Loading...
Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

ModSecurity v3.0.4 Released!

It is a pleasure to announce the release of ModSecurity version 3.0.4 (libModSecurity). This version contains a number of improvements in different areas. These include cleanups, better practices for improved code readability, resilience and overall performance and security fixes.

Improvement Highlights

  • A huge refactoring was placed on the Regex engine, which is now more performant.
  • The Logging was polished and hex-encoded strings are now pretty printed.
  • The operator to match Australian social security numbers was added.
  • The audit log is now working with section H and better dealing with logs, nologs and auditlogs combinations.
  • Please note that since this release includes security fixes we encourage everyone to upgrade at their earliest convenience.

The list with the full changes can be found on the project CHANGES file, available together with the release here:
https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.4/

Milestones

As with every new release, a milestone was created to host all the issues that will be fixed until we reach the given milestone. With that, we not only provide the community full transparency of the work that is being done on ModSecurity, but also even more chances to participate. 

Milestones give the chance to anyone from the community to deduce when and what will be released. You can view the milestones here: https://github.com/SpiderLabs/ModSecurity/milestones

Acknowledgments

Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on.

Further details on the compilation process for ModSecurity v3, can be found on the project README:
https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation

Complementary documentation for the connectors are available here:
nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation
Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation  

Recent SpiderLabs Blog Posts