ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00

Author	SHA1	Message	Date
Martin Vierula	503804beb5	Add CHANGES entry for previous PR	2022-12-05 07:27:14 -08:00
Martin Vierula	af860e2eef	Support comments in ipMatchFromFile file via '#' token	2022-12-01 11:19:26 -08:00
Martin Vierula	07514f9779	Add CHANGES entry for previous PR	2022-11-20 08:31:15 -08:00
Martin Vierula	398e174234	Add CHANGES entry for previous PR	2022-11-11 12:07:06 -08:00
Martin Vierula	791964a0ea	During configure, do not check for pcre if pcre2 specified	2022-11-10 07:50:52 -08:00
Martin Vierula	de01b02731	Add CHANGES entry for previous commmit	2022-10-14 10:37:35 -07:00
Martin Vierula	e9a7ba4a60	Fix two rule-reload memory leak issues	2022-09-15 16:27:25 -07:00
Martin Vierula	53cf6eb6bf	Correct whitespace handling for Include directive	2022-09-14 12:27:21 -07:00
Martin Vierula	8f06f9bd39	CHANGES: Preparing for next version	2022-09-12 14:09:53 -07:00
Martin Vierula	996c7e1e1f	Change release version to v3.0.8	2022-09-07 11:53:30 -07:00
Martin Vierula	622eb9e6c8	Adjust parser activation rules in modsecurity.conf-recommended	2022-09-07 08:49:56 -07:00
Martin Vierula	fa6e41857d	Multipart parsing fixes and new MULTIPART_PART_HEADERS collection	2022-09-07 06:29:20 -07:00
Martin Vierula	36a2231a7c	Add CHANGES entry for previous commit	2022-08-29 12:34:38 -07:00
Martin Vierula	af27018ded	Fix msc_transaction_cleanup function comment typo	2022-08-27 10:41:18 -07:00
Martin Vierula	b41139acd6	Fix: MULTIPART_INVALID_PART connected to wrong internal variable	2022-08-17 16:15:06 -07:00
Martin Vierula	d2a1080db2	Add CHANGES for previous commit	2022-06-13 14:59:27 -07:00
Martin Vierula	a41fc30db7	CHANGES: Preparing for next version	2022-06-13 12:04:52 -07:00
Martin Vierula	1bdd047400	Change release version to v3.0.7	2022-05-30 06:29:36 -07:00
Martin Vierula	841c06a9f3	Correct CHANGES entry for previous commit	2022-05-20 08:19:08 -07:00
Martin Vierula	0362af4db4	Move PCRE2 match block from member variable	2022-05-20 06:58:31 -07:00
Martin Vierula	770662c0da	Add CHANGES entry for previous commit	2022-05-17 13:36:43 -07:00
Martin Vierula	76c0c864e8	Add CHANGES entry for previous commit	2022-05-05 16:22:54 -07:00
Martin Vierula	0b6bd39a52	Add CHANGES entry for previous merge	2022-04-29 11:29:28 -07:00
Martin Vierula	0be89cc15e	Correct CHANGES entry for previous merge	2022-04-26 19:40:39 -07:00
Martin Vierula	f7f8a9827f	Fix initcol error message wording	2022-04-26 16:40:03 -07:00
Martin Vierula	6e56950cdf	Tolerate other parameters after boundary in multipart C-T	2022-04-26 11:17:46 -07:00
Martin Vierula	3975f0f8fa	Fix minor CHANGES typos	2022-04-21 12:33:24 -07:00
Martin Vierula	1aa7616c18	Add DebugLog message for bad pattern in rx operator	2022-04-21 11:16:01 -07:00
Martin Vierula	f84614fe06	Support PCRE2	2022-04-13 10:44:56 -07:00
Martin Vierula	5519f6cfae	Update CHANGES for SecRequestBodyNoFilesLimit impl	2022-02-25 09:40:29 -08:00
Martin Vierula	378e31c79b	CHANGES: Adds info about #2602	2022-02-09 09:16:42 -08:00
Martin Vierula	4e37985b22	Update CHANGES file for recent commits	2022-01-26 19:09:12 -08:00
Martin Vierula	3ee6e108d6	Fix multiMatch msg, etc, population in audit log	2022-01-14 09:25:07 -08:00
Martin Vierula	1a965a49ad	Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc.	2022-01-04 11:47:18 -08:00
Martin Vierula	76ce6739bf	Correct previous CHANGES update	2021-12-30 09:55:44 -08:00
Martin Vierula	630b1e0a46	CHANGES: Adds info about #2635	2021-12-30 09:47:53 -08:00
Martin Vierula	f34b49f666	Multipart names may include single quote if double-quote enclosed	2021-12-23 08:02:43 -08:00
Martin Vierula	0275c8847b	Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended	2021-12-21 06:18:53 -08:00
Martin Vierula	13e8be83c5	CHANGES: Preparing for next version	2021-12-20 06:38:45 -08:00
Martin Vierula	c3d7f4b560	Change release version to v3.0.6	2021-11-19 11:23:27 -08:00
Martin Vierula	ac79c1c29b	Support configurable limit on depth of JSON parsing	2021-11-15 18:51:25 -08:00
Felipe Zimmerle	873a94a73f	CHANGES: Preparing for a next version	2021-07-09 10:21:10 -03:00
Felipe Zimmerle	bf881a4eda	Change release version to v3.0.5	2021-07-07 10:13:14 -03:00
martinhsv	cd5fba8974	Handle URI received with uri-fragment	2021-07-05 14:51:21 -03:00
Felipe Zimmerle	9764b1fb3b	CHANGES: Fix entry for ARGS_NAMES	2021-01-25 14:59:17 -03:00
Dmitri Toubelis	102f4bdd91	Make the `configure` step more reliable Iyt appears that in cross compile environments the location of the "current" directory cannot be assumed. This fix makes it explicit.	2021-01-25 09:26:51 -03:00
martinhsv	fbea73120c	Fix: FILES variable does not use multipart part name for key	2021-01-24 15:06:30 -03:00
Felipe Zimmerle	f1f2527c03	Using setenv instead of putenv on SetEnv action	2021-01-24 14:59:59 -03:00
Felipe Zimmerle	e6bdadeb69	tests: Prints test number on segfault	2021-01-13 13:38:38 -03:00
Felipe Zimmerle	f18595f428	Makes regular expression selection on collections key case insensitive This issue was initially reported by @michaelgranzow-avi on #2296. @airween made an initial attempt to provide a fixed at #2107; As a consequence of the pull request review - provided by @victorhora, @zimmerle, and @michaelgranzow-avi - @airween made a second attempt at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed the essential pieces from @airween patch into this one. This patch differs from @airween's because @airween's patches were partially working: Key exclusions with regex weren't covered, same for anchored variables (e.g. ARGS). During the review, I have highlighted the importance of having elementary test cases. A simple test case on ARGS could spot the issue. Since that is an important fix, I don't want to hold this for one more review cycle; therefore, I am committing the fix myself. Thank you all involved in the solution of this very own issue.	2020-12-10 10:05:07 -03:00

1 2 3 4 5 ...

592 Commits