mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-11-16 17:41:52 +03:00
Update CHANGES
This commit is contained in:
Breno Silva
32
CHANGES
32
CHANGES
@@ -1,3 +1,35 @@
|
|||||||
|
28 Mar 2013 - 2.7.3
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
* Nginx is now RC quality. The rule engine should works for all phases.
|
||||||
|
We fixed many issues and missing features (for more information please check jira).
|
||||||
|
Code is running well with latest Nginx 1.2.7 stable.
|
||||||
|
Thanks chaizhenhua for your help.
|
||||||
|
|
||||||
|
* Added MULTIPART_NAME and MULTIPART_FILENAME. Should be used soon by CRS
|
||||||
|
and will help prevent attacks using multipart data.
|
||||||
|
|
||||||
|
* Added --enable-htaccess-config configure option. It will allow the follow directives
|
||||||
|
to be used into .htaccess files when AllowOverride Options is set:
|
||||||
|
|
||||||
|
- SecAction
|
||||||
|
- SecRule
|
||||||
|
|
||||||
|
- SecRuleRemoveByMsg
|
||||||
|
- SecRuleRemoveByTag
|
||||||
|
- SecRuleRemoveById
|
||||||
|
|
||||||
|
- SecRuleUpdateActionById
|
||||||
|
- SecRuleUpdateTargetById
|
||||||
|
- SecRuleUpdateTargetByTag
|
||||||
|
- SecRuleUpdateTargetByMsg
|
||||||
|
|
||||||
|
* Improvements in the ID duplicate code checking. Should be faster now.
|
||||||
|
|
||||||
|
* SECURITY: Added SecXmlExternalEntity (On|Off - default it Off) that will disable
|
||||||
|
by default the external entity load task executed by LibXml2. This is a security issue
|
||||||
|
reported by Timur Yunusov, Alexey Osipov (Positive Technologies).
|
||||||
|
|
||||||
21 Jan 2013 - 2.7.2
|
21 Jan 2013 - 2.7.2
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user