Skip to content

v2.9.1-rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@zimmerle zimmerle released this 03 Feb 16:15
v2.9.1-rc1
ad9257c

New features

  • Added support to generate audit logs in JSON format.

    [Issue #914, #897, #656 - Robert Paprocki]
  • Extended Lua support to include version 5.3

    [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team]
  • mlogc: Allows user to choose between TLS versions (TLSProtocol option
    introduced).

    [Issue #881 - Ishwor Gurung]
  • Allows mod_proxy's "nocanon" behavior to be specified in proxy actions.

    [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team]

Bug fixes

  • Creating AuditLog serial file (or parallel index) respecting the
    permission configured with SecAuditLogFileMode. Previously, it was
    used only to save the transactions while in parallel mode.

    [Issue #852 - @littlecho and ModSecurity team]
  • Checking for hashing injection response, to report in case of failure.

    [Issue #1041 - ModSecurity team]
  • Stop buffering when the request is larger than SecRequestBodyLimit
    in ProcessPartial mode

    [Issue #709, #705, #728 - Justin Gerace and ModSecurity team]
  • Refactoring conditional #if/#defs directives.

    [Issue #996 - Wesley M and ModSecurity team]
  • mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir
    files with Apache 2.4

    [Issue #775 - Elia Pinto]
  • Understands IIS 10 as compatible on Windows installer.

    [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team]
  • Fix apache logging limitation by using correct Apache call.

    [Issue #840 - Christian Folini]
  • Fix apr_crypto.h check on 32-bit Linux platform

    [Issue #882, #883 - Kurt Newman]
  • Fix variable resolution duration (Content of the DURATION variable).

    [Issue #662 - Andrew Elble]
  • Fix crash while adding empty keys to persistent collections.

    [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team]
  • Remove misguided call to srand()

    [Issues #778, #781 and #836 - Michael Bunk, @gilperon]
  • Fix compilation problem while ssdeep is installed in non-standard
    location.

    [Issue #872 - Kurt Newman]
  • Fix invalid storage reference by apr_psprintf at msc_crypt.c

    [Issue #609 - Jeff Trawick]

Known issues

  • Instabilities of nginx add-on are still expected. Please use the "nginx
    refactoring" branch and stay tuned for the ModSecurity version 3.
Assets 11
Loading