ModSecurity/CHANGES

v3.0.3 - YYYY-MMM-DD (to be released)
-------------------------------------

 - parser: Fix simple quote setvar in the end of the line
   [Issue #1831 - @zimmerle, @csanders-git]
 - Fix pc file
   [Issue #1847 - @gquintard]
 - modsec_rules_check: uses the gnu `.la' instead of `.a' file
   [Issue #1853 - @ste7677, @victorhora, @zimmerle]
 - good practices: Initialize variables before use it
   [Issue #1889 - Marc Stern]
 - Fix utf-8 character encoding conversion
   [Issue #1794 - @tinselcity, @zimmerle]
 - Adds support for ctl:requestBodyProcessor=URLENCODED
   [Issue #1797 - @victorhora]
 - Add LUA compatibility for CentOS and try to use LuaJIT first if available
   [Issue #1622 - @victorhora, @dmitryzykov]
 - Allow LuaJIT to be used
   [Issue #1809 - @victorhora, @p0pr0ck5]
 - Implement support for Lua 5.1
   [Issue #1809 - @p0pr0ck5, @victorhora]
 - Variable names must match fully, not partially. Match should be case
   insensitive.
   [Issue #1818, #1820, #1810, #1808 - @michaelgranzow-avi, @victorhora,
                                       @theMiddleBlue, @airween, @zimmerle,
                                       @LeeShan87]
 - Improves the performance while loading the rules
   [Issue #1735 - @zimmerle, @p0pr0ck5, @victorhora]
 - Allow empty strings to be evaluated by regex::searchAll
   [Issue #1799, #1785 - @victorhora, @XuanHuyDuong, @zimmerle]
 - Adds basic pkg-config info
   [Issue #1790 - @gquintard, @zimmerle]
 - Fixed LMDB collection errors
   [Issue #1787 - @airween, @zimmerle]
 - Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors
   [Issue #1747 - @airween]
 - Fix ip tree lookup on netmask content
   [Issue #1793 - @tinselcity, @zimmerle]
 - Changes the behavior of the default sec actions
   [Issue #1629 - @mirkodziadzka-avi, @zimmerle, @victorhora]
 - Refactoring on {global,ip,resources,session,tx,user} collections
   [Issue #1754, #1778 - @LeeShan87, @zimmerle, @victorhora, @wwd5613,
                         @sobigboy]
 - Fix race condition in UniqueId::uniqueId()
   [Issue #1786 - @weliu]
 - Fix memory leak in error message for msc_rules_merge C APIs
   [Issue #1765 - @weliu]
 - Return false in SharedFiles::open() when an error happens
   [Issue #1783 - @weliu]
 - Use rvalue reference in ModSecurity::serverLog
   [Issue #1769 - @weliu]
 - Build System: Fix when multiple lines for curl version.
   [Issue #1771 - @Artistan]
 - Checks if response body inspection is enabled before process it
   [Issue #1643 - @zoltan-fedor, @dennus, @defanator, @zimmerle]
 - Code Cleanup.
   [Issue #1757, #1755, #1756, #1761 - @p0pr0ck5]
 - Fix setvar parsing of quoted data
   [Issue #1733, #1759, #1775 - @victorhora, @JaiHarpalani, @defanator]
 - Fix LDFLAGS for unit tests.
   [Issue #1758 - @smlx]
 - Adds time stamp back to the audit logs
   [Issue #1762 - @Pjack, @zimmerle]
 - Disables skip counter if debug log is disabled
   [@zimmerle]
 - Cosmetics: Represents amount of skipped rules without decimal
   [Issue #1737 - @p0pr0ck5]
 - Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser
   [Issue #1752 - @victorhora]
 - Fix STATUS var parsing and accept STATUS_LINE var for v2 backward comp.
   [Issue #1738 - @victorhora]
 - Fix memory leak in modsecurity::utils::expandEnv()
   [Issue #1750 - @defanator]
 - Initialize m_dtd member in ValidateDTD class as NULL
   [Issue #1751 - @airween]
 - Fix broken @detectxss operator regression test case
   [Issue #1739 - @p0pr0ck5]
 - Fix utils::string::ssplit() to handle delimiter in the end of string
   [Issue #1743, #1744 - @defanator]
 - Fix variable FILES_TMPNAMES 
   [Issue #1646, #1610 - @victorhora, @zimmerle, @defanator]
 - Fix memory leak in Collections
   [Issue #1729, #1730 - @defanator]


v3.0.2 - 2018-Apr-03
--------------------

 - Fix lib version information while generating the .so file
   [@gl1f1v21, @zimmerle]

v3.0.1 - 2018-Apr-02
--------------------

 - Adds support for ctl:ruleRemoveByTag
   [@zimmerle, @weliu]
 - Fix SecUploadDir configuration merge
   [Issue #1720 - @zimmerle, @gjvanetten]
 - Include all prerequisites for "make check" into dist archive
   [Issue #1716 - @defanator]
 - Fix: Reverse logic of checking output in @inspectFile
   [Issue #1715 - @defanator]
 - Adds support to libMaxMind
   [Issue #1307 - @zimmerle, @defanator]
 - Adds capture action to detectXSS
   [Issue #1698 - @victorhora]
 - Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator
   [Issue #1701 - @victorhora]
 - Adds capture action to detectSQLi
   [Issue #1698 - @zimmerle]
 - Adds capture action to rbl
   [Issue #1698 - @zimmerle]
 - Adds capture action to verifyCC
   [Issue #1698 - @michaelgranzow-avi, @zimmerle]
 - Adds capture action to verifySSN
   [Issue #1698 - @zimmerle]
 - Adds capture action to verifyCPF
   [Issue #1698 - @zimmerle]
 - Prettier error messages for unsupported configurations (UX)
   [@victorhora]
 - Add missing verify*** transformation statements to parser
   [Issue #1006 and #1007 - @victorhora]
 - Fix a set of compilation warnings
   [Issue #1650 - @zimmerle, @JayCase]
 - Check for disruptive action on SecDefaultAction.
   [Issue #1614 - @zimmerle, @michaelgranzow-avi]
 - Fix block-block infinite loop.
   [Issue #1614 - @zimmerle, @michaelgranzow-avi]
 - Correction remove_by_tag and remove_by_msg logic.
   [Issue #1636 - @Minasu]
 - Fix LMDB compile error
   [Issue #1691 - @airween]
 - Fix msc_who_am_i() to return pointer to a valid C string
   [Issue #1640 - @defanator]
 - Added some cosmetics to autoconf related code
   [Issue #1652 - @airween]
 - Fix "make dist" target to include necessary headers for Lua
   [Issue #1678 - @defanator]
 - Fix "include /foo/*.conf" for single matched object in directory
   [Issue #1677 - @defanator, @zimmerle]
 - Add missing Base64 transformation statements to parser
   [Issue #1632 - @victorhora, @zimmerle]
 - Fixed resource load on ip match from file
   [#1674 - @zimmerle, @StefaanSeys]
 - Fixed examples compilation while using disable-shared
   [#1670 - @zimmerle, @ivanbaldo]
 - Fixed compilation issue while xml is disabled
   [0x243028 - @zimmerle]
 - Having LDADD and LDFLAGS organized on Makefile.am
   [0xd0e85e - @zimmerle]
 - Checking std::deque size before use it
   [0x217cbf - @zimmerle, Yaron Dayagi]
 - perf improvement: Added the concept of RunTimeString and removed
   all run time parser.
   [0x3eae51 0x0320e0 0xb5688f 0xfe47a9 0xfa9842 0x1affc3 0x079de4
    0xc7c04f 0x5262ea 0x01974a 0xd5ee1e - @zimmerle]
 - perf improvement: Checks debuglog level before format debug msg
   [0x42ee9 - @zimmerle]
 - perf. improvement/rx: Only compute dynamic regex in case of macro
   [0x91ff3 - @zimmerle]
 - Fix uri on the benchmark utility
   [0x63bec - @zimmerle]
 - disable Lua on systems with liblua5.1
   [Issue #1639 - @victorhora, @defanator]

v3.0.0 - 2017-Dec-13
--------------------

 - Improvements on LUA build scripts and support for LUA 5.2.
   [Issue #1617 and #1622 - @victorhora, @zimmerle]
 - Fix compilation error with disable_debug_log flag
   [0xfd84e - Izik Abramov]
 - Improvements on the benchmark tool.
   [Issue #1615 - @zimmerle]
 - Fix lua headers on the build scripts
   [Issue #1621 - @Minasu]
 - Refactoring on the JSON parser.
   [Issue #1576, #1577 - Tobias Gutknecht, @zimmerle, @victorhora, @marcstern]
 - Adds support to WEBAPPID variable.
   [Issue #1027 - @zimmerle, @victorhora]
 - Adds support for SecWebAppId.
   [Issue #1442 - @zimmerle, @victorhora] 
 - Adds support for SecRuleRemoveByTag.
   [Issue #1476 - @zimmerle, @victorhora]
 - Adds support for update target by message.
   [Issue #1474 - @zimmerle, @victorhora]
 - Adds support to SecRuleScript directive.
   [Issue #994 - @zimmerle]
 - Adds support for the exec action.
   [Issue #1050 - @zimmerle]
 - Adds support for transformations inside Lua engine
   [Issue #994 - @zimmerle]
 - Adds initial support for Lua engine.
   [Issue #994 - @zimmerle]
 - Adds support for @inspectFile operator.
   [Issue #999 - @zimmerle, @victorhora]
 - Adds support for RESOURCE variable collection.
   [Issue #1014 - @zimmerle, @victorhora]
 - Adds support for @fuzzyHash operator.
   [Issue #997 - @zimmerle]
 - Fix build on non x86 arch build
   [Issue #1598 - @athmane]
 - Fix memory issue while changing rule target dynamic
   [Issue #1590 - @zimmerle, @slabber]
 - Fix log while displaying the name of a dict selection by regex.
   [@zimmerle]
 - Setting http response code on the auditlog.
   [Issue #1592 - @zimmerle]
 - Refactoring on RuleMessage class, now accepting http code as parameter.
   [@zimmerle]
 - Having disruptive msgs as disruptive [instead of warnings] on audit log
   [Issue #1592 - @zimmerle, @nobodysz]
 - Parser: Pipes are no longer welcomed inside regex dict element selection.
   [Issue #1591 - @zimmerle, @slabber]
 - Avoids unicode initialization on every rules object
   [Issue #1563 - @zimmerle, @Tiki-God, @sethinsd, @Cloaked9000, @AnoopAlias,
                  @intelbg]
 - Makes clear to the user whenever the audit log is empty due to missing
   JSON support.
   [Issue #1585 - @zimmerle]
 - Makes auditlog more verbose on debug logs
   [Issue: #1559 - @zimmerle]
 - Enable support for AuditLogFormat
   Issue: #1583, #1493 and #1453 - @victorhora]
 - Adds macro expansion for @rx operator
   [Issue: #1528, #1536 - @asterite3, @zimmerle]
 - Consideres under quoted variable while loading the rules.
   [Felipe Zimmerle/@zimmerle, Victor Hora/@victorhora]
 - Store the connection and url parameters in std::string
   [Issue: #1571 - @majordaw]
 - Eliminate some reorder and sign warnings
   [Issue: #1572 - Dávid Major/@majordaw]
 - Makes parallel logging to work when SELinux is enabled.
   [Issue: #1562 - David Buckle/@met3or]
 - Adds possibility to run the pm operator inside a mutex to avoid concurrent
   access while working on a thread environment. This option is a compilation
   flag.
   [Felipe Zimmerle/@zimmerle]


v3.0.0-rc1 - 2017-Aug-28
------------------------

 Very first public version.