From: Brian Rectanus <Brian.R<ectanus@br...> - 2008-06-06 17:33:44
ModSecurity 2.5.5 was released. This release contains a number of
important fixes. It is highly recommended that all current 2.5 users
upgrade to 2.5.5.
Packages can be downloaded from modsecurity.org as always.
05 Jun 2008 - 2.5.5
* Fixed an issue where an alert was not logged in the error log
unless "auditlog" was used.
* Enable the "auditlog" action by default to help prevent a
misconfiguration. The new default is now: "phase:2,log,auditlog,pass"
* Improve request body processing error messages.
* Handle lack of a new line after the final boundary in a multipart
request. This fixes the reported WordPress Flash file uploader
* Fixed issue with multithreaded servers where concurrent XML processing
could crash the web server (at least under Windows).
* Fixed blocking in phase 3.
* Force modules "mod_rpaf-2.0.c" and "mod_custom_header.c" to run before
ModSecurity so that the correct IP is used.