Sherlock icon

Sherlock

PutYourLightsOn

Version 3.1.7

December 22, 2022

Changed

  • The front-end HTTPS redirect test no longer results in an error if the web server blocks insecure requests.

Version 3.1.6

December 21, 2022

Changed

  • Updated the supported PHP version test to include 8.1 and 8.2.

Version 3.1.5

December 20, 2022

Changed

  • The Control Panel test no longer results in an error if the web server blocks insecure requests.

Version 3.1.4

January 13, 2022

Fixed

  • Fixed a bug that was throwing an exception on the settings page in versions of Craft less than 3.6.0 (#33).

Version 3.1.3

June 8, 2021

Fixed

  • Fixed a bug in which the plugin migration that adds the site ID column could be ignored in rare cases (#31).

Version 3.1.2

March 30, 2021

Changed

  • Changed the PHP Composer Version test to only compare the minor version and not the patch version.

Fixed

  • Fixed a bug in which control panel alerts were being overwritten instead of merged (#27).

Version 3.1.1

February 3, 2021

Fixed

  • Fixed a bug in which the Content Security Policy meta tag was not being recognised if it contained line breaks (#23).
  • Fixed a bug in which the sherlock/scans/run-scan action was requiring the user to be logged in (#24).

Version 3.1.0

January 26, 2021

Added

  • Added the PHP Composer Version test.

Fixed

  • Fixed an exception that was being thrown when one of the files being checked did not exist (#21).

Version 3.0.0

January 20, 2021

Added

  • Added Lite, Plus and Pro editions.
  • Added integration with Bugsnag.
  • Added integration with Rollbar.
  • Added integration with Sentry.
  • Added multi site functionality for security scans.
  • Added the ability to add a Content Security Policy in the plugin settings.
  • Added the ability to add HTTP Headers in the plugin settings.
  • Added the sherlock/scans/run console command.
  • Added the Content-Security-Policy header and meta tag test.
  • Added the Expect-CT header test.
  • Added the Referrer-Policy header test.
  • Added the Admin Username test.
  • Added the Defer Public Registration Password test.
  • Added the Elevated Session Duration test.
  • Added the Web Alias In Base Site URL test.
  • Added the Web Alias In Base Volume URL test.
  • Added PHP version support thresholds up until PHP 8.0 (supported versions).
  • Added logging to a dedicated sherlock.log file.
  • Added unit tests.

Changed

  • Changed the HTTPS tests to ensure that an encrypted HTTPS connection is required.
  • Changed the file and folder permissions test criteria.
  • Non-critical Craft and plugin updates now display warnings instead of failures in high security mode.
  • The X-XSS-Protection header now only display a warning instead of a failure (reasoning).
  • Renamed "Live Mode" to "Monitoring".
  • Improved test icons, explanations, thresholds and documentation links.

Fixed

  • Fixed wording of user session duration test.
  • Fixed output of default file permissions test.

Removed

  • Removed the plugin vulnerabilities JSON feed.
  • Removed the secret key.

Version 2.3.0

December 26, 2020

Added

  • Added prevent user enumeration test.
  • Added sanitize SVG uploads test.

Changed

  • Minor UI improvements.
  • Removed security key test.

Version 2.2.5

August 24, 2020

Fixed

  • Fixed X-XSS-Protection case issue (#16).

Version 2.2.4

July 2, 2020

Changed

  • Minor UI improvements.

Fixed

  • Fixed X-XSS-Protection test.

Version 2.2.3

July 2, 2020

Changed

  • Headers are now correctly detected regardless of whether in normal or lower case.
  • Headers are now stripped of tags to ensure they are safe to output to the browser.

Version 2.2.2

March 31, 2020

Fixed

  • Fixed a bug in which scans could throw an error with recent versions of Craft (#13).

Version 2.2.1

March 26, 2020

Fixed

  • Fixed a bug when running a scan and using Postgres (#12).

Version 2.2.0

September 30, 2019

Added

  • Added the ability to add * and ? wildcards to restricted IP addresses (#11).

Fixed

  • Fixed a bug in the restriction of IP addresses on the front-end.

Version 2.1.3

September 2, 2019

Fixed

  • Fixed an error that could occur when running a scan using the API key (#10).

Version 2.1.2

June 19, 2019

Fixed

  • Fixed migration issue that could happen with project config (#7).
  • Fixed defaultTokenDuration test that was failing incorrectly (#8).

Version 2.1.1

June 14, 2019

Changed

  • Improved spacing and info tooltip sizing.
  • Changed duration settings from intervals to seconds.

Fixed

  • Fixed duration tests that were failing incorrectly (#7).

Version 2.1.0

February 11, 2019

Added

  • Added welcome screen after the plugin is installed.
  • Added system email to default plugin settings.
  • Added environment variables to API settings.
  • Added config warnings to settings.

Changed

  • Changed minimum requirement of Craft to version 3.1.0.

Fixed

  • Fixed redirect to settings screen after the plugin is installed.

Version 2.0.4

February 7, 2019

Fixed

  • Fixed check for redirect of insecure front-end URL.

Version 2.0.3

February 7, 2019

Changed

  • Improved feedback for insecure front-end URL connection errors.
  • Improved formatting of test results.

Version 2.0.2

January 3, 2019

Fixed

  • Fixed CMS and plugin update detection.
  • Fixed a bug where restricted IP addresses were not being parsed correctly in some server environments.

Version 2.0.1

July 12, 2018

Changed

  • Changed plugin icon.
  • Plugin does not interfere with console requests.

Fixed

  • Fixed a bug where restricted IP addresses were not being checked correctly on servers that use carriage returns in new lines.