Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: ModSecurity 2.5.5 Released |
|
| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3059
Location: Hilversum, NL, EU
|
 Posted: Fri 06 Jun '08 20:34 Post subject: ModSecurity 2.5.5 Released |
 |
|
ModSecurity 2.5.5 was released. This release contains a number of important fixes. It is highly recommended that all current 2.5 users upgrade to 2.5.5.
* Fixed an issue where an alert was not logged in the error log unless "auditlog" was used.
* Enable the "auditlog" action by default to help prevent a misconfiguration. The new default is now: "phase:2,log,auditlog,pass"
* Improve request body processing error messages.
* Handle lack of a new line after the final boundary in a multipart request. This fixes the reported WordPress Flash file uploader problem.
* Fixed issue with multithreaded servers where concurrent XML processing could crash the web server (at least under Windows).
* Fixed blocking in phase 3.
* Force modules "mod_rpaf-2.0.c" and "mod_custom_header.c" to run before ModSecurity so that the correct IP is used.
Steffen |
|
| Back to top |
|
|
|
|
|
|
