[mod-security-users] Announcing Release of OWASP ModSecurity CRS v2.2.8

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

CHANGES
========

== Version 2.2.8 - 06/30/2013 ==

Security Fixes:

Improvements:
* Updatd the /util directory structure
* Added scripts to check Rule ID duplicates
* Added script to remove v2.7 actions so older ModSecurity rules will work
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43
* Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king
cope)
  - http://seclists.org/fulldisclosure/2013/Jun/21
  - 
http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-f
or-plesk-vulnerability-.html

Bug Fixes:
* fix 950901 - word boundary added
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48
* fix regex error
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44
* Updated the Regex in 981244 to include word boundaries
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36
* Problem with Regression Test (Invalid use of backslash) - Rule 960911 -
Test2
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34
* ModSecurity: No action id present within the rule - ignore_static.conf
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17
* "Bad robots" rule blocks all Java applets on Windows XP machines
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16
* duplicated rules id 981173
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18

Download links -
https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
https://github.com/SpiderLabs/owasp-modsecurity-crs/zipball/master

Release History -
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Pro
ject#Release_History

-- 
Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader