This blog has moved! Please update your
bookmarks to http://www.blog.modsecurity.org.
Posted by brectanus on November 29, 2007.
ModSecurity 2.1.4 is the latest stable release of ModSecurity. The 2.1.4 release includes an updated version (1.5) of the Core Rules. This release also contains some fixes to multi-part form request handling as well as enhancements to allow better integration with other Apache httpd modules that use sub-requests.
The evasion detection built into the multi-part form parser was made more flexible to lessen false positives when used with some browsers to upload files. Additionally, the parser was enhanced to reduce false positives in detecting evasion attempts within the data portions of the request body.
ModSecurity no longer inspects sub-requests generated by Apache httpd modules. Sub-request inspection has proven to introduce some instability when certain combinations of modules and compilers are used and can no longer be supported.
See the CHANGES file within the distribution for a full list of changes.
As always, send questions/comments to the community support mailing list. You can download the latest releases, view the documentation and subscribe to the mailing list at www.modsecurity.org.
Posted by brectanus at November 29, 2007 07:24 PM