github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-10 00:02:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

update CHANGES

Browse Source
This commit is contained in:
brenosilva
2012-06-01 20:52:19 +00:00
parent 14156d831b
commit 480af9375d
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGES
View File

@@ -30,7 +30,7 @@ XX NNN 2012 - 2.7.0-rc1
* Added SecRuleUpdateTargetByTag and its ctl version (Thanks Scott Gifford). * Added SecRuleUpdateTargetByTag and its ctl version (Thanks Scott Gifford).
* Added SecRulePerfTime when greater than zero it will fill rule id's execution time into PERF_RULE * Added SecRulePerfTime when greater than zero it will fill rule id's execution time into PERF_RULE
and log id=usec information in the new Perf-rule-info: line in part H. and log id=usec information in the new Perf-rule-info: line in part H.
* Added PERF_RULES variable that contains rule execution time. * Added PERF_RULES variable that contains rule execution time.
@@ -71,7 +71,7 @@ XX NNN 2012 - 2.7.0-rc1
client ip address. client ip address.
* Fixed Variable DURATION contains the elapsed time in microseconds for compatible reasons with apache and * Fixed Variable DURATION contains the elapsed time in microseconds for compatible reasons with apache and
other variables. other variables.
* Fixed Preserve names/identity of the variables going into MATCHED_VARS. * Fixed Preserve names/identity of the variables going into MATCHED_VARS.
@@ -80,7 +80,12 @@ XX NNN 2012 - 2.7.0-rc1
* Fixed rsub operator does not work as expect if regex contains parentheses (Thanks Jerome Freilinger). * Fixed rsub operator does not work as expect if regex contains parentheses (Thanks Jerome Freilinger).
* Current Google Safe Browsing implementation is deprecated. Google changed the API and does not allow * Current Google Safe Browsing implementation is deprecated. Google changed the API and does not allow
anymore the malware database for download. anymore the malware database for download.
* In 2009, Stefan Esser published an evasion technique that relies on the use of single quotes and PHP.
The trick was treating a request parameter as a file. A patch was applied into ModSecurity 2.5.11 by Brian Rectanus.
Ivan Ristic reported that the patch was imcomplete. We added extra checks for this evasion technique (MODSEC-312).
20 Mar 2012 - 2.6.5 20 Mar 2012 - 2.6.5
------------------- -------------------