Thread: [mod-security-users] ModSecurity version 3.0.0 announcement
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Felipe C. <FC...@tr...> - 2017-12-14 22:26:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is a pleasure to announce the release of ModSecurity version 3.0.0, aka libModSecurity. This version contains fixes on top of v3.0.0-rc1 and improvements on some features. The most important addition of this release was the full support for some missing pieces such as: Lua, SecRuleRemoveByTag and the @fuzzyHash operator. At this point ModSecurity version 3 is considerable to be feature complete. Any missing piece may not be suitable for version 3 family. At least not before discussion. The list with the full changes can be found on the project CHANGES file, available here: - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/CHANGES The version 3.0.0 can be downloaded straight from GitHub: - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/ The list of open issues is also available on GitHub: - https://github.com/SpiderLabs/ModSecurity/issues?q=is%3Aissue+is%3Aopen+label%3Alibmodsecurity Notice that differently from version 2, ModSecurity v3 does not target any specific web server or web server version. The version 3 is about a library. The connectors are the ones responsible to create the link between the web server and libModSecurity. Each web server should have its own connector. Currently we support the Nginx connector and there is a Apache connector available for test (not yet released). IMPORTANT: ModSecurity version 2 will be available and maintained parallel to version 3. There is no ETA to deprecate the version 2.x. New features and major improvements will be implemented on version 3.x. Security or major bugs are planned to be back ported. Version 2 and version 3 has a completely independent development/release cycle. Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on. Further details on the compilation process for ModSecurity v3, can be found on the project README: - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation Complementary documentation for the connectors are available here: - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation Br., Felipe "Zimmerle" Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iF0EARECAB0WIQQZDvrMoen6RmqOzZzm37CM6LESdwUCWjL5gQAKCRDm37CM6LES d+I9AJ0W6S2jXBFSXcAPBQD/qhs4W0SOwQCgoeKBpOOSAcAZXsAqQOA4oUFV+yY= =BrVr -----END PGP SIGNATURE----- |
|
From: Christian F. <chr...@ne...> - 2017-12-15 10:12:04
Attachments:
signature.asc
|
Congratulations Zimmerle! This is a very big day and I am impressed by your achievement! I drink to a bright future for libModSecurity 3.0! Christian On Thu, Dec 14, 2017 at 10:26:17PM +0000, Felipe Costa wrote: > > It is a pleasure to announce the release of ModSecurity version 3.0.0, aka > libModSecurity. This version contains fixes on top of v3.0.0-rc1 and > improvements on some features. > > The most important addition of this release was the full support for some > missing pieces such as: Lua, SecRuleRemoveByTag and the @fuzzyHash operator. > > At this point ModSecurity version 3 is considerable to be feature complete. Any > missing piece may not be suitable for version 3 family. At least not > before discussion. > > The list with the full changes can be found on the project CHANGES file, > available here: > - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/CHANGES > > The version 3.0.0 can be downloaded straight from GitHub: > - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/ > > The list of open issues is also available on GitHub: > - https://github.com/SpiderLabs/ModSecurity/issues?q=is%3Aissue+is%3Aopen+label%3Alibmodsecurity > > Notice that differently from version 2, ModSecurity v3 does not target any > specific web server or web server version. The version 3 is about a library. > The connectors are the ones responsible to create the link between the web > server and libModSecurity. Each web server should have its own connector. > Currently we support the Nginx connector and there is a Apache connector > available for test (not yet released). > > IMPORTANT: ModSecurity version 2 will be available and maintained parallel > to version 3. There is no ETA to deprecate the version 2.x. New features and > major improvements will be implemented on version 3.x. Security or major bugs > are planned to be back ported. Version 2 and version 3 has a completely > independent development/release cycle. > > Thanks to everybody who helped in this process: reporting issues, making > comments and suggestions, sending patches and so on. > > Further details on the compilation process for ModSecurity v3, can be found on > the project README: > - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation > > Complementary documentation for the connectors are available here: > - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation > - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation > > > Br., > Felipe "Zimmerle" Costa > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
|
From: Felipe C. <FC...@tr...> - 2017-12-15 15:10:46
|
Thank you Christian. Indeed I am very happy with this release :) Hope to make the life of ModSecurity users better. Thanks, also, to everybody that was involved on with it, including you :) Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ From: Christian Folini <chr...@ne...> Sent: Friday, December 15, 2017 8:11:55 AM To: mod...@li...; mod...@li... Subject: Re: [Mod-security-developers] ModSecurity version 3.0.0 announcement Congratulations Zimmerle! This is a very big day and I am impressed by your achievement! I drink to a bright future for libModSecurity 3.0! Christian On Thu, Dec 14, 2017 at 10:26:17PM +0000, Felipe Costa wrote: > > It is a pleasure to announce the release of ModSecurity version 3.0.0, aka > libModSecurity. This version contains fixes on top of v3.0.0-rc1 and > improvements on some features. > > The most important addition of this release was the full support for some > missing pieces such as: Lua, SecRuleRemoveByTag and the @fuzzyHash operator. > > At this point ModSecurity version 3 is considerable to be feature complete. Any > missing piece may not be suitable for version 3 family. At least not > before discussion. > > The list with the full changes can be found on the project CHANGES file, > available here: > - https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SrVbV5HsA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv3%2e0%2e0%2fCHANGES > > The version 3.0.0 can be downloaded straight from GitHub: > - https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XuJPgVM5w&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv3%2e0%2e0%2f > > The list of open issues is also available on GitHub: > - https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XuJOVNNsA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fissues%3fq%3dis%253Aissue%2bis%253Aopen%2blabel%253Alibmodsecurity > > Notice that differently from version 2, ModSecurity v3 does not target any > specific web server or web server version. The version 3 is about a library. > The connectors are the ones responsible to create the link between the web > server and libModSecurity. Each web server should have its own connector. > Currently we support the Nginx connector and there is a Apache connector > available for test (not yet released). > > IMPORTANT: ModSecurity version 2 will be available and maintained parallel > to version 3. There is no ETA to deprecate the version 2.x. New features and > major improvements will be implemented on version 3.x. Security or major bugs > are planned to be back ported. Version 2 and version 3 has a completely > independent development/release cycle. > > Thanks to everybody who helped in this process: reporting issues, making > comments and suggestions, sending patches and so on. > > Further details on the compilation process for ModSecurity v3, can be found on > the project README: > - https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_X2HOldK4w&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2ftree%2fv3%2fmaster%23compilation > > Complementary documentation for the connectors are available here: > - nginx: https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XjUPlEYtg&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity-nginx%2f%23compilation > - Apache: https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S6AOVZO4g&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity-apache%2f%23compilation > > > Br., > Felipe "Zimmerle" Costa > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com<http://www.trustwave.com> > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S6Ga1Ea5g&s=5&u=http%3a%2f%2fSlashdot%2eorg%21 http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XjVbVUc4g&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S-CZ1NJsQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SuGaFUd4A&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2ftraining%2fmodsecurity-training-course https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SyFb18b7A&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2fbooks%2fmodsecurity-handbook%2f mailto:chr...@ne... twitter: @ChrFolini |
|
From: Christian F. <chr...@ne...> - 2017-12-15 15:13:43
|
On Fri, Dec 15, 2017 at 03:10:33PM +0000, Felipe Costa wrote: > Thank you Christian. Indeed I am very happy with this release :) Hope > to make the life of ModSecurity users better. I bet it will! > Thanks, also, to everybody that was involved on with it, including you > :) You're welcome. But we all know you did all the heavy lifting yourself! Christian > > Br., > > Felipe “Zimmerle” Costa > > Security Researcher, Lead Developer ModSecurity. > > > Trustwave | SMART SECURITY ON DEMAND > > [1]www.trustwave.com > __________________________________________________________________ > > From: Christian Folini <chr...@ne...> > Sent: Friday, December 15, 2017 8:11:55 AM > To: mod...@li...; > mod...@li... > Subject: Re: [Mod-security-developers] ModSecurity version 3.0.0 > announcement > > Congratulations Zimmerle! > This is a very big day and I am impressed by your achievement! I drink > to a > bright future for libModSecurity 3.0! > Christian > On Thu, Dec 14, 2017 at 10:26:17PM +0000, Felipe Costa wrote: > > > > It is a pleasure to announce the release of ModSecurity version > 3.0.0, aka > > libModSecurity. This version contains fixes on top of v3.0.0-rc1 and > > improvements on some features. > > > > The most important addition of this release was the full support for > some > > missing pieces such as: Lua, SecRuleRemoveByTag and the @fuzzyHash > operator. > > > > At this point ModSecurity version 3 is considerable to be feature > complete. Any > > missing piece may not be suitable for version 3 family. At least not > > before discussion. > > > > The list with the full changes can be found on the project CHANGES > file, > > available here: > > - > [2]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_SrVbV5HsA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2freleases%2ftag%2fv3%2e0%2e0%2fCHANGES > > > > The version 3.0.0 can be downloaded straight from GitHub: > > - > [3]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XuJPgVM5w&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2freleases%2ftag%2fv3%2e0%2e0%2f > > > > The list of open issues is also available on GitHub: > > - > [4]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XuJOVNNsA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2fissues%3fq%3dis%253Aissue%2bis%253Aopen%2blabel%253Alibmodsecuri > ty > > > > Notice that differently from version 2, ModSecurity v3 does not > target any > > specific web server or web server version. The version 3 is about a > library. > > The connectors are the ones responsible to create the link between > the web > > server and libModSecurity. Each web server should have its own > connector. > > Currently we support the Nginx connector and there is a Apache > connector > > available for test (not yet released). > > > > IMPORTANT: ModSecurity version 2 will be available and maintained > parallel > > to version 3. There is no ETA to deprecate the version 2.x. New > features and > > major improvements will be implemented on version 3.x. Security or > major bugs > > are planned to be back ported. Version 2 and version 3 has a > completely > > independent development/release cycle. > > > > Thanks to everybody who helped in this process: reporting issues, > making > > comments and suggestions, sending patches and so on. > > > > Further details on the compilation process for ModSecurity v3, can be > found on > > the project README: > > - > [5]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_X2HOldK4w&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity%2ftree%2fv3%2fmaster%23compilation > > > > Complementary documentation for the connectors are available here: > > - nginx: > [6]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XjUPlEYtg&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity-nginx%2f%23compilation > > - Apache: > [7]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_S6AOVZO4g&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecu > rity-apache%2f%23compilation > > > > > > Br., > > Felipe "Zimmerle" Costa > > Security Researcher, Lead Developer ModSecurity. > > > > Trustwave | SMART SECURITY ON DEMAND > > [8]www.trustwave.com > > > > > > > ----------------------------------------------------------------------- > ------- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, > [9]http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY > 3XGs_S6Ga1Ea5g&s=5&u=http%3a%2f%2fSlashdot%2eorg%21 > [10]http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0J > Y3XGs_XjVbVUc4g&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > > [11]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0 > JY3XGs_S-CZ1NJsQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists% > 2flistinfo%2fmod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > [12]https://www.trustwave.com/spiderLabs.php > -- > [13]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0 > JY3XGs_SuGaFUd4A&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2ftraining% > 2fmodsecurity-training-course > [14]https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0 > JY3XGs_SyFb18b7A&s=5&u=https%3a%2f%2fwww%2efeistyduck%2ecom%2fbooks%2fm > odsecurity-handbook%2f > [15]mailto:chr...@ne... > twitter: @ChrFolini > > References > > 1. http://www.trustwave.com/ > 2. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SrVbV5HsA&s=5&u=https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/CHANGES > 3. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XuJPgVM5w&s=5&u=https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.0/ > 4. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XuJOVNNsA&s=5&u=https://github.com/SpiderLabs/ModSecurity/issues?q=is%3Aissue+is%3Aopen+label%3Alibmodsecurity > 5. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_X2HOldK4w&s=5&u=https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation > 6. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XjUPlEYtg&s=5&u=https://github.com/SpiderLabs/ModSecurity-nginx/#compilation > 7. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S6AOVZO4g&s=5&u=https://github.com/SpiderLabs/ModSecurity-apache/#compilation > 8. http://www.trustwave.com/ > 9. http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S6Ga1Ea5g&s=5&u=http://Slashdot.org! > 10. http://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_XjVbVUc4g&s=5&u=http://sdm.link/slashdot > 11. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_S-CZ1NJsQ&s=5&u=https://lists.sourceforge.net/lists/listinfo/mod-security-developers > 12. https://www.trustwave.com/spiderLabs.php > 13. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SuGaFUd4A&s=5&u=https://www.feistyduck.com/training/modsecurity-training-course > 14. https://scanmail.trustwave.com/?c=4062&d=-J-z2kP3sJBdn_MkkJUUMkJvM0JY3XGs_SyFb18b7A&s=5&u=https://www.feistyduck.com/books/modsecurity-handbook/ > 15. mailto:chr...@ne... > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
Thanks for helping keep SourceForge clean.
X