Skip to content

Releases: owasp-modsecurity/ModSecurity

v3.0.13

03 Sep 13:56
580fe19
Compare
Choose a tag to compare

Major changes in v3:

  • added Windows port
  • improved CI workflow
  • removed unnecessary string copy operations, improved engine speed - several PR's
  • fixed a bug in @pm operator
  • extended the C/C++ API

For more information please see CHANGES.

v2.9.8

03 Sep 13:07
v2.9.8
ad01611
Compare
Choose a tag to compare

Major changes in v2:

  • added a CI workflow
  • changed error log format
  • added a new MULTIPART HEADER check
  • fixed many potential memory leaks and other potential memory handling problems

For more information please see CHANGES.

v3.0.12

30 Jan 15:52
v3.0.12
5f44383
Compare
Choose a tag to compare

Security impacting issue

  • Change REQUEST_FILENAME and REQUEST_BASENAME behavior
    [Issue #3048 - @martinhsv, @theMiddleBlue, @theseion, @M4tteoP, @airween]
    WAF bypass of the ModSecurity v3 release line for path-based payloads by submitting a specially crafted request URL. For details, see CVE 2024-1019.

Enhancements and bug fixes

  • Set the minimum security protocol version (TLSv1.2) for SecRemoteRules
    [Issue security/code-scanning/2 - @airween]

v3.0.11

06 Dec 20:01
v3.0.11
bbde938
Compare
Choose a tag to compare

Security impacting issue

  • Add WRDE_NOCMD to wordexp call
    [Issue #3024 - @sahruldotid, @martinhsv ]
    Note: Although this issue ostensibly allows for specially-crafted SecRule content to execute OS command-line commands when the rules are loaded, this is unlikely to be a serious issue in most deployments. A malicious actor who has access to modify the ModSecurity configuration of an installation can cause severe effects in a multitude of other ways.

New feature

Enhancements and bug fixes

v3.0.10

25 Jul 16:38
v3.0.10
ccc2d9b
Compare
Choose a tag to compare

Security impacting issue

Enhancements and bug fixes

v3.0.9

13 Apr 03:22
v3.0.9
205dac0
Compare
Choose a tag to compare

Security issue

Enhancements and bug fixes

v2.9.7

05 Jan 01:45
v2.9.7
0539655
Compare
Choose a tag to compare

Security impacting issues

New features

Bug fixes and enhancements

v3.0.8

07 Sep 20:16
v3.0.8
996c7e1
Compare
Choose a tag to compare

Note: additional information on the release and some of the key changes will be published separately in short order.

New features and security impacting issues

Bug fixes

v2.9.6

08 Sep 00:23
v2.9.6
dfba4fd
Compare
Choose a tag to compare

Note: additional information on the release and some of the key changes will be published separately in short order.

New features and security impacting issues

Bug fixes

v3.0.7

30 May 20:08
v3.0.7
1bdd047
Compare
Choose a tag to compare

New features

Bug fixes