|
Packit Service |
384592 |
18 Jul 2017 - 2.9.2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* IIS build refactoring and dependencies update
|
|
Packit Service |
384592 |
[Issue #1487 - @victorhora]
|
|
Packit Service |
384592 |
* Best practice: Initialize msre_var pointers
|
|
Packit Service |
384592 |
[Commit fbd57 - Allan Boll]
|
|
Packit Service |
384592 |
* nginx: Obtain port from r->connection->local_sockaddr.
|
|
Packit Service |
384592 |
[Commit 51314 - @defanator]
|
|
Packit Service |
384592 |
* Updates libinjection to v3.10.0
|
|
Packit Service |
384592 |
[Issue #1412 - @client9, @zimmerle and @bjdijk]
|
|
Packit Service |
384592 |
* Avoid log flood while using SecConnEngine
|
|
Packit Service |
384592 |
[Issue #1436 - @victorhora]
|
|
Packit Service |
384592 |
* Make url path absolute for SecHashEngine only when it is relative
|
|
Packit Service |
384592 |
in the first place.
|
|
Packit Service |
384592 |
[Issue #752, #1071 - @hideaki]
|
|
Packit Service |
384592 |
* Fix the hex digit size for SHA1 on msc_crypt implementation.
|
|
Packit Service |
384592 |
[Issue #1354 - @zimmerle and @parthasarathi204]
|
|
Packit Service |
384592 |
* Avoid to flush xml buffer while assembling the injected html.
|
|
Packit Service |
384592 |
[Issue #742 - @zimmerle]
|
|
Packit Service |
384592 |
* Avoid additional operator invokation if last transform of a multimatch
|
|
Packit Service |
384592 |
doesn't modify the input
|
|
Packit Service |
384592 |
[Issue #1086, #1087 - Daniel Stelter-Gliese]
|
|
Packit Service |
384592 |
* Adds a sanity check before use ctl:ruleRemoveTargetByTag.
|
|
Packit Service |
384592 |
[Issue #1353 - @LukeP21 and @zimmerle]
|
|
Packit Service |
384592 |
* Uses an optional global lock while manipulating collections.
|
|
Packit Service |
384592 |
[Issues #1224 - @mturk and @zimmerle]
|
|
Packit Service |
384592 |
* Fix collection naming problem while merging collections.
|
|
Packit Service |
384592 |
[Issue #1274 - Coty Sutherland and @zimmerle]
|
|
Packit Service |
384592 |
* Fix --enable-docs adding missing Makefile, modifying autoconf and filenames
|
|
Packit Service |
384592 |
[Issue #1322 - @victorhora]
|
|
Packit Service |
384592 |
* Change from using rand() to thread-safe ap_random_pick.
|
|
Packit Service |
384592 |
[Issue #1289 - Robert Bost]
|
|
Packit Service |
384592 |
* Cosmetics: added comments on odd looking code to prevent future
|
|
Packit Service |
384592 |
scrutiny
|
|
Packit Service |
384592 |
[Issue #1279 - Coty Sutherland]
|
|
Packit Service |
384592 |
* {dis|en}able-server-context-logging: Option to disable logging of
|
|
Packit Service |
384592 |
server info (log producer, sanitized objects, ...) in audit log.
|
|
Packit Service |
384592 |
[Issue #1069 - Marc Stern]
|
|
Packit Service |
384592 |
* Allow drop to work with mod_http2
|
|
Packit Service |
384592 |
[Issue #1308, #992 - @bazzadp]
|
|
Packit Service |
384592 |
* Fix SecConn(Read|Write)StateLimit on Apache 2.4
|
|
Packit Service |
384592 |
[Issue #1340, #1337, #786 - Sander Hoentjen]
|
|
Packit Service |
384592 |
* {dis|en}able-stopwatch-logging: Option to disable logging of stopwatches
|
|
Packit Service |
384592 |
in audit log.
|
|
Packit Service |
384592 |
[Issue #1067 - Marc Stern]
|
|
Packit Service |
384592 |
* {dis|en}able-dechunk-logging: Option to disable logging of
|
|
Packit Service |
384592 |
dechunking in audit log when log level < 9.
|
|
Packit Service |
384592 |
[Issue #1068 - Marc Stern]
|
|
Packit Service |
384592 |
* Updates libinjection to: da027ab52f9cf14401dd92e34e6683d183bdb3b4
|
|
Packit Service |
384592 |
[ModSecurity team]
|
|
Packit Service |
384592 |
* {dis|en}able-handler-logging: Option to disable logging of Apache handler
|
|
Packit Service |
384592 |
in audit log
|
|
Packit Service |
384592 |
[Issue #1070, #1381 - Marc Stern]
|
|
Packit Service |
384592 |
* {dis|en}able-collection-delete-problem-logging: Option to disable logging of
|
|
Packit Service |
384592 |
collection delete problem in audit log when log level < 9.
|
|
Packit Service |
384592 |
[Issue #1380 - Marc Stern]
|
|
Packit Service |
384592 |
* Adds rule id in logs whenever a rule fail.
|
|
Packit Service |
384592 |
[Issue #1379, #391 - Marc Stern]
|
|
Packit Service |
384592 |
* {dis|en}able-server-logging: Option to disable logging of
|
|
Packit Service |
384592 |
"Server" in audit log when log level < 9.
|
|
Packit Service |
384592 |
[Issue #1070 - Marc Stern]
|
|
Packit Service |
384592 |
* {dis|en}able-filename-logging: Option to disable logging of filename
|
|
Packit Service |
384592 |
in audit log.
|
|
Packit Service |
384592 |
[Issue #1065 - Marc Stern]
|
|
Packit Service |
384592 |
* Reads fuzzy hash databases on init
|
|
Packit Service |
384592 |
[Issue #1339 - Robert Paprocki and @Rendername]
|
|
Packit Service |
384592 |
* Changes the configuration to recognize soap+xml as XML
|
|
Packit Service |
384592 |
[Issue #1374 - @emphazer and Chaim Sanders]
|
|
Packit Service |
384592 |
* Fix building with nginx >= 1.11.11
|
|
Packit Service |
384592 |
[Issue #1373, #1359 - Andrei Belov and Thomas Deutschmann]
|
|
Packit Service |
384592 |
* Using Czechia instea of Czech Republic
|
|
Packit Service |
384592 |
[Issue #1258 - Michael Kjeldsen]
|
|
Packit Service |
384592 |
* {dis|en}able-rule-id-validation: Option to disable rule id validation
|
|
Packit Service |
384592 |
[Issue #1150 - Marc Stern and ModSecurity team]
|
|
Packit Service |
384592 |
* JSON Log: Append a newline to concurrent JSON audit logs
|
|
Packit Service |
384592 |
[Issue #1233 - Robert Paprocki]
|
|
Packit Service |
384592 |
* JSON Log: Don't unnecessarily rename request body parts in cleanup
|
|
Packit Service |
384592 |
[Issue #1223 - Robert Paprocki]
|
|
Packit Service |
384592 |
* Fix error message inside audit logs
|
|
Packit Service |
384592 |
[Issue #1216 and #1073 - Armin Abfalterer]
|
|
Packit Service |
384592 |
* Remove port from IPV4 address when running under IIS.
|
|
Packit Service |
384592 |
[Issue #1220, #1109 and #734 - Robert Culyer]
|
|
Packit Service |
384592 |
* Remove logdata and msg fields from JSON audit log rule.
|
|
Packit Service |
384592 |
[Issue #1190 and #1174 - Robert Paprocki]
|
|
Packit Service |
384592 |
* Better handle the json parser cleanup
|
|
Packit Service |
384592 |
[Issue #1204 - Ephraim Vider]
|
|
Packit Service |
384592 |
* Fix status failing to report in Nginx auditlogs
|
|
Packit Service |
384592 |
[Issue #977, #1171 - @charlymps and Chaim Sanders]
|
|
Packit Service |
384592 |
* Fix file upload JSON audit log entry
|
|
Packit Service |
384592 |
[Issue #1181 and #1173 - Robert Paprocki and Christian Folini]
|
|
Packit Service |
384592 |
* configure: Fix detection whether libcurl is linked against gnutls and,
|
|
Packit Service |
384592 |
move verbose_output declaration up to the beginning.
|
|
Packit Service |
384592 |
[Issue #1158 - Thomas Deutschmann (@Whissi)]
|
|
Packit Service |
384592 |
* Treat APR_INCOMPLETE as APR_EOF while receiving the request body.
|
|
Packit Service |
384592 |
[Issue #1060, #334 - Alexey Sintsov]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Security issues
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allan Boll reported an uninitialized variable that may lead to a crash on
|
|
Packit Service |
384592 |
Windows platform.
|
|
Packit Service |
384592 |
* Brian Adeloye reported an infinite loop on the version of libinjection used
|
|
Packit Service |
384592 |
on ModSecurity 2.9.1.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
09 Mar 2016 - 2.9.1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* No changes.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
03 Feb 2016 - 2.9.1-RC1
|
|
Packit Service |
384592 |
-----------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added support to generate audit logs in JSON format.
|
|
Packit Service |
384592 |
[Issue #914, #897, #656 - Robert Paprocki]
|
|
Packit Service |
384592 |
* Creating AuditLog serial file (or parallel index) respecting the
|
|
Packit Service |
384592 |
permission configured with SecAuditLogFileMode. Previously, it was
|
|
Packit Service |
384592 |
used only to save the transactions while in parallel mode.
|
|
Packit Service |
384592 |
[Issue #852 - @littlecho and ModSecurity team]
|
|
Packit Service |
384592 |
* Checking for hashing injection response, to report in case of failure.
|
|
Packit Service |
384592 |
[Issue #1041 - ModSecurity team]
|
|
Packit Service |
384592 |
* Stop buffering when the request is larger than SecRequestBodyLimit
|
|
Packit Service |
384592 |
in ProcessPartial mode
|
|
Packit Service |
384592 |
[Issue #709, #705, #728 - Justin Gerace and ModSecurity team]
|
|
Packit Service |
384592 |
* Extended Lua support to include version 5.3
|
|
Packit Service |
384592 |
[Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team]
|
|
Packit Service |
384592 |
* mlogc: Allows user to choose between TLS versions (TLSProtocol option
|
|
Packit Service |
384592 |
introduced).
|
|
Packit Service |
384592 |
[Issue #881 - Ishwor Gurung]
|
|
Packit Service |
384592 |
* Allows mod_proxy's "nocanon" behavior to be specified in proxy actions
|
|
Packit Service |
384592 |
[Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team]
|
|
Packit Service |
384592 |
* Refactoring conditional #if/#defs directives.
|
|
Packit Service |
384592 |
[Issue #996 - Wesley M and ModSecurity team]
|
|
Packit Service |
384592 |
* mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir
|
|
Packit Service |
384592 |
files with Apache 2.4
|
|
Packit Service |
384592 |
[Issue #775 - Elia Pinto]
|
|
Packit Service |
384592 |
* Understands IIS 10 as compatible on Windows installer.
|
|
Packit Service |
384592 |
[Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team]
|
|
Packit Service |
384592 |
* Fix apache logging limitation by using correct Apache call.
|
|
Packit Service |
384592 |
[Issue #840 - Christian Folini]
|
|
Packit Service |
384592 |
* Fix apr_crypto.h check on 32-bit Linux platform
|
|
Packit Service |
384592 |
[Issue #882, #883 - Kurt Newman]
|
|
Packit Service |
384592 |
* Fix variable resolution duration (Content of the DURATION variable).
|
|
Packit Service |
384592 |
[Issue #662 - Andrew Elble]
|
|
Packit Service |
384592 |
* Fix crash while adding empty keys to persistent collections.
|
|
Packit Service |
384592 |
[Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team]
|
|
Packit Service |
384592 |
* Remove misguided call to srand()
|
|
Packit Service |
384592 |
[Issues #778, #781 and #836 - Michael Bunk, @gilperon]
|
|
Packit Service |
384592 |
* Fix compilation problem while ssdeep is installed in non-standard
|
|
Packit Service |
384592 |
location.
|
|
Packit Service |
384592 |
[Issue #872 - Kurt Newman]
|
|
Packit Service |
384592 |
* Fix invalid storage reference by apr_psprintf at msc_crypt.c
|
|
Packit Service |
384592 |
[Issue #609 - Jeff Trawick]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
12 Feb 2015 - 2.9.0
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fix apr_crypto.h include, now checking if apr_crypto.h is available by
|
|
Packit Service |
384592 |
checking the definition WITH_APU_CRYPTO.
|
|
Packit Service |
384592 |
[martinjina and ModSecurity team]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
15 Dez 2014 - 2.9.0-RC2
|
|
Packit Service |
384592 |
-----------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* OpenSSL dependency was removed on MS Windows builds. ModSecurity is now using
|
|
Packit Service |
384592 |
the Windows certificate storage.
|
|
Packit Service |
384592 |
[Gregg Smith, Steffen and ModSecurity team]
|
|
Packit Service |
384592 |
* Informs about external resources loaded/failed while reloading Apache.
|
|
Packit Service |
384592 |
[ModSecurity team]
|
|
Packit Service |
384592 |
* Adds missing 'ModSecurity:' prefix in some warnings messages.
|
|
Packit Service |
384592 |
[Walter Hop and ModSecurity team]
|
|
Packit Service |
384592 |
* Refactoring external resources download warn messages. Holding the message
|
|
Packit Service |
384592 |
to be displayed when Apache is ready to write on the error_log.
|
|
Packit Service |
384592 |
[ModSecurity team]
|
|
Packit Service |
384592 |
* Remote resources loading process is now failing in case of HTTP error.
|
|
Packit Service |
384592 |
[Walter Hop and ModSecurity team]
|
|
Packit Service |
384592 |
* Fixed start up crash on Apache with mod_ssl configured. Crash was happening
|
|
Packit Service |
384592 |
during the download of remote resources.
|
|
Packit Service |
384592 |
[Christian Folini, Walter Hop and ModSecurity team]
|
|
Packit Service |
384592 |
* Curl is not a mandatory dependency to ModSecurity core anymore.
|
|
Packit Service |
384592 |
[Rainer Jung and ModSecurity team]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
18 Nov 2014 - 2.9.0-RC1
|
|
Packit Service |
384592 |
-----------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* `pmFromFile' and `ipMatchFromFile' operators are now accepting HTTPS served
|
|
Packit Service |
384592 |
files as parameter.
|
|
Packit Service |
384592 |
* `SecRemoteRules' directive - allows you to specify a HTTPS served file that
|
|
Packit Service |
384592 |
may contain rules in the SecRule format to be loaded into your ModSecurity
|
|
Packit Service |
384592 |
instance.
|
|
Packit Service |
384592 |
* `SecRemoteRulesFailAction' directive - allows you to control whenever the
|
|
Packit Service |
384592 |
user wants to Abort or just Warn when there is a problem while downloading
|
|
Packit Service |
384592 |
rules specified with the directive: `SecRemoteRules'.
|
|
Packit Service |
384592 |
* `fuzzyHash' operator - allows to match contents using fuzzy hashes.
|
|
Packit Service |
384592 |
* `FILES_TMP_CONTENT' collection - make available the content of uploaded
|
|
Packit Service |
384592 |
files.
|
|
Packit Service |
384592 |
* InsecureNoCheckCert - option to validate or not a chain of SSL certificates
|
|
Packit Service |
384592 |
on mlogc connections.
|
|
Packit Service |
384592 |
* ModSecurityIIS: ModSecurity event ID was changed from 0 to 0x1.
|
|
Packit Service |
384592 |
[Issue #676 - Kris Kater and ModSecurity team]
|
|
Packit Service |
384592 |
* Fixed signature on "status call": ModSecurity is now using the original
|
|
Packit Service |
384592 |
server signature.
|
|
Packit Service |
384592 |
[Issues #702 - Linas and ModSecurity team]
|
|
Packit Service |
384592 |
* YAJL version is printed while ModSecurity initialization.
|
|
Packit Service |
384592 |
[Issue #703 - Steffen (Apache Lounge) and Mauro Faccenda]
|
|
Packit Service |
384592 |
* Fixed subnet representation using slash notation on the @ipMatch operator.
|
|
Packit Service |
384592 |
[Issue #706 - Walter Hop and ModSecurity team]
|
|
Packit Service |
384592 |
* Limited the length of a status call.
|
|
Packit Service |
384592 |
[Issue #714 - 'cpanelkurt' and ModSecurity team]
|
|
Packit Service |
384592 |
* Added the missing -P option to nginx regression tests.
|
|
Packit Service |
384592 |
[Issue #720 - Paul Yang]
|
|
Packit Service |
384592 |
* Fixed automake scripts to do not use features which will be deprecated in
|
|
Packit Service |
384592 |
the upcoming releases of automake.
|
|
Packit Service |
384592 |
[Issue #760 - ModSecurity team]
|
|
Packit Service |
384592 |
* apr-utils's LDFALGS is now considered while building ModSecurity.
|
|
Packit Service |
384592 |
[Issue #782 - Daniel J. Luke]
|
|
Packit Service |
384592 |
* IIS installer is not considering IIS 6 as compatible anymore.
|
|
Packit Service |
384592 |
[Issue #790 - ModSecurity team]
|
|
Packit Service |
384592 |
* Fixed yajl build script: now looking for the correct header file.
|
|
Packit Service |
384592 |
[Issue #804 - 'rpfilomeno' and ModSecurity team]
|
|
Packit Service |
384592 |
* mlgoc is now forced to use TLS 1.x.
|
|
Packit Service |
384592 |
[Issue #806 - Josh Amishav-Zlatin and ModSecurity team]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
14 Apr 2014 - 2.8.0
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Bug fix
|
|
Packit Service |
384592 |
* Build issue: Now using autotools to idenfiy if sys/utsname.h is present.
|
|
Packit Service |
384592 |
* Change configure.ac version to 2.8
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
31 Mar 2014 - 2.8.0-RC1
|
|
Packit Service |
384592 |
-----------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
New features
|
|
Packit Service |
384592 |
 * JSON Parser is no longer under tests. Now it is part of our mainline;
|
|
Packit Service |
384592 |
 * Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit) now support white and suspicious list;
|
|
Packit Service |
384592 |
 * New variables: FULL_REQUEST and FULL_REQUEST_LENGTH were added, allowing the rules to access the full content of a request;
|
|
Packit Service |
384592 |
 * ModSecurity status is now part of our mainline;
|
|
Packit Service |
384592 |
 * New operator: @detectXSS was added. It makes usage of the newest libinjection XSS detection functionality;
|
|
Packit Service |
384592 |
 * Append and prepend are now supported on nginx (Ref: #635);
|
|
Packit Service |
384592 |
 * SecServerSignature is now available on nginx (Ref: #637).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ImprovementsÂ
|
|
Packit Service |
384592 |
* Regression tests are not able to expect different values according to the platform;
|
|
Packit Service |
384592 |
 * Visual C++ 12/10 runtime dependencies are now part of the IIS installer, no need to have it installed prior ModSecurity installation (Ref: #627);
|
|
Packit Service |
384592 |
 * New script was added to the IIS versions to identify whenever there is a missing dependency (available through the Application Menu);
|
|
Packit Service |
384592 |
 * Memory usage improvement: using correct memory pools according to the context (Ref: #618, #620, #619);
|
|
Packit Service |
384592 |
 * Independent API call to free the connection allocations, independently from the request objects, improvements on Nginx performance, vide issue for more information (Ref: #620, #648);
|
|
Packit Service |
384592 |
 * IIS installer is now using the correct 32/64bits folders to install;
|
|
Packit Service |
384592 |
 * IIS Installer 32bits now refuses to install on 64bits environments;
|
|
Packit Service |
384592 |
 * IIS: Using new WiX options to build the package in the correct architecture;
|
|
Packit Service |
384592 |
 * While installing IIS version the installer will remove old ModSecurityIIS configuration or files before proceed with the installation, avoiding further errors;
|
|
Packit Service |
384592 |
 * CRS from IIS version was upgraded to 2.2.9;
|
|
Packit Service |
384592 |
 * IIS installer does not support repair anymore, in fact it was not working already and it is now disabled;
|
|
Packit Service |
384592 |
 * ModSecurity now warns the user who tries to use "proxy" in IIS or Nginx. Proxy is Apache only;
|
|
Packit Service |
384592 |
 * Remove warnings from the build process (Ref: #617);
|
|
Packit Service |
384592 |
 * Apache configuration in regression tests was changed making it more platform independent;
|
|
Packit Service |
384592 |
 * Reduced the amount of warnings during the compilation (Ref: #385a2828e87897bd611bd2a519727ef88dc6d632, #1e63e49db4a592d28e08a33fc60750c37a3886fe);
|
|
Packit Service |
384592 |
* Regression tests were refactored to be more Nginx friendly;
|
|
Packit Service |
384592 |
* Fixed some regression tests that were not being flexible to handle multiple platforms: (Ref #636)
|
|
Packit Service |
384592 |
    - Fixed config/00-load-modsec.t test case. Now it expects for Nginx loaded message as it does for Apache. (Ref: #643);
|
|
Packit Service |
384592 |
    - Fixed mixed/10-misc-directives.t. Now it does not expect for SecServerSignature on the logs, just in the headers as the Nginx does in silence.
|
|
Packit Service |
384592 |
    - Fixed tnf/10-tfn-cache.t, action/10-logging.t, config/10-misc-directives.t, config/10-request-directives.t, misc/00-multipart-parser.t , misc/10-tfn-cache.t, rule/20-exceptions.t, rule/00-basics.t, rule/10-xml.t;
|
|
Packit Service |
384592 |
    - Increased the timeout while reading the auditlog;
|
|
Packit Service |
384592 |
    - SecAuditLogType Concurrent was removed from the regression test case, not compatible with all ports yet;
|
|
Packit Service |
384592 |
    - Regression tests were speeded up, as the number of tests are growing it is impossible to have it slow;
|
|
Packit Service |
384592 |
    - Fixed regression tests scripts paths, to make it MacOS friendly;
|
|
Packit Service |
384592 |
    - Avoiding dead locks on Nginx regression tests by enforcing a timeout whenever a request appears to fail;Â
|
|
Packit Service |
384592 |
 * Updates to fix errors found by Parfait static code analysis (Ref: #612);
|
|
Packit Service |
384592 |
 * Cleaning up on the repository, by removing unused files;
|
|
Packit Service |
384592 |
 * IIS installer now supports to perform the installation without register the DLL on the system. It means that the user can download our MSI installer as it was a tarball archive (Ref #629, #624);
|
|
Packit Service |
384592 |
 * IIS now support 32bits and 64bits pools, both are registered on IIS (Ref #628).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Bug fix
|
|
Packit Service |
384592 |
 * Correctly handling inet_pton in IIS version;
|
|
Packit Service |
384592 |
 * Nginx was missing a terminator while the charset string was mounted (Ref: #148);
|
|
Packit Service |
384592 |
 * Added mod_extract_forwarded.c to run before mod_security2.c (Ref: #594);
|
|
Packit Service |
384592 |
 * Added missing environment variables to regression tests;
|
|
Packit Service |
384592 |
 * Build system is now more flexible by looking at liblua at: /usr/local/lib;
|
|
Packit Service |
384592 |
 * Fixed typo in README file.
|
|
Packit Service |
384592 |
 * Removed the non standard compliant HTTP response status code 44 from modsecurity recommended file (Ref: #665);
|
|
Packit Service |
384592 |
 * Fixed segmentation fault if it fails to write on the audit log (Ref: #668);
|
|
Packit Service |
384592 |
 * Not rejecting a larger request with ProcessPartial. Regression tests were also added (Ref: #597);
|
|
Packit Service |
384592 |
 * Fixed UF8 to unicode conversion. Regression tests were also added(Ref: #672);
|
|
Packit Service |
384592 |
 * Avoiding segmentation fault by checking if a structure is null before access its members;
|
|
Packit Service |
384592 |
 * Removed double charset-header that used happen due a hardcoded charset in Nginx implementation (Ref: #650);
|
|
Packit Service |
384592 |
 * Now alerting the users that there is no memory to proceed loading the configuration instead of just die;
|
|
Packit Service |
384592 |
 * If SecRuleEngine is set to Off and SecRequestBodyAccess On Nginx returns error 500. Standalone is now capable to identify whenever ModSecurity is enabled or disabled, independently of ModSecurity core (Ref: #645);Â
|
|
Packit Service |
384592 |
 * Fixed missing headers on Nginx whenever SecResponseBodyAccess was set to On and happens to be a filter on phase equals or over 3. (Ref #634);
|
|
Packit Service |
384592 |
 * IIS is now picking the correct version of AppCmd while uninstalling or installing ModSecurityISS. (Ref #632).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
17 Dec 2013 - 2.7.7
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
Fixes:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Changed release version to 2.7.7
|
|
Packit Service |
384592 |
- Got the configure scripts inside the release tarball
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
16 Dec 2013 - 2.7.6
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
Improvements:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Organizes all Makefile.am - 1cde4d2dd9d96747536c1c25d06ba0677069477f
|
|
Packit Service |
384592 |
Now using one file per line (sorted). This is the better way to handle it, since it reduces the possibility of merge conflicts.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- nginx: generates config file using configure input. - 351b9cc357d439e30ebd61d89a9e38ecf55c6827
|
|
Packit Service |
384592 |
The nginx config file was looking for depedencies by its own, by doing that it was ignoring the options that were passed to configure script. This commit deletes this config file and adds a meta-config which is populated by configure whenever the standalone-module is enabled.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- nginx: adds lua support - da16d9e5d51d4ef8734687514a4e1368e7fb4284
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Cosmetics fixies on sqli. - 5046c8327ea21c69b4c0d0c0057c692b05b09fef
|
|
Packit Service |
384592 |
This is needed to get it compiled with VS2011 on Windows8
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Regression tests: makes configuration compatible with 2.2 and 2.4 (try 2) - ae252ee8767069363906e5a611dff487b799b839
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- nginx: Trying apxs and apxs2 while compiling nginx module - 65d9272fdc353e1263567b60604542d377d19672
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- nginx: Trying apxs and apxs2 while compiling nginx module - 35fd75d859e4a8873b8843da1db13e04a1b08140
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- macos: Using glibtoolize instead of libtoolize - 751a9f4e45213cd69f00c62c71edc9d7ad99b82d
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- regression-tests: makes configuration compatible with 2.2 and 2.4 - 6fc4cac37ab1be8d1232140042b58fe4bd93ee17
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Regression test: get it working with apache 2.4 - e9813cd0d9bfc5b0c9aa5832634ec1b39b805108
|
|
Packit Service |
384592 |
Changes in httpd.conf.in to get it working with apache 2.4
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Code cosmetics. - 7366f35c1d80772d739b35da8faa972f92a72b97
|
|
Packit Service |
384592 |
Changed to reduce the number of possible fails during Build Bot compilation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Waiting for 5 seconds before move curl directory - 9bf2959c919587ebc63f5a1b8c0785da8927bff5
|
|
Packit Service |
384592 |
Testing buildbot.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Redefines unixd_set_global_mutex_perms on tests - f70f6f4281b806627e0cf0dbb9c84ae5864bdb16
|
|
Packit Service |
384592 |
Avoding conflicts with the standalone implementation
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Adds verbose quality check - 388943440cc9b8c6fdea09f5e365a2e5a3e792e2
|
|
Packit Service |
384592 |
Vera++ and ccpcheck are not outputing to the stderr instead stdout allowing the buildbot to extract some numbers about it.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Adds support for coding style and quality check - b77e90152d119609ac78a7028383c3b79898b2cf
|
|
Packit Service |
384592 |
Initial effort to get the code on shape. This will be executed by the buildbots as soon as they get ready for it.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: New improvements on the Wix installer - 2ea5a74a7bfb00f21312e51e48aa6dac03d84600
|
|
Packit Service |
384592 |
* Now the installation is divided in modules: ModSecurity and CRS.
|
|
Packit Service |
384592 |
* Added default configuration
|
|
Packit Service |
384592 |
* Configuration was moved to "Program Files" folder
|
|
Packit Service |
384592 |
* Build_msi script now using candle available in %PATH%
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Removes the installer helper dependency - 1a12648c9f6028f251af0f03c889397c7954b74c
|
|
Packit Service |
384592 |
Now using appcmd directly with WiX instead of calling the installer helper.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Remove readme.html - 550d5aae21cba696cac1ce75ab8113e5255d5a59
|
|
Packit Service |
384592 |
This HTML is about "Creating a Native Module for IIS7" not straight related to ModSecurity itself.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Adds batch script to compile Wix - a2c5fc831baf0b324ebb66b0f878dacf1ec2f808
|
|
Packit Service |
384592 |
This batch script can be used to generate our msi installer.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Adds Wix installer resources - 3604763e15a665eb7a6ecae1f7e7c65cebbb1d17
|
|
Packit Service |
384592 |
This is all about cosmetic changes.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iss: Removes Post-Build event. - 28bbde1bb218b004654cb865fc8563d69b848dc2
|
|
Packit Service |
384592 |
There was a copy on Post-Build event using a hard coded path. This patch removes this Post-Build event.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Relative paths on the VS project file - 368617ddb2443f9b6036f80a648d467d07c9a054
|
|
Packit Service |
384592 |
There are a ModSecurityIIS solution and project files, those were using hard coded paths to meet the dependencies. As consequence of the last update in our build scripts, now we are able to built the dependencies and load it to our Visual Studio project using relative paths.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Adds release script - 9477118903861ce80c4c27cb581bf3462315e98e
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: fixies the Installer.cpp coding style - 79875b1af8e8571098345b91557bab9c06eb7c88
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Removes AppWizard remade file - 91738f93bcc82b6ab756c550a66b6cf6af2fa9f8
|
|
Packit Service |
384592 |
Apparently the AppWizard was used to generate part of this Installer, the ReadMe.txt created by the AppWizard was removed by this commit
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iss: Removes pre-compiled headers - adfbeb85dcfa9466b72eebb8d1bd8eb7728bab79
|
|
Packit Service |
384592 |
No need to use the pre-compiled headers in InstallerHelper, removing it, in order to keep the project lean.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Moves installer to InstallerHelper - 6adf25667dd4bfa33010bd6d8ae3d35046a69967
|
|
Packit Service |
384592 |
To organize the folder the Installer application was renamed to installer helper. It is not the real installer, it is just an helper which is executed during the installation phase.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iss: Removes fart dependencies - 8c3b8d81b613aaa38f28472af1eb26c90c7fc9da
|
|
Packit Service |
384592 |
This commit removes the dependency of the fart.exe utility. The utility was responsible to rename contents inside some dependencies build files. Those modifications are not longer needed.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iss: Better err handling in build scripts. - 192599bf63b6ae5aa08e4536a90d5d0a17f969f7
|
|
Packit Service |
384592 |
Now checking for errors in every step of the build phase
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Moves build_module.bat to build_modsecurity.bat - e25c6b2e85ced7beba4d41867dbdf30e9c1286d3
|
|
Packit Service |
384592 |
The build_modsecurity.bat is now on the iis sub-directory, not in the dependencies anymore. Its content was also changed fixing all the paths.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Identifies arch before unzip apache - cf5de78dfb9fffd21edf17af9e1db8f2fd83c804
|
|
Packit Service |
384592 |
Currently we need the Apache binary which could be used in 32 or 64 bits. This patch makes usage of 'cl' to identify which architecture is set.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Renamves winbuild to dependencies - 1447766e816a896e88c9c8f053fcc3f62797bac1
|
|
Packit Service |
384592 |
Since the directory becomes all about dependencies there is no need to call it winbuild anymore.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Removes unnecessary files from winbuild dir - 9f8cbf6ed8034ba42aa4967699308df09864fd18
|
|
Packit Service |
384592 |
Those .mak files seems to be part of an old build system. Since the script are now working fine, this commit removes all those .mac files and also a CMakeList.txt and the Makefile.win.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Improves the iis build system - b277e538f28c87c81c1b50925dd8b82996b88294
|
|
Packit Service |
384592 |
Now checking for common errors while building. Refactoring on the build scripts, now there is this build_dependencies.bat script on the iis sub-folder. By calling this script all the dependencies should be build under the winbuild/. This commit also removes build scripts that were not needed anymore.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Fixes the vcxproj file - a946a163f0ad822c760af80ca32dda61f0e6b2a9
|
|
Packit Service |
384592 |
Versions of the dependencies were changed, as long as the version of the Visual Studio, now 12.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Removes unecessary files from the build system - 26738d2e34bcc7620047bd23180e0e26a64c71ee
|
|
Packit Service |
384592 |
The following files were removed:
|
|
Packit Service |
384592 |
* VCVarsQueryRegistry.bat
|
|
Packit Service |
384592 |
* vcvars64.bat
|
|
Packit Service |
384592 |
* vsvars32.bat
|
|
Packit Service |
384592 |
The visual studio files can be called direcltly, not necessary to distribute those files, at least in VS12.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iss: Changes httpd version 2.4.6 - 0a772cb0748aa51a01800e0473309b9de792b456
|
|
Packit Service |
384592 |
Apache version was changed to 2.4.6 to sync with the current apache lounge version.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Changes the version of the dependencies - 3e6fb41d36b7a5e98a55d8f52b88b29d1bd50b64
|
|
Packit Service |
384592 |
* pcre from 8.30 to 8.33
|
|
Packit Service |
384592 |
* zlib from 1.2.7 to 1.2.8
|
|
Packit Service |
384592 |
* libxml2 from 2.7.7 to 2.9.1
|
|
Packit Service |
384592 |
* curl from 7.24 to 7.33.0
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Removes standalone/Makefile.in - e3c19d53d23c48fea337aae76a87b2a85c36a1f1
|
|
Packit Service |
384592 |
Makefile.in is recommended to be in the repository whenever it is edit manually, in our case the automatically generated Makefile.in is ok.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Bug Fixes:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- test: Avoids conflict of fuctions definition - cef72855e4106ce29e1d39103ebf9eb9ab28f17e
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- test: Makes the unit tests to work again - cc982ae42ec86c79a67be1a01c6ee35fb06c272c
|
|
Packit Service |
384592 |
The unit tests was not working due to lack update. This patch adds the necessary stuff to have it work again.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Avoids directory link while building - ad330a44bfa39430cf6340cb52971568cccdf1d6
|
|
Packit Service |
384592 |
Build scripts was creating links allowing the project to be loaded into Visual Studio without care about the dependencies versions. Sometimes windows refuse to delete those links leading the script to fail. This patch moves the sources directories instead of create links to it.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- QA: Avoids the utilization of 3rd filedescriptor - 69c5ccac662f4e11a6eefd54a3e912583c067b9d
|
|
Packit Service |
384592 |
No need to use a 3rd description on the quality check scripts. Stderr is now redirected to stdout and filtered as needed.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Supports WarningCountingShellCommand in cppcheck and vera - baaf502363e68c3240b60adb7f7c91f5b4f0ba03
|
|
Packit Service |
384592 |
WarningCountingShellCommand allow us to have some measurements on the buildbot waterfall.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Using base_rules instead of activated_rules - 7b1537058fa451e0df7098cd907ef19f04102f9d
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Fix inet_pton build problem - a4202146b8d26b6615bbab986383fe0afae60d77
|
|
Packit Service |
384592 |
There is a function named inet_pton on windows API, with different signature. This patch just override the windows function and point the inet_pton to our implementation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Adds Wix installer xml file.c - b32cb7d9ab397160f0154aa4bd4e9638658b41e6
|
|
Packit Service |
384592 |
This commit adds the Wix template to our git repository.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: build_modsecurity.bat fixies - 7e03e3f840375ed682c35a5bb67932461cc77013
|
|
Packit Service |
384592 |
This commit enable a cleanup on the mod_security build directory avoiding symbols with different architectures.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- iis: Fix mlogc build on windows - 9b7663fa79377a0685130a019916d810f31e7478
|
|
Packit Service |
384592 |
The libcurl path was not pointing to the correct directory
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Fix #154, Uses addn instead of apr_table_setn - 1734221d9d3a78f9aafd68e35717da9ee1a4fe51
|
|
Packit Service |
384592 |
The headers are represented in the format of an apr_table, which is able to handle elements with the same key, however the function apr_table_setn checks if the key exists before add the element, if so it replaces the old value with the new one. This was making our implementation to just keep the last added Cookie. The apr_table_addn function, which is now used, just add a new item without check for olders one.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Merge pull request #579 from zimmerle/revert_139 - 61e54f2067ae760808359926ff91d57275df1aac
|
|
Packit Service |
384592 |
Revert merge request #139
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Revert "Merge pull request #139 from chaizhenhua/remotes/trunk" - 7f7d00fa2c364716691df1b45779304b24a0debb
|
|
Packit Service |
384592 |
This reverts commit 10fd40fb0d06f6c577d870b6f15d2f6e2a3a5b1b, reversing changes made to 414033aafa94cd50c9b310afd3f164740caccc94.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Merge pull request #578 from client9/remotes/trunk - b0c3977845f60747b15ae10531b7d20355a22627
|
|
Packit Service |
384592 |
libinjection sync to v3.8.0
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- libinjection sync - a5f175d79fac1e69124da4e1e227b622e7e233d7
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Merge pull request #152 from client9/remotes/trunk - 88ebf8a0bdbc4db1be76f3a2e70df77cc52a5925
|
|
Packit Service |
384592 |
Sync to libinjection v3.7.1
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- libinjection sync - fcb6dc13ed6efb066fb9b70405eecab8b83a2d96
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- libinjection sync - f52242a013f301ca5c17e59b662124833cb7cc6d
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Merge pull request #148 from zimmerle/bugfix_charset_missing_string_terminator - b76e26d81ddafc2b99bffad53d1426f8fd33080a
|
|
Packit Service |
384592 |
Bugfix: missing string terminator while mounting the charset (nginx)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Bugfix: missing string terminator while mounting the charset (nginx) - ff19dcd5c53d4af61d0a9397d4616f47f80ee207
|
|
Packit Service |
384592 |
The charset in headers is mounted using ngx_snprintf which does not place the string terminator. This patch adds the terminator at the end of the string. The size was correctly allocated, just missing the terminator.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Merge pull request #141 from client9/remotes/trunk - 9a630eea23a7ead4e77617c86dc937fd7a421a57
|
|
Packit Service |
384592 |
libinjection sync to v3.6.0
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- libinjection sync - 11217207e8f2e0cf15742273836399866971071a
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Merge pull request #139 from chaizhenhua/remotes/trunk - 10fd40fb0d06f6c577d870b6f15d2f6e2a3a5b1b
|
|
Packit Service |
384592 |
Fixed fd leackage after reload
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Merge pull request #138 from client9/remotes/trunk - 414033aafa94cd50c9b310afd3f164740caccc94
|
|
Packit Service |
384592 |
libinjection sync
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Fixed fd leackage after reload - e0993fcd7a166ce9e1a279a47d050af1311d9001
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- libinjection sync - 2268626c20260e88cab9b7830f8a06101fa7172a
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Fix logical disjunction and conjunction issues - 7e0a9ecf7d492e85650671a0cfcfd53e5f15df2c
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Security Issues:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Fix Chunked string case sensitive issue - CVE-2013-5705 - f8d441cd25172fdfe5b613442fedfc0da3cc333d
|
|
Packit Service |
384592 |
(Thanks Martin Holst Swende - @mhswende)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Revert "Fix Chuncked string case sensitive issue" - 3901128f17e0763ac1a260106b79859d2aad6d90
|
|
Packit Service |
384592 |
This reverts commit 16a815a3c2735f62238ef99af26090a2b8430d3d.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- Fix Chuncked string case sensitive issue - 16a815a3c2735f62238ef99af26090a2b8430d3d
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
23 Jul 2013 - 2.7.5
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
Improvements:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* SecUnicodeCodePage is deprecated. SecUnicodeMapFile now accepts the code page as a second parameter.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated Libinjection to version 3.4.1. Many improvements were made.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Severity action now supports strings (emergency, alert, critical, error, warning, notice, info, debug).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Bug Fixes:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed utf8toUnicode tfn null byte conversion.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed NGINX crash when issue reload command.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed flush output buffer before inject modified hashed response body.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed url normalization for Hash Engine.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed NGINX ap_unixd_set_global_perms_mutex compilation error with apache 2.4 devel files.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Security Issues:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
10 May 2013 - 2.7.4
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
Improvements:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Libinjection project http://www.client9.com/projects/libinjection/ as a new operator @detectSQLi. (Thanks Nick Galbreath).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new variable SDBM_DELETE_ERROR that will be set to 1 when sdbm engine fails to delete entries.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* NGINX is now set to STABLE. Thanks chaizhenhua and all the people in community who help the project testing, sending feedback and patches.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Bug Fixes:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecRulePerfTime storing unnecessary rules performance times.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Possible SDBM deadlock condition.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Possible @rsub memory leak.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed REMOTE_ADDR content will receive the client ip address when mod_remoteip.c is present.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed NGINX Audit engine in Concurrent mode was overwriting existing alert files because a issue with UNIQUE_ID.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed CPU 100% issue in NGINX port. This is also related to an memory leak when loading response body.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Security Issues:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Remote Null Pointer DeReference (CVE-2013-2765). When forceRequestBodyVariable action is triggered and a unknown Content-Type is used,
|
|
Packit Service |
384592 |
mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
28 Mar 2013 - 2.7.3
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS version race condition when module is initialized.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS version failing config commands in libapr.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Nginx version is now RC quality. The rule engine should works for all phases.
|
|
Packit Service |
384592 |
We fixed many issues and missing features (for more information please check jira).
|
|
Packit Service |
384592 |
Code is running well with latest Nginx 1.2.7 stable.
|
|
Packit Service |
384592 |
Thanks chaizhenhua for your help.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added MULTIPART_NAME and MULTIPART_FILENAME. Should be used soon by CRS
|
|
Packit Service |
384592 |
and will help prevent attacks using multipart data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added --enable-htaccess-config configure option. It will allow the follow directives
|
|
Packit Service |
384592 |
to be used into .htaccess files when AllowOverride Options is set:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- SecAction
|
|
Packit Service |
384592 |
- SecRule
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- SecRuleRemoveByMsg
|
|
Packit Service |
384592 |
- SecRuleRemoveByTag
|
|
Packit Service |
384592 |
- SecRuleRemoveById
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
- SecRuleUpdateActionById
|
|
Packit Service |
384592 |
- SecRuleUpdateTargetById
|
|
Packit Service |
384592 |
- SecRuleUpdateTargetByTag
|
|
Packit Service |
384592 |
- SecRuleUpdateTargetByMsg
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements in the ID duplicate code checking. Should be faster now.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* SECURITY: Added SecXmlExternalEntity (On|Off - default it Off) that will disable
|
|
Packit Service |
384592 |
by default the external entity load task executed by LibXml2. This is a security issue
|
|
Packit Service |
384592 |
[CVE-2013-1915] reported by Timur Yunusov, Alexey Osipov (Positive Technologies).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
21 Jan 2013 - 2.7.2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* IIS version is now stable.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS version does not pass through POST data to ASP.NET when SecRequestBodyAccess
|
|
Packit Service |
384592 |
is set to On (MODSEC-372).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS version HTTP Request Smuggling protection does not work (MODSEC-344).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS version PHP Injection Attack (958976) protection does not work (MODSEC-346).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS version Request limit protections are not working (MODSEC-349).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS version Outbound protections are not working (MODSEC-350).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added IIS version better installer.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* NGINX version removed ModSecurityPassCommand (Thanks chaizhenhua).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed NGINX version ngx_http_read_client_request_body returned unexpected buffer type (Thanks chaizhenhua).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed NGINX version INCS config directories on fedora (Thanks chaizhenhua).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added NGINX version Added drop action for nginx (Thanks chaizhenhua).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed bug in cpf_verify operator (Thanks Hideaki Hayashi).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed build modsecurity under Arch Linux.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed make test crashing when JIT pcre is enabled.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed better cookie separator detection code.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed mod_security displaying wrong ip address in error.log using apache 2.4 and mod_remoteip.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed mod_security was not compiling when use apr without ipv6 support.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed mod_security was not compiling when use lua 5.2.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed issue when execute make install under Solaris.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed ipmatchf operator was not working as expected.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
01 Nov 2012 - 2.7.1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Changed "Encryption" name of directives and options related to hmac feature to "Hash".
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
SecEncryptionEngine to SecHashEngine
|
|
Packit Service |
384592 |
SecEncryptionKey to SecHashKey
|
|
Packit Service |
384592 |
SecEncryptionParam to SecHashParam
|
|
Packit Service |
384592 |
SecEncryptionMethodRx to SecHashMethodRx
|
|
Packit Service |
384592 |
SecEncryptionMethodPm to SecHashMethodPm
|
|
Packit Service |
384592 |
@validateEncryption to @validateHash
|
|
Packit Service |
384592 |
ctl:EncryptionEnforcement to ctl:HashEnforcement
|
|
Packit Service |
384592 |
ctl:EncryptionEngine to ctl:HashEngine
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added a better random bytes generator using apr_generate_random_bytes() to create
|
|
Packit Service |
384592 |
the HMAC key.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed byte conversion issue during logging under Linux s390x platform.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed compilation bug with LibXML2 2.9.0 (Thanks Athmane Madjoudj).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed parsing error with modsecurity-recommended.conf and Apache 2.4.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed DROP action was disabled for Apache 2 module by mistake.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed bug when use ctl:ruleRemoveTargetByTag.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed IIS and NGINX modules bugs.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed bug when @strmatch patterns use invalid escape sequence (Thanks Hideaki Hayashi).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed bugs in @verifySSN (Thanks Hideaki Hayashi).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* The doc/ directory now contains the instructions to access online documentation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
15 Oct 2012 - 2.7.0
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Pause action should work as a disruptive action (MODSEC-297).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Problem loading mod_env variables in phase 2 (MODSEC-226).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Detect cookie v0 separator and use it for parsing (MODSEC-261).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Variable REMOTE_ADDR with wrong IP address in NGINX version (MODSEC-337).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Errors compiling NGINX version.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Include directive into standalone module. IIS and NGINX module should
|
|
Packit Service |
384592 |
support Include directive like Apache2.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added MULTIPART_INVALID_PART flag. Also used in rule id 200002 for multipart strict
|
|
Packit Service |
384592 |
validation. https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated Reference Manual.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
25 Sep 2012 - 2.6.8
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed ctl:ruleRemoveTargetByID order issue (MODSEC-333). Thanks to Armadillo Dasypodidae.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed variable HIGHEST_SEVERITY incorrectly gets reset in a chain rule (MODSEC-315). Thanks to Valery Reznic.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
10 Sep 2012 - 2.7.0-rc3
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed requests bigger than SecRequestBodyNoFilesLimit were truncated even engine mode was detection only.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed double close() for multipart temporary files (Thanks Seema Deepak).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed many small issues reported by Coverity Scanner (Thanks Peter Vrabek).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed format string issue in ngnix experimental code. (Thanks Eldar Zaitov).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ctl:ruleRemoveTargetByTag/Msg and removed ctl:ruleUpdateTargetByTag/Msg.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added IIS and Ngnix platform code.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new transformation utf8toUnicode.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
23 Jul 2012 - 2.6.7
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed explicit target replacement using SecUpdateTargetById was broken.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* The ctl:ruleUpdateTargetById is deprecated and will be removed for future versions since
|
|
Packit Service |
384592 |
there is no safe way to use it per-request.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ctl:ruleRemoveTargetById that can be used to exclude targets to be processed per-request.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
22 Jun 2012 - 2.7.0-rc2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed compilation errors and warnings under Windows platform.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecEncryptionKey was not working as expected.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
08 Jun 2012 - 2.7.0-rc1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecEncryptionEngine. Initial crypt engine support, at the momment it will sign some Html
|
|
Packit Service |
384592 |
and Response Header options.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecEncryptionKey to define the a rand or static key for crypt engine.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecEncryptionParam to define the new parameter name.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecEncryptionMethodRx used with a regular expression to inspect the html in response
|
|
Packit Service |
384592 |
body/header and decide what to protect.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecEncryptionMethodPm used with multiple or single strings to inspect the html in response
|
|
Packit Service |
384592 |
body/header and decide what to protect.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ctl encryptionEngine as a per transaction version of SecEncryptionEgine diretive.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ctl encryptionEnforcement that will allow the engine to sign the data but the enforcement is
|
|
Packit Service |
384592 |
disabled.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added validateEncryption operator to enforce the signed elements.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added rsub operator supports the syntax |hex| allowing users to use special chars like \n \r.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecRuleUpdateTargetById now supports id range.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecRuleUpdateTargetByMsg and its ctl version (Thanks Scott Gifford).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecRuleUpdateTargetByTag and its ctl version (Thanks Scott Gifford).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecRulePerfTime when greater than zero it will fill rule id's execution time into PERF_RULE
|
|
Packit Service |
384592 |
and log id=usec information in the new Perf-rule-info: line in part H.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added PERF_RULES variable that contains rule execution time.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Engine-mode: section in part H.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ruleRemoveByMsg ctl version.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added removeCommentsChar and removeComments now can work with style.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecArgumentSeparator and SecCookieFormat can be used in different scope locations.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Rules must have ID action and must be numeric.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added The use of tfns are deprecated in SecDefaultAction. Should be forbid in the future.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Macro expansion support to the action pause.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added IpmatchFromFile/IpmatchF operator.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added New setrsc action, the RESOURCE collection used SecWebAppId Name Space
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Configure option --enable-cache-lua that allows reuse of Lua VM per transaction.
|
|
Packit Service |
384592 |
It will only take any effect when ModSecurity has multiple scripts to run per transaction.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Configure option --enable-pcre-jit that allows ModSecurity regex engine to use PCRE Jit support.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Configure option --enable-request-early that allows ModSecurity run phase 1 in post_read_request hook.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added RBL operator now support the httpBl api (http://www.projecthoneypot.org/httpbl_api.php).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecHttpBlKey to be used with httpBl api.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecSensorId will specify the modsecurity sensor name into audit log part H.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added aliases to phase:2 (phase:request), phase:4 (phase:response) and phase:5 (phase:logging).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added USERAGENT_IP variable. Created when Apache24 is used with mod_remoteip to know the real
|
|
Packit Service |
384592 |
client ip address.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
^ Added new rule metadata actions ver, maturity and accuracy. Also included into RULE collection.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated Reference manual into doc/ directory.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Variable DURATION contains the elapsed time in microseconds for compatible reasons with apache and
|
|
Packit Service |
384592 |
other variables.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Preserve names/identity of the variables going into MATCHED_VARS.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Redirect macro expansion does not work in SecDefaultAction when SecRule uses block action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed rsub operator does not work as expect if regex contains parentheses (Thanks Jerome Freilinger).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Current Google Safe Browsing implementation is deprecated. Google changed the API and does not allow
|
|
Packit Service |
384592 |
anymore the malware database for download.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
08 Jun 2012 - 2.6.6
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added build system support for KfreeBSD and HURD.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed a multipart bypass issue related to quote parsing
|
|
Packit Service |
384592 |
Credits to Qualys Vulnerability & Malware Research Labs (VMRL).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
20 Mar 2012 - 2.6.5
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed increased a specific message debug level in SBDM code (MODSEC-293).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup build system.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
09 Mar 2012 - 2.6.4
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Mlogc 100% CPU consume (Thanks Klaubert Herr and Ebrahim Khalilzadeh).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed ModSecurity cannot load session and user sdbm data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed updateTargetById was creating rule unparsed content making apache memory grow.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Code cleanup.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
23 Feb 2012 - 2.6.4-rc1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed @rsub adding garbage data into stream variables.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed regex for section A into mlogc-batch-load.pl (Thanks Ebrahim Khalilzadeh).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed logdata cuts message without closing it with final chars.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added sanitizeMatchedBytes support to verifyCPF, verifyCC and verifySSN.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
06 Dec 2011 - 2.6.3-rc1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed MATCHED_VARS does not correctly handle multiple VARS with the same name.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SDBM garbage collection was not working as expected, increasing the size of files.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed wrong timestamp calculation for some time zones in log files.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecUpdateTargetById failed to load multiple VARS (MODSEC-270).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed Reverted hexDecode for hexEncode compatibility reason.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecCollectionTimeout to set collection timeout, default is 3600.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added sqlHexDecode transformation to decode sql hex data. Thanks Marc Stern.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
30 Sep 2011 - 2.6.2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed hexDecode test during make.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated the reference manual into doc/ directory.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
5 Sep 2011 - 2.6.2-rc1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added support to macro expansion for rx operator.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new transformations removeComments and removeCommentsChars
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed colletion names are not case-sensitive anymore.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed compilation errors with apache 2.0.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed build system was not using some libraries CFLAGS.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed check for valid hex values into hexDecode transformation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed ctl:ruleUpdateTargetById appending multiple targets.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
18 Jun 2011 - 2.6.1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated the reference manual into doc/ directory.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
11 Jul 2011 - trunk
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Add HttpBl support to rbl operator.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
30 Jun 2011 - 2.6.1-rc1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecUploadFileMode doesn't work with the new build system.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed building with Lua library (Thanks Diego Elio).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed some ./configure --enable* features not being enabled in compilation time.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements on GSB database add/search operations.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Log part K was removed from modsecurity.conf-recommended.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecUnicodeMapFile directive. Must be use to load the unicode.mapping file.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecUnicodeCodePage directive. Used to define the unicode code page. There are a few already available:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
1250 (ANSI - Central Europe)
|
|
Packit Service |
384592 |
1251 (ANSI - Cyrillic)
|
|
Packit Service |
384592 |
1252 (ANSI - Latin I)
|
|
Packit Service |
384592 |
1253 (ANSI - Greek)
|
|
Packit Service |
384592 |
1254 (ANSI - Turkish)
|
|
Packit Service |
384592 |
1255 (ANSI - Hebrew)
|
|
Packit Service |
384592 |
1256 (ANSI - Arabic)
|
|
Packit Service |
384592 |
1257 (ANSI - Baltic)
|
|
Packit Service |
384592 |
1258 (ANSI/OEM - Viet Nam)
|
|
Packit Service |
384592 |
20127 (US-ASCII)
|
|
Packit Service |
384592 |
20261 (T.61)
|
|
Packit Service |
384592 |
20866 (Russian - KOI8)
|
|
Packit Service |
384592 |
28591 (ISO 8859-1 Latin I)
|
|
Packit Service |
384592 |
28592 (ISO 8859-2 Central Europe)
|
|
Packit Service |
384592 |
28605 (ISO 8859-15 Latin 9)
|
|
Packit Service |
384592 |
37 (IBM EBCDIC - U.S./Canada)
|
|
Packit Service |
384592 |
437 (OEM - United States)
|
|
Packit Service |
384592 |
500 (IBM EBCDIC - International)
|
|
Packit Service |
384592 |
850 (OEM - Multilingual Latin I)
|
|
Packit Service |
384592 |
860 (OEM - Portuguese)
|
|
Packit Service |
384592 |
861 (OEM - Icelandic)
|
|
Packit Service |
384592 |
863 (OEM - Canadian French)
|
|
Packit Service |
384592 |
865 (OEM - Nordic)
|
|
Packit Service |
384592 |
874 (ANSI/OEM - Thai)
|
|
Packit Service |
384592 |
932 (ANSI/OEM - Japanese Shift-JIS)
|
|
Packit Service |
384592 |
936 (ANSI/OEM - Simplified Chinese GBK)
|
|
Packit Service |
384592 |
949 (ANSI/OEM - Korean)
|
|
Packit Service |
384592 |
950 (ANSI/OEM - Traditional Chinese Big5)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Also mapping some extra unicode chars defined at http://tools.ietf.org/html/rfc3490#section-3.1
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecRequestBodyLimit was truncating the real request body.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
18 May 2011 - 2.6.0
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecWriteStateLimit for Slow Post DoS mitigation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fix problem when buffering in input filter.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fix memory leak when use MATCHED_VAR_NAMES.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
2 May 2011 - 2.6.0-rc2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added code optimizations - thanks Diego Elio.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added support to AIX and HPUX in the build system (untested).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Renamed decodeBase64Ext to base64DecodeExt.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Build system improvements - thanks Diego Elio.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements on gsblookup parser.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed input filter bug when upload files and SecStreamInBodyInspect is enabled.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Logging improvements and bug fix.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Remove extra useless files when make clean and maintainer-clean
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
18 Apr 2011 - 2.6.0-rc1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Replaced previous GPLv2 License to Apachev2.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Google Safe Browsing lookups operator and directive. It should be
|
|
Packit Service |
384592 |
used to extract and lookup urls from http packets.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Data Modification operator. It must be used with STREAM_* variables
|
|
Packit Service |
384592 |
to replace/add/edit any data from http bodies.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added STREAM_OUPUT_BODY and STREAM_INPUT_BODY variables to work with data
|
|
Packit Service |
384592 |
modification operators.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added fast ip address operator. It supports partial ip address, cidr for
|
|
Packit Service |
384592 |
IPv4 and IPv6. Thanks Tom Donovan.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new sensitive data tracking verifyCPF and verifySSN.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added MATCHED_VARS and MATCHED_VARS_NAMES. It is similiar to MATCHED_VAR,
|
|
Packit Service |
384592 |
but now we should see all matched variables.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added UNIQUE_ID variable. It holds the data created my mod_unique_id.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new tranformation cmdline. Thanks Marc Stern.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new exception handling operators and directives. It should help users
|
|
Packit Service |
384592 |
reduce FN and FPs. The directives SecRuleUpdateTargetById, SecRuleRemoveByTag
|
|
Packit Service |
384592 |
and its ctl actions were included.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecStreamOutBodyInspection and SecStreamInBodyInspection to enable STREAM_*
|
|
Packit Service |
384592 |
variables.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecGsbLookupDB used to load Google Safe Browsing malware databse into
|
|
Packit Service |
384592 |
memory.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added the directive SecInterceptOnError to control what to do if a rule returns
|
|
Packit Service |
384592 |
values less than zero.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements in DetectionOnly engine mode. Also added SecRequestBodyLimitAction
|
|
Packit Service |
384592 |
to control what to do if the engine receive a http request over a hard limit.
|
|
Packit Service |
384592 |
Note that there is now many combinations with SecRuleEngine and the limit action
|
|
Packit Service |
384592 |
directives for response and request data. Please see the reference manual.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements under RBL operator. It now will parse return code values for some
|
|
Packit Service |
384592 |
RBL lists.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new Log Part J. It should log some informations about uploaded files.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new sanitizeMatchedBytes action. It will give more flexibilty for user to sanitize
|
|
Packit Service |
384592 |
logged data, also improving peformance when sanitize big amount of data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements on Logging phase. It is possible now see full chains, distinguish between
|
|
Packit Service |
384592 |
simple rules, chain starters and chain nodes.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements on AutoTools usage.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements on pattern matching operators, pmf, pm and strmatch now supports more flexible
|
|
Packit Service |
384592 |
input data allowing any kind of special char.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improvements on SecRuleUpdateActionById to update chain nodes.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Many bugs were fixed. Please see the ModSecurity Jira for more details
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
19 Mar 2010 - trunk
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecDisableBackendCompression, which disabled backend compression
|
|
Packit Service |
384592 |
while keeping the frontend compression enabled (assuming mod_deflate
|
|
Packit Service |
384592 |
in installed and configured in the proxy). [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added REQUEST_BODY_LENGTH, which contains the number of request body
|
|
Packit Service |
384592 |
bytes read. [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Integrate with mod_log_config using the %{VARNAME}M format string.
|
|
Packit Service |
384592 |
(MODSEC-108) [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Replaced the previous time-measuring mechanism with a new one, which
|
|
Packit Service |
384592 |
provides the following information: request time, request duration,
|
|
Packit Service |
384592 |
phase duration (for all 5 phases), time spent dealing with persistent
|
|
Packit Service |
384592 |
storage, and time spent on audit logging. The new information is now
|
|
Packit Service |
384592 |
available in the Stopwatch2 audit log header. The Stopwatch header
|
|
Packit Service |
384592 |
remains for backward compatiblity, although it now only includes
|
|
Packit Service |
384592 |
the request time and request duration values. Added the following
|
|
Packit Service |
384592 |
variables: PERF_COMBINED, PERF_PHASE1, PERF_PHASE2, PERF_PHASE3,
|
|
Packit Service |
384592 |
PERF_PHASE4, PERF_PHASE5, PERF_SREAD, PERF_SWRITE, PERF_LOGGING,
|
|
Packit Service |
384592 |
PERF_GC. [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added DURATION, which contains the time ellapsed since the beginning
|
|
Packit Service |
384592 |
of the current transaction, in milliseconds. [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Adjusted phase 5 to execute just prior to mod_log_config. This should
|
|
Packit Service |
384592 |
allow phase 5 rules to to implement conditional logging, as well as
|
|
Packit Service |
384592 |
pave support for allowing access to all ModSecurity variables from
|
|
Packit Service |
384592 |
mog_log_config. [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added the URLENCODED_ERROR flag, which is raised whenever invalid URL
|
|
Packit Service |
384592 |
encoding is encountered in the query string or in the request body
|
|
Packit Service |
384592 |
(but only if URLENCODED request body processor is used). (MODSEC-111)
|
|
Packit Service |
384592 |
[Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed the obsolete PDF UXSS functionality. (MODSEC-96) [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Renamed normalisePath to normalizePath and normalisePathWin to
|
|
Packit Service |
384592 |
normalizePathWin. Kept the previous names for backward compatibility.
|
|
Packit Service |
384592 |
(MODSEC-103) [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Moved phase 1 to be run in the same Apache hook as phase 2. This means
|
|
Packit Service |
384592 |
that you can now have phase 1 rules in <Location> tags and, more
|
|
Packit Service |
384592 |
importantly, override server configuration in <Location> and others.
|
|
Packit Service |
384592 |
(MODSEC-98) [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Renamed the sanitise family of actions to sanitize. Kept the old variants
|
|
Packit Service |
384592 |
for backward compatibility. (MODSEC-95) [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improve the logging of the ctl action. (MODSEC-99) [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup build files that were from the Apache source.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
14 Feb 2010 - 2.5.13-dev1
|
|
Packit Service |
384592 |
-------------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleaned up some mlogc code and debugging output.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Remove the ability to use a relative path to a piped audit logger
|
|
Packit Service |
384592 |
(i.e. mlogc) as Apache does not support it in their piped loggers
|
|
Packit Service |
384592 |
and it was breaking Windows and probably other platforms that
|
|
Packit Service |
384592 |
use spaces in filesystem paths. Discovered by Tom Donovan.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fix memory leak freeing regex. Discovered by Tom Donovan.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fix some portability issues on Windows.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
04 Feb 2010 - 2.5.12
|
|
Packit Service |
384592 |
--------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecUploadFileMode to set the correct mode.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added additional file info definitions introduced in APR 0.9.5 so that
|
|
Packit Service |
384592 |
build will work with older APRs (IBM HTTP Server v6).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecUploadFileLimit to limit the number of uploaded file parts that
|
|
Packit Service |
384592 |
will be processed in a multipart POST. The default is 100.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed path normalization to better handle backreferences that extend
|
|
Packit Service |
384592 |
above root directories. Reported by Sogeti/ESEC R&D.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Trim whitespace around phrases used with @pmFromFile and allow
|
|
Packit Service |
384592 |
for both LF and CRLF terminated lines.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow for more robust parsing for multipart header folding. Reported
|
|
Packit Service |
384592 |
by Sogeti/ESEC R&D.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed failure to match internally set TX variables with regex
|
|
Packit Service |
384592 |
(TX:/.../) syntax.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed failure to log full internal TX variable names and populate
|
|
Packit Service |
384592 |
MATCHED_VAR* vars.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Enabled PCRE "studying" by default. This is now a configure-time option.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added PCRE match limits (SecPcreMatchLimit/SecPcreMatchLimitRecursion) to
|
|
Packit Service |
384592 |
aide in REDoS type attacks. A rule that goes over the limits will set
|
|
Packit Service |
384592 |
TX:MSC_PCRE_LIMITS_EXCEEDED. It is intended that the next major release
|
|
Packit Service |
384592 |
of ModSecurity (2.6.x) will move these flags to a dedicated collection.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Reduced default PCRE match limits reducing impact of REDoS on poorly
|
|
Packit Service |
384592 |
written regex rules. Reported by Sogeti/ESEC R&D.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed memory leak in v1 cookie parser. Reported by Sogeti/ESEC R&D.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Now support macro expansion in numeric operators (@eq, @ge, @lt, etc.)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Update copyright to 2010.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Reserved 700,000-799,999 IDs for Ivan Ristic.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecAction not working when CONNECT request method is used
|
|
Packit Service |
384592 |
(MODSEC-110). [Ivan Ristic]
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not escape quotes in macro resolution and only escape NUL in setenv
|
|
Packit Service |
384592 |
values.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
04 Nov 2009 - 2.5.11
|
|
Packit Service |
384592 |
--------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added a new multipart flag, MULTIPART_INVALID_QUOTING, which will be
|
|
Packit Service |
384592 |
set true if any invalid quoting is found during multipart parsing.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed parsing quoted strings in multipart Content-Disposition headers.
|
|
Packit Service |
384592 |
Discovered by Stefan Esser.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup persistence database locking code.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added warning during configure if libcurl is found linked against
|
|
Packit Service |
384592 |
gnutls for SSL. The openssl lib is recommended as gnutls has
|
|
Packit Service |
384592 |
proven to cause issues with mutexes and may crash.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup some mlogc (over)logging.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not log output filter errors in the error log.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Moved output filter to run before other stock filters (mod_deflate,
|
|
Packit Service |
384592 |
mod_cache, mod_expires, mod_filter) to avoid analyzing modified data
|
|
Packit Service |
384592 |
in the response. Patch originally submitted by Ivan Ristic.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
18 Sep 2009 - 2.5.10
|
|
Packit Service |
384592 |
--------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup mlogc so that it builds on Windows.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added more detailed messages to replace "Unknown error" in filters.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecAuditLogDirMode and SecAuditLogFileMode to allow fine tuning
|
|
Packit Service |
384592 |
auditlog permissions (especially with mpm-itk).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup SecUploadFileMode implementation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup build scripts.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed crash on configuration if SecMarker is used before any rules.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed SecRuleUpdateActionById so that it will work on chain starters.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup build system for mlogc.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow mlogc to periodically flush memory pools.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Using nolog,auditlog will now log the "Message:" line to the auditlog, but
|
|
Packit Service |
384592 |
nothing to the error log. Prior versions dropped the "Message:" line from
|
|
Packit Service |
384592 |
both logs. To do this now, just use "nolog" or "nolog,noauditlog".
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Forced mlogc to use SSLv3 to avoid some potential auto negotiation
|
|
Packit Service |
384592 |
issues with some libcurl versions.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed mlogc issue seen on big endian machines where content type
|
|
Packit Service |
384592 |
could be listed as zero.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed extra newline from audit log message line when logging XML errors.
|
|
Packit Service |
384592 |
This was causing problems parsing audit logs.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed @pm/@pmFromFile case insensitivity.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Truncate long parameters in log message for "Match of ... against ...
|
|
Packit Service |
384592 |
required" messages.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Correctly resolve chained rule actions in logs.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleanup some code for portability.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* AIX does not support hidden visibility with xlc compiler.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow specifying EXTRA_CFLAGS during configure to override gcc specific
|
|
Packit Service |
384592 |
values for non-gcc compilers.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Populate GEO:COUNTRY_NAME and GEO:COUNTRY_CONTINENT as documented.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Handle a newer geo database more gracefully, avoiding a potential crash for
|
|
Packit Service |
384592 |
new countries that ModSecurity is not yet aware.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow checking &GEO "@eq 0" for a failed @geoLookup.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed mlogc global mutex locking issue and added more debugging output.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleaned up build dependencies and configure options.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
05 Mar 2009 - 2.5.9
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed parsing multipart content with a missing part header name which
|
|
Packit Service |
384592 |
would crash Apache. Discovered by "Internet Security Auditors"
|
|
Packit Service |
384592 |
(isecauditors.com).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ability to specify the config script directly using --with-apr
|
|
Packit Service |
384592 |
and --with-apu.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated copyright year to 2009.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added macro expansion for append/prepend action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed race condition in concurrent updates of persistent counters. Updates
|
|
Packit Service |
384592 |
are now atomic.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleaned up build, adding an option for verbose configure output and making
|
|
Packit Service |
384592 |
the mlogc build more portable.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
21 Nov 2008 - 2.5.8
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed PDF XSS issue where a non-GET request for a PDF file would crash the
|
|
Packit Service |
384592 |
Apache httpd process. Discovered by Steve Grubb at Red Hat.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed an invalid "Internal error: Issuing "%s" for unspecified error."
|
|
Packit Service |
384592 |
message that was logged when denying with nolog/noauditlog set and
|
|
Packit Service |
384592 |
causing the request to be audited.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
24 Sep 2008 - 2.5.7
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed XML DTD/Schema validation which will now fail after request body
|
|
Packit Service |
384592 |
processing errors, even if the XML parser returns a document tree.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ctl:forceRequestBodyVariable=on|off which, when enabled, will force
|
|
Packit Service |
384592 |
the REQUEST_BODY variable to be set when a request body processor is not set.
|
|
Packit Service |
384592 |
Previously the REQUEST_BODY target was only populated by the URLENCODED
|
|
Packit Service |
384592 |
request body processor.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Integrated mlogc source.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed logging the hostname in the error_log which was logging the
|
|
Packit Service |
384592 |
request hostname instead of the Apache resolved hostname.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow for disabling request body limit checks in phase:1.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added transformations for processing parity for legacy protocols ported
|
|
Packit Service |
384592 |
to HTTP(S): t:parityEven7bit, t:parityOdd7bit, t:parityZero7bit
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added t:cssDecode transformation to decode CSS escapes.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Now log XML parsing/validation warnings and errors to be in the debug log
|
|
Packit Service |
384592 |
at levels 3 and 4, respectivly.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
31 Jul 2008 - 2.5.6
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Transformation caching has been deprecated, and is now off by default. We
|
|
Packit Service |
384592 |
now advise against using transformation caching in production.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed two separate transformation caching issues that could cause incorrect
|
|
Packit Service |
384592 |
content inspection in some circumstances.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed an issue with the transformation cache using too much RAM, potentially
|
|
Packit Service |
384592 |
crashing Apache with a large number of cache entries. Two new configuration
|
|
Packit Service |
384592 |
options have been added to allow for a finer control of caching:
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
maxitems: Max number of items to cache (default 1024)
|
|
Packit Service |
384592 |
incremental: Whether to cache incrementally (default off)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added an experimental regression testing suite. The regression suite may
|
|
Packit Service |
384592 |
be executed via "make test-regression", however it is strongly advised
|
|
Packit Service |
384592 |
to only be executed on a non-production machine as it will startup the
|
|
Packit Service |
384592 |
Apache web server that ModSecurity is compiled against with various
|
|
Packit Service |
384592 |
configurations in which it will run tests.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added a licensing exception so that ModSecurity can be used in a derivative
|
|
Packit Service |
384592 |
work when that derivative is also under an approved open source license.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated mlogc to version 1.4.5 which adds a LockFile directive and fixes an
|
|
Packit Service |
384592 |
issue in which the configuration file may be deleted.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
05 Jun 2008 - 2.5.5
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed an issue where an alert was not logged in the error log
|
|
Packit Service |
384592 |
unless "auditlog" was used.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Enable the "auditlog" action by default to help prevent a misconfiguration.
|
|
Packit Service |
384592 |
The new default is now: "phase:2,log,auditlog,pass"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Improve request body processing error messages.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Handle lack of a new line after the final boundary in a multipart request.
|
|
Packit Service |
384592 |
This fixes the reported WordPress Flash file uploader problem.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed issue with multithreaded servers where concurrent XML processing
|
|
Packit Service |
384592 |
could crash the web server (at least under Windows).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed blocking in phase 3.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Force modules "mod_rpaf-2.0.c" and "mod_custom_header.c" to run before
|
|
Packit Service |
384592 |
ModSecurity so that the correct IP is used.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
07 May 2008 - 2.5.4
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed issue where transformation cache was using the SecDefaultAction
|
|
Packit Service |
384592 |
value even when t:none was used within a rule.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
24 Apr 2008 - 2.5.3
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed issue where the exec action may not be able to execute shell scripts.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Macros are now expanded in expirevar and deprecatevar.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed crash if a persistent variable name was more than 126 characters.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated included Core Ruleset to version 1.6.1 which fixes some
|
|
Packit Service |
384592 |
false negative issues in the migration to using some 2.5 features.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
02 Apr 2008 - 2.5.2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow HTTP_* targets as an alias for REQUEST_HEADERS:*.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Make sure temporary filehandles are closed after a transaction.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Make sure the apache include directory is included during build.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
02 Apr 2008 - 2.1.7
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Make sure temporary filehandles are closed after a transaction.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
14 Mar 2008 - 2.5.1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed an issue where a match would not occur if transformation caching
|
|
Packit Service |
384592 |
was enabled.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Using "severity" in a default action is now just a warning.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleaned up the "make test" target to better locate headers/libraries.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Now search /usr/lib64 and /usr/lib32 for lua libs.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* No longer treat warnings as errors by default (use --enable-strict-compile).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
19 Feb 2008 - 2.5.0
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated included Core Ruleset to version 1.6.0 which uses 2.5 features.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleaned up and clarified some documentation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated code to be more portable so it builds with MS VC++.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added unit tests for most operators and transformations.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed crash on startup when ENV is improperly used without a parameter.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow macro resolution in setenv action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* The default action is now a minimal "phase:2,log,pass" with no default
|
|
Packit Service |
384592 |
transformations performed.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Implemented SecUploadFileMode to allow setting the mode for uploaded files.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Implemented "block" action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Implemented SecRuleUpdateActionById.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed removal of phase 5 rules via SecRuleRemoveBy* directives.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* No longer log the query portion of the URI in the error log as
|
|
Packit Service |
384592 |
it may contain sensitive data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Build is now 'configure' based: ./configure && make && make install
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added support for Lua scripting in the following ways: SecRuleScript
|
|
Packit Service |
384592 |
can be used to specify a script to execute as a rule, the exec
|
|
Packit Service |
384592 |
action processes Lua scripts internally, as does the @inspectFile
|
|
Packit Service |
384592 |
operator. Refer to the documentation for more details.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Changed how allow works. Used on its own it now allows phases 1-4. Used
|
|
Packit Service |
384592 |
with parameter "phase" (e.g. SecAction allow:phase) it only affects
|
|
Packit Service |
384592 |
the current phase. Used with parameter "request" it allows phases
|
|
Packit Service |
384592 |
1-2.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed issue where only the first phase 5 rule would run when the
|
|
Packit Service |
384592 |
request was intercepted in an earlier phase.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Stricter configuration parsing. Disruptive actions, meta actions and
|
|
Packit Service |
384592 |
phases are no longer allowed in a chained rule. Disruptive actions,
|
|
Packit Service |
384592 |
are no longer allowed in a logging phase (phase 5) rule, including
|
|
Packit Service |
384592 |
inheriting from SecDefaultAction.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* More efficient collection persistance.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed t:escapeSeqDecode to better follow ANSI C escapes.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added t:jsDecode to decode JavScript escape sequences.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added IS_NEW built-in collection variables.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* New audit log part 'K' logs all matching rules.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Implemented SecRequestBodyNoFilesLimit.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Enhance handling of the case where we run out of disk space while
|
|
Packit Service |
384592 |
writing to audit log entry.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecComponentSignature to allow other components the ability
|
|
Packit Service |
384592 |
to append to the logged signature.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added skipAfter:<id> action to allow skipping all rules until a rule
|
|
Packit Service |
384592 |
with a specified ID is reached. Rule execution then continues after
|
|
Packit Service |
384592 |
the specified rule.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecMarker <id> directive to allow a fixed target for skipAfter.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ctl:ruleRemoveById action to allow rule removal on a match.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added a @containsWord operator that will match a given string anywhere in
|
|
Packit Service |
384592 |
the target value, but only on word boundaries.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added a MATCHED_VAR_NAME variable to store the last matched variable name
|
|
Packit Service |
384592 |
so that it can be more easily used by rules.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added a MATCHED_VAR variable to store the last matched variable value
|
|
Packit Service |
384592 |
so that it can be more easily used by rules.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed expansion of macros when using relative changes with setvar. In
|
|
Packit Service |
384592 |
addition, added support for expanding macros in the variable name.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Situations where ModSecurity will intercept, generate an error or log
|
|
Packit Service |
384592 |
a level 1-3 message to the debug log are now marked as 'relevant' and may
|
|
Packit Service |
384592 |
generate an audit log entry.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed deprecatevar:var=N/S action so that it decrements N every S seconds
|
|
Packit Service |
384592 |
as documented instead of decrementing by a rate.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Enable ModSecurity to look at partial response bodies. In previous
|
|
Packit Service |
384592 |
versions, ModSecurity would respond with status code 500 when the
|
|
Packit Service |
384592 |
response body was too long. Now, if SecResponseBodyLimitAction is
|
|
Packit Service |
384592 |
set to "ProcessPartial", it will process the part of the response
|
|
Packit Service |
384592 |
body received up until that point but send the rest without buffering.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* ModSecurity will now process phases 3 and 4 even when request processing
|
|
Packit Service |
384592 |
is interrupted (either by Apache - e.g. by responding with 400, 401
|
|
Packit Service |
384592 |
or 403, or by ModSecurity itself).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed the base64decode transformation function to not return extra
|
|
Packit Service |
384592 |
characters at the end.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Return from the output filter with an error in addition to setting
|
|
Packit Service |
384592 |
up the HTTP error status in the output data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Used new Apache API calls to get the server version/banner when available.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added "logdata" meta action to allow logging of raw transaction data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added TX_SEVERITY that keeps track of the highest severity
|
|
Packit Service |
384592 |
for any matched rules so far.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ARGS_GET, ARGS_POST, ARGS_GET_NAMES, ARGS_POST_NAMES variables to
|
|
Packit Service |
384592 |
allow seperation of GET and POST arguments.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added an Apache define (MODSEC_2.5) so that you can conditionally include
|
|
Packit Service |
384592 |
directives based on the ModSecurity major/minor versions with IfDefine.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added MODSEC_BUILD variable that contains the numeric build value based
|
|
Packit Service |
384592 |
on the ModSecurity version.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Enhanced debug logging by displaying more data on rule execution. All
|
|
Packit Service |
384592 |
invoked rules are now logged in the debug log at level 5.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Stricter validation for @validateUtf8Encoding.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* No longer process Apache internal subrequests.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed warnings on Solaris and/or 64bit builds.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added @within string comparison operator with support for macro expansion.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not trigger "pause" action for internal requests.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added matching rule filename and line number to audit log.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added new phrase matching operators, @pm and @pmFromFile. These use
|
|
Packit Service |
384592 |
an alternate set based matching engine (Aho-Corasick) to perform faster
|
|
Packit Service |
384592 |
phrase type matches such as black/white lists, spam keywords, etc.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow caching transformations per-request/phase so they are not repeated.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Solaris and Cygwin to the list of platforms not supporting the hidden
|
|
Packit Service |
384592 |
visibility attribute.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed decoding full-width unicode in t:urlDecodeUni.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Add SecGeoLookupDB, @geoLookups and GEO collection to support
|
|
Packit Service |
384592 |
geographical lookups by IP/host.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not try to intercept a request after a failed rule. This fixes the
|
|
Packit Service |
384592 |
issue associated with an "Internal Error: Asked to intercept request
|
|
Packit Service |
384592 |
but was_intercepted is zero" error message.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed extraneous exported symbols.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Merged the PDF XSS protection functionality into ModSecurity.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Exported API for registering custom variables. Example in api directory.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added experimental support for content injection. Directive
|
|
Packit Service |
384592 |
SecContentInjection (On|Off) controls whether injection is taking place.
|
|
Packit Service |
384592 |
Actions "prepend" and "append" inject content when executed. Do note that
|
|
Packit Service |
384592 |
it is your responsibility to make sure the response is of the appropriate
|
|
Packit Service |
384592 |
content type (e.g. HTML, plain text, etc).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added string comparison operators with support for macro expansion:
|
|
Packit Service |
384592 |
@contains, @streq, @beginsWith and @endsWith.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Enhanced debug log output to log macro expansion, quote values and
|
|
Packit Service |
384592 |
correctly display values that contained NULs.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed support for %0 - %9 capture macros as they were incorrectly
|
|
Packit Service |
384592 |
expanding url encoded values. Use %{TX.0} - %{TX.9} instead.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added t:length to transform a value to its character length.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added t:trimLeft, t:trimRight, t:trim to remove whitespace
|
|
Packit Service |
384592 |
from a value on the left, right or both.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecAuditLog2 directive to allow redundent concurrent audit log
|
|
Packit Service |
384592 |
index files. This will allow sending audit data to two consoles, etc.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed CGI style HTTP_* variables in favor of REQUEST_HEADERS:Header-Name.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Store filename/line for each rule and display it and the ID (if available)
|
|
Packit Service |
384592 |
in the debug log when invoking a rule. Thanks to Christian Bockermann
|
|
Packit Service |
384592 |
for the idea.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not log 'allow' action as intercepted in the debug log.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed some collection variable names not printing with the parameter
|
|
Packit Service |
384592 |
and/or counting operator in the debug log.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
19 Feb 2008 - 2.1.6
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed crash on startup when ENV is improperly used without a parameter.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow macro resolution in setenv action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Implemented SecUploadFileMode to allow setting the mode for uploaded files.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* No longer log the query portion of the URI in the error log as
|
|
Packit Service |
384592 |
it may contain sensitive data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
10 Jan 2008 - 2.1.5
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated included Core Ruleset to version 1.5.1.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Phase 5 rules can now be removed via SecRuleRemoveBy* directives.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed issue where only the first phase 5 rule would run when the
|
|
Packit Service |
384592 |
request was intercepted in an earlier phase.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed configuration parsing so that disruptive actions, meta actions
|
|
Packit Service |
384592 |
and phases are not allowed in a chained rule (as originally intended).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed t:escapeSeqDecode to better follow ANSI C escapes.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
27 Nov 2007 - 2.1.4
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated included Core Ruleset to version 1.5 and noted in the docs that
|
|
Packit Service |
384592 |
XML support is required to use the rules without modification.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed an evasion FP, mistaking a multipart non-boundary for a boundary.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed multiple warnings on Solaris and/or 64bit builds.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not process subrequests in phase 2-4, but do hand off the request data.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed a blocking FP in the multipart parser, which affected Safari.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
11 Sep 2007 - 2.1.3
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updated multipart parsing code adding variables to allow checking
|
|
Packit Service |
384592 |
for various parsing issues (request body abnormalities).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Quiet some compiler warnings.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not block internal ErrorDocument requests after blocking request.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added ability to compile without an external API (use -DNO_MODSEC_API).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
27 Jul 2007 - 2.1.2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Cleaned up and clarified some documentation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Update included core rules to latest version (1.4.3).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Enhanced ability to alert/audit failed requests.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not trigger "pause" action for internal requests.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed issue with requests that use internal requests. These had the
|
|
Packit Service |
384592 |
potential to be intercepted incorrectly when other Apache httpd modules
|
|
Packit Service |
384592 |
that used internal requests were used with mod_security.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added Solaris and Cygwin to the list of platforms not supporting the hidden
|
|
Packit Service |
384592 |
visibility attribute.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed decoding full-width unicode in t:urlDecodeUni.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Lessen some overhead of debugging messages and calculations.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Do not try to intercept a request after a failed rule. This fixes the
|
|
Packit Service |
384592 |
issue associated with an "Internal Error: Asked to intercept request
|
|
Packit Service |
384592 |
but was_intercepted is zero" error message.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added SecAuditLog2 directive to allow redundent concurrent audit log
|
|
Packit Service |
384592 |
index files. This will allow sending audit data to two consoles, etc.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Small performance improvement in memory management for rule execution.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
11 Apr 2007 - 2.1.1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression
|
|
Packit Service |
384592 |
for the @rx operator and variables.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Really set PCRE_DOTALL option when compiling the regular expression
|
|
Packit Service |
384592 |
for the @rx operator as the docs state.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed potential memory corruption when expanding macros.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed error when a collection was retrieved from storage in the same second
|
|
Packit Service |
384592 |
as creation by setting the rate to zero.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed the faulty REQUEST_FILENAME variable, which used to change
|
|
Packit Service |
384592 |
the internal Apache structures by mistake.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updates to quiet some compiler warnings.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
23 Feb 2007 - 2.1.0
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed the "Connection reset by peer" message, which has nothing
|
|
Packit Service |
384592 |
to do with us. Actually the message was downgraded from ERROR to
|
|
Packit Service |
384592 |
NOTICE so it will still appear in the debug log.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Removed the (harmless) message mentioning LAST_UPDATE_TIME missing.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* It was not possible to remove a rule placed in phase 4 using
|
|
Packit Service |
384592 |
SecRuleRemoveById or SecRuleRemoveByMsg. Fixed.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed a problem with incorrectly setting requestBodyProcessor using
|
|
Packit Service |
384592 |
the ctl action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Bundled Core Rules 2.1-1.3.2b4.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updates to the reference manual.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Reversed the return values of @validateDTD and @validateSchema, to
|
|
Packit Service |
384592 |
make them consistent with other operators.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added a few helpful debug messages in the XML validation area.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Updates to the reference manual.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed the validateByteRange operator.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Default value for the status action is now 403 (as it was supposed to
|
|
Packit Service |
384592 |
be but it was effectively 500).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Rule exceptions (removing using an ID range or an regular expression)
|
|
Packit Service |
384592 |
is now applied to the current context too. (Previously it only worked
|
|
Packit Service |
384592 |
on rules that are inherited from the parent context.)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fix of a bug with expired variables.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed regular expression variable selectors for many collections.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Performance improvements - up to two times for real-life work loads!
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Memory consumption improvements (not measured but significant).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* The allow action did not work in phases 3 and 4. Fixed.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Unlocked collections GLOBAL and RESOURCE.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added support for variable expansion in the msg action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* New feature: It is now possible to make relative changes to the
|
|
Packit Service |
384592 |
audit log parts with the ctl action. For example: "ctl:auditLogParts=+E".
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* New feature: "tag" action. To be used for event categorisation.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* XML parser was not reporting errors that occured at the end
|
|
Packit Service |
384592 |
of XML payload.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Files were not extracted from request if SecUploadKeepFiles was
|
|
Packit Service |
384592 |
Off. Fixed.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Regular expressions that are too long are truncated to 256
|
|
Packit Service |
384592 |
characters before used in error messages. (In order to keep
|
|
Packit Service |
384592 |
the error messages in the log at a reasonable size.)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed the sha1 transformation function.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed the skip action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed REQUEST_PROTOCOL, REMOTE_USER, and AUTH_TYPE.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* SecRuleEngine did not work in child configuration contexts
|
|
Packit Service |
384592 |
(e.g. <Location>).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed base64Decode and base64Encode.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
15 Nov 2006 - 2.0.4
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed the "deprecatevar" action.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Decreasing variable values did not work.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Made "nolog" do what it is supposed to do - cause a rule match to
|
|
Packit Service |
384592 |
not be logged. Also "nolog" now implies "noauditlog" but it's
|
|
Packit Service |
384592 |
possible to follow "nolog" with "auditlog" and have the match
|
|
Packit Service |
384592 |
not logged to the error log but logged to the auditlog. (Not
|
|
Packit Service |
384592 |
something that strikes me as useful but it's possible.)
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Relative paths given to SecDataDir will now be treated as relative
|
|
Packit Service |
384592 |
to the Apache server root.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Added checks to make sure only correct actions are specified in
|
|
Packit Service |
384592 |
SecDefaultAction (some actions are required, some don't make any
|
|
Packit Service |
384592 |
sense) and in rules that are not chain starters (same). This should
|
|
Packit Service |
384592 |
make the unhelpful "Internal Error: Failed to add rule to the ruleset"
|
|
Packit Service |
384592 |
message go away.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed the problem when "SecRuleInheritance Off" is used in a context
|
|
Packit Service |
384592 |
with no rules defined.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed a problem of lost input (request body) data on some redirections,
|
|
Packit Service |
384592 |
for example when mod_rewrite is used.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
26 Oct 2006 - 2.0.3
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed a memory leak (all platforms) and a concurrency control
|
|
Packit Service |
384592 |
problem that could cause a crash (multithreaded platforms only).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed a SecAuditLogRelevantStatus problem, which would not work
|
|
Packit Service |
384592 |
properly unless the regular expression contained a subexpression.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
19 Oct 2006 - 2.0.2
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed incorrect permissions on the global mutex, which prevented
|
|
Packit Service |
384592 |
the mutex from working properly.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed incorrect actionset merging where the status was copied from
|
|
Packit Service |
384592 |
the child actionset even though it was not defined.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed missing metadata information (in the logs) for warnings.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
16 Oct 2006 - 2.0.1
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Rules that used operator negation did not work. Fixed.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* Fixed bug that prevented invalid regular expressions from being reported.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
16 Oct 2006 - 2.0.0
|
|
Packit Service |
384592 |
-------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
* First stable 2.x release.
|
|
Packit Service |
384592 |
|