Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
ModSecurity 2.1.4 is the latest stable release of ModSecurity. The 2.1.4 release includes an updated version (1.5) of the Core Rules. This release also contains some fixes to multi-part form request handling as well as enhancements to allow better integration with other Apache httpd modules that use sub-requests.
The evasion detection built into the multi-part form parser was made more flexible to lessen false positives when used with some browsers to upload files. Additionally, the parser was enhanced to reduce false positives in detecting evasion attempts within the data portions of the request body.
ModSecurity no longer inspects sub-requests generated by Apache httpd modules. Sub-request inspection has proven to introduce some instability when certain combinations of modules and compilers are used and can no longer be supported.
See the CHANGES file within the distribution for a full list of changes.
As always, send questions/comments to the community support mailing list. You can download the latest releases, view the documentation and subscribe to the mailing list at www.modsecurity.org.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.