Note: additional information on the release and some of the key changes will be published separately in short order.
New features and security impacting issues
- Adjust parser activation rules in modsecurity.conf-recommended
[Issue #2799 - @terjanq, @martinhsv] - Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
[Issue #2797 - @terjanq, @martinhsv]
Bug fixes
- Limit rsub null termination to where necessary
[Issue #2794 - @marcstern, @martinhsv] - IIS: Update dependencies for next planned release
[@martinhsv] - XML parser cleanup: NULL duplicate pointer
[Issue #2760 - @martinhsv] - Properly cleanup XML parser contexts upon completion
[Issue #2239 - @argenet] - Fix memory leak in streams
[Issue #2208 - @marcstern, @vloup, @JamesColeman-LW] - Fix: negative usec on log line when data type long is 32b
[Issue #2753 - @ABrauer-CPT, @martinhsv] - mlogc log-line parsing fails due to enhanced timestamp
[Issue #2682 - @bozhinov, @ABrauer-CPT, @martinhsv] - Allow no-key, single-value JSON body
[Issue #2735 - @marcstern, @martinhsv] - Set SecStatusEngine Off in modsecurity.conf-recommended
[Issue #2717 - @un99known99, @martinhsv] - Fix memory leak that occurs on JSON parsing error
[Issue #2236 @argenet, @vloup, @martinhsv] - Multipart names/filenames may include single quote if double-quote enclosed
[Issue #2352 @martinhsv] - Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
[Issue #2647 @theMiddleBlue, @airween, @877509395 ,@martinhsv]