Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

ModSecurity 2.1.0 Improvements

I have just packaged and released ModSecurity for Apache v2.1.0-rc7, in preparation for the first stable release in the 2.1.x branch. I am very fond of having many release candidates over a period of time. They have an important role of demonstrating how the process of adding new features has ended, and the product is now being polished for a release.

A lot of work has been done in the v2.1.0, with quality being the main focus. Ryan Barnett - a well known member of the ModSecurity community and an employee of Breach Security since last year (and thus a member of the ModSecurity project) - contributed by creating a set of regression tests and updating the documentation. Ofer (whom you already know by know as the person in charge of the Core Rules project) helped by thoroughly testing both ModSecurity and Core Rules, all as part of our parallel effort - the ModSecurity appliance - ModSecurity Pro M1000. Their combined efforts have resulted in a discovery of a number of small issues that were promptly fixed.

But even if you are not affected by some of the problems that were now fixed in v2.1.0 there are good reasons to upgrade - this new version is almost twice as fast for real-life traffic and uses significantly less memory.

We will officially declare v2.1.0 stable in a week or so but I urge you to take the release candidate for a spin to make sure it works for you. It's time to move on and start implementing the next batch of changes. We have some very interesting features on our TODO list!