[mod-security-packagers] Announcing ModSecurity release 3.0.12
Brought to you by:
victorhora,
zimmerletw
From: Ervin H. <ai...@gm...> - 2024-01-30 16:27:54
|
Dear ModSecurity packagers, ModSecurity is announcing the release of version 3.0.12. This version includes a bug fixes, see the release notes: ==%== Security impacting issue Change REQUEST_FILENAME and REQUEST_BASENAME behavior [Issue #3048 - @martinhsv, @theMiddleBlue, @theseion, @M4tteoP, @airween] WAF bypass of the ModSecurity v3 release line for path-based payloads by submitting a specially crafted request URL. For details, see CVE 2024-1019. Enhancements and bug fixes Set the minimum security protocol version (TLSv1.2) for SecRemoteRules [Issue security/code-scanning/2 - @airween] ==%== Additional information on the release, including the source (and hashes/signatures), is available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.12 Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches, etc. Regards: Christian Folini, Marc Stern and Ervin Hegedüs |