[mod-security-users] Announcing Release of OWASP ModSecurity CRS v2.2.8
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <rya...@ow...> - 2013-07-02 16:17:47
|
CHANGES ======== == Version 2.2.8 - 06/30/2013 == Security Fixes: Improvements: * Updatd the /util directory structure * Added scripts to check Rule ID duplicates * Added script to remove v2.7 actions so older ModSecurity rules will work - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43 * Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope) - http://seclists.org/fulldisclosure/2013/Jun/21 - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-f or-plesk-vulnerability-.html Bug Fixes: * fix 950901 - word boundary added - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48 * fix regex error - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44 * Updated the Regex in 981244 to include word boundaries - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36 * Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34 * ModSecurity: No action id present within the rule - ignore_static.conf - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17 * "Bad robots" rule blocks all Java applets on Windows XP machines - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16 * duplicated rules id 981173 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18 Download links - https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master https://github.com/SpiderLabs/owasp-modsecurity-crs/zipball/master Release History - https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Pro ject#Release_History -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader |