[Mod-security-rules] Announcement: ModSecurity version 2.9.2
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-rules] Announcement: ModSecurity version 2.9.2
|
From: Felipe C. <FC...@tr...> - 2017-07-19 14:09:23
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am very proud to announce ModSecurity version 2.9.2. In 2.9.2 we have some new features and bug fixes as well as two _security issues_ fixed. This release, like all releases of 2.9 family, is a combined release for all bindings/versions that we support: Apache, Nginx, and IIS. Although Nginx users preferably wants to use libModSecurity [1] with the ModSecurity-nginx connector [2]. This is the last release of 2.9.2 family which is likely to have new features as this version is being slowly deprecated in favor of ModSecurity version 3. In this release we’ve got two security issues fixed: - Allan Boll reported an uninitialized variable that may lead to a crash on Windows platform. - Brian Adeloye reported an infinite loop on the version of libInjection used on ModSecurity 2.9.1. Thanks for Allan Boll, and Brian Adeloye for the security reports ;) The complete list of changes is available on our change logs: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2 The source and binaries (and the respective hashes/signatures) are available at: - - https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2 Thanks to everybody who participate with bug reports, comments and code, including: @victorhora, @defanator, @client9, @bjdijk, @hideaki, @parthasarathi204, Daniel Stelter-Gliese, @LukeP21, @mturk, Coty Sutherland, Robert Bost, Marc Stern, @bazzadp, Sander Hoentjen, Robert Paprocki, @Rendername, @emphazer, Chaim Sanders, Thomas Deutschmann, Michael Kjeldsen, Armin Abfalterer, Robert Culyer, Ephraim Vider, @charlymps, Christian Folini, Alexey Sintsov. [1] https://github.com/SpiderLabs/ModSecurity/tree/v3/master [2] http://www.github.com/SpiderLabs/ModSecurity-nginx/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAllufKgACgkQ5t+wjOixEndelgCghnMYdBQ26AXeRjmc1c8zNTbX EE0AoJRqbAgSVJAjQus479ZopLKzNkJn =oONS -----END PGP SIGNATURE----- |
