github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,273 Commits 55 Branches 109 Tags
b6d14b7fce80b3f686e0b31296b7d1ff9949b6fb
Commit Graph

2273 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Vierula
dfba4fd24a Version 2.9.6 v2.9.6 2022-09-07 13:36:13 -07:00
martinhsv
f034a34164 Merge pull request #2799 from martinhsv/v2/master 
Adjust parser activation rules in modsecurity.conf-recommended
 2022-09-07 15:01:53 -04:00
Martin Vierula
bb372850ac Adjust parser activation rules in modsecurity.conf-recommended 2022-09-07 11:43:54 -07:00
martinhsv
51a30d7b40 Merge pull request #2797 from martinhsv/v2/master 
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
 2022-09-07 14:22:54 -04:00
Martin Vierula
7a489bd07c Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 11:09:47 -07:00
martinhsv
e0ff7ed945 Merge pull request #2794 from martinhsv/v2/master 
Limit rsub null termination to where necessary
 2022-09-06 08:32:00 -04:00
Martin Vierula
d9df7f529e Limit rsub null termination to where necessary 2022-09-06 05:29:38 -07:00
Martin Vierula
592519f45d Correct previous CHANGES entry 2022-08-26 11:52:13 -07:00
Martin Vierula
46c1a0d62f IIS: Update dependencies for next planned release 2022-08-26 11:35:43 -07:00
martinhsv
ed60de97e6 Merge pull request #2789 from martinhsv/v2/master 
Fix a failing test.
 2022-08-20 18:34:22 -04:00
Martin Vierula
159cb4e93c Fix a failing test. 2022-08-20 15:24:37 -07:00
Erki Aring
45acae4330 Add APLOG_USE_MODULE to correctly mark log messages 2022-08-04 12:44:29 +03:00
Martin Vierula
9cb9309fdd Add CHANGES entries for recent merges 2022-06-08 15:55:25 -07:00
martinhsv
4136c4c46b Merge pull request #2760 from martinhsv/v2/master 
XML parser cleanup: NULL duplicate pointer
 2022-06-08 18:41:21 -04:00
Martin Vierula
dfbdaf8f31 XML parser cleanup: NULL duplicate pointer 2022-06-08 15:36:36 -07:00
martinhsv
fc8e5586e7 Merge pull request #2239 from microsoft/fix_malformed_xml_memory_leak 
Properly cleanup XML parser contexts upon completion
 2022-06-08 17:45:53 -04:00
martinhsv
dd2d3f74b6 Merge pull request #2715 from vloup/memory-leak-fix-2208 
Fix memory leak in streams
 2022-06-07 17:10:22 -04:00
martinhsv
08c051987c Merge branch 'v2/master' into memory-leak-fix-2208 2022-06-07 17:09:40 -04:00
martinhsv
5e1c1312a6 Merge pull request #2753 from martinhsv/v2/master 
Fix: negative usec on log line when data type long is 32b
 2022-06-07 13:41:40 -04:00
Martin Vierula
b5b4e2fdd1 Fix: negative usec on log line when data type long is 32b 2022-06-01 07:19:10 -07:00
Vincent Loup
bc8662b0d5 Fix memory leak in streams 2022-05-30 16:16:39 +02:00
martinhsv
03ec81d86f Merge pull request #2749 from martinhsv/v2/master 
mlogc log-line parsing fails due to enhanced timestamp
 2022-05-27 14:09:41 -04:00
Martin Vierula
f71498ceff mlogc log-line parsing fails due to enhanced timestamp 2022-05-27 11:05:37 -07:00
martinhsv
784693b61c Merge pull request #2735 from martinhsv/v2/master 
Allow no-key, single-value JSON body
 2022-05-03 15:58:43 -04:00
Martin Vierula
4a98032b7f Allow no-key, single-value JSON body 2022-05-03 12:34:03 -07:00
Martin Vierula
733427197e Set SecStatusEngine Off in modsecurity.conf-recommended 2022-04-19 10:07:36 -07:00
martinhsv
1dd1c6defd Merge pull request #2663 from martinhsv/v2/master 
Fix memory leak that occurs on JSON parsing error
 2021-12-29 10:03:45 -05:00
Martin Vierula
c6582df2e5 Fix memory leak that occurs on JSON parsing error 2021-12-29 06:46:25 -08:00
martinhsv
1d0ccc99c0 Merge pull request #2660 from martinhsv/v2/master 
Multipart names may include single quote if double-quote enclosed
 2021-12-22 14:23:32 -05:00
Martin Vierula
065dbe7e76 Multipart names may include single quote if double-quote enclosed 2021-12-22 10:37:03 -08:00
martinhsv
4fc4ba5c31 Merge pull request #2657 from martinhsv/v2/master 
Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
 2021-12-22 10:16:00 -05:00
Martin Vierula
60be05914c Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended 2021-12-21 06:30:28 -08:00
Martin Vierula
df4bffcdc8 IIS: Update dependencies for Windows build as of v2.9.5 2021-12-06 14:27:04 -08:00
Martin Vierula
860299971d Version 2.9.5 v2.9.5 2021-11-22 11:22:12 -08:00
martinhsv
683ba1f086 Merge pull request #2644 from martinhsv/v2/master 
Support configurable limit on depth of JSON parsing
 2021-11-18 20:49:28 -05:00
Martin Vierula
41918335fa Support configurable limit on depth of JSON parsing 2021-11-18 17:35:40 -08:00
EarlRoth
199cf5da91 Update README.md 2021-09-13 16:30:50 -06:00
martinhsv
f379aa149f Merge pull request #2593 from martinhsv/v2/master 
Add commented-out sample rule to engage JSON Processor for more subtypes
 2021-07-14 13:15:52 -04:00
martinhsv
8b2c869279 Add commented-out sample rule to engage JSON Processor for more subtypes 2021-07-12 09:29:38 -07:00
Felipe Zimmerle
b32cc1680c Version 2.9.4 
Increasing version to 2.9.4
v2.9.4 		2021-06-21 09:36:18 -03:00
Felipe Zimmerle
47a27fd3b7 iis: Having build scripts up2date 2021-06-21 09:36:10 -03:00
Felipe Zimmerle
29fd4a2856 Update README.md 2021-03-17 12:45:17 -03:00
Felipe Zimmerle
ba8119984a CHANGES: Adds info on: #2095 2021-01-15 15:15:11 -03:00
Rainer Jung
f80114a906 Add microsec timestamp resolution to the formatted log timestamp. 2021-01-15 15:11:14 -03:00
Felipe Zimmerle
40b98970c4 CHANGES: Adds info on: #890, #2049 2021-01-14 14:27:14 -03:00
John Lightsey
039b35029c Fix other usage of the global pool for request temporaries in re_operators.c 2021-01-14 14:23:39 -03:00
John Lightsey
e419b50fe7 Store temporaries in the request pool for regexes compiled per-request. 
The code for testing regexes with embedded Apache variables
(rule->re_precomp == 1) during request processing was utilizing the global
engine pool for the storage of temporary values. This approach is not
threadsafe, retains the temporary variables longer than they are usable,
and causes corruption of the global pool's "cleanups" linked-lists when
Apache is configured with a threaded MPM.
 2021-01-14 14:23:39 -03:00
Vladimir Krivopalov
6a5ec1ff7b Properly cleanup XML parser contexts upon completion 
It is currently possible that the XML parsing context is not properly
cleaned up if a parsed XML document is malformed.

This fix makes sure that the context is taken care of.

Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
 2020-01-14 11:15:33 -08:00
studersi
12cefbd70f Adds a sanity check before use ctl:ruleRemove(TargetById|TargetByMsg) 
This commit closes the issue #2033.
 2019-11-20 09:49:17 -03:00
Felipe Zimmerle
176276a931 Fix the order of error_msg validation 
Reported by @marcstern at #2128
 2019-07-10 14:52:46 -03:00