ModSecurity Trustwave's SpiderLabs

News and Updates

Availability of ModSecurity 2.8.0 Stable Release
(Apr 15, 2014)
ModSecurity v2.8.0 has been released. This release includes many new features including: Status Reporting, JSON request body parser, support for white list on connection limits, @detectXSS operator and FULL_REQUEST and FULL_REQUEST_LENGTH variables. Many other bug fixes were also included. For the full list of new functionalities and bug fixes, check the complete release notes. Opened issues are available here: Issues on GitHub.

Availability of ModSecurity 2.7.7 Stable Release
(Dec 19, 2013)
ModSecurity release 2.7.7 contains small fixes to allow an easy integration to packaging generation and build automation. Tarball were renamed to fit the same structure of older releases and configure scripts were placed back as part of the Tarball. For further information on the changes check the release notes. For issues, please check the Issues on GitHub.

Availability of ModSecurity 2.7.6 Stable Release
(Dec 16, 2013)
We are pleased to announce ModSecurity release 2.7.6. Besides the bug fixes this release also includes modification on the build system that counts on QA mechanisms such as coding style checker and static analysis. All ports and all platforms had some changes that may reduce the possibility of errors while trying to compile the project. Regression tests and unit tests are now more independent of platform or utilities versions. There is a new installer for MS Windows. Libinjection was updated. For further information on the changes, please check the release notes. For more information about the fixed bugs or to report a new one, have a look at our Issues on GitHub.

ModSecurity Blog

Support/Mailing lists

Community support is available on the mod-security-users/ mailing list. You must subscribe first (by clicking here) in order to post. The list archives are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.

NOTE: Support for the Core Rule Set has moved to a the owasp-modsecurity-core-rule-set mail list.
ModSecurity Stable (v2.8.0)
Apache/Nginx: download (sha256)
IIS: 32b (sha256) | 64b (sha256)