[Mod-security-developers] We are happy to announce ModSecurity version 3.0.5!
Brought to you by:
victorhora,
zimmerletw
From: Felipe Z. <fe...@zi...> - 2021-07-07 23:07:49
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is a pleasure to announce the release of ModSecurity version 3.0.5 (libModSecurity). This version contains several improvements in different areas, including new features, cleanups, overall performance improvements, and fixes. A remarkable feature for version 3.0.5 is the limitation on the number of arguments to process; this is especially useful while inspecting JSON with a high number of key/values. Read more - https://github.com/SpiderLabs/ModSecurity/pull/2234 New features - - Having ARGS_NAMES, variables proxied [@zimmerle, @martinhsv, @KaNikita] - - Use explicit path for cross-compile environments. [Issue #2485 - @dtoubelis] - - Fix: FILES variable does not use multipart part name for key [Issue #2377 - @martinhsv] - - Regression: Mark the test as failed in case of segfault. [@zimmerle] - - GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE [Issues #2378, #2186 - @defanator] - - Add support to test framework for audit log content verification and add regression tests for issues #2000, #2196 [@zimmerle] - - Support configurable limit on number of arguments processed [Issue #2234 - @jleproust, @martinhsv] - - Multipart Content-Dispostion should allow field: filename*= [@martinhsv] - - Adds support to lua 5.4 [@zimmerle] - - Add support for new operator rxGlobal [@martinhsv] Bug fixes - - Replaces put with setenv in SetEnv action [Issue #2469 - @martinhsv, @WGH-, @zimmerle] - - Regex key selection should not be case-sensitive [Issue #2296, #2107, #2297 - @michaelgranzow-avi, @victorhora, @airween, @martinhsv, @zimmerle] - - Fix: Only delete Multipart tmp files after rules have run [Issue #2427 - @martinhsv] - - Fixed MatchedVar on chained rules [Issue #2423, #2435, #2436 - @michaelgranzow-avi] - - Fix maxminddb link on FreeBSD [Issue #2131 - @granalberto, @zimmerle] - - Fix IP address logging in Section A [Issue #2300 - @inaratech, @zavazingo, @martinhsv] - - rx: exit after full match (remove /g emulation); ensure capture groups occuring after unused groups still populate TX vars [Issue #2336 - @martinhsv] - - Correct CHANGES file entry for #2234 - - Fix rule-update-target for non-regex [Issue #2251 - @martinhsv] - - Fix configure script when packaging for Buildroot [Issue #2235 - @frankvanbever] - - modsecurity.pc.in: add Libs.private [Issue #1918, #2253 - @ffontaine, @Dridi, @victorhora] Security impacting issues - - Handle URI received with uri-fragment [@martinhsv] The complete list of changes is available on our changelogs: - - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.5 The source and binaries (and the respective hashes/signatures) are available at: - - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.5 The list of open issues is available on GitHub: - - https://github.com/SpiderLabs/ModSecurity/labels/3.x Stay tuned. We are going to release a follow-up blog post detailing the significant bits of this release. Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches, and participating in the community ;) -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iF0EARECAB0WIQQZDvrMoen6RmqOzZzm37CM6LESdwUCYOYt2wAKCRDm37CM6LES d1tmAJ9fc8jBWOPX+76nGAm4fTl/2ZQVHACcCbJNBofbrmXU6Glc1CyZkBjE8wg= =OIWQ -----END PGP SIGNATURE----- |