ModSecurity Trustwave's SpiderLabs



News and Updates

Availability of ModSecurity 2.6.5 Release
(March 21, 2012)
The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.5 Release. The stability of this release should be good and it includes some bug fixes. We increaded the debug log level for some messages included in the last release. Please see the release notes included into CHANGES file.
For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to mod-security-developers@lists.sourceforge.net.

Availability of ModSecurity 2.6.4 Release
(March 9, 2012)
The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.4 Release. The stability of this release should be good and it includes some bug fixes. Mlogc old 100% cpu consume bug appears to be fixed now. A new bug related to ctl:updateTargetByID was fixed, making apache memory grow. The last bug occured when reloading data from session and user collections, users running rules that use those collection must upgrade to this version. Please see the release notes included into CHANGES file.
For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to mod-security-developers@lists.sourceforge.net.

Trustwave SpiderLabs Releases Commercial Rules Feed and Support
(September 22, 2011)

Trustwave is now offering both ModSecurity Rules from Trustwave SpiderLabs and ModSecurity Support. The pricing for these services are $200.00 per instance and $2,000.00 per instance respectively - volume discounts available.

Update to ModSecurity Licensing
(Mar 30, 2011)
To facilitate further development and technological enhancements, ModSecurity has moved to Apache Software License v2. This non-viral open source license is more widely used and will now make it easier to implement ModSecurity with existing Apache programs and custom solutions, as well as make it easier for community contributors. This new licensing affects ModSecurity v2.6 (available in SVN trunk repository) and all subsequent code bases.


ModSecurity Blog

Support/Mailing lists

Community support is available on the mod-security-users/lists.sourceforge.net mailing list. You must subscribe first (by clicking here) in order to post. The list archives are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.

NOTE: Support for the Core Rule Set has moved to a the owasp-modsecurity-core-rule-set mail list.
ModSecurity Status
Stable: 2.6.5 (download)
Core Rules: 2.2.4 (download)