Transformation Caching Unstable, Fixed, But Deprecated

We have just released ModSecurity 2.5.6 to address several issues with transformation caching: the subsystem is unstable, can crash your server server, and is even susceptible to evasion in certain circumstances. Although the issues have all been fixed in 2.5.6 we have decided to deprecate the entire subsystem because there has been too many problems with it. If you are using the 2.5.x branch of ModSecurity you are advised to turn transformation caching off (it is on by default until 2.5.6) until you upgrade. You can do this with:

SecCacheTransformations Off

On the positive side, ModSecurity 2.5.6 is the first version to use the previously discussed licensing exception, which allows ModSecurity to be combined with other open source projects.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.