[Mod-security-developers] ModSecurity version 2.9.0-RC1 released
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] ModSecurity version 2.9.0-RC1 released
|
From: Felipe C. <FC...@tr...> - 2014-11-18 13:34:17
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am proud to announce our first release candidate for version 2.9.0. The 2.9.0-RC1 contains fixes and new features. The documentation is available in our wikipage: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.0-rc1 SHA256(modsecurity-2.9.0-RC1.tar.gz)= 1a061e09bc7e3218a80bc2004b7e87c8f3a382323b09633e060c16bea5e23098 SHA256(ModSecurityIIS_2.9.0-RC1-32b.msi)= 68cd286612ca7026442ec3c409f33a2eaca428d9bb7a297d23a19043f5c31360 SHA256(ModSecurityIIS_2.9.0-RC1-64b.msi)= 948ffeda98684c569c22da95d600aca7998f20a85c9345a56086e1a85c1d8ab7 We would like to thank you all that helped out making this release: comments, bug reports, and pull requests. The most important changes are listed bellow: New features ============ * `pmFromFile' and `ipMatchFromFile' operators are now accepting HTTPS served files as parameter. * `SecRemoteRules' directive - allows you to specify a HTTPS served file that may contain rules in the SecRule format to be loaded into your ModSecurity instance. * `SecRemoteRulesFailAction' directive - allows you to control whenever the user wants to Abort or just Warn when there is a problem while downloading rules specified with the directive: `SecRemoteRules'. * `fuzzyHash' operator - allows to match contents using fuzzy hashes. * `FILES_TMP_CONTENT' collection - make available the content of uploaded files. * InsecureNoCheckCert - option to validate or not a chain of SSL certificates on mlogc connections. Bug fixes ========= * ModSecurityIIS: ModSecurity event ID was changed from 0 to 0x1. [Issue #676 - Kris Kater and ModSecurity team] * Fixed signature on "status call": ModSecurity is now using the original server signature. [Issues #702 - Linas and ModSecurity team] * YAJL version is printed while ModSecurity initialization. [Issue #703 - Steffen (Apache Lounge) and Mauro Faccenda] * Fixed subnet representation using slash notation on the @ipMatch operator. [Issue #706 - Walter Hop and ModSecurity team] * Limited the length of a status call. [Issue #714 - 'cpanelkurt' and ModSecurity team] * Added the missing -P option to nginx regression tests. [Issue #720 - Paul Yang] * Fixed automake scripts to do not use features which will be deprecated in the upcoming releases of automake. [Issue #760 - ModSecurity team] * apr-utils's LDFALGS is now considered while building ModSecurity. [Issue #782 - Daniel J. Luke] * IIS installer is not considering IIS 6 as compatible anymore. [Issue #790 - ModSecurity team] * Fixed yajl build script: now looking for the correct header file. [Issue #804 - 'rpfilomeno' and ModSecurity team] * mlgoc is now forced to use TLS 1.x. [Issue #806 - Josh Amishav-Zlatin and ModSecurity team] Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAlRrRO0ACgkQ5t+wjOixEneDsQCfdQO7tsVdlBJB4bKQkRFzvpP+ m8EAn2ToUijuHIKpOm9yWdcwsuZ5yBW+ =80Ng -----END PGP SIGNATURE----- ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
