It is a pleasure to announce the release of ModSecurity version 3.0.4 (libModSecurity). This version contains a number of improvements in different areas. These include cleanups, better practices for improved code readability, resilience and overall performance and security fixes.
Improvement Highlights
- A huge refactoring was placed on the Regex engine, which is now more performant.
- The Logging was polished and hex-encoded strings are now pretty printed.
- The operator to match Australian social security numbers was added.
- The audit log is now working with section H and better dealing with logs, nologs and auditlogs combinations.
- Please note that since this release includes security fixes we encourage everyone to upgrade at their earliest convenience.
The list with the full changes can be found on the project CHANGES file, available together with the release here:
https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.4/
Milestones
As with every new release, a milestone was created to host all the issues that will be fixed until we reach the given milestone. With that, we not only provide the community full transparency of the work that is being done on ModSecurity, but also even more chances to participate.
Milestones give the chance to anyone from the community to deduce when and what will be released. You can view the milestones here: https://github.com/SpiderLabs/ModSecurity/milestones
Acknowledgments
Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on.
Further details on the compilation process for ModSecurity v3, can be found on the project README:
https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation
Complementary documentation for the connectors are available here:
nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation
Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation
