Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.2.0

De OWASP
Saltar a: navegación, buscar

back to project home page

what is this release?
ModSecurity 2.2.8 - 06/30/2013 - (download)
Release Description: == Version 2.2.8 - 06/30/2013 ==

Security Fixes:

Improvements:

  • Updatd the /util directory structure
  • Added scripts to check Rule ID duplicates
  • Added script to remove v2.7 actions so older ModSecurity rules will work
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43
  • Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope)
 - http://seclists.org/fulldisclosure/2013/Jun/21
 - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-for-plesk-vulnerability-.html


Bug Fixes:

  • fix 950901 - word boundary added
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48
  • fix regex error
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44
  • Updated the Regex in 981244 to include word boundaries
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36
  • Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34
  • ModSecurity: No action id present within the rule - ignore_static.conf
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17
  • "Bad robots" rule blocks all Java applets on Windows XP machines
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16
  • duplicated rules id 981173
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18
Release License: Apache Software License v2 (ASLv2)
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Release Rating: Projects/OWASP ModSecurity Core Rule Set Project/GPC/Assessment/ModSecurity 2.2.8
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.