owasp-modsecurity/ModSecurity v3.0.14

on GitHub

Major changes in v3:

• changed t:htmlEntityDecode transformation; fixed CVE-2025-27110
• add value checking to @validateByteRange operator
• fixed build library on OSX without GeoIP brew package
• aligned TIME_MON variable's behavior
• Leverage std::make_unique & std::make_shared to create objects in the heap
• Simplified handling of RuleMessage by removing usage of std::shared_ptr
• Simplified constructors, copy constructors & assignment operators

For more information please see CHANGES.