Skip to content

v3.0.12

Latest
Latest
Compare
Choose a tag to compare
@airween airween released this 30 Jan 15:52
· 37 commits to v3/master since this release
v3.0.12
This tag was signed with the committer’s verified signature.
airween Ervin Hegedus
GPG key ID: 5FA5BC3F5EC41F61
Learn about vigilant mode.
5f44383
This commit was signed with the committer’s verified signature.
airween Ervin Hegedus
GPG key ID: 5FA5BC3F5EC41F61
Learn about vigilant mode.

Security impacting issue

  • Change REQUEST_FILENAME and REQUEST_BASENAME behavior
    [Issue #3048 - @martinhsv, @theMiddleBlue, @theseion, @M4tteoP, @airween]
    WAF bypass of the ModSecurity v3 release line for path-based payloads by submitting a specially crafted request URL. For details, see CVE 2024-1019.

Enhancements and bug fixes

  • Set the minimum security protocol version (TLSv1.2) for SecRemoteRules
    [Issue security/code-scanning/2 - @airween]

Contributors

airween, theseion, and 3 other contributors
Assets 5