Security impacting issue
- Change REQUEST_FILENAME and REQUEST_BASENAME behavior
[Issue #3048 - @martinhsv, @theMiddleBlue, @theseion, @M4tteoP, @airween]
WAF bypass of the ModSecurity v3 release line for path-based payloads by submitting a specially crafted request URL. For details, see CVE 2024-1019.
Enhancements and bug fixes
- Set the minimum security protocol version (TLSv1.2) for SecRemoteRules
[Issue security/code-scanning/2 - @airween]