- Update to version 3.0.10:
  * Security impacting issue (fix bsc#1213702, CVE-2023-38285)
    - Fix: worst-case time in implementation of four transformations
    - Additional information on this issue is available at 
      https://www.trustwave.com/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
  * Enhancements and bug fixes
    - Add TX synonym for MSC_PCRE_LIMITS_EXCEEDED
    - Make MULTIPART_PART_HEADERS accessible to lua
    - Fix: Lua scripts cannot read whole collection at once
    - Fix: quoted Include config with wildcard
    - Support isolated PCRE match limits
    - Fix: meta actions not applied if multiMatch in first rule of chain
    - Fix: audit log may omit tags when multiMatch
    - Exclude CRLF from MULTIPART_PART_HEADER value
    - Configure: use AS_ECHO_N instead echo -n
    - Adjust position of memset from 2890

- Update to version 3.0.9:
  * Add some member variable inits in Transaction class (possible segfault)
  * Fix: possible segfault on reload if duplicate ip+CIDR in ip match list
  * Resolve memory leak on reload (bison-generated variable)
  * Support equals sign in XPath expressions
  * Encode two special chars in error.log output
  * Add JIT support for PCRE2
  * Support comments in ipMatchFromFile file via '#' token
  * Use name package name libmaxminddb with pkg-config
  * Fix: FILES_TMP_CONTENT collection key should use part name
  * Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro
  * During configure, do not check for pcre if pcre2 specified
  * Use pkg-config to find libxml2 first

• Files Changed
• Browse Source