[mod-security-users] ModSecurity v3.0.4 announcement
Brought to you by:
victorhora,
zimmerletw
From: Felipe Z. <fe...@zi...> - 2020-01-13 18:19:33
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi It is a pleasure to announce the release of ModSecurity version 3.0.4 (libModSecurity). This version contains a number of improvements in different areas. These include cleanups, better practices for improved code readability, resilience and overall performance and security fixes. A huge refactoring was placed on the Regex engine, which is now more performant. The Logging was polished and hex-encoded strings are now pretty printed. An operator to detect Australian social security number was added. The audit log is now working with section H and better dealing with logs, nologs and auditlogs combinations. POTENTIAL SECURITY ISSUES: - - Cookie parser problems [@theMiddleBlue, @airween, @martinhsv] The list with the full changes can be found on the project CHANGES file, available here: - - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.4/CHANGES The list of open issues is available on GitHub: - - https://github.com/SpiderLabs/ModSecurity/labels/3.x As with every new release, a milestone was created to host all the issues that will be fixed till we reach the given milestone. With that, we not only give the community the full transparency of the work that is being doing on ModSec, but also even more chances to participate. Milestones give the chance to anyone from the community to deduce when and what will be released. Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on. Further details on the compilation process for ModSecurity v3, can be found on the project README: - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation Complementary documentation for the connectors are available here: - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation IMPORTANT: ModSecurity version 2 will be available and maintained parallel to version 3. There is no ETA to deprecate the version 2.x. New features and major improvements will be implemented on version 3.x. Security or major bugs are planned to be back ported. Version 2 and version 3 has a completely independent development/release cycle. Br., Felipe "Zimmerle" Costa -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iF0EARECAB0WIQQZDvrMoen6RmqOzZzm37CM6LESdwUCXhxx8QAKCRDm37CM6LES dy8jAJ4l6Goa0qn+RyxwrFPa8Zjl9t8HagCeJeHULU8EsT2M2S0Ho6ROgOdQstM= =GeNp -----END PGP SIGNATURE----- |