logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: ModSecurity 2.7.1 available
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Sat 17 Nov '12 22:44    Post subject: ModSecurity 2.7.1 available Reply with quote

ModSecurity 2.7.1 real official final now available for 2.2 and 2.4.


More info, see http://www.modsecurity.org/
and the Wiki at http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page

Also Attention for the free book, see http://www.apachelounge.com/viewtopic.php?t=4757

Steffen


Changes with 2.7.1

* Changed "Encryption" name of directives and options related to hmac feature to "Hash".

SecEncryptionEngine to SecHashEngine
SecEncryptionKey to SecHashKey
SecEncryptionParam to SecHashParam
SecEncryptionMethodRx to SecHashMethodRx
SecEncryptionMethodPm to SecHashMethodPm
@validateEncryption to @validateHash
ctl:EncryptionEnforcement to ctl:HashEnforcement
ctl:EncryptionEngine to ctl:HashEngine

* Added a better random bytes generator using apr_generate_random_bytes() to create
the HMAC key.

* Fixed byte conversion issue during logging under Linux s390x platform.

* Fixed compilation bug with LibXML2 2.9.0 (Thanks Athmane Madjoudj).

* Fixed parsing error with modsecurity-recommended.conf and Apache 2.4.

* Fixed DROP action was disabled for Apache 2 module by mistake.

* Fixed bug when use ctl:ruleRemoveTargetByTag.

* Fixed IIS and NGINX modules bugs.

* Fixed bug when @strmatch patterns use invalid escape sequence (Thanks Hideaki Hayashi).

* Fixed bugs in @verifySSN (Thanks Hideaki Hayashi).

* The doc/ directory now contains the instructions to access online documentation.

Changes with 2.7.0

* Fixed Pause action should work as a disruptive action (MODSEC-297).

* Fixed Problem loading mod_env variables in phase 2 (MODSEC-226).

* Fixed Detect cookie v0 separator and use it for parsing (MODSEC-261).

* Fixed Variable REMOTE_ADDR with wrong IP address in NGINX version (MODSEC-337).

* Fixed Errors compiling NGINX version.

* Added Include directive into standalone module. IIS and NGINX module should
support Include directive like Apache2.

* Added MULTIPART_INVALID_PART flag. Also used in rule id 200002 for multipart strict
validation.

* Updated Reference Manual.
Back to top


Reply to topic   Topic: ModSecurity 2.7.1 available View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules