Re: [Mod-security-developers] ModSecurity version 3.0.0 announcement
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSecurity version 3.0.0 announcement
|
From: Christian F. <chr...@ne...> - 2017-12-15 15:13:43
|
On Fri, Dec 15, 2017 at 03:10:33PM +0000, Felipe Costa wrote: > Thank you Christian. Indeed I am very happy with this release :) Hope > to make the life of ModSecurity users better. I bet it will! > Thanks, also, to everybody that was involved on with it, including you > :) You're welcome. But we all know you did all the heavy lifting yourself! Christian > > Br., > > Felipe “Zimmerle” Costa > > Security Researcher, Lead Developer ModSecurity. > > > Trustwave | SMART SECURITY ON DEMAND > > [1]www.trustwave.com > __________________________________________________________________ > > From: Christian Folini <chr...@ne...> > Sent: Friday, December 15, 2017 8:11:55 AM > To: mod...@li...; > mod...@li... > Subject: Re: [Mod-security-developers] ModSecurity version 3.0.0 > announcement > > Congratulations Zimmerle! > This is a very big day and I am impressed by your achievement! I drink > to a > bright future for libModSecurity 3.0! > Christian > On Thu, Dec 14, 2017 at 10:26:17PM +0000, Felipe Costa wrote: > > > > It is a pleasure to announce the release of ModSecurity version > 3.0.0, aka > > libModSecurity. This version contains fixes on top of v3.0.0-rc1 and > > improvements on some features. > > > > The most important addition of this release was the full support for > some > > missing pieces such as: Lua, SecRuleRemoveByTag and the @fuzzyHash > operator. > > > > At this point ModSecurity version 3 is considerable to be feature > complete. Any > > missing piece may not be suitable for version 3 family. At least not > > before discussion. > > > > The list with the full changes can be found on the project CHANGES > file, > > available here: > > - > [2]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_SrVbV5HsA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2freleases%2ftag%2fv3%2e0%2e0%2fCHANGES > > > > The version 3.0.0 can be downloaded straight from GitHub: > > - > [3]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XuJPgVM5w&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2freleases%2ftag%2fv3%2e0%2e0%2f > > > > The list of open issues is also available on GitHub: > > - > [4]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XuJOVNNsA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2fissues%3fq%3dis%253Aissue%2bis%253Aopen%2blabel%253Alibmodsecuri > ty > > > > Notice that differently from version 2, ModSecurity v3 does not > target any > > specific web server or web server version. The version 3 is about a > library. > > The connectors are the ones responsible to create the link between > the web > > server and libModSecurity. Each web server should have its own > connector. > > Currently we support the Nginx connector and there is a Apache > connector > > available for test (not yet released). > > > > IMPORTANT: ModSecurity version 2 will be available and maintained > parallel > > to version 3. There is no ETA to deprecate the version 2.x. New > features and > > major improvements will be implemented on version 3.x. Security or > major bugs > > are planned to be back ported. Version 2 and version 3 has a > completely > > independent development/release cycle. > > > > Thanks to everybody who helped in this process: reporting issues, > making > > comments and suggestions, sending patches and so on. > > > > Further details on the compilation process for ModSecurity v3, can be > found on > > the project README: > > - > [5]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_X2HOldK4w&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2ftree%2fv3%2fmaster%23compilation > > > > Complementary documentation for the connectors are available here: > > - nginx: > [6]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XjUPlEYtg&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity-nginx%2f%23compilation > > - Apache: > [7]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_S6AOVZO4g&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity-apache%2f%23compilation > > > > > > Br., > > Felipe "Zimmerle" Costa > > Security Researcher, Lead Developer ModSecurity. > > > > Trustwave | SMART SECURITY ON DEMAND > > [8]www.trustwave.com > > > > > > > ----------------------------------------------------------------------- > ------- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, > [9]http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY > 3XGs_S6Ga1Ea5g&s=5&u=http%3a%2f%2fSlashdot%2eorg%21 > [10]http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XjVbVUc4g&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > > [11]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0 > JY3XGs_S-CZ1NJsQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists% > 2flistinfo%2fmod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > [12]https://www.trustwave.com/spiderLabs.php > -- > [13]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0 > JY3XGs_SuGaFUd4A&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2ftraining% > 2fmodsecurity-training-course > [14]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0 > JY3XGs_SyFb18b7A&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2fbooks%2fm > odsecurity-handbook%2f > [15]mailto:chr...@ne... > twitter: @ChrFolini > > References > > 1. http://www.trustwave.com/ > 2. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SrVbV5HsA&s=5&u=https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/CHANGES > 3. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XuJPgVM5w&s=5&u=https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/ > 4. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XuJOVNNsA&s=5&u=https://github.com/SpiderLabs/ModSecurity/issues?q=is%3Aissue+is%3Aopen+label%3Alibmodsecurity > 5. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_X2HOldK4w&s=5&u=https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation > 6. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XjUPlEYtg&s=5&u=https://github.com/SpiderLabs/ModSecurity-nginx/#compilation > 7. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S6AOVZO4g&s=5&u=https://github.com/SpiderLabs/ModSecurity-apache/#compilation > 8. http://www.trustwave.com/ > 9. http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S6Ga1Ea5g&s=5&u=http://Slashdot.org! > 10. http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XjVbVUc4g&s=5&u=http://sdm.link/slashdot > 11. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S-CZ1NJsQ&s=5&u=https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 12. https://www.trustwave.com/spiderLabs.php > 13. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SuGaFUd4A&s=5&u=https://www.feistyduck.com/training/modsecurity-training-course > 14. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SyFb18b7A&s=5&u=https://www.feistyduck.com/books/modsecurity-handbook/ > 15. mailto:chr...@ne... > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
