github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Sync up branches/2.5.x and trunk.

Browse Source
This commit is contained in:
brectanus
2008-07-31 22:36:24 +00:00
parent 9c6b267447
commit 10713fbd37
46 changed files with 1318 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
CHANGES
View File

@@ -1,33 +1,61 @@
31 Jul 2008 - trunk
=======
16 Jul 2008 - trunk
* Implement cssDecode.
* Persistent counter updates are now atomic.
31 Jul 2008 - 2.5.6
-------------------
* Transformation caching has been deprecated, and is now off by default. We
now advise against using transformation caching in production.
* Fixed two separate transformation caching issues that could cause incorrect
content inspection in some circumstances.
* Fixed an issue with the transformation cache using too much RAM, potentially
crashing Apache with a large number of cache entries. Two new configuration
options have been added to allow for a finer control of caching:
maxitems: Max number of items to cache (default 1024)
incremental: Whether to cache incrementally (default off)
* Implement cssDecode.
* Added an experimental regression testing suite. The regression suite may
be executed via "make test-regression", however it is strongly advised
to only be executed on a non-production machine as it will startup the
Apache web server that ModSecurity is compiled against with various
configurations in which it will run tests.
* Persistent counter updates are now atomic.
* Added a licensing exception so that ModSecurity can be used in a derivative
work when that derivative is also under an approved open source license.
* Updated mlogc to version 1.4.5 which adds a LockFile directive and fixes an
issue in which the configuration file may be deleted.
05 Jun 2008 - 2.5.5
-------------------
* Fixed an issue where an alert was not logged in the error log
unless "auditlog" was used.
* Fixed an issue where an alert was not logged in the error log
unless "auditlog" was used.
* Enable the "auditlog" action by default to help prevent a misconfiguration.
The new default is now: "phase:2,log,auditlog,pass"
* Enable the "auditlog" action by default to help prevent a misconfiguration.
The new default is now: "phase:2,log,auditlog,pass"
* Improve request body processing error messages.
* Improve request body processing error messages.
* Handle lack of a new line after the final boundary in a multipart request.
This fixes the reported WordPress Flash file uploader problem.
* Handle lack of a new line after the final boundary in a multipart request.
This fixes the reported WordPress Flash file uploader problem.
* Fixed issue with multithreaded servers where concurrent XML processing
could crash the web server (at least under Windows).
* Fixed issue with multithreaded servers where concurrent XML processing
could crash the web server (at least under Windows).
* Fixed blocking in phase 3.
* Fixed blocking in phase 3.
* Force modules "mod_rpaf-2.0.c" and "mod_custom_header.c" to run before
ModSecurity so that the correct IP is used.
* Force modules "mod_rpaf-2.0.c" and "mod_custom_header.c" to run before
ModSecurity so that the correct IP is used.
07 May 2008 - 2.5.4