Over the past few months, there has been a lot going on with ModSecurity. Our lead developer Felipe "Zimmerle" Costa (@zimmerle) has been working hard to add many improvements to the upcoming versions of ModSecurity and we're both also working to address some of the issues reported by our contributors and users as part of the milestones for 3.0.4, 2.9.4. In addition, we're also working towards some new exciting features which are currently on experimental stage for a future 3.1 release.
Finally we recently also demonstrated the flexibility of libModSecurity by showing the feasibility of running a full featured WAF inside a low powered IoT (ARM) device.
Once released, 3.1 will includes hundreds of commits since the first 3.0 release including fixes, improvements, and features added to the bleeding edge version of the de-facto open source WAF, libModSecurity. Among the numerous improvements, you'll find cleanups, better practices for improved code readability, resilience, overall performance, support for a few missing features, LuaJIT and a number of fixes to actions, transformations and other ModSecurity functionalities.
Last but not least, there's an improved user experience while reading the logs with a new API component. That API component allows the unique id informed on transactions, making it possible to match an id that it is already in use by the consuming application (the connector).
In case you missed, the ModSecurity team Felipe "Zimmerle" Costa (@zimmerle) and Victor Hora (@victorhora) have recently presented some of these experimental features at the BlackHat Asia Arsenal event in Singapore. We posted some pictures from the event on our Twitter page (@modsecurity). Our friends from the Daily Swig, have recently written a nice story about these new experimental features. Check it out here.
There are some other exciting features that we are also working to make ModSecurity even greater! Stay tuned! :)