[Mod-security-rules] ModSecurity version 3.0.0 announcement
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-rules] ModSecurity version 3.0.0 announcement
|
From: Felipe C. <FC...@tr...> - 2017-12-14 22:26:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is a pleasure to announce the release of ModSecurity version 3.0.0, aka libModSecurity. This version contains fixes on top of v3.0.0-rc1 and improvements on some features. The most important addition of this release was the full support for some missing pieces such as: Lua, SecRuleRemoveByTag and the @fuzzyHash operator. At this point ModSecurity version 3 is considerable to be feature complete. Any missing piece may not be suitable for version 3 family. At least not before discussion. The list with the full changes can be found on the project CHANGES file, available here: - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/CHANGES The version 3.0.0 can be downloaded straight from GitHub: - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/ The list of open issues is also available on GitHub: - https://github.com/SpiderLabs/ModSecurity/issues?q=is%3Aissue+is%3Aopen+label%3Alibmodsecurity Notice that differently from version 2, ModSecurity v3 does not target any specific web server or web server version. The version 3 is about a library. The connectors are the ones responsible to create the link between the web server and libModSecurity. Each web server should have its own connector. Currently we support the Nginx connector and there is a Apache connector available for test (not yet released). IMPORTANT: ModSecurity version 2 will be available and maintained parallel to version 3. There is no ETA to deprecate the version 2.x. New features and major improvements will be implemented on version 3.x. Security or major bugs are planned to be back ported. Version 2 and version 3 has a completely independent development/release cycle. Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on. Further details on the compilation process for ModSecurity v3, can be found on the project README: - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation Complementary documentation for the connectors are available here: - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation Br., Felipe "Zimmerle" Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iF0EARECAB0WIQQZDvrMoen6RmqOzZzm37CM6LESdwUCWjL5gQAKCRDm37CM6LES d+I9AJ0W6S2jXBFSXcAPBQD/qhs4W0SOwQCgoeKBpOOSAcAZXsAqQOA4oUFV+yY= =BrVr -----END PGP SIGNATURE----- |
