ModSecurity 2.5.11

ModSecurity version 2.5.11 has been released.

Here are several changes in this release according to the CHANGES file included in the tarball.

  • Added a new multipart flag, MULTIPART_INVALID_QUOTING, which will be set true if any invalid quoting is found during multipart parsing.
  • Fixed parsing quoted strings in multipart Content-Disposition headers. Discovered by Stefan Esser.
  • Cleanup persistence database locking code.
  • Added warning during configure if libcurl is found linked against gnutls for SSL.  The openssl lib is recommended as gnutls has proven to cause issues with mutexes and may crash.
  • Cleanup some mlogc (over)logging.
  • Do not log output filter errors in the error log.
  • Moved output filter to run before other stock filters (mod_deflate, mod_cache, mod_expires, mod_filter) to avoid analyzing modified data in the response.  Patch originally submitted by Ivan Ristic.

I’ve also updated my RPM spec file (for OpenSUSE 11.x).

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s