Overview Repositories Revisions Requests Users Attributes Meta

Revisions of modsecurity

buildservice-autocommit accepted request 1153184 from Adam Majer's avatar Adam Majer (adamm) (revision 23) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 1146901 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar) (revision 22) 
- Update to version 3.0.12:
  + Change REQUEST_FILENAME and REQUEST_BASENAME behavior
    WAF bypass of the ModSecurity v3 release line for path-based
    payloads by submitting a specially crafted request URL
    (CVE-2024-1019).
  + Enhancements and bug fixes
    - Set the minimum security protocol version (TLSv1.2) for
      SecRemoteRules.
buildservice-autocommit accepted request 1142603 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 21) 
baserev update by copy to link target
Marcus Rueckert's avatar Marcus Rueckert (darix) accepted request 1142490 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 20) 
- update to 3.0.11:
  * Add WRDE_NOCMD to wordexp call
  * Fix: validateDTD compile fails if when libxml2 not
    installed
  * Fix memory leak of validateDTD's dtd object
  * Fix memory leaks in ValidateSchema
  * Add support for expirevar action
  * Fix: lmdb regex match on non-null terminated string
  * Fix memory leaks in lmdb code (new'd strings)
  * Configure: add additional name to pcre2 pkg-config list

    - Additional information on this issue is available at
 - Fix variable FILES_TMPNAMES
buildservice-autocommit accepted request 1109075 from Adam Majer's avatar Adam Majer (adamm) (revision 19) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 1108933 from David Anes's avatar David Anes (david.anes) (revision 18) 
- Update to version 3.0.10:
  * Security impacting issue (fix bsc#1213702, CVE-2023-38285)
    - Fix: worst-case time in implementation of four transformations
    - Additional information on this issue is available at 
      https://www.trustwave.com/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
  * Enhancements and bug fixes
    - Add TX synonym for MSC_PCRE_LIMITS_EXCEEDED
    - Make MULTIPART_PART_HEADERS accessible to lua
    - Fix: Lua scripts cannot read whole collection at once
    - Fix: quoted Include config with wildcard
    - Support isolated PCRE match limits
    - Fix: meta actions not applied if multiMatch in first rule of chain
    - Fix: audit log may omit tags when multiMatch
    - Exclude CRLF from MULTIPART_PART_HEADER value
    - Configure: use AS_ECHO_N instead echo -n
    - Adjust position of memset from 2890
buildservice-autocommit accepted request 1087408 from Adam Majer's avatar Adam Majer (adamm) (revision 17) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 1085687 from Danilo Spinella's avatar Danilo Spinella (dspinella) (revision 16) 
- Update to version 3.0.9:
  * Add some member variable inits in Transaction class (possible segfault)
  * Fix: possible segfault on reload if duplicate ip+CIDR in ip match list
  * Resolve memory leak on reload (bison-generated variable)
  * Support equals sign in XPath expressions
  * Encode two special chars in error.log output
  * Add JIT support for PCRE2
  * Support comments in ipMatchFromFile file via '#' token
  * Use name package name libmaxminddb with pkg-config
  * Fix: FILES_TMP_CONTENT collection key should use part name
  * Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro
  * During configure, do not check for pcre if pcre2 specified
  * Use pkg-config to find libxml2 first
  * Fix two rule-reload memory leak issues
  * Correct whitespace handling for Include directive
- Fix CVE-2023-28882, a segfault and a resultant crash of a worker process
  in some configurations with certain inputs, bsc#1210993
buildservice-autocommit accepted request 1057876 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 15) 
baserev update by copy to link target
Marcus Rueckert's avatar Marcus Rueckert (darix) accepted request 1043345 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 14) 
Update to version 3.0.8 (rebased)
buildservice-autocommit accepted request 1042903 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) (revision 13) 
baserev update by copy to link target
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 995036 from Georg Pfuetzenreuter's avatar Georg Pfuetzenreuter (crameleon) (revision 12) 
Update to ModSecurity version 3.0.7
buildservice-autocommit accepted request 980136 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 11) 
baserev update by copy to link target
Marcus Rueckert's avatar Marcus Rueckert (darix) accepted request 957583 from Ferdinand Thiessen's avatar Ferdinand Thiessen (susnux) (revision 10) 
- Update to version 3.0.6
CVE-2021-42717 CVE-2020-15598
buildservice-autocommit accepted request 823577 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 9) 
baserev update by copy to link target
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 823576 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 8) 
add baselibs.conf to sources
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 822219 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 7) 
- add baselibs, fix packaging (install into %_libdir)
- update to 3.0.4:
 - Fix: audit log data omitted when nolog,auditlog
 - Fix: ModSecurity 3.x inspectFile operator does not pass
 - XML: Remove error messages from stderr
 - Filter comment or blank line for pmFromFile operator
 - Additional adjustment to Cookie header parsing
 - Restore chained rule part H logging to be more like 2.9 behaviour
 - Small fixes in log messages to help debugging the file upload
 - Fix Cookie header parsing issues
 - Fix rules with nolog are logging to part H
 - Fix argument key-value pair parsing cases
 - Fix: audit log part for response body for JSON format to be E
 - Make sure m_rulesMessages is filled after successfull match
 - Fix @pm lookup for possible matches on offset zero.
 - Regex lookup on the key name instead of COLLECTION:key
 - Missing throw in Operator::instantiate
 - Making block action execution dependent of the SecEngine status
 - Making block action execution dependent of the SecEngine status
 - Having body limits to respect the rule engine state
 - Fix SecRuleUpdateTargetById does not match regular expressions
 - Adds missing check for runtime ctl:ruleRemoveByTag
 - Adds a new operator verifySVNR that checks for Austrian social
   security numbers.
 - Fix variables output in debug logs
 - Correct typo validade in log output
 - fix/minor: Error encoding hexa decimal.
 - Limit more log variables to 200 characters.
 - parser: fix parsed file names
 - Allow empty anchored variable
buildservice-autocommit accepted request 623120 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 6) 
baserev update by copy to link target
Michał Rostecki's avatar Michał Rostecki (mrostecki) accepted request 622797 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 5) 
- Remove rhetoric part from descriptions.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 621691 from Michał Rostecki's avatar Michał Rostecki (mrostecki) (revision 4) 
initialized devel package after accepting 621691
Displaying revisions 1 - 20 of 23
openSUSE Build Service is sponsored by
Places