Security Resources

Software Updates

Announcing ModSecurity version 3.0.9

We are announcing the release of ModSecurity version 3.0.9 (libModSecurity). This version contains a mixture of enhancements and bug fixes.

Security issue

In some configurations with certain inputs, this bug could result in a segfault and a resultant crash of a worker process. A large volume of such requests sent very quickly could lead to the server becoming slow or unresponsive to legitimate requests. This item has been assigned CVE-2023-28882.

Enhancements and bug fixes

Additional information on the release, including the source (and hashes/signatures), is available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.9

The list of open issues is available on GitHub: https://github.com/SpiderLabs/ModSecurity/issues

Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches, etc.