ModSecurity version 2.5.11 has been released.
Here are several changes in this release according to the CHANGES file included in the tarball.
- Added a new multipart flag, MULTIPART_INVALID_QUOTING, which will be set true if any invalid quoting is found during multipart parsing.
- Fixed parsing quoted strings in multipart Content-Disposition headers. Discovered by Stefan Esser.
- Cleanup persistence database locking code.
- Added warning during configure if libcurl is found linked against gnutls for SSL. The openssl lib is recommended as gnutls has proven to cause issues with mutexes and may crash.
- Cleanup some mlogc (over)logging.
- Do not log output filter errors in the error log.
- Moved output filter to run before other stock filters (mod_deflate, mod_cache, mod_expires, mod_filter) to avoid analyzing modified data in the response. Patch originally submitted by Ivan Ristic.
I’ve also updated my RPM spec file (for OpenSUSE 11.x).