[mod-security-users] [ANNOUNCE] mod_security 1.8RC2 released
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] [ANNOUNCE] mod_security 1.8RC2 released
|
From: Ivan R. <iv...@we...> - 2004-06-15 08:40:48
|
Mod_security 1.8RC2 has been released. It is available for immediate download from: http://www.modsecurity.org/download/ This is the second release candidate on the road to the final release next week. It fixes a few small bugs and greatly enhances the way events are logged into the error log. About mod_security ------------------ Mod_security is an Apache module whose purpose is to protect vulnerable applications and reject human or automated attacks. It is an open source intrusion detection and prevention system for Apache. In addition to request filtering, it also creates Web application audit logs. Requests are filtered using regular expressions. Some of the things possible are: * Apply filters against any part of the request (URI, headers, either GET or POST) * Apply filters against individual parameters * Reject SQL injection attacks * Reject Cross site scripting attacks With few general rules mod_security can protect from both known and unknown vulnerabilities. Changes (v1.8RC2) ------------------ * Fixed a problem where validation functions would reject a request without performing the default action fully (previously only the status was honored). * Improved logging a great deal. It is now easy to identify what and where went wrong. * Child processes now re-initialize mutexes, as they should (Apache 2.x only) * Other cosmetic changes here and there. * BUG Temporary files were being created with wrong permissions. * BUG Fixed a problem in the UTF-8 validation routine. Some valid UTF-8 streams were being rejected as invalid. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
