ModSecurity-nginx/CHANGES at master · owasp-modsecurity/ModSecurity-nginx · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
v1.0.4 - 2025-May-21
--------------------

  - feat: set correct hostname in log produced by Nginx
    [PR #353 - @airween]
  - chore: fix build error with newer GCC's
    [PR #352 - @liudongmiao, @airween]
  - fix: recovery context after internal redirect, re-add #273
    [PR #346 - @liudongmiao, @airween]
  - feat: Add more tests for CI
    [PR #345 - @theseion, @airween]
  - Add support to build ModSecurity-nginx on Windows
    [PR #321 - @eduar-hte]
  - fix: Added missing header for conftest
    [PR #320 - @airween]
  - feat: Add engine info to startup log
    [PR #319 - @airween]
  - feat: added initial Github CI workflow
    [PR #318 - @theseion, @airween]
  - Add editorconfig to help OSS contributors
    [PR #302 - @brandonpayton]

v1.0.3 - 2022-May-24
--------------------

 - Support http protocol versions besides 0.9, 1.0, 1.1, 2.0
   [Issue #224 - @HQuest, @martinhsv]
 - Support for building with nginx configured with PCRE2
   [Issue #260 - @defanator]

v1.0.2 - 2021-Jun-02
--------------------

 - Fix auditlog in case of internal redirect
   [Issue #90 - @AirisX, @defanator]
 - Fix nginx sends response without headers
   [Issue #238 - @airween, @defanator]
 - Fix nginx not clearing body cache (caused by incomplete fix for #187)
   [Issue #216 - @krewi1, @martinhsv]
 - Fix config setting not respected: client_body_in_file_only on
   [Issue #187 - @martinhsv]
 - Fix audit_log not generated for disruptive actions
   [Issue #170, #2220, #2237 - @victorhora]
 - Exit more gracefully if uri length is zero
   [@martinhsv]

v1.0.1 - 2019-Dec-16
--------------------

 - Fixed obtaining of server_addr
   [Issue #167, #168 - @defanator]
 - Avoid processing of subrequests initiated by the error_page
   [Issue #76, #164, #165 - @defanator]
 - Tests: extend request body tests
   [Issue #142,#143 - @defanator]
 - Added basic tests over HTTP/2
   [Issue #145 - @defanator]
 - Module configuration refactoring
   [Issue #139 - @defanator]
 - Restore r->write_event_handler after reading request body
   [Issue #131 - @defanator]
 - Increase log level for disruptive actions to "error"
   [Issue #112 - @victorhora]
 - Support for generating transaction ID in nginx
   [Issue #126 - @defanator]
 - Extend request body tests with ARGS_POST case
   [Issue #124 - @defanator]
 - Fix tests after 42a472a change in library
   [Issue #122 - @defanator]
 - Fix processing of response body when gzip compression is enabled
   [Issue #107 - @turchanov]
 - Fixed processing of response body chunks in
   ngx_http_modsecurity_body_filter.
   [Issue #105 - @turchanov, @defanator]
 - Fix incorrect handling of request/response body data chain of ngx_buf_t
   buffers
   [Issue #104 - @turchanov, @defanator]
 - Pool pointer is now handled in ngx_http_modsecurity_config_cleanup
   [Issue #87 - @AirisX, @defanator, @zimmerle]
 - Fix memory leak in intervention processing
   [Issue #100 - @defanator]
 - Emit connector version in error log
   [Issue #88 - @defanator]
 - Fixed memory leak on config cleanup.
   [Issue #80 - @AirisX, @defanator]


v1.0.0 - 2017-Dec-20
--------------------

 - First version of ModSecurity-nginx connector