Re: [mod-security-users] Announcement: ModSecurity version 2.9.3

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Now mod_security 2.9.3 VC15  available at Apache Lounge.

 http://www.apachelounge.com/

On Wednesday 05/12/2018 at 18:04, Victor Hora  wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> We are happy to announce ModSecurity version 2.9.3!
>
> As previously announced, libModSecurity has reached official stable 
> stage and was released for almost an year now. Therefore, new features 
> and major improvements will be implemented only on version 3.x. 
> Security or *major* bugs are planned to be back ported.
>
> Still, in a effort to keep our commitment with the community, 2.9.3 
> still contains a number of improvements in different areas. These 
> include, optimizations in the code, updating all dependencies, 
> updating the embedded CRS version of the IIS build, clean ups, support 
> for other architectures among other changes.
>
> In addition to these improvements, a few key issues were fixed 
> including mpm-itk / mod_ruid2 compatibility which was a roadblock for 
> some CPANEL ModSecurity users and many other improvements focused on 
> improving performance, usability and code resilience.
>
> POTENTIAL SECURITY ISSUES:
>
> - Fix ip tree lookup on netmask content
>      [@tinselcity]
> - - potential off by one in parse_arguments
>      [@tinselcity]
>
> The complete list of changes is available on our change logs:
> - - https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.3
>
> The source and binaries (and the respective hashes/signatures) are
> available at:
> - - https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.3
>
> The documentation for this release is available at:
> - - 
> https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29
>
> The list of open issues is available on GitHub:
> - - https://github.com/SpiderLabs/ModSecurity/labels/2.x
>
> As with every new release, a milestone was created to host all the 
> issues that will be fixed till we reach the given milestone. With 
> that, we not only give the community the full transparency of the work 
> that is being doing on ModSec, but also even more chances to 
> participate.
> Milestones give the chance to anyone from the community to deduce when 
> and what will be released. For instance the 2.9.4 milestone is in 
> progress even before 2.9.3 milestone is closed.
>
> Some of the active milestones from the ModSecurity project follows:
>
> - - milestone v2.9.3: 
> https://github.com/SpiderLabs/ModSecurity/milestone/10
> - - milestone v2.9.4:
> https://github.com/SpiderLabs/ModSecurity/milestone/14
>
> Thanks to everybody who helped in this process: reporting issues, 
> making comments and suggestions, sending patches and so on.
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEENVJvmdv3xZcwKAX5LzS6oLmekUFAlwIAmoACgkQ5LzS6oLm
> ekWTzQ//cIX68Y2HIBaR7nFvxsY199acxxKyJdoop3bVpJkZfBPUzgO7pUPGWPJj
> LF3FD8yKqnNJkI2iArJqGWBCa4b9UQi01JLLWiiOdTRWOtHfU8miVOIKFD7nTRGj
> DgNna1j8DEn8mrFcXyZctnhNfQu0Fp7sI2PLf5H4RyO58NpDyVxxquZwmLmc0ZQb
> LIAz0td/pNl3O2anJzIimXusQe9qba/qqxC/W7W5ZqEBrqIR/UJ9s7qDxMaReyQ4
> MGBvxxjqg3GLNV43v5M9RtaBcYTf3hT55AyG78MHqK+sZop+UhLUL+m6HU1F7FN/
> 4FvEfu/tq5ntHtCrh4xGk9JIbF4R7EdJEG9ruNbHZfKEPpJ5YNp2SScFRB/PQqAB
> EL7wTetkKLpQiGPFEV6+W6vKV8BjTJFakEzdOojcELqmza/KslHMIlZoqcdwN1ln
> iUxxeHW1txNWhfPvi8X1P6nxl10LaYTCHcUesHgjDvwhDgYX2FHYKwtALwVUgRVB
> oOZjiyLpuMqNHDUdOBCkUlFIAxQj3EZ2ujORBXmD+SXhy5Su+S59hrT/iju37NgK
> miwpbDNc1NwZQqoUSS+WG5W3TwqCCLzEcJIIwGqyW9K6HhM/Jyuadszvx5XzguyD
> sZNz9cOmlSeGENJ5PMrEgVXN4v00k1FRpsqjErSlN3BlCglqpzY=
> =F1hT
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/