Version 3.1.7
December 22, 2022
Changed
- The front-end HTTPS redirect test no longer results in an error if the web server blocks insecure requests.
Version 3.1.6
December 21, 2022
Changed
- Updated the supported PHP version test to include 8.1 and 8.2.
Version 3.1.5
December 20, 2022
Changed
- The Control Panel test no longer results in an error if the web server blocks insecure requests.
Version 3.1.4
January 13, 2022
Fixed
- Fixed a bug that was throwing an exception on the settings page in versions of Craft less than 3.6.0 (#33).
Version 3.1.3
June 8, 2021
Fixed
- Fixed a bug in which the plugin migration that adds the site ID column could be ignored in rare cases (#31).
Version 3.1.2
March 30, 2021
Changed
- Changed the PHP Composer Version test to only compare the minor version and not the patch version.
Fixed
- Fixed a bug in which control panel alerts were being overwritten instead of merged (#27).
Version 3.1.0
January 26, 2021
Added
- Added the PHP Composer Version test.
Fixed
- Fixed an exception that was being thrown when one of the files being checked did not exist (#21).
Version 3.0.0
January 20, 2021
Added
- Added Lite, Plus and Pro editions.
- Added integration with Bugsnag.
- Added integration with Rollbar.
- Added integration with Sentry.
- Added multi site functionality for security scans.
- Added the ability to add a Content Security Policy in the plugin settings.
- Added the ability to add HTTP Headers in the plugin settings.
- Added the
sherlock/scans/run
console command. - Added the
Content-Security-Policy
header and meta tag test. - Added the
Expect-CT
header test. - Added the
Referrer-Policy
header test. - Added the Admin Username test.
- Added the Defer Public Registration Password test.
- Added the Elevated Session Duration test.
- Added the Web Alias In Base Site URL test.
- Added the Web Alias In Base Volume URL test.
- Added PHP version support thresholds up until PHP 8.0 (supported versions).
- Added logging to a dedicated
sherlock.log
file. - Added unit tests.
Changed
- Changed the HTTPS tests to ensure that an encrypted HTTPS connection is required.
- Changed the file and folder permissions test criteria.
- Non-critical Craft and plugin updates now display warnings instead of failures in high security mode.
- The
X-XSS-Protection
header now only display a warning instead of a failure (reasoning). - Renamed "Live Mode" to "Monitoring".
- Improved test icons, explanations, thresholds and documentation links.
Fixed
- Fixed wording of user session duration test.
- Fixed output of default file permissions test.
Removed
- Removed the plugin vulnerabilities JSON feed.
- Removed the secret key.
Version 2.3.0
December 26, 2020
Added
- Added prevent user enumeration test.
- Added sanitize SVG uploads test.
Changed
- Minor UI improvements.
- Removed security key test.
Version 2.2.5
August 24, 2020
Fixed
- Fixed
X-XSS-Protection
case issue (#16).
Version 2.2.4
July 2, 2020
Changed
- Minor UI improvements.
Fixed
- Fixed
X-XSS-Protection
test.
Version 2.2.3
July 2, 2020
Changed
- Headers are now correctly detected regardless of whether in normal or lower case.
- Headers are now stripped of tags to ensure they are safe to output to the browser.
Version 2.2.2
March 31, 2020
Fixed
- Fixed a bug in which scans could throw an error with recent versions of Craft (#13).
Version 2.2.1
March 26, 2020
Fixed
- Fixed a bug when running a scan and using Postgres (#12).
Version 2.2.0
September 30, 2019
Added
- Added the ability to add
*
and?
wildcards to restricted IP addresses (#11).
Fixed
- Fixed a bug in the restriction of IP addresses on the front-end.
Version 2.1.3
September 2, 2019
Fixed
- Fixed an error that could occur when running a scan using the API key (#10).
Version 2.1.1
June 14, 2019
Changed
- Improved spacing and info tooltip sizing.
- Changed duration settings from intervals to seconds.
Fixed
- Fixed duration tests that were failing incorrectly (#7).
Version 2.1.0
February 11, 2019
Added
- Added welcome screen after the plugin is installed.
- Added system email to default plugin settings.
- Added environment variables to API settings.
- Added config warnings to settings.
Changed
- Changed minimum requirement of Craft to version 3.1.0.
Fixed
- Fixed redirect to settings screen after the plugin is installed.
Version 2.0.4
February 7, 2019
Fixed
- Fixed check for redirect of insecure front-end URL.
Version 2.0.3
February 7, 2019
Changed
- Improved feedback for insecure front-end URL connection errors.
- Improved formatting of test results.
Version 2.0.2
January 3, 2019
Fixed
- Fixed CMS and plugin update detection.
- Fixed a bug where restricted IP addresses were not being parsed correctly in some server environments.
Version 2.0.1
July 12, 2018
Changed
- Changed plugin icon.
- Plugin does not interfere with console requests.
Fixed
- Fixed a bug where restricted IP addresses were not being checked correctly on servers that use carriage returns in new lines.