From 9df6afce9cd9b99cdbdc97ef63a6496e842c6a68 Mon Sep 17 00:00:00 2001 From: b1v1r Date: Thu, 12 Mar 2009 06:12:22 +0000 Subject: [PATCH] Update CHANGES and fix invalid merge in doc. --- CHANGES | 4 ++++ doc/modsecurity2-apache-reference.xml | 9 --------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 19855158..a366b30e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ 05 Mar 2009 - 2.5.9 ------------------- + * Fixed parsing multipart content with a missing part header name which + would crash Apache. Discovered by "Internet Security Auditors" + (isecauditors.com). + * Added ability to specify the config script directly using --with-apr and --with-apu. diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index e69c7a60..4bd61ccf 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -5927,15 +5927,6 @@ SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" t:l being persisted. This keeps counter data consistent even if the counter was modified and persisted by another thread/process during the transaction. - - Please note that ModSecurity does not implement atomic updates of - persistent variables at this time. Variables are read from storage - whenever initcol is encountered in the rules and - persisted at the end of request processing. On busy servers requests - often run in parallel, leading to situations where one request - overwrites the changes made by another request. We anticipate - implementing atomic updates of counter values in a future - version.