ModSecurity 2.5.10 has been released and is now available.

This release fixes a number of small issues. Notable issues that have been fixed are a cleaner build process,
fixes to mlogc to build on Windows and allow more reliable SSL neg. to the console, less verbose logging
when using anomaly scoring with CRS v2.x and a feature to allow easier use with Apache mpm-itk.
Downloads and docs from modsecurity.org as usual.

변경점은 아래를 참고하세요.
18 Sep 2009 - 2.5.10
--------------------
* Cleanup mlogc so that it builds on Windows.
* Added more detailed messages to replace "Unknown error" in filters.
* Added SecAuditLogDirMode and SecAuditLogFileMode to allow fine tuning auditlog permissions
(especially with mpm-itk).
* Cleanup SecUploadFileMode implementation.
* Cleanup build scripts.
* Fixed crash on configuration if SecMarker is used before any rules.
* Fixed SecRuleUpdateActionById so that it will work on chain starters.
* Cleanup build system for mlogc.
* Allow mlogc to periodically flush memory pools.
* Using nolog,auditlog will now log the "Message:" line to the auditlog, but nothing to the error log.
 Prior versions dropped the "Message:" line from both logs. To do this now, just use "nolog"
or "nolog,noauditlog".
* Forced mlogc to use SSLv3 to avoid some potential auto negotiation issues with some libcurl versions.
* Fixed mlogc issue seen on big endian machines where content type could be listed as zero.
* Removed extra newline from audit log message line when logging XML errors.
This was causing problems parsing audit logs.
* Fixed @pm/@pmFromFile case insensitivity.
* Truncate long parameters in log message for "Match of ... against ... required" messages.
* Correctly resolve chained rule actions in logs.
* Cleanup some code for portability.
* AIX does not support hidden visibility with xlc compiler.
* Allow specifying EXTRA_CFLAGS during configure to override gcc specific values for non-gcc compilers.
* Populate GEO:COUNTRY_NAME and GEO:COUNTRY_CONTINENT as documented.
* Handle a newer geo database more gracefully, avoiding a potential crash for new countries that
ModSecurity is not yet aware.
* Allow checking &GEO "@eq 0" for a failed @geoLookup.
* Fixed mlogc global mutex locking issue and added more debugging output.
* Cleaned up build dependencies and configure options.

관련 링크: http://modsecurity.org/
다운로드 링크: http://modsecurity.org/download/index.html

'News' 카테고리의 다른 글

XE Core 1.2.6 배포  (1) 2009.10.13
mc-4.7.0-pre3 Release  (0) 2009.10.05
CentOS 도메인 관련(?) 분쟁  (1) 2009.07.31
Textyle ver 0.9 배포  (0) 2009.07.29
Mozilla Firefox ( 3.0.11 이하 ) Multiple Vulnerabilities  (0) 2009.07.24

+ Recent posts