Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Transformation Caching Unstable, Fixed, But Deprecated

We have just released ModSecurity 2.5.6 to address several issues with transformation caching: the subsystem is unstable, can crash your server server, and is even susceptible to evasion in certain circumstances. Although the issues have all been fixed in 2.5.6 we have decided to deprecate the entire subsystem because there has been too many problems with it. If you are using the 2.5.x branch of ModSecurity you are advised to turn transformation caching off (it is on by default until 2.5.6) until you upgrade. You can do this with:

SecCacheTransformations Off

On the positive side, ModSecurity 2.5.6 is the first version to use the previously discussed licensing exception, which allows ModSecurity to be combined with other open source projects.