The Apache Haus Forum

Forum Topics => Announcements => Topic started by: Gregg on December 11, 2018, 04:51:20 AM

Title: Mod Security 2.9.3 released
Post by: Gregg on December 11, 2018, 04:51:20 AM
It's been a long time since 2.9.2 came out and I was beginning to wonder about this module.

Changes in version 2.9.3;

 * Allow 0 length JSON requests.
 * Include unanmed JSON values in unnamed ARGS
 * Fix buffer size for utf8toUnicode transformation
 * Fix sanitizing JSON request bodies in native audit log format
 * Add sanity check for a couple malloc() and make code more resilient
 * Fix mpm-itk / mod_ruid2 compatibility
 * Code cosmetics: checks if actionset is not null before use it
 * Only generate SecHashKey when SecHashEngine is On
 * Docs: Reformat README to Markdown and update dependencies
 * good practices: Initialize variables before use it
 * Let body parsers observe SecRequestBodyNoFilesLimit
 * potential off by one in parse_arguments
 * Fix utf-8 character encoding conversion
 * Fix ip tree lookup on netmask content
 * modsecurity.conf-recommended: Fix spelling
 * Fix arabic charset in unicode_mapping file
 * Optionally preallocates memory when SecStreamInBodyInspection is on
 * Fixes SecConnWriteStateLimit
 * Added "empy chunk" check
 * Add capture action to @detectXSS operator
 * Adds missing headers

You can get your copy of the new module from our download page (