Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.2.0

Revision as of 17:25, 26 May 2011 by Rcbarnett (talk | contribs)

Jump to: navigation, search

back to project home page

what is this release?
ModSecurity 2.2.0 - 05/26/2011 - (download)
Release Description:
  • Improvements:

- Changed Licensing from GPLv2 to Apache Software License v2 (ASLv2) - Created new INSTALL file outlining quick config setup - Added a new rule regression testing framework to the /util directory - Added new activated_rules directory which will allow users to place symlinks pointing to files they want to run. This allows for easier Apache Include wild-carding - Adding in new RULE_MATURITY and RULE_ACCURACY tags - Adding in a check for X-Forwarded-For source IP when creating IP collection - Added new Application Defect checks (55 app defect file) from Watcher tool (Check Charset) - Added new AppSensor rules to experimental_dir - Added new Generic Malicious JS checks in outbound content - Added experimental IP Forensic rules to gather Client hostname/whois info - Added support for Mozilla's Content Security Policy (CSP) to the experimental_rules - Global collection in the 10 file now uses the Host Request Header as the collection key. This allows for per-site global collections. - Added new SpiderLabs Research (SLR) rules directory (slr_rules) for known vulnerabilties. This includes both converted web rules from Emerging Threats (ET) and from SLR Team. - Added new SLR rule packs for known application vulns for WordPress, Joomla and phpBB - Added experimental rules for detecting Open Proxy Abuse - Added experimental Passive Vulnerability Scanning ruleset using OSVDB and Lua API - Added additional URI Request Validation rule to the 20 protocol violations file (Rule ID - 981227) - Added new SQLi detection rules (959070, 959071 and 959072) - Added "Toata dragostea mea pentru diavola" to the malicious User-Agent data

  • Bug Fixes:

- Assigned IDs to all active SecRules/SecActions - Removed rule inversion (!) from rule ID 960902 - Fixed false negative issue in Response Splitting Rule - Fixed false negative issue with @validateByteRange check - Updated the TARGETS lising for rule ID 950908 - Updated TX data for REQBODY processing - Changed the pass action to block in the RFI rules in the 40 generic file - Updated RFI regex to catch IP address usage in hostname - Changed REQUEST_URI_RAW variable to REQUEST_LINE in SLR rules to allow matches on request methods. - Updated the RFI rules in the 40 generic attacks conf file to remove explicit logging actions. They will now inherit the settings from the SecDefaultAction

Release License: Apache Software License v2 (ASLv2)
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Release Rating: Yellow button.JPG Not Reviewed - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.