Release Notes: HTMLCleaner was updated to avoid endless loops with Perl 5.00503. Users can now specify certain replacement tags in the configuration file. The testall.sh script now warns users if they attempt to use the Sanitizer in an UTF-8 enabled environment. The test cases were updated for FreeBSD 4.6.2 with Perl 5.00503, and fir Unicode-enabled Red Hat 8 or 9 machines.
Release Notes: The only change is within the HTML cleaner, to disable href= and src= attributes using the hcp:// protocol. The HTML cleaner has been updated to revision 1.17.
Release Notes: This release has built-in support for F-Prot Antivirus for Linux and protection against "message/partial" fragmented message attacks. Quite a few minor bugs have been fixed.
Release Notes: Workarounds for problems regarding how Outlook detects uuencoded attachments, protection against the Outlook "hidden attachment" exploit (caused by carriage returns in message headers), a few other minor bugfixes, and a more powerful attachment policy language. The HTML cleanup module is available as a seperate package for users and developers of other security tools.
Release Notes: Compatibility with Windows platforms was improved. The way that STYLE blocks are handled by the HTML cleaner was improved. A few other minor bugs were fixed.
Release Notes: This release includes a rewritten HTML sanitizer which enforces default-deny instead of the old default-allow policy, in addition to many other HTML-related improvements. It also adds generic detection of MIME-type/filename mismatches, which protects against bugs like those exploited by BadTrans and Nimda. Handling of invalid MIME was improved, the default configuration is more secure than before, a few bugs have been fixed, and rudimentary support for RFC2231 MIME-parameter encoding has been added.
Release Notes: Many important bugs have been fixed, including a bug which could cause corruption of Base64-encoded attachments under certain circumstances.
Release Notes: Adding LINK and FRAMESET tags to list of defanged HTML tags, and fixes for logging bugs and charset and character mangling related issues. This release completes the refactoring of the Sanitizer from a monolithic script to a more OO design.
Release Notes: The FORM tag has been added to the HTML defanger, due to related vulnerabilities discussed on BUGTRAQ. The logging system has been rewritten, and other minor bugfixes and improvements have been made. Pleae note that scoring is disabled in this release, so if you are using it wait for 1.43 before upgrading.
Release Notes: This release contains multiple bugfixes to the MIME parser and filename policy code. Documentation on sendmail m4 configuration and sanitizing with Postfix has been added. The code has been reorganized a bit. A MIME simplifier has been added for people who want to strip attachments from messages destined for mailing lists.