Bad Behavior 2.2.9 has been released. This is a maintenance release and is recommended for all users.
The following changes have been made since version 2.2.8:
- Several patterns associated with malicious activity such as SQL injection and vulnerability scanning have been identified and blocked.
- WordPress: A code change regarding display of the whitelist in the administrative page was reverted due to unforeseen issues.
While reviewing the site for the recent disaster recovery, I noted that some ports of Bad Behavior had not been updated in a very long time and do not use the new 2.2 code base, and some which appear to have been abandoned. These have been noted on the list of ports as “legacy” and “abandoned” respectively. If you are a port maintainer, or you think you may want to be, please check the list for your platform.
I also noted that some current ports were released under the GPL version 2 only. Since Bad Behavior 2.2 uses the LGPL version 3 (or any later version) the license is not compatible with GPLv2 only connectors. I’ll be contacting port maintainers individually about these to attempt to resolve these issues, but if you are one and you are aware of this, please update your license to GPLv3 or later, or LGPLv2.1 or later.
Finally, thank you to all of you who provided kind words, offers of technical assistance and of course donations during this very stressful disaster recovery. If you haven’t contributed lately, or at all, please help me keep Bad Behavior going by donating today.