New features
- Having ARGS_NAMES, variables proxied
[@zimmerle, @martinhsv, @KaNikita] - Use explicit path for cross-compile environments.
[Issue #2485 - @dtoubelis] - Fix: FILES variable does not use multipart part name for key
[Issue #2377 - @martinhsv] - Regression: Mark the test as failed in case of segfault.
[@zimmerle] - GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
[Issues #2378, #2186 - @defanator] - Add support to test framework for audit log content verification
and add regression tests for issues #2000, #2196 - Support configurable limit on number of arguments processed
[Issue #2234 - @jleproust, @martinhsv] - Multipart Content-Dispostion should allow field: filename*=
[@martinhsv] - Adds support to lua 5.4
[@zimmerle] - Add support for new operator rxGlobal
[@martinhsv]
Bug fixes
- Replaces put with setenv in SetEnv action
[Issue #2469 - @martinhsv, @WGH-, @zimmerle] - Regex key selection should not be case-sensitive
[Issue #2296, #2107, #2297 - @michaelgranzow-avi, @victorhora,
@airween, @martinhsv, @zimmerle] - Fix: Only delete Multipart tmp files after rules have run
[Issue #2427 - @martinhsv] - Fixed MatchedVar on chained rules
[Issue #2423, #2435, #2436 - @michaelgranzow-avi] - Fix maxminddb link on FreeBSD
[Issue #2131 - @granalberto, @zimmerle] - Fix IP address logging in Section A
[Issue #2300 - @inaratech, @zavazingo, @martinhsv] - rx: exit after full match (remove /g emulation); ensure capture
groups occuring after unused groups still populate TX vars
[Issue #2336 - @martinhsv] - Correct CHANGES file entry for #2234
- Fix rule-update-target for non-regex
[Issue #2251 - @martinhsv] - Fix configure script when packaging for Buildroot
[Issue #2235 - @frankvanbever] - modsecurity.pc.in: add Libs.private
[Issue #1918, #2253 - @ffontaine, @Dridi, @victorhora]
Security Impacting Issues
- Handle URI received with uri-fragment
[@martinhsv]