이번 버전에서는 몇가지 중요한 문제가 수정되었습니다. 큰 변경점은 탐지를 우회할 수 있던 문제와
DOS(denial of service)공격이 가능했던 부분을 수정했다고 합니다. 또한 Core Ruleset (v2.0.5)가
포함되어 있습니다.
2.5.12로의 업데이트를 권장하고 있지만 업데이트시 몇가지 큰 변화가 있어서 그부분은 필히 숙지를 한뒤
업데이트를 하시기 바랍니다.
Notable changes which may impact an upgrade:
* PCRE match limits are substantially lowered by default. If you have custom rules that are resulting
in "PCRE limits exceeded", then you may have to adjust SecPcreMatchLimit
* directives or modify your regex. You can also revert to the default by building with
"--disable-pcre-match-limit" and "--disable-pcre-match-limit-recursion" configure options
(not recommended, though).
* PCRE "studying" is now on by default (Use the --disable-pcre-study configure option to turn it off).
This allows for extra checks when compiling a regex for optimization. Normally this is a good thing,
but it may slow down a restart/reload on large rulesets.
* A new form of processing flags has been introduced. ModSecurity processing flags may indicate an
issue or inconsistency when processing a transaction. These flags have been placed in the TX collection
so that they maintain backwards compatibility. Each of these flags are prefixed with "MSC_".
If you are using this prefix, then you may have false positives and will need to change to another prefix.
Currently there is just one flag, TX:MSC_PCRE_LIMITS_EXCEEDED, being used. See the documentation on the
TX and SecPcreMatchLimit* directives for more information.
* ModSecurity will now (by default) not process more than 100 file uploads.
This can be overridden via SecUploadFileLimit. You are encouraged to *lower* the limit
if you do not allow mass uploads of files on your site.
* The @pmFromFile operator will now trim whitespace from both sides of the phrase (line) when reading in
the list of phrases. If you have used whitespace as a left or right boundary in custom rules,
then you will need to replace the boundary with non-whitespace character.
자세한 변경 사항은 아래링크를 참고하세요.
http://article.gmane.org/gmane.comp.apache.mod-security.user/7178
'News' 카테고리의 다른 글
| XE Core 1.4.1.0 배포 (3) | 2010.05.02 |
|---|---|
| Samba 3.5.2 release (0) | 2010.04.08 |
| ProFTPD 1.3.2e, 1.3.3 release (0) | 2010.02.25 |
| SpamAssassin 3.3.0 release (0) | 2010.02.01 |
| XE Core 1.4.0 배포 (0) | 2010.01.28 |