It is a pleasure to announce ModSecurity v2.8.0. Besides the bug fixes and improvements, it comes with five important new features:
* JSON request body parser.
* SecConnReadStateLimit and SecConnWriteStateLimit directives.
* FULL_REQUEST and FULL_REQUEST_LENGTH variables.
* @detectXSS operator.
* ModSecurity status reporting.
* Append and prepend are now supported on nginx (Ref: #635<https://github.com/SpiderLabs/ModSecurity/issues/635>).
* SecServerSignature is now available on nginx (Ref: #637<https://github.com/SpiderLabs/ModSecurity/issues/637>).
Complete list of modifications: https://github.com/SpiderLabs/ModSecurity/releases
Further information on the release: http://blog.spiderlabs.com/2014/04/announcing-modsecurity-v280.html
Note: we are also modifying the name of our release tarball. We were labeling our release by: "modsecurity-apache_X.Y.Z.tar.gz", since we started to support Nginx, this name became outdated. Now we are labeling it as "modsecurity-X.Y.Z.tar.gz". For those who are automagically generating packages, it won't be a problem, the old naming policy will be preserved on the modsecurity.org<http://modsecurity.org/> server.
As in the last release, this release will be stored in two different servers: modsecurity.org<http://modsecurity.org/> and GitHub. Hashes are provided for the tarball integrity verification. The release tags are also GPG-Signed.
Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs
m: +55 81 8706.5547
Trustwave | SMART SECURITY ON DEMAND
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.