CSPR.NG Blog
Cryptographically Secure Pseudorandom Number Generator
CSPR.NG is now on Version 2 (dev branch)
We've upgraded our server to PHP 7.1 and CSPR.NG is now on dev-master from Github.
This is just a notice in case something breaks.
How to Contribute to Airship, Even If You're Not a Security Expert
If you believe in our mission to make online publishing safer for everyone, you may have considered contributing to CMS Airship already. Whether you share our desire to see data breaches become less frequent or you seek some open source work to put on your resume to improve your employment prospects, there are a myriad of ways to get involved. We greatly welcome anything you feel you can contribute.
What follows are some things we'd specifically ask for if given a choice.
CMS Airship Version 1.3.0 Released
The official release has been tagged and signed. This release was focused heavily on improving the user interface and user experience (commonly abbreviated to UI/UX).
The changelog is deceptively succinct:
CMS Airship Version 1.2.0 Released
The official release has been tagged and signed. This new release adds a few new cool features and fixes some annoying bugs.
But first, let's talk about the current development plan and what version 1.2.0 means for Airship.
CMS Airship < 1.1.2 - Stored XSS Post-Mortem
Earlier today, a stored XSS vulnerability was reported by Lucas Reschke and fixed in version 1.1.2. Unfortunately, this news arrived at the same time as I discovered the auto-updater was refusing to run. If you've set up your own Airship already, you'll need to manually update to the latest version (1.1.3).
Airship 1.1.0
CMS Airship Version 1.1.0 is out! Get it while it's hot. If you've enabled minor updates in your Bridge, this update should be applied automatically.
When we released version 1.0 earlier this week, we weren't counting on receiving as much great feedback from the community, and we certainly didn't expect anyone to contribute significantly enough to tag 1.1 so soon. I'm delighted to say, our expectations weren't high enough.
Let's dive into what's changed in version 1.1.0:
Airship 1.0.0
I'll keep this brief. Go read The PHP Security Platinum Standard: Raising the Bar with CMS Airship for the release announcement.
If you're looking for the place to sign up for a supplier account to make your own extensions, you want https://airship.paragonie.com instead. (Warning: kind of ugly, need to update the CSS when I get a chance.)
Otherwise, feel free to create an account here and enjoy your stay.
Airship Beta 3 Released
This should be the last beta release before we tag version 1.0.0. When 1.0.0 is tagged, Airship will be in the scope of our bug bounty on HackerOne.
Paragon Initiative Enterprises is a little different from most vendors: We can tolerate full disclosure. Any updates we release will be deployed, by default, within an hour of their availability.
Airship Beta 2 Released
One massive engineering effort completed. The remaining steps should be painless.
Welcome to the Public Airship Beta
Welcome to the public CMS Airship beta.
This domain demonstrates unreleased, in-development features of our upcoming CMS. What you are seeing is the current master branch. As soon as v0.2.0 is released, we'll begin working on the features for v0.3.0 and they'll be publicly visible here.