ModSecurity

File Release Notes and Changelog

Release Name: 2.5.8

Notes:
This release fixes a potential DoS vulnerability when PDF XSS 
protection is enabled (default is disabled) as well as a 
minor issue with an invalid "internal error" message.  This 
release was immediately superseded by the 2.5.9 to fix 
another major issue found during the 2.5.8 release cycle.  
You should install the 2.5.9 release instead.

Changes:
 * Fixed PDF XSS issue where a non-GET request for a PDF file would crash the
   Apache httpd process.  Discovered by Steve Grubb at Red Hat.

 * Removed an invalid "Internal error: Issuing "%s" for unspecified error."
   message that was logged when denying with nolog/noauditlog set and
   causing the request to be audited.