Bug fixes
- Fix buffer size for utf8toUnicode transformation
[Issue #1208 - @katef, @victorhora] - Fix sanitizing JSON request bodies in native audit log format
[p0pr0ck5, @victorhora] - Fix NetBSD build by renaming the hmac function to avoid conflicts
[Issue #1241 - @victorhora, @joerg, @sevan] - IIS: Windows build, fix duplicate YAJL dir in script
[Issue #1612 - @allanbomsft, @victorhora] - Fix mpm-itk / mod_ruid2 compatibility
[Issue #712 - @ju5t , @derhansen, @meatlayer, @victorhora] - potential off by one in parse_arguments
[Issue #1799 - @tinselcity, @zimmerle] - Fix utf-8 character encoding conversion
[Issue #1794 - @tinselcity, @zimmerle] - Fix ip tree lookup on netmask content
[Issue #1793 - @tinselcity, @zimmerle] - build: fix when multiple lines for curl version
[Issue #1771 - @Artistan] - Fixes SecConnWriteStateLimit
[Issue #1545 - @nicjansma] - Adds missing headers
[Issue #1454 - @devnexen]
Improvements
- Allow 0 length JSON requests.
[Issue #1822 - @allanbomsft, @zimmerle, @victorhora, @marcstern] - Include unanmed JSON values in unnamed ARGS
[Issue #1577, #1576 - @marcstern, @victorhora, @zimmerle] - IIS: Update Wix installer to bundle a supported CRS version (3.0)
[@victorhora, @zimmerle] - IIS: Update dependencies for Windows build
[Issue #1848 - @victorhora, @hsluoyz] - IIS: Set SecStreamInBodyInspection by default on IIS builds (#1299)
[Issue #1299 - @victorhora] - IIS: Update modsecurity.conf
[Issue #788 - @victorhora, @brianclark] - Add sanity check for a couple malloc() and make code more resilient
[Issue #979 - @dogbert2, @victorhora, @zimmerle] - IIS: Remove body prebuffering due to no locking in modsecProcessRequest
[Issue #1917 - @allanbomsft, @victorhora] - Code cosmetics: checks if actionset is not null before use it
[Issue #1556 - @marcstern, @zimmerle, @victorhora] - Only generate SecHashKey when SecHashEngine is On
[Issue #1671 - @dmuey, @monkburger, @zimmerle] - Docs: Reformat README to Markdown and update dependencies
[Issue #1857 - @hsluoyz, @victorhora] - IIS: no lock on ProcessRequest. No reload of config.
[Issue #1826 - @allanbomsft] - IIS: buffer request body before taking lock
[Issue #1651 - @allanbomsft] - good practices: Initialize variables before use it
[Issue #1889 - Marc Stern] - Let body parsers observe SecRequestBodyNoFilesLimit
[Issue #1613 - @allanbomsft] - IIS: set overrideModeDefault to Allow so that individual websites can
add <ModSecurity ...> to their web.config file
[Issue #1781 - @default-kramer] - modsecurity.conf-recommended: Fix spelling
[Issue #1721 - @padraigdoran] - Fix arabic charset in unicode_mapping file
[Issue #1619 - @alaa-ahmed-a] - Optionally preallocates memory when SecStreamInBodyInspection is on
[Issue #1366 - @allanbomsft, @zimmerle] - Fixed typo in build_yajl.bat
[Issue #1366 - @allanbomsft] - Added "empy chunk" check
[Issue #1347, #1446 - @gravagli, @bostrt, @zimmerle] - Add capture action to @detectXSS operator
[Issue #1488, #1482 - @victorhora] - Fix for wildcard operator when loading conf files on Nginx / IIS
[Issue #1486, #1285 - @victorhora and @thierry-f-78] - Set of fixies to make windows build workable with the buildbots
[Commit 94fe3 - @zimmerle] - Uses LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH
[Issue #1510 - @marcstern]