From the PHP Security Blog today, there's the announcement of the release of the Hardened-PHP Project's latest patch.
New features include:
- Added a protection for the long versions of the superglobals
- Added a session.use_strict_mode flag to the configuration
- Added a default session identifier validator
- Added an optional parameter to session_regenerate_id() that allows deletion of previous session
- and more...
To grab this latest patch, head over to their site and get the download to apply to your tar file - or you can grab a patched version right away...