[mod-security-packagers] Announcing ModSecurity release 3.0.12

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Dear ModSecurity packagers,

ModSecurity is announcing the release of version 3.0.12.

This version includes a bug fixes, see the release notes:

==%==

Security impacting issue

    Change REQUEST_FILENAME and REQUEST_BASENAME behavior
    [Issue #3048 - @martinhsv, @theMiddleBlue, @theseion, @M4tteoP,
@airween]
    WAF bypass of the ModSecurity v3 release line for path-based payloads
by submitting a specially crafted request URL. For details, see CVE
2024-1019.

Enhancements and bug fixes

    Set the minimum security protocol version (TLSv1.2) for SecRemoteRules
    [Issue security/code-scanning/2 - @airween]

==%==

Additional information on the release, including the source (and
hashes/signatures), is available at:
https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.12

Thanks to everybody who helped in this process: reporting issues, making
comments and suggestions, sending patches, etc.

Regards:

Christian Folini, Marc Stern and Ervin Hegedüs