github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-07 14:56:19 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update CHANGES

Browse Source
This commit is contained in:
brenosilva
2012-06-08 15:29:11 +00:00
parent 28621131a3
commit c5cc0bfa95
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@@ -1,4 +1,4 @@
XX NNN 2012 - 2.7.0-rc1 08 Jun 2012 - 2.7.0-rc1
------------------- -------------------
* Added SecEncryptionEngine. Initial crypt engine support, at the momment it will sign some Html * Added SecEncryptionEngine. Initial crypt engine support, at the momment it will sign some Html
@@ -88,10 +88,12 @@ XX NNN 2012 - 2.7.0-rc1
* Current Google Safe Browsing implementation is deprecated. Google changed the API and does not allow * Current Google Safe Browsing implementation is deprecated. Google changed the API and does not allow
anymore the malware database for download. anymore the malware database for download.
08 Jun 2012 - 2.6.6
-------------------
* In 2009, Stefan Esser published an evasion technique that relies on the use of single quotes and PHP. * In 2009, Stefan Esser published an evasion technique that relies on the use of single quotes and PHP.
The trick was treating a request parameter as a file. A patch was applied into ModSecurity 2.5.11 by Brian Rectanus. The trick was treating a request parameter as a file. A patch was applied into ModSecurity 2.5.11 by Brian Rectanus.
Ivan Ristic reported that the patch was imcomplete. We added extra checks for this evasion technique (MODSEC-312). Ivan Ristic reported that the patch was imcomplete. We added extra checks for this evasion.
20 Mar 2012 - 2.6.5 20 Mar 2012 - 2.6.5
------------------- -------------------