Lokasi ngalangkungan proxy:   [ UP ]  
[Ngawartoskeun bug]   [Panyetelan cookie]                
Skip to content

Releases: owasp-modsecurity/ModSecurity

v3.0.16

Choose a tag to compare

@airween airween released this 29 Jun 16:40
v3.0.16
7ea9fef

Major changes in v3:

  • fix: wrong behavior in utf8toUnicode on i386 architecture
    [PR from private repo - @airween; fixed CVE-2026-52761]
  • fix: multipart/form-data request body parser invalidly handles \r and \n characters
    [PR from private repo - @sondt99, @dungNHVhust, @hnakamur, @airween; fixed CVE-2026-52747]
  • fix(lexer): rejection of '@' in ctl:ruleRemoveTarget actions
    [PR #3566, #3589 - @Jitterx69, @airween]
  • fix: cppcheck warnings with version 2.21.0
    [PR #3577 - @airween]
  • ci: pin Windows version in workflow
    [PR #3570 - @airween]
  • Alternative fix for @inspectFile: improved fork safety with multi-threaded tests (PR #3489)
    [PR #3552 - @Easton97-Jens]

v3.0.15

Choose a tag to compare

@airween airween released this 28 Apr 17:48
v3.0.15
0fb4aff

Major changes in v3:

Beside of these, there are many other changes in 3.0.15 - for more information please see CHANGES.

v2.9.13

Choose a tag to compare

@airween airween released this 28 Apr 18:09
v2.9.13
02eed22

Full list of changes:

v2.9.12

Choose a tag to compare

@airween airween released this 05 Aug 19:21
v2.9.12
18cae50

There is an improper error handling in previous versions, see CVE 2025-54571. This release includes a fix for it.

Full list of changes:

v2.9.11

Choose a tag to compare

@airween airween released this 01 Jul 20:07
v2.9.11
5615add

Changes in v2.9.11:

There is a DoS vulnerability in previous versions, see CVE 2025-52891. This release includes a fix for it.

Full list of changes:

  • fix: prevent segmentation fault if the XML node is empty
    [PR from private repo - @theseion, @fzipi, @RedXanadu, @airween; fixed CVE-2025-52891]
  • Plug memory leak when msre_op_validateSchema_execute() exits normally (validateSchema)
    [Issue #3401 - @nic-prgs]
  • chore: bump version in MSI installer.wxs
    [Issue #3400 - @airween]
  • Fix resource leaks in msc_status_engine_mac_address
    [Issue #3391 - @amezin]

v2.9.10

Choose a tag to compare

@airween airween released this 02 Jun 15:07
v2.9.10
0923377

Changes in v2.9.10:

There is a DoS vulnerability in previous versions, see CVE 2025-48866. This release includes a fix for it.

v2.9.9

Choose a tag to compare

@airween airween released this 21 May 19:49
a217cb1

Changes in v2.9.9:

There is a DoS vulnerability in previous versions, see CVE 2025-47947. This release includes a fix for it.

Special thanks to @theseion and @fzipi for their big help, and all other participants.

v3.0.14

Choose a tag to compare

@airween airween released this 25 Feb 14:32
v3.0.14
a555e5a

Major changes in v3:

  • changed t:htmlEntityDecode transformation; fixed CVE-2025-27110
  • add value checking to @validateByteRange operator
  • fixed build library on OSX without GeoIP brew package
  • aligned TIME_MON variable's behavior
  • Leverage std::make_unique & std::make_shared to create objects in the heap
  • Simplified handling of RuleMessage by removing usage of std::shared_ptr
  • Simplified constructors, copy constructors & assignment operators

For more information please see CHANGES.

v3.0.13

Choose a tag to compare

@airween airween released this 03 Sep 13:56
580fe19

Major changes in v3:

  • added Windows port
  • improved CI workflow
  • removed unnecessary string copy operations, improved engine speed - several PR's
  • fixed a bug in @pm operator
  • extended the C/C++ API

For more information please see CHANGES.

v2.9.8

Choose a tag to compare

@airween airween released this 03 Sep 13:07
v2.9.8
ad01611

Major changes in v2:

  • added a CI workflow
  • changed error log format
  • added a new MULTIPART HEADER check
  • fixed many potential memory leaks and other potential memory handling problems

For more information please see CHANGES.