logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: ModSecurity 1.9.3 released
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3046
Location: Hilversum, NL, EU

PostPosted: Wed 12 Apr '06 21:07    Post subject: ModSecurity 1.9.3 released Reply with quote

ModSecurity 1.9.3 has been released. The Win32 binary is available for immediate download here from the Apache Lounge

Changes since 1.9.2:

* Fixed malformed serial audit log entry problem.
* Strict checking of what is supplied for the "severity" action.
* Prettier output in the logs (text instead of numbers).
* Improved detection of the response protocol version.
* Improved the internal chroot feature to work with mod_fastcgi, mod_fcgi, mod_cgid (testers welcome).
* Response headers are now escaped in the concurrent audit log.
* New action: logparts (adjust the audit log parts setting).
* Added support for multiple messages per transaction.
* Added SCRIPT_BASENAME, REQUEST_BASENAME.
* Implemented variable caching to reduce memory consumption. Large memory savings can be achived but only when the rule set is significantly large. Not noticable for "normal" installations.
* Fixed the "Server" trailer message in the concurrent audit log.
* Removed the extra newline added to the index file by the ncurrent audit logger.
* Fixed a problem in the action list parser which caused parsing to stop after any action with a quoted parameter.
* (Apache 2.x only) Fixed a response buffering problem that manifested as partial loss of output when virtual subrequests are used (it is the output from the virtual subrequests that would be lost).
* Deprecated DynamicOnly because it is inherently difficult to use and often unpredictable.

Steffen
Back to top


Reply to topic   Topic: ModSecurity 1.9.3 released View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules