Re: [Mod-security-developers] ModSecurity version 2.9.1-rc1 announcement

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello Zimmerle,

Thank you for the new rc1 release.

I compiled it just fine against apache 2.4.18 and ran nikto against
it without any problems. So this generally works. Cool.

Then I tried to enable the new JSON audit log format, but I failed
in the config parser:

AH00526: Syntax error on line 106 of /apache/conf/httpd.conf_testing_modsec:
Invalid command 'SecAuditLogFormat', perhaps misspelled or defined by a module not included in the server configuration

A 2nd issue occurred, when I tried to compile against apache 2.4.17.

Ahoj,

Christian

On Wed, Feb 03, 2016 at 05:17:12PM +0000, Felipe Costa wrote:
> 
> Hi,
> 
> It is a pleasure to announce the first release candidate for ModSecurity
> version 2.9.1. The version 2.9.1-RC1 contains fixes and new features.
> The new features list includes audit logs in JSON format.
> 
> I would like to thank you all, that participate in the construction of
> this release. A special thanks to the ones who sent patches and the ones
> who participated on the community meetings, which helped to increase the
> quality of our releases. Thank you.
> 
> The documentation of the new features is already available on our wiki
> page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual
> 
> The source and binaries (and the respective hashes) are available at:
> https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1
> 
> The most important changes are listed bellow:
> 
> * New features
> 
>  - Added support to generate audit logs in JSON format.
>    [Issue #914, #897, #656 - Robert Paprocki]
>  - Extended Lua support to include version 5.3
>    [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team]
>  - mlogc: Allows user to choose between TLS versions (TLSProtocol option
>    introduced).
>    [Issue #881 - Ishwor Gurung]
>  - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions.
>    [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team]
> 
> * Bug fixes
> 
>  - Creating AuditLog serial file (or parallel index) respecting the
>    permission configured with SecAuditLogFileMode. Previously, it was
>    used only to save the transactions while in parallel mode.
>    [Issue #852 - @littlecho and ModSecurity team]
>  - Checking for hashing injection response, to report in case of failure.
>    [Issue #1041 - ModSecurity team]
>  - Stop buffering when the request is larger than SecRequestBodyLimit
>    in ProcessPartial mode
>    [Issue #709, #705, #728 - Justin Gerace and ModSecurity team]
>  - Refactoring conditional #if/#defs directives.
>    [Issue #996 - Wesley M and ModSecurity team]
>  - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir
>    files with Apache 2.4
>    [Issue #775 - Elia Pinto]
>  - Understands IIS 10 as compatible on Windows installer.
>    [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team]
>  - Fix apache logging limitation by using correct Apache call.
>    [Issue #840 - Christian Folini]
>  - Fix apr_crypto.h check on 32-bit Linux platform
>    [Issue #882, #883 - Kurt Newman]
>  - Fix variable resolution duration (Content of the DURATION variable).
>    [Issue #662 - Andrew Elble]
>  - Fix crash while adding empty keys to persistent collections.
>    [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team]
>  - Remove misguided call to srand()
>    [Issues #778, #781 and #836 - Michael Bunk, @gilperon]
>  - Fix compilation problem while ssdeep is installed in non-standard
>    location.
>    [Issue #872 - Kurt Newman]
>  - Fix invalid storage reference by apr_psprintf at msc_crypt.c
>    [Issue #609 - Jeff Trawick]
> 
> * Known issues
> 
>  - Instabilities of nginx add-on are still expected. Please use the "nginx
>    refactoring" branch and stay tuned for the ModSecurity version 3.
> 
> Br.,
> Felipe "Zimmerle" Costa
> Lead Developer for ModSecurity
> Security Researcher, SpiderLabs
> 
> Trustwave | SMART SECURITY ON DEMAND
> www.trustwave.com <http://www.trustwave.com/>
> 
> 
> ________________________________
> 
> This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php

-- 
mailto:chr...@ne...
http://www.christian-folini.ch
twitter: @ChrFolini