Re: [Mod-security-developers] ModSecurity version 3.0.0 announcement
Brought to you by:
victorhora,
zimmerletw
From: Christian F. <chr...@ne...> - 2017-12-15 10:12:04
|
Congratulations Zimmerle! This is a very big day and I am impressed by your achievement! I drink to a bright future for libModSecurity 3.0! Christian On Thu, Dec 14, 2017 at 10:26:17PM +0000, Felipe Costa wrote: > > It is a pleasure to announce the release of ModSecurity version 3.0.0, aka > libModSecurity. This version contains fixes on top of v3.0.0-rc1 and > improvements on some features. > > The most important addition of this release was the full support for some > missing pieces such as: Lua, SecRuleRemoveByTag and the @fuzzyHash operator. > > At this point ModSecurity version 3 is considerable to be feature complete. Any > missing piece may not be suitable for version 3 family. At least not > before discussion. > > The list with the full changes can be found on the project CHANGES file, > available here: > - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/CHANGES > > The version 3.0.0 can be downloaded straight from GitHub: > - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/ > > The list of open issues is also available on GitHub: > - https://github.com/SpiderLabs/ModSecurity/issues?q=is%3Aissue+is%3Aopen+label%3Alibmodsecurity > > Notice that differently from version 2, ModSecurity v3 does not target any > specific web server or web server version. The version 3 is about a library. > The connectors are the ones responsible to create the link between the web > server and libModSecurity. Each web server should have its own connector. > Currently we support the Nginx connector and there is a Apache connector > available for test (not yet released). > > IMPORTANT: ModSecurity version 2 will be available and maintained parallel > to version 3. There is no ETA to deprecate the version 2.x. New features and > major improvements will be implemented on version 3.x. Security or major bugs > are planned to be back ported. Version 2 and version 3 has a completely > independent development/release cycle. > > Thanks to everybody who helped in this process: reporting issues, making > comments and suggestions, sending patches and so on. > > Further details on the compilation process for ModSecurity v3, can be found on > the project README: > - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation > > Complementary documentation for the connectors are available here: > - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation > - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation > > > Br., > Felipe "Zimmerle" Costa > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |