Today I released ModSecurity 2.1.2. This is the latest stable release of ModSecurity. The 2.1.2 release contains several small updates. Users are encouraged to upgrade.
Notable changes as follows:
- Full-width Unicode is now decoded by the urlDecodeUni transformation function.
- Under some conditions (notably with mod_deflate and some other filters) earlier versions of ModSecurity were not correctly intercepting requests that used internal subrequests.
- Core Rules were updated to the latest version (1.4.3).
- Avoid using the hidden visibility attribute on functions when building on Solaris and under Cygwin.
- Some sections of the documentation have been enhanced and/or clarified.
- The license has been clarified to be GPLv2.
- Copyright notices were changed to Breach Security, Inc.
As always, send questions/comments to the user mailing list. You can get the latest release, documentation and subscribe to the user mailing list from the ModSecurity web site, http://www.modsecurity.org. See the CHANGES file in the distribution for a full list of changes.