SpiderLabs Blog

Announcing ModSecurity version 2.9.3

Written by Victor Hora | Dec 5, 2018 12:23:00 PM

We are happy to announce ModSecurity version 2.9.3!

As previously announced, libModSecurity has reached official stable stage and was released for almost an year now. Therefore, new features and major improvements will be implemented only on version 3.x. Security or *major* bugs are planned to be back ported. Version 2 and version 3 has a completely independent development/release cycle.

Still, in a effort to keep our commitment with the community, 2.9.3 still contains a number of improvements in different areas. These include, optimizations in the code, updating all dependencies, updating the embedded CRS version of the IIS build, clean ups, support for other architectures among other changes.

In addition to these improvements, a few key issues were fixed including mpm-itk / mod_ruid2 compatibility which was a roadblock for some CPANEL ModSecurity users and many other improvements focused on improving performance, usability and code resilience.

 

POTENTIAL SECURITY ISSUES:

- Fix ip tree lookup on netmask content
[@tinselcity, @zimmerle]

The complete list of changes is available on our change logs:
- https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.3

The source and binaries (and the respective hashes/signatures) are
available at:
- https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.3

The documentation for this release is available at:
- https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual- v2.x

The list of open issues is available on GitHub:
- https://github.com/SpiderLabs/ModSecurity/labels/2.x

As with every new release, a milestone was created to host all the issues that will be fixed till we reach the given milestone. With that, we not only give the community the full transparency of the work that is being doing on ModSec, but also even more chances to participate.
Milestones give the chance to anyone from the community to deduce when and what will be released. For instance the 2.9.4 milestone is in progress even before 2.9.3 milestone is closed.

Some of the active milestones from the ModSecurity project follows:

- milestone v2.9.3:
https://github.com/SpiderLabs/ModSecurity/milestone/10
- milestone v2.9.4:
https://github.com/SpiderLabs/ModSecurity/milestone/14

Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches and so on.