Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: ModSecurity 2.5.1 now available |
|
| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3117
Location: Hilversum, NL, EU
|
 Posted: Mon 17 Mar '08 21:12 Post subject: ModSecurity 2.5.1 now available |
 |
|
ModSecurity 2.5.1 is now available. This release fixes an issue with the new transformation cache, a 2.1 rule compatibility issue and some other minor build-related issues.
There is an issue in 2.5.0 where it is possible for a matching rule to not completely trigger when using the transformation cache (default is On) with either the "pass" action or the engine in "DetectionOnly" mode. The Core Rules 1.6 that are distributed with ModSecurity 2.5 use "pass" rules to pre-qualify some more complex regex rules and these may fail to detect a problem when transformation caching is on. It is therefore advised that current 2.5.0 users add the following to their configuration as a temporary workaround until the the 2.5.1 release can be installed to resolve this issue:
SecCacheTransformations Off
Changes with ModSecurity 2.5.1
* Fixed an issue where a match would not occur if transformation caching was enabled.
* Using "severity" in a default action is now just a warning.
* Cleaned up the "make test" target to better locate headers/libraries.
* Now search /usr/lib64 and /usr/lib32 for lua libs.
* No longer treat warnings as errors by default (use --enable-strict-compile). |
|
| Back to top |
|
|
|
|
|
|
