Basically all distros i tried to install modsec uses very old versions. They spent a very long time to update the stable distros pkgs. So again... i don't see any problem, also packagers will not build modsec with MSC_TEST flag, It does not make any sense.

And again.. it was done because i'm sure we will not have impact for any user.


On Tue, May 28, 2013 at 7:20 PM, Diego Elio Pettenò <> wrote:
On 28/05/2013 19:56, Breno Silva wrote:
> I did it because it is a very small and not so important fix for 99% of
> the users.
> If it was bigger i would hold it for 2.7.5.
> It will not affect your system if you don't want to update

This kind of change-tarball-in-flight behaviour is a pain in the ass for
all distributions and tars the trust with upstream.

Seriously, I was expecting better from ModSecurity.

Diego Elio Pettenò — Flameeyes

Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
mod-security-developers mailing list
ModSecurity Services from Trustwave's SpiderLabs: