ModSecurity

ModSecurity 2.7.3

Milestone information

Project:: ModSecurity

Series:: 2.7

Version:: 2.7.3

Released:: 2013-03-28

Registrant:: Tim Perkins

Release registered:: 2013-04-23

Active:: No. Drivers cannot target bugs and blueprints to this milestone.

Download RDF metadata

Activities

Assigned to you:: No blueprints or bugs assigned to you.

Assignees:: No users assigned to blueprints and bugs.

Blueprints:: No blueprints are targeted to this milestone.

Bugs:: No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File	Description	Downloads
modsecurity-2.7.3.tar.gz (md5)	revno:1048	113 last downloaded 50 weeks ago
Total downloads:		113

Release notes

revno:1048

Changelog

View the full changelog

28 Mar 2013 - 2.7.3
-------------------

* Fixed IIS version race condition when module is initialized.

* Fixed IIS version failing config commands in libapr.

  * Nginx version is now RC quality. The rule engine should works for all phases.
    We fixed many issues and missing features (for more information please check jira).
    Code is running well with latest Nginx 1.2.7 stable.
    Thanks chaizhenhua for your help.

* Added MULTIPART_NAME and MULTIPART_FILENAME. Should be used soon by CRS
and will help prevent attacks using multipart data.

* Added --enable-htaccess-config configure option. It will allow the follow directives
to be used into .htaccess files when AllowOverride Options is set:

- SecAction
- SecRule

        - SecRuleRemoveByMsg
        - SecRuleRemoveByTag
        - SecRuleRemoveById

        - SecRuleUpdateActionById
        - SecRuleUpdateTargetById
        - SecRuleUpdateTargetByTag
        - SecRuleUpdateTargetByMsg

* Improvements in the ID duplicate code checking. Should be faster now.

  * SECURITY: Added SecXmlExternalEntity (On|Off - default it Off) that will disable
    by default the external entity load task executed by LibXml2. This is a security issue
    reported by Timur Yunusov, Alexey Osipov (Positive Technologies).

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

Related milestones and releases

This milestone contains Public information

Everyone can see this information.