (and so, modifying core script files in order to add additional custom signature files is no longer required). - [2016.04.27; Sub-minor code change; Maikuolan]: An additional custom rules file added for additional bypasses. - [2016.05.12; Sub-minor code change; Maikuolan]: Added internal language support for Vietnamese (now supported: English, Spanish, French, Indonesian, Italian, Dutch, Portuguese, Vietnamese, Chinese [simplified and traditional]; 10 language options now supported in total). - [2016.05.13; Sub-minor code change; Maikuolan]: Added internal language support for German (11 language options now supported in total). - [2016.05.13; Sub-minor code change; Maikuolan/m7mdtiger]: Added internal language support for Arabic (12 language options now supported in total). - [2016.05.26; Minor code change; Maikuolan]: Added a new i18n shorthand value for "Deny": "Proxy" (for blocking private and anonymous proxies). - [2016.05.27; Minor code change; Maikuolan]: Added the ability to use dated logfiles! Now, some simple variables ({dd}, {mm}, {yyyy}/{yy}, {hh}) can be included when specifying the names to use for logfiles in order to organise logfiles by date/time. Added a new directive ("timeOffset") to account for the possibility of discrepancies between servers and the local time of those using CIDRAM. - [2016.06.13; Minor code change; Maikuolan]: Added the ability to ignore signature sections by identifying their section tags to an ignore file. Refactored a number of closures to reduce code duplication and to improve the their process logic; Some old closures renamed and split into multiple new closures. Added internal language support for Russian (13 language options now supported in total, not including CLI-mode support). Caleb M / Maikuolan, 14th June 2016. === Version/Release 0.2.0 === MINOR RELEASE. - [2016.03.15; Signatures; Maikuolan]: Added Microsoft Azure CIDRs to the IPv4 signatures file; Updating several sections; Changed the "example" CIDRs in the IPv4 custom signatures file to reduce ambiguity (because the previous examples used CIDRs that wouldn't normally be triggered; fixed). - [2016.03.17; Signatures; Maikuolan]: Removed all references to HostExploit and SiteVet from CIDRAM. These two services appear to have not been updated in over a year and a half, and emails I've sent to them to ask whether their services are actively maintained and/or up-to-date seem to have been ignored, as I've not received any replies from them for any of the emails I'd sent. I don't think we should rely on outdated information. I've opted, instead, to include references to and information about the Google Malware Dashboard, which appears to be being updated on a daily basis, have a greater depth of information available and appears to be more reliable, so far. I've already added some new sections for new ASNs to block based upon the information they have available, and may possibly remove and/or modify some old sections in the future based on the information they have available. - [2016.03.18; Minor code change; Maikuolan]: Renamed all "INC" files to "PHP" files and changed all references to them accordingly. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.03.19; Sub-minor code change; Maikuolan]: Changed the default value of the "block_bogons" directive from true to false. Added a new directive, "disable_cli", to optionally disable the CLI mode implementation for CIDRAM. Added a fallback to help deal with situations where multiple IP address server variables may be in use. - [2016.03.21; Bug-fix; Maikuolan]: Improved the way in which we can detect whether we're in CLI-mode (there was a problem previously whereby cronjobs could sometimes be blocked in certain circumstances, and this shouldn't happen normally, thus qualifying this problem as a bug; this improvement corrects this problem). Refer github.com/CIDRAM/CIDRAM/issues/4 - [2016.03.25; Sub-minor code change; Maikuolan]: Removed references to the "package" tag from all phpDoc page blocks in the package (we don't need these, because we already have README documentation and don't use api-docs). Refer github.com/phpMussel/phpMussel/issues/85 - [2016.03.27; Minor code change; Maikuolan]: Added a "Why Blocked" field for the "Access Denied" page and for logging, to act as a debug mechanism to help track line/offset/section values for triggered signatures. Added code to allow CIDRAM to handle Windows-style linebreaks within the signature files, as so that it can now correctly interpret more than just Unix-style linebreaks. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.03.28; Minor code change; Maikuolan]: Added support for section tags! It's now possible to uniquely identify specific signature sections from the signature files by tagging sections with a section tag; These section tags will be included in the logfiles whenever any of the signatures from the tagged sections are triggered and will appear alongside debug information for the user whenever they're blocked. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.03.31; Signatures; Maikuolan]: Renamed "ipv4_custom.dat" to "ipv4_custom.dat.RenameMe" and renamed "ipv6_custom.dat" to "ipv6_custom.dat.RenameMe". The reason for appending ".RenameMe" onto the end of the names of the custom signature files is to prevent accidentally overwriting these files whenever someone updates CIDRAM blindly (such as via a dependency manager, installer or auto-updater; The custom signature files should be renamed back to their original former names by the user to activate them). Shell-style hashing implemented to all signature files for all comments and for all non-signature and non-syntactical entries; This won't be enforced onto users, but is recommended to improve readability for IDEs and text editors. Added some information from Spamhaus to help users gage the merit of blocking or not blocking some particular ASNs. Numerous new signature sections added to both the IPv4 and IPv6 signature files. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.04.01; Minor code change; Maikuolan]: Renamed "config.ini" to "config.ini.RenameMe". The reason here is the same as the reason for having recently done the same thing to the custom signature files (to prevent accidentally overwriting this file whenever someone updates CIDRAM blindly). Additionally, the configuration file is now optional; The script has fallbacks implemented for all configuration directives and no longer dies an error to the user/client when the configuration file is unavailable. Added a "Reconstructed URL" field for the "Access Denied" page and for logging, to determine which resource was being requested at the time of a user/client being blocked. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.04.02; Bug-fix; Maikuolan]: A bug was found by GaffNet whereby custom whitelist signatures were ignored by the script as of the latest version of the codebase due to the way that whitelist signatures were handled; This has been fixed. Refer github.com/CIDRAM/CIDRAM/issues/7 - [2016.04.03; Minor code change; Maikuolan]: Added support for Apache-style logging and for serialised logging (this could help any users wanting to integrate CIDRAM with packages such as fail2ban, which require Apache-style logs), and two related new configuration directives. Extended the "forbid_on_block" directive to allow 503 header responses. Added the ability to silently redirect blocked access attempts instead of displaying the usual "Access Denied" page. Did some more minor code refactoring. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.04.04; Minor code change; Maikuolan]: Added support for custom themes; A new directive has been added to the configuration file allowing users to stipulate a custom CSS file to apply to the HTML output template; This and the new custom themes support for CIDRAM will work in the exact same way that custom themes for phpMussel works. Implemented a validator/fixer for checking and fixing signature files; Currently a work-in-progress and a BETA, but seems to function correctly and as intended; Currently only available in CLI, but will be available via other means after work has been completed. Refer github.com/CIDRAM/CIDRAM/issues/9 - [2016.04.10; Minor code change; Maikuolan]: Added support for section expiry! It's now possible to mark signature sections with an expiry date, to ensure that any signatures they contain won't be triggered after a specified date. This feature is optional; Unmarked signature sections won't expire. - [2016.04.10; Signatures; Maikuolan]: Added numerous new signature sections to the signature files, covering a number of different new ASNs. Added IPs from ZeuS C&C tracker. - [2016.04.12; Minor code change; Maikuolan]: Split the language data files into two dinstinct files per each language; Standard language data and CLI language data. - [2016.04.17; Minor code change; divinity76]: Stricter loading for the configuration file (CIDRAM will now return an error if the configuration file isn't readable). Caleb M / Maikuolan, 18th April 2016. === Version/Release 0.1.2 === PATCH RELEASE. - [2016.03.11; Sub-minor code change; Maikuolan]: When converting all functions to closures (anonymous functions) for the previous release, I missed the "matchElement" function. I'd thought I'd got them all, but I'd missed this one (this function wasn't yet being used anywhere anyhow, so, missing it wouldn't have been particularly problematic, anyhow); In any case, this has now been corrected. - [2016.03.13; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Chinese. This totals 9 different language versions of the README documentation now available. - [2016.03.14; Bug-fix; Maikuolan]: A bug was found within the IPv6Test closure function (used for calculating IPv6 CIDRs), caused by some excess spaces in the code that existed where they shouldn't have existed; Fixed. Refer github.com/CIDRAM/CIDRAM/issues/2 Caleb M / Maikuolan, 14th March 2016. === Version/Release 0.1.1 === PATCH RELEASE. - [2016.03.03-2016.03.06; Documentation; Maikuolan]: Completed translations for the CIDRAM README documentation (written originally in English) into Spanish, French, Indonesian, Italian, Portuguese and Dutch (none of these translations have been checked/audited by a native/fluent speaker yet, but they should be at least accurate enough to be understood). This totals 7 different language versions of the README documentation now available. - [2016.03.07; Sub-minor code change; Maikuolan]: Converted all functions to closures (anonymous functions), in order to be able to unset them from memory after the script execution has finished (we shouldn't leave unrequired data in the memory after execution has finished). Changed the blocksize for reading files with the "ReadFile" function from 48KB to 128KB (we can afford this, and this should *slightly* increase the speed of the script). Caleb M / Maikuolan, 7th March 2016. === Version/Release 0.1.0 === MINOR RELEASE (FIRST BETA). - [2015.12.12; Documentation; Maikuolan]: Added a changelog; Added READMEs. Caleb M / Maikuolan, 27th February 2016. Versions < 0.1.0 are ALPHAs.