Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.2.0

Security Fixes:

Improvements:

• Updatd the /util directory structure
• Added scripts to check Rule ID duplicates
• Added script to remove v2.7 actions so older ModSecurity rules will work

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43

• Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope)

 - http://seclists.org/fulldisclosure/2013/Jun/21
 - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-for-plesk-vulnerability-.html

Bug Fixes:

• fix 950901 - word boundary added

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48

• fix regex error

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44

• Updated the Regex in 981244 to include word boundaries

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36

• Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34

• ModSecurity: No action id present within the rule - ignore_static.conf

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17

• "Bad robots" rule blocks all Java applets on Windows XP machines

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16

• duplicated rules id 981173

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18

• Ryan Barnett @

• Contact Ryan Barnett @ to contribute to this project

• Contact Ryan Barnett @ to review or sponsor this project

• Contact the GPC to report a problem or concern about this release info or to update information.