Security Resources

Software Updates

Announcing ModSecurity version 3.0.7

New Features

PCRE2 is now available as an option in libModSecurity. Initially, this functionality will mostly be of interest to those already wishing to use a version of nginx that both supports PCRE2 and uses it by default. Some notes on version compatibility between ModSecurity, ModSecurity-nginx, and nginx are available at #2719 .

The SecRequestBodyNoFilesLimit configuration directive was already present in modsecurity.conf-recommended but was not functional. The value specified via this directive is now respected by the processing, so users may wish to review the current value of their setting when upgrading to v3.0.7.

Support for the ctl:auditEngine action has been added with functionality comparable to v2: it allows a transaction-level override of the value normally specified by the SecAuditEngine configuration directive.

Bug fixes


Additional information on the release, including the source and binaries (and hashes/signatures), is available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.7

The list of open issues is available on GitHub: https://github.com/SpiderLabs/ModSecurity/issues

Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches, etc.