v3.0.10
Security impacting issue
- Fix: worst-case time in implementation of four transformations
[Issue #2934 - @martinhsv]
Additional information on this issue is available at https://www.trustwave.com/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
Enhancements and bug fixes
- Add TX synonym for MSC_PCRE_LIMITS_EXCEEDED
[Issue #2901 - @airween] - Make MULTIPART_PART_HEADERS accessible to lua
[Issue #2916 - @martinhsv] - Fix: Lua scripts cannot read whole collection at once
[Issue #2900 - @udi-aharon, @airween, @martinhsv] - Fix: quoted Include config with wildcard
[Issue #2905 - @wiseelf, @airween, @martinhsv] - Support isolated PCRE match limits
[Issue #2736 - @brandonpayton, @martinhsv] - Fix: meta actions not applied if multiMatch in first rule of chain
[Issue #2867, #2868 - @mlevogiannis, @martinhsv] - Fix: audit log may omit tags when multiMatch
[Issue #2866 - @mlevogiannis] - Exclude CRLF from MULTIPART_PART_HEADER value
[Issue #2870 - @airween, @martinhsv] - Configure: use AS_ECHO_N instead echo -n
[Issue #2894 - @liudongmiao, @martinhsv] - Adjust position of memset from 2890
[Issue #2891 -@mirkodziadzka-avi, @martinhsv]
Contributors
airween, liudongmiao, and 6 other contributors