The open source release of phpPeanuts 2.1.rc1 is now available for download. It is released under the GNU Affero General Public License (GNU AGPL).
Security improvements since 2.0.0a:
- the complete code of the abstact user interfaces has been reviewed and improved to protect against CSS
- validation of all request variables including cookies and server variables,
- some improvement of the CSRF protection,
- limitation of AJAX requests to the host the page originates from,
- explicit specification of character sets,
- can be extended by application developer for the use of UTF-8 character set,
- id's are now included in string conversion,
- string-conversion no longer propagates erroneous values.
Other improvements
- Domain Specific Language style api for Navigational Queries
- AJAX identifiers now allow paths to parts and subparts, used by EditDetailsPage to support AJAX refresh down to individual widgets
- More api docs in the source
- Accomodation to Historical Data Management extionsion (extension is not included in open source version)
More security improvements are planned for version 2.2, see the security topic on this forum.
Henk
2013-01-11 12:06:44
The open source release of phpPeanuts 2.1.0 is now available for download.
Security improvements since 2.1.rc1:
- new PntSecurityExcepttion thrown when the request contains attack-like values,
- Support for X-Frame-Options header, default 'DENY'.
Other improvements:
- PntHttpRequest offering access to all validated request variables.
Henk
2013-01-25 18:33:33
The api docs of phpPeanuts 2.1.0 are now available, see under the documentation menu.
Add a Reply
Loading form, please wait
The website will not send you an e-mail when a reply is added to this topic
Security improvements since 2.0.0a:
- the complete code of the abstact user interfaces has been reviewed and improved to protect against CSS
- validation of all request variables including cookies and server variables,
- some improvement of the CSRF protection,
- limitation of AJAX requests to the host the page originates from,
- explicit specification of character sets,
- can be extended by application developer for the use of UTF-8 character set,
- id's are now included in string conversion,
- string-conversion no longer propagates erroneous values.
Other improvements
- Domain Specific Language style api for Navigational Queries
- AJAX identifiers now allow paths to parts and subparts, used by EditDetailsPage to support AJAX refresh down to individual widgets
- More api docs in the source
- Accomodation to Historical Data Management extionsion (extension is not included in open source version)
More security improvements are planned for version 2.2, see the security topic on this forum.
Security improvements since 2.1.rc1:
- new PntSecurityExcepttion thrown when the request contains attack-like values,
- Support for X-Frame-Options header, default 'DENY'.
Other improvements:
- PntHttpRequest offering access to all validated request variables.