mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 21:36:00 +03:00
170 lines
6.4 KiB
Plaintext
170 lines
6.4 KiB
Plaintext
v3.0.3 - YYYY-MMM-DD (to be released)
|
|
-------------------------------------
|
|
|
|
- Fix variable FILES_TMPNAMES
|
|
[Issue #1646, #1610 - @victorhora, @zimmerle, @defanator]
|
|
- Fix memory leak in Collections
|
|
[Issue #1729, #1730 - @@defanator]
|
|
|
|
|
|
v3.0.2 - 2018-Apr-03
|
|
--------------------
|
|
|
|
- Fix lib version information while generating the .so file
|
|
[@gl1f1v21, @zimmerle]
|
|
|
|
v3.0.1 - 2018-Apr-02
|
|
--------------------
|
|
|
|
- Adds support for ctl:ruleRemoveByTag
|
|
[@zimmerle, @weliu]
|
|
- Fix SecUploadDir configuration merge
|
|
[Issue #1720 - @zimmerle, @gjvanetten]
|
|
- Include all prerequisites for "make check" into dist archive
|
|
[Issue #1716 - @defanator]
|
|
- Fix: Reverse logic of checking output in @inspectFile
|
|
[Issue #1715 - @defanator]
|
|
- Adds support to libMaxMind
|
|
[Issue #1307 - @zimmerle, @defanator]
|
|
- Adds capture action to detectXSS
|
|
[Issue #1698 - @victorhora]
|
|
- Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator
|
|
[Issue #1701 - @victorhora]
|
|
- Adds capture action to detectSQLi
|
|
[Issue #1698 - @zimmerle]
|
|
- Adds capture action to rbl
|
|
[Issue #1698 - @zimmerle]
|
|
- Adds capture action to verifyCC
|
|
[Issue #1698 - @michaelgranzow-avi, @zimmerle]
|
|
- Adds capture action to verifySSN
|
|
[Issue #1698 - @zimmerle]
|
|
- Adds capture action to verifyCPF
|
|
[Issue #1698 - @zimmerle]
|
|
- Prettier error messages for unsupported configurations (UX)
|
|
[@victorhora]
|
|
- Add missing verify*** transformation statements to parser
|
|
[Issue #1006 and #1007 - @victorhora]
|
|
- Fix a set of compilation warnings
|
|
[Issue #1650 - @zimmerle, @JayCase]
|
|
- Check for disruptive action on SecDefaultAction.
|
|
[Issue #1614 - @zimmerle, @michaelgranzow-avi]
|
|
- Fix block-block infinite loop.
|
|
[Issue #1614 - @zimmerle, @michaelgranzow-avi]
|
|
- Correction remove_by_tag and remove_by_msg logic.
|
|
[Issue #1636 - @Minasu]
|
|
- Fix LMDB compile error
|
|
[Issue #1691 - @airween]
|
|
- Fix msc_who_am_i() to return pointer to a valid C string
|
|
[Issue #1640 - @defanator]
|
|
- Added some cosmetics to autoconf related code
|
|
[Issue #1652 - @airween]
|
|
- Fix "make dist" target to include necessary headers for Lua
|
|
[Issue #1678 - @defanator]
|
|
- Fix "include /foo/*.conf" for single matched object in directory
|
|
[Issue #1677 - @defanator, @zimmerle]
|
|
- Add missing Base64 transformation statements to parser
|
|
[Issue #1632 - @victorhora, @zimmerle]
|
|
- Fixed resource load on ip match from file
|
|
[#1674 - @zimmerle, @StefaanSeys]
|
|
- Fixed examples compilation while using disable-shared
|
|
[#1670 - @zimmerle, @ivanbaldo]
|
|
- Fixed compilation issue while xml is disabled
|
|
[0x243028 - @zimmerle]
|
|
- Having LDADD and LDFLAGS organized on Makefile.am
|
|
[0xd0e85e - @zimmerle]
|
|
- Checking std::deque size before use it
|
|
[0x217cbf - @zimmerle, Yaron Dayagi]
|
|
- perf improvement: Added the concept of RunTimeString and removed
|
|
all run time parser.
|
|
[0x3eae51 0x0320e0 0xb5688f 0xfe47a9 0xfa9842 0x1affc3 0x079de4
|
|
0xc7c04f 0x5262ea 0x01974a 0xd5ee1e - @zimmerle]
|
|
- perf improvement: Checks debuglog level before format debug msg
|
|
[0x42ee9 - @zimmerle]
|
|
- perf. improvement/rx: Only compute dynamic regex in case of macro
|
|
[0x91ff3 - @zimmerle]
|
|
- Fix uri on the benchmark utility
|
|
[0x63bec - @zimmerle]
|
|
- disable Lua on systems with liblua5.1
|
|
[Issue #1639 - @victorhora, @defanator]
|
|
|
|
v3.0.0 - 2017-Dec-13
|
|
--------------------
|
|
|
|
- Improvements on LUA build scripts and support for LUA 5.2.
|
|
[Issue #1617 and #1622 - @victorhora, @zimmerle]
|
|
- Fix compilation error with disable_debug_log flag
|
|
[0xfd84e - Izik Abramov]
|
|
- Improvements on the benchmark tool.
|
|
[Issue #1615 - @zimmerle]
|
|
- Fix lua headers on the build scripts
|
|
[Issue #1621 - @Minasu]
|
|
- Refactoring on the JSON parser.
|
|
[Issue #1576, #1577 - Tobias Gutknecht, @zimmerle, @victorhora, @marcstern]
|
|
- Adds support to WEBAPPID variable.
|
|
[Issue #1027 - @zimmerle, @victorhora]
|
|
- Adds support for SecWebAppId.
|
|
[Issue #1442 - @zimmerle, @victorhora]
|
|
- Adds support for SecRuleRemoveByTag.
|
|
[Issue #1476 - @zimmerle, @victorhora]
|
|
- Adds support for update target by message.
|
|
[Issue #1474 - @zimmerle, @victorhora]
|
|
- Adds support to SecRuleScript directive.
|
|
[Issue #994 - @zimmerle]
|
|
- Adds support for the exec action.
|
|
[Issue #1050 - @zimmerle]
|
|
- Adds support for transformations inside Lua engine
|
|
[Issue #994 - @zimmerle]
|
|
- Adds initial support for Lua engine.
|
|
[Issue #994 - @zimmerle]
|
|
- Adds support for @inspectFile operator.
|
|
[Issue #999 - @zimmerle, @victorhora]
|
|
- Adds support for RESOURCE variable collection.
|
|
[Issue #1014 - @zimmerle, @victorhora]
|
|
- Adds support for @fuzzyHash operator.
|
|
[Issue #997 - @zimmerle]
|
|
- Fix build on non x86 arch build
|
|
[Issue #1598 - @athmane]
|
|
- Fix memory issue while changing rule target dynamic
|
|
[Issue #1590 - @zimmerle, @slabber]
|
|
- Fix log while displaying the name of a dict selection by regex.
|
|
[@zimmerle]
|
|
- Setting http response code on the auditlog.
|
|
[Issue #1592 - @zimmerle]
|
|
- Refactoring on RuleMessage class, now accepting http code as parameter.
|
|
[@zimmerle]
|
|
- Having disruptive msgs as disruptive [instead of warnings] on audit log
|
|
[Issue #1592 - @zimmerle, @nobodysz]
|
|
- Parser: Pipes are no longer welcomed inside regex dict element selection.
|
|
[Issue #1591 - @zimmerle, @slabber]
|
|
- Avoids unicode initialization on every rules object
|
|
[Issue #1563 - @zimmerle, @Tiki-God, @sethinsd, @Cloaked9000, @AnoopAlias,
|
|
@intelbg]
|
|
- Makes clear to the user whenever the audit log is empty due to missing
|
|
JSON support.
|
|
[Issue #1585 - @zimmerle]
|
|
- Makes auditlog more verbose on debug logs
|
|
[Issue: #1559 - @zimmerle]
|
|
- Enable support for AuditLogFormat
|
|
Issue: #1583, #1493 and #1453 - @victorhora]
|
|
- Adds macro expansion for @rx operator
|
|
[Issue: #1528, #1536 - @asterite3, @zimmerle]
|
|
- Consideres under quoted variable while loading the rules.
|
|
[Felipe Zimmerle/@zimmerle, Victor Hora/@victorhora]
|
|
- Store the connection and url parameters in std::string
|
|
[Issue: #1571 - @majordaw]
|
|
- Eliminate some reorder and sign warnings
|
|
[Issue: #1572 - Dávid Major/@majordaw]
|
|
- Makes parallel logging to work when SELinux is enabled.
|
|
[Issue: #1562 - David Buckle/@met3or]
|
|
- Adds possibility to run the pm operator inside a mutex to avoid concurrent
|
|
access while working on a thread environment. This option is a compilation
|
|
flag.
|
|
[Felipe Zimmerle/@zimmerle]
|
|
|
|
|
|
v3.0.0-rc1 - 2017-Aug-28
|
|
------------------------
|
|
|
|
Very first public version.
|
|
|