Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package modsecurity for openSUSE:Factory 
checked in at 2022-06-01 17:34:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/modsecurity (Old)
 and      /work/SRC/openSUSE:Factory/.modsecurity.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "modsecurity"

Wed Jun  1 17:34:41 2022 rev:4 rq:980136 version:3.0.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/modsecurity/modsecurity.changes  2020-07-30 
15:49:23.494041473 +0200
+++ /work/SRC/openSUSE:Factory/.modsecurity.new.1548/modsecurity.changes        
2022-06-01 17:35:00.150764941 +0200
@@ -1,0 +2,24 @@
+Fri Feb 25 12:15:57 UTC 2022 - Ferdinand Thiessen <r...@fthiessen.de>
+
+- Update to version 3.0.6
+  * Security issue: Support configurable limit on depth of JSON
+    parsing, possible DoS issue. CVE-2021-42717
+- Update to version 3.0.5
+  * New: Having ARGS_NAMES, variables proxied
+  * Fix: FILES variable does not use multipart part name for key
+  * GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
+  * Support configurable limit on number of arguments processed
+  * Adds support to lua 5.4
+  * Add support for new operator rxGlobal
+  * Fix: Replaces put with setenv in SetEnv action
+  * Fix: Regex key selection should not be case-sensitive
+  * Fix: Only delete Multipart tmp files after rules have run
+  * Fixed MatchedVar on chained rules
+  * Fix IP address logging in Section A
+  * Fix:  rx: exit after full match (remove /g emulation); ensure
+    capture groups occuring after unused groups still populate TX vars
+  * Fix rule-update-target for non-regex
+  * Fix Security Impacting Issues:
+    * Handle URI received with uri-fragment, CVE-2020-15598
+
+-------------------------------------------------------------------

Old:
----
  modsecurity-v3.0.4.tar.gz

New:
----
  modsecurity-v3.0.6.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ modsecurity.spec ++++++
--- /var/tmp/diff_new_pack.pST4c4/_old  2022-06-01 17:35:00.690765579 +0200
+++ /var/tmp/diff_new_pack.pST4c4/_new  2022-06-01 17:35:00.698765589 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package modsecurity
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           modsecurity
-Version:        3.0.4
+Version:        3.0.6
 Release:        0
 Summary:        Web application firewall engine
 License:        BSD-2-Clause

++++++ modsecurity-v3.0.4.tar.gz -> modsecurity-v3.0.6.tar.gz ++++++
++++ 58820 lines of diff (skipped)

Reply via email to