ModSecurity

File Release Notes and Changelog

Release Name: 2.5.9

Notes:
This release fixes a potential DoS vulnerability discovered
by "Internet Security Auditors" when parsing multipart 
requests.  Additionally, the release cleans up the build 
process and adds a few features, including atomic updates of 
persistent counters and macro expansion of the append/prepend 
actions.  It is highly recommended to upgrade to this release.

NOTE: A pre-released copy of 2.5.9 was inadvertently 
uploaded.  If you downloaded prior to 11 March 2009 at 23:25 
PDT, then you may have the wrong version and should verify.  
These versions only differed in documentation, however.

Changes:
 * Fixed parsing multipart content with a missing part header name which
   would crash Apache.  Discovered by "Internet Security Auditors"
   (isecauditors.com).

 * Added ability to specify the config script directly using --with-apr
   and --with-apu.

 * Updated copyright year to 2009.

 * Added macro expansion for append/prepend action.

 * Fixed race condition in concurrent updates of persistent counters.  Updates
   are now atomic.

 * Cleaned up build, adding an option for verbose configure output and making
   the mlogc build more portable.