From b878ece6c6afb9483e4a80280801e07a7bd7d06f Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Tue, 27 Jun 2017 10:01:49 -0300 Subject: [PATCH] Version 2.9.2 Increasing version to 2.9.2 (final) --- CHANGES | 18 +++++++++++++++--- apache2/msc_release.h | 2 +- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 1bf23a38..715dc1a1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -DD MMM YYYY - 2.9.2 - To be released ------------------------------------- - +18 Jul 2017 - 2.9.2 +------------------- + + * IIS build refactoring and dependencies update + [Issue #1487 - @victorhora] * Best practice: Initialize msre_var pointers [Commit fbd57 - Allan Boll] * nginx: Obtain port from r->connection->local_sockaddr. @@ -44,6 +46,7 @@ DD MMM YYYY - 2.9.2 - To be released [Issue #1067 - Marc Stern] * {dis|en}able-dechunk-logging: Option to disable logging of dechunking in audit log when log level < 9. + [Issue #1068 - Marc Stern] * Updates libinjection to: da027ab52f9cf14401dd92e34e6683d183bdb3b4 [ModSecurity team] * {dis|en}able-handler-logging: Option to disable logging of Apache handler @@ -92,6 +95,15 @@ DD MMM YYYY - 2.9.2 - To be released * Treat APR_INCOMPLETE as APR_EOF while receiving the request body. [Issue #1060, #334 - Alexey Sintsov] + +Security issues + + * Allan Boll reported an uninitialized variable that may lead to a crash on + Windows platform. + * Brian Adeloye reported an infinite loop on the version of libinjection used + on ModSecurity 2.9.1. + + 09 Mar 2016 - 2.9.1 ------------------- diff --git a/apache2/msc_release.h b/apache2/msc_release.h index f2fe898d..dcfde11c 100644 --- a/apache2/msc_release.h +++ b/apache2/msc_release.h @@ -38,7 +38,7 @@ #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "9" -#define MODSEC_VERSION_MAINT "1" +#define MODSEC_VERSION_MAINT "2" #define MODSEC_VERSION_TYPE "" #define MODSEC_VERSION_RELEASE ""