ModSecurity v2.7.4 Released
Powered by iSpeech
ModSecurity™ is an open source, free web application firewall (WAF) Apache module. With over
70% of all attacks now carried out over the web application level, organizations need all the help
they can get in making their systems secure .
Changelog v2.7.4
Improvements
Added Libinjection project https://www.client9.com/projects/libinjection/ as a new operator
@detectSQLi. (Thanks Nick Galbreath).
Added new variable SDBM_DELETE_ERROR that will be set to 1 when sdbm engine
fails to delete entries.
NGINX is now set to STABLE. Thanks chaizhenhua and all the people in community
who help the project testing, sending feedback and patches.
Bug Fixes
Fixed SecRulePerfTime storing unnecessary rules performance times.
Fixed Possible SDBM deadlock condition.
Fixed Possible @rsub memory leak.
Fixed REMOTE_ADDR content will receive the client ip address when mod_remoteip.c
is present.
Fixed NGINX Audit engine in Concurrent mode was overwriting existing alert files
because a issue with UNIQUE_ID.
Fixed CPU 100% issue in NGINX port. This is also related to an memory leak when
loading response body.
Security Issues
Fixed Remote Null Pointer DeReference (CVE-2013-2765). When
forceRequestBodyVariable action is triggered and a unknown Content-Type is used,
mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however
msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI)
download : https://www.modsecurity.org/download/
Gloss