It is a pleasure to announce that ModSecurity version 2.8.0-RC1 is now ready!
This release candidate contains new features, bug fixes and improvements. The new features are:
- JSON Parser is no longer under tests. Now it is part of our mainline.
- Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit) now support white and suspicious list.
- New variables: FULL_REQUEST and FULL_REQUEST_LENGTH were added, allowing the rules to access the full content of a request.
- ModSecurity status is now part of our mainline.
- New operator: @detectXSS was added. It makes usage of the newest libinjection XSS detection functionality.
- Append and prepend are now supported on nginx (Ref: #635).
- SecServerSignature is now available on nginx (Ref: #637).
Check out the full list of changes straight from GitHub:
Besides the listed changes we are also modifying the name of our release tarball. We were labeling our release by: "modsecurity-apache_X.Y.Z.tar.gz", since we started to support Nginx, this name became
outdated. Now we are labeling it as "modsecurity-X.Y.Z.tar.gz". For those who are automagically generating packages, it won't be a problem, the old naming policy will be preserved on the
As in the last release, this will be stored in two different servers:
modsecurity.org and GitHub. Hashes will be provided for the tarball integrity verification. The release tags are also GPG-Signed.
Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs
Trustwave | SMART SECURITY ON DEMAND
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information
contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.