[mod-security-users] OWASP ModSecurity CRS v2.1.1 Released
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2010-12-30 18:23:14
|
Thanks to those who did some testing and provided feedback. I have made a bug fix release v2.1.1 - -------------------------- Version 2.1.1 - 12/30/2010 -------------------------- Bug Fixes: - Updated the 10 config conf file to add in pass action to User-Agent rule - Updated the CSRF ruleset to conditionally do content injection - if the csrf token was created by the session hijacking conf file - Updated the session hijacking conf file to only enforce rules if a SessionID Cookie was submitted - Fixed macro expansion setvar bug in the restricted file extension rule - Moved the comment spam data file into the optional_rules directory https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/ |