[mod-security-users] More information about security issue - CVE 2024-1019
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] More information about security issue - CVE 2024-1019
|
From: Ervin H. <ai...@gm...> - 2024-01-30 16:35:16
|
Dear all, As you can see in my previous e-mail, the new OWASP ModSecurity team is happy to announce the release of ModSecurity / libModSecurity v3.0.12, the first release under the new organization. Version 3.0.12 fixes CVE 2024-1019, a security bug with HIGH severity on the ModSec 3 release line. Please find the complete advisory and and detailed information at https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30 The code of the release can be found at https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.12 DigitalWave will publish pre-compiled binaries later tonight or tomorrow throughout the day at https://modsecurity.digitalwave.hu. I also try to upload the patched versions for Debian and Ubuntu systems. We advise all ModSecurity 3 users to upgrade to 3.0.12. A workaround for those stuck on lower versions is covered in the link shared above. Best, Christian Folini, Marc Stern and Ervin Hegedüs |
