Release Notes: This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included.
Release Notes: This release fixes a multipart parsing issue that has the potential to allow bypassing the rules engine. This bypass can be avoided via some simple rules, however. Other changes include a rules update (CRS 2.0.3) and some minor cleanup in build, mlogc, persistence, and the output filter ordering.
Release Notes: This release fixes a number of small issues. Notable issues that have been fixed are a cleaner build process, fixes to mlogc to build on Windows and allow more reliable SSL negotiation to the console, less verbose logging when using anomaly scoring with CRS v2.x, and a feature to allow easier use with Apache mpm-itk.
Release Notes: This release cleans up the build scripts and adds some features to better manage audit log permissions (especially with mpm-itk).
Release Notes: This development release fixes some build issues with mlogc, a potential configuration crash, and SecRuleUpdateActionById. It includes the latest release of the Core Rule Set (CRS), 2.0.1.
Release Notes: This release primarily fixes some build issues with 2.5.9 as well as some mlogc issues. Additionally, this release includes a development release of the Core Rule Set (CRS) v2.0 for testing.
Release Notes: This release fixes a potential DoS vulnerability discovered by "Internet Security Auditors" when parsing multipart requests. Additionally, the build process was cleaned up and a few features were added, including atomic updates of persistent counters and macro expansion of the append/prepend actions. Upgrading to this release is highly recommended.
Release Notes: This release fixes a potential DoS vulnerability when PDF XSS protection is enabled (default is disabled) as well as a minor issue with an invalid "internal error" message. This release was immediately superseded by the 2.5.9 to fix another major issue found during the 2.5.8 release cycle.
Release Notes: This release fixes some not-so-common issues with request limits, logging, XML processing, and handling some "legacy" protocols in the request body.
Release Notes: This is a release candidate available to verify fixes for some not-so-common issues with request limits, logging, XML processing, and handling some "legacy" protocols in the request body. If you are seeing one of these reported issues, then please verify that this release corrects it.