This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.0.7

From OWASP
Revision as of 14:28, 30 August 2010 by Paulo Coimbra (talk | contribs) (Undo revision 88124 by Rcbarnett (Talk))

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

back to project home page

what is this release?
ModSecurity 2.0.7 - 06/4/2010 - (download)
Release Description:
  • Added CSRF Protection Ruleset which will use Content Injection to add javascript to specific outbound data and then validate the csrf token on subsequent requests.
  • Added new Application Defect Ruleset which will identify/fix missing HTTPOnly cookie flags.
  • Added Experimental XSS/Missing Output Escaping Ruleset which looks for user supplied data being echoed back to user unchanged.
  • Added rules-updater.pl script and configuration file to allow users to automatically download CRS rules from the CRS rules repository.
  • Added new SQLi keyword for ciel() and reverse() functions.
  • Updated the PHPIDS filters.
Release License: GNU General Public License - Version 2.0
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Main links:
Release Rating: Yellow button.JPG Not Reviewed - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.

Retrieved from "https://wiki.owasp.org/index.php?title=Projects/OWASP_ModSecurity_Core_Rule_Set_Project/Releases/ModSecurity_2.0.7&oldid=88302"