Home > Others

Modsecurity updates: nginx stable release and Google summer of code participant

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Availability of modsecurity 2.7.4: nginx stable release

The
Modsecurity development team is pleased to announce the availability of modsecurity 2.7.4 stable release. This release includes des fixing bug fixes and the nginx module version
Is now LabledStable.

Important security fix-there is a security issue fixed with this release, please check CVE-2013-2765 for more information. Upgrading is high recommended.

We also added support for
Libinjection library as a new operator called
@ Detectsqli. I will be doing a separate blog post on libinjection as it deserves more attention.

Please see the release notes stored in the changes file. For known problems and more information about bug fixes, please see
Modsecurity Jira. You can optionally report any bug to mod-security-developers@lists.sourceforge.net.

Google summer of Code participation

OWASP
Is again participant ipating organization in
Google's summer of code (gsoc) program which provides stipends to student developers to write code for approved open source projects. I am excited to announce that one of OWASP's gsoc slots was awarded
Mihai pitu who will be working on

Java port of modsecurity! Here is the Abstract:

The goal of this gsoc project is to have a modsecurity version that can be used within Java servers (e.g. tomcat ). in order to achieve this, the standalone C code will be wrapped using the JNI framework and the resulting modsecurity Java project will
Be used as a module for Tomcat server. Also, we will collaborate with the OWASP webgoat team in order to integrate modsecurity for Java into it.

Mihai's complete submission is
Here. The main problem this project solves is that you will no longer have to front-end your Java app servers with a reverse proxy in order to gain modsecurity protections! Modsecurity standalone code will use JNI to hook into Java servers (tomcat, spring,
Stuts, Etc...) as a servlet filter.

If you want to follow along with our gsoc development over the summer, you can check out
Mihai's GitHub repo.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More