It's been a long time since 2.9.2 came out and I was beginning to wonder about this module.
Changes in version 2.9.3;
* Allow 0 length JSON requests.
* Include unanmed JSON values in unnamed ARGS
* Fix buffer size for utf8toUnicode transformation
* Fix sanitizing JSON request bodies in native audit log format
* Add sanity check for a couple malloc() and make code more resilient
* Fix mpm-itk / mod_ruid2 compatibility
* Code cosmetics: checks if actionset is not null before use it
* Only generate SecHashKey when SecHashEngine is On
* Docs: Reformat README to Markdown and update dependencies
* good practices: Initialize variables before use it
* Let body parsers observe SecRequestBodyNoFilesLimit
* potential off by one in parse_arguments
* Fix utf-8 character encoding conversion
* Fix ip tree lookup on netmask content
* modsecurity.conf-recommended: Fix spelling
* Fix arabic charset in unicode_mapping file
* Optionally preallocates memory when SecStreamInBodyInspection is on
* Fixes SecConnWriteStateLimit
* Added "empy chunk" check
* Add capture action to @detectXSS operator
* Uses LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH
* Adds missing headers
You can get your copy of the new module from our download page (http://www.apachehaus.com/cgi-bin/download.plx).