[mod-security-users] ModSecurity version 3.0.0-rc1 announcement
Brought to you by:
victorhora,
zimmerletw
From: Felipe C. <FC...@tr...> - 2017-08-28 12:00:01
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is a great pleasure the announce the first official release candidate for ModSecurity version 3. For those who are not familiar with ModSecurity version 3 yet, the version 3 was an `re-architecturization' of ModSecurity version 2. The goal was to turn ModSecurity into a library, that could be used seamlessly: Regardless of web server or platform. The motivations for ModSecurity version 3 was summarized in details here: [1] This release candidate marks the end of the first development cycle of ModSecurity version 3. It is now considerable stable to work with both: Trustwave Commercial Rules [2] and OWASP CRS [3]. Notice that differently from version 2, ModSecurity v3 does not target any specific web server or web server version. The version 3 is about a library. The connectors are the ones responsible to create this link between the web server and libModSecurity. Each web server should have its own connector. Currently we support the Nginx connector and there is a Apache connector available for test (not yet released). IMPORTANT: ModSecurity version 2 will be available and maintained parallel to version 3. There is not EAT to deprecate the version 2.x. Version 2 and version 3 has a completely independent development/release cycle. This release does not contains a changelog as it aims to implement the core capabilities and most widely used functionalities of version 2, with a different architecture. Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on. Further information about this release is available here: [4]. * A word about stability ModSecurity version 3 is new and it may not be vastly tested as version 2, however, the testability of version 3 had a very good improvement on the top of version 2. Further details on our QA can be checked here: Fuzzing ModSecurity version 3 as part of the QA [5] * Are you having an issue? We will be glad to fix it! If you find something out of order, make sure you open an issue on GitHub, it will be a pleasure to help you. Direct contributions in the form of pull requests for fixes or new features are always also greatly appreciated. * Compilation Further details on the compilation process for ModSecurity v3, can be found on the project README: - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation Complementary documentation for the connectors are available here: - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation * libModSecurity training (AppSec USA) If you want to hangout and talk about ModSecurity, meet Victor and Felipe on APPSec USA, we will be there for the entire event. Not to mention that there will be a hands on training [6] using ModSecurity version 3 and nginx. [1] https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/ [2] https://modsecurity.org/commercial-rules.html [3] https://github.com/SpiderLabs/owasp-modsecurity-crs [4] https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-version-3-RC1 [5] https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-version-3--Fuzzing-as-part-of-the-QA [6] https://appsecusa2017.sched.com/event/B2VV -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iF0EARECAB0WIQQZDvrMoen6RmqOzZzm37CM6LESdwUCWaQFIQAKCRDm37CM6LES dwHUAJ9APAGlY2HIOo0iHsmpbwwW90u/hACfdCFWOLfCxVb5blO0yMrMsgxbLp8= =T/Pj -----END PGP SIGNATURE----- |