Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.0.7

From OWASP
Jump to: navigation, search

back to project home page

what is this release?
ModSecurity 2.0.7 - 06/4/2010 - (download)
Release Description:
  • Added CSRF Protection Ruleset which will use Content Injection to add javascript to specific outbound data and then validate the csrf token on subsequent requests.
  • Added new Application Defect Ruleset which will identify/fix missing HTTPOnly cookie flags.
  • Added Experimental XSS/Missing Output Escaping Ruleset which looks for user supplied data being echoed back to user unchanged.
  • Added rules-updater.pl script and configuration file to allow users to automatically download CRS rules from the CRS rules repository.
  • Added new SQLi keyword for ciel() and reverse() functions.
  • Updated the PHPIDS filters.
Release License: GNU General Public License - Version 2.0
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Main links:
Release Rating: Yellow button.JPG Not Reviewed - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.