Elephant Arch

Improvements

• Disable XXE and harden PRNG by default
• Use SameSite on PHP's session cookie in the default rules
• Relax a bit what files can be included in the default rules
• Add the possibility to ignore files hashes when generating rules
• The filename filter is now accepting phar paths

Bug fixes

• The harden rand_feature is not ignoring parameters anymore in function calls
• Fix possible crashes/hangs when using php-fpm's pools
• Fix an infinite loop on echo hook
• Fix an issue with filename filter
• Fix some documentation issues
• Fix the Arch Linux's PKGBUILD