Security Resources

Software Updates

Announcing ModSecurity version 3.0.10

We are announcing the release of ModSecurity version 3.0.10 (libModSecurity). This version contains a mixture of enhancements and bug fixes.

Security impacting issue

Fix: worst-case time in implementation of four transformations
[Issue #2934 - @martinhsv]

Poor worst-case performance in the transformations removeWhitespace, removeNull, replaceNull and removeCommentsChar could enable malicious individuals to cause some DoS effects. This item has been assigned CVE-2023-38285. Additional information should be available shortly at https://www.trustwave.com/resources/blogs/spiderlabs-blog/ .

Enhancements and bug fixes

Additional information on the release, including the source (and hashes/signatures), is available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.10

The list of open issues is available on GitHub: https://github.com/SpiderLabs/ModSecurity/issues

Thanks to everybody who helped in this process: reporting issues, making comments and suggestions, sending patches, etc.