|
From: Walter H. <mo...@sp...> - 2015-01-06 15:22:11
|
Hi Felipe, I haven’t found any regressions so far although I haven’t put it in production yet. So that date looks good! It would be very much appreciated if you could briefly look at my thread "RESPONSE_BODY matching fails with gzip encoding on Ubuntu” on -users list, although this problem also occurs on 2.7.7. It might be a bug, if so, it would be nice to catch it in time. Cheers! WH > On 05 Jan 2015, at 19:23, Felipe Costa <FC...@tr...> wrote: > > Hi Walter, > > Thank you for your feedback!! Best wishes in 2015. > > Waiting for your OK before release 2.9.0. My guess is that 19 of January > is a good date for 2.9.0 release. > > > Br., > Felipe "Zimmerle" Costa > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > From: Walter Hop [mo...@sp...] > > Sent: Monday, December 29, 2014 7:32 PM > > To: mod...@li... > > Cc: mod...@li... > > Subject: Re: [mod-security-packagers] ModSecurity version 2.9.0-RC2 announcement > > > > > > > > > > > > I gave the RC2 some quality time. It looks very good so far! > > > > > > Fixed issues I’ve had with -RC1: > > > > - Failures in @pmFromFile, @ipMatchFromFile and SecRemoteRules: works OK now! > > - @fuzzyHash rule doesn't fire: works OK now! This problem was likely due to bugs in the old ssdeep version (FreeBSD bug #195720). ssdeep was updated to 2.12 on Dec 13rd, so the timing is perfect. > > - Persistent crashes in acmp_btree_find: seems to have been a FreeBSD 10.0 issue with all versions, works OK on FreeBSD 9.3 and 10.1. FreeBSD 10.0 will go out of support in February anyway. > > - httpd crash on every request when using Lua 5.2: Assuming Lua 5.2 is not supported fully for now (Github issue #814). I will just depend on Lua 5.1. This is not an urgent problem, as lua51/lua52 packages can coexist peacefully. > > > > > One small unfixed issue remains: > > - Apache log module prefix: not fixed, note that it still says '[:notice]', but this is a small issue at worst. [Mon Dec 29 21:44:18.001193 2014] [:notice] [pid 56448] ModSecurity for Apache/2.9.0-RC2 (http://www.modsecurity.org/) > configured. > > > > > > I will try the RC2 on some internal systems over the next week (including some Debian), so it’s possible some other stuff will turn up, but it’s feeling very stable so far! > > > > > Thanks for the hard work and the fixes, and best wishes for 2015 :) > > > > > WH > > > > > > > > > On 16 Dec 2014, at 01:35, Felipe Costa <FC...@tr...> wrote: > > > > > > I am proud to announce our second release candidate for version 2.9.0. > > > The 2.9.0-RC2 contains fixes and improvements. > > > > > > > The source and binaries (and the respective hashes) are available at: > > > https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.0-rc2 > > > > > > > SHA256(modsecurity-2.9.0-RC2.tar.gz)= 62bfb04d459a8308bb6850102c9d8f0cca250207749ce5b9465344dda2419993 > > > SHA256(ModSecurityIIS_2.9.0-RC2-32b.msi)= 364a55d2ff6981479694184eaec26404f294ac2131e8494ff478ae5e1aee33d6 > > > SHA256(ModSecurityIIS_2.9.0-RC2-64b.msi)= c5c90fb5eae5d819f641989bcfb2b4230506fb4bb8065034ef0684b8694585dd > > > > > > > > > -- > Walter Hop | PGP key: https://lifeforms.nl/pgp > > > > > > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. -- Walter Hop | PGP key: https://lifeforms.nl/pgp |
