Projects / ModSecurity / Releases

All releases of ModSecurity

  •  06 Feb 2010 01:47
Avatar

    Release Notes: This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included.

    •  07 Nov 2009 07:28
    Avatar

      Release Notes: This release fixes a multipart parsing issue that has the potential to allow bypassing the rules engine. This bypass can be avoided via some simple rules, however. Other changes include a rules update (CRS 2.0.3) and some minor cleanup in build, mlogc, persistence, and the output filter ordering.

      •  24 Sep 2009 22:16
      Avatar

        Release Notes: This release fixes a number of small issues. Notable issues that have been fixed are a cleaner build process, fixes to mlogc to build on Windows and allow more reliable SSL negotiation to the console, less verbose logging when using anomaly scoring with CRS v2.x, and a feature to allow easier use with Apache mpm-itk.

        •  26 Aug 2009 07:30
        Avatar

          Release Notes: This release cleans up the build scripts and adds some features to better manage audit log permissions (especially with mpm-itk).

          •  12 Aug 2009 22:50
          Avatar

            Release Notes: This development release fixes some build issues with mlogc, a potential configuration crash, and SecRuleUpdateActionById. It includes the latest release of the Core Rule Set (CRS), 2.0.1.

            •  27 Jul 2009 23:43
            Avatar

              Release Notes: This release primarily fixes some build issues with 2.5.9 as well as some mlogc issues. Additionally, this release includes a development release of the Core Rule Set (CRS) v2.0 for testing.

              •  12 Mar 2009 07:26
              Avatar

                Release Notes: This release fixes a potential DoS vulnerability discovered by "Internet Security Auditors" when parsing multipart requests. Additionally, the build process was cleaned up and a few features were added, including atomic updates of persistent counters and macro expansion of the append/prepend actions. Upgrading to this release is highly recommended.

                •  12 Mar 2009 07:25
                Avatar

                  Release Notes: This release fixes a potential DoS vulnerability when PDF XSS protection is enabled (default is disabled) as well as a minor issue with an invalid "internal error" message. This release was immediately superseded by the 2.5.9 to fix another major issue found during the 2.5.8 release cycle.

                  •  30 Sep 2008 18:15
                  Avatar

                    Release Notes: This release fixes some not-so-common issues with request limits, logging, XML processing, and handling some "legacy" protocols in the request body.

                    •  18 Sep 2008 17:23
                    Avatar

                      Release Notes: This is a release candidate available to verify fixes for some not-so-common issues with request limits, logging, XML processing, and handling some "legacy" protocols in the request body. If you are seeing one of these reported issues, then please verify that this release corrects it.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.