Announcing ModSecurity version 3.0.6 and 2.9.5

November 23, 2021

Security impacting issues

Support configurable limit on depth of JSON parsing (possible DoS issue)
[@theMiddleBlue, @martinhsv]

The complete list of changes is available on our changelogs:

https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.6
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.5

The source and binaries (and the respective hashes/signatures) are available at:

https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.6
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.5

The list of open issues is available on GitHub:

https://github.com/SpiderLabs/ModSecurity/labels/3.x
https://github.com/SpiderLabs/ModSecurity/labels/2.x

Stay tuned. We are going to release a follow-up blog post providing more details of this release. Thanks to @theMiddleBlue for discovering, reporting and testing the issue. @martinhsv for designing and releases the fixes and @airween for assisting in testing and suggestions.

Experiencing a security breach?

Experiencing a security breach?

Announcing ModSecurity version 3.0.6 and 2.9.5

Security impacting issues

Latest Software Updates

CVT Deployment 1.111.0-1

Database Security Knowledgebase Update KB 6.54

DbProtect 6.6.13 Now Available

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.