[mod-security-packagers] Announcing ModSecurity release 3.0.9
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-packagers] Announcing ModSecurity release 3.0.9
|
From: Martin V. <Mar...@tr...> - 2023-04-13 04:06:07
|
ModSecurity is pleased to announce the release of version 3.0.9. This version contains a mixture of enhancements and bug fixes. The official release announcement will appear shortly at https://www.trustwave.com/en-us/resources/security-resources/software-updates/ Security issue - Add some member variable inits in Transaction class (possible segfault) [Issue #2886 - @GNU-Plus-Windows-User, @airween , @mdounin, @martinhsv] In some configurations with certain inputs, this bug could result in a segfault and a resultant crash of a worker process. A large volume of such requests sent very quickly could lead to the server becoming slow or unresponsive to legitimate requests. This item has been assigned CVE-2023-28882. Enhancements and bug fixes - Fix: possible segfault on reload if duplicate ip+CIDR in ip match list [Issue #2877, #2890 - @tomsommer, @martinhsv] - Resolve memory leak on reload (bison-generated variable) [Issue #2876 - @martinhsv] - Support equals sign in XPath expressions [Issue #2328 - @dennus, @martinhsv] - Encode two special chars in error.log output [Issue #2854 - @airween, @martinhsv] - Add JIT support for PCRE2 [Issue #2791 - @wfjsw, @airween, @FireBurn, @martinhsv] - Support comments in ipMatchFromFile file via '#' token [Issue #2554 - @tomsommer, @martinhsv] - Use name package name libmaxminddb with pkg-config [Issue #2595, #2596 - @frankvanbever, @ffontaine, @arnout] - Fix: FILES_TMP_CONTENT collection key should use part name [Issue #2831 - @airween] - Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro [Issue #2806 - @hughmcmaster] - During configure, do not check for pcre if pcre2 specified [Issue #2750 - @dvershinin, @martinhsv] - Use pkg-config to find libxml2 first [Issue #2714 - @hughmcmaster] - Fix two rule-reload memory leak issues [Issue #2801 - @Abce, @martinhsv] - Correct whitespace handling for Include directive [Issue #2800 - @877509395, @martinhsv] Additional information on the release, including the source (and hashes/signatures), is available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.9 Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches, etc. Martin Vierula Senior Security Researcher - ModSecurity [cid:image001.png@01D96D99.936CB860] www.trustwave.com<http://www.trustwave.com/> Recognized by industry analysts as a leader in threat detection and response.<https://www.trustwave.com/company/about-us/accolades/> This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
