Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.2.0

{{Template: {{{1}}} Release About
 * project_name = OWASP ModSecurity Core Rule Set Project
 * project_home_page = :Category:OWASP ModSecurity Core Rule Set Project


 * release_name = ModSecurity 2.2.8
 * release_date = 06/30/2013
 * release_description =

Version 2.2.8 - 06/30/2013
Security Fixes:

Improvements: - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43 - http://seclists.org/fulldisclosure/2013/Jun/21 - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-for-plesk-vulnerability-.html
 * Updatd the /util directory structure
 * Added scripts to check Rule ID duplicates
 * Added script to remove v2.7 actions so older ModSecurity rules will work
 * Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope)

Bug Fixes: - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18
 * fix 950901 - word boundary added
 * fix regex error
 * Updated the Regex in 981244 to include word boundaries
 * Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2
 * ModSecurity: No action id present within the rule - ignore_static.conf
 * "Bad robots" rule blocks all Java applets on Windows XP machines
 * duplicated rules id 981173


 * release_license = Apache Software License v2 (ASLv2)


 * release_download_link = https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/2.2.8


 * leader_name1 = Ryan Barnett
 * leader_email1 = Ryan.Barnett@owasp.org
 * leader_username1 = Rcbarnett


 * release_notes = http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_ModSecurity_2.2.0_-_Notes

}}