I just pushed security/bugfix updates for mod_security 2.7.1-3 and mod_security_crs 2.2.6-3 packages, if you are using them please test and provide karma in bodhi.
Note: there's no packages for EPEL5 because of the old libxml2 in RHEL5/CentOS5.
Update: I've pushed an update with backported fixes (from 2.7) in EPEL5, please test. https://admin.fedoraproject.org/updates/mod_security-2.6.8-2.el5
Update: I've pushed an update with backported fixes (from 2.7) in EPEL5, please test. https://admin.fedoraproject.org/updates/mod_security-2.6.8-2.el5
- https://admin.fedoraproject.org/updates/mod_security-2.7.1-3.el6,mod_security_crs-2.2.6-3.el6
- https://admin.fedoraproject.org/updates/mod_security_crs-2.2.6-3.fc17,mod_security-2.7.1-3.fc17
- https://admin.fedoraproject.org/updates/mod_security_crs-2.2.6-3.fc18,mod_security-2.7.1-3.fc18
Details:
- Update to 2.7.1
- Update Core rules set to 2.2.6
- Fix build against libxml2 >= 2.9 (upstreamed)
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)