Re: [mod-security-packagers] ModSecurity version 2.9.0-RC2 announcement
Brought to you by:
victorhora,
zimmerletw
From: Felipe C. <FC...@tr...> - 2015-01-05 18:24:07
|
Hi Walter, Thank you for your feedback!! Best wishes in 2015. Waiting for your OK before release 2.9.0. My guess is that 19 of January is a good date for 2.9.0 release. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> From: Walter Hop [mo...@sp...] Sent: Monday, December 29, 2014 7:32 PM To: mod...@li... Cc: mod...@li... Subject: Re: [mod-security-packagers] ModSecurity version 2.9.0-RC2 announcement I gave the RC2 some quality time. It looks very good so far! Fixed issues I’ve had with -RC1: - Failures in @pmFromFile, @ipMatchFromFile and SecRemoteRules: works OK now! - @fuzzyHash rule doesn't fire: works OK now! This problem was likely due to bugs in the old ssdeep version (FreeBSD bug #195720). ssdeep was updated to 2.12 on Dec 13rd, so the timing is perfect. - Persistent crashes in acmp_btree_find: seems to have been a FreeBSD 10.0 issue with all versions, works OK on FreeBSD 9.3 and 10.1. FreeBSD 10.0 will go out of support in February anyway. - httpd crash on every request when using Lua 5.2: Assuming Lua 5.2 is not supported fully for now (Github issue #814). I will just depend on Lua 5.1. This is not an urgent problem, as lua51/lua52 packages can coexist peacefully. One small unfixed issue remains: - Apache log module prefix: not fixed, note that it still says '[:notice]', but this is a small issue at worst. [Mon Dec 29 21:44:18.001193 2014] [:notice] [pid 56448] ModSecurity for Apache/2.9.0-RC2 (http://www.modsecurity.org/) configured. I will try the RC2 on some internal systems over the next week (including some Debian), so it’s possible some other stuff will turn up, but it’s feeling very stable so far! Thanks for the hard work and the fixes, and best wishes for 2015 :) WH On 16 Dec 2014, at 01:35, Felipe Costa <FC...@tr...> wrote: I am proud to announce our second release candidate for version 2.9.0. The 2.9.0-RC2 contains fixes and improvements. The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.0-rc2 SHA256(modsecurity-2.9.0-RC2.tar.gz)= 62bfb04d459a8308bb6850102c9d8f0cca250207749ce5b9465344dda2419993 SHA256(ModSecurityIIS_2.9.0-RC2-32b.msi)= 364a55d2ff6981479694184eaec26404f294ac2131e8494ff478ae5e1aee33d6 SHA256(ModSecurityIIS_2.9.0-RC2-64b.msi)= c5c90fb5eae5d819f641989bcfb2b4230506fb4bb8065034ef0684b8694585dd -- Walter Hop | PGP key: https://lifeforms.nl/pgp ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |