Important note as mentioned below, this release includes a security fix for a libxml2 external entity execution attack -

It is highly recommended that you upgrade.

Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

From: Breno Silva <>
Date: Friday, March 29, 2013 12:55 PM
To: "" <>, mod-security-developers <>, <>
Subject: [mod-security-users] Availability of ModSecurity 2.7.3 Stable Release

The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.7.3 Stable Release.The stability of this release is good and includes many bug fixes. 

Many issues and missing features for NGINX module were fixed. NGINX module version is now RC. We have fixed some minor issues for IIS. 

We also added some important new features, the ability to load some specific directives into .htaccess files and the SecXmlExternalEntity security feature that will disable by default the possibility to load xml external entities. We recommend all users use this version.

Please see the release notes included into CHANGES file. For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to


Breno Silva

------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. mod-security-users mailing list Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.