Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package modsecurity for openSUSE:Factory checked in at 2022-06-01 17:34:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/modsecurity (Old) and /work/SRC/openSUSE:Factory/.modsecurity.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "modsecurity" Wed Jun 1 17:34:41 2022 rev:4 rq:980136 version:3.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/modsecurity/modsecurity.changes 2020-07-30 15:49:23.494041473 +0200 +++ /work/SRC/openSUSE:Factory/.modsecurity.new.1548/modsecurity.changes 2022-06-01 17:35:00.150764941 +0200 @@ -1,0 +2,24 @@ +Fri Feb 25 12:15:57 UTC 2022 - Ferdinand Thiessen <r...@fthiessen.de> + +- Update to version 3.0.6 + * Security issue: Support configurable limit on depth of JSON + parsing, possible DoS issue. CVE-2021-42717 +- Update to version 3.0.5 + * New: Having ARGS_NAMES, variables proxied + * Fix: FILES variable does not use multipart part name for key + * GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE + * Support configurable limit on number of arguments processed + * Adds support to lua 5.4 + * Add support for new operator rxGlobal + * Fix: Replaces put with setenv in SetEnv action + * Fix: Regex key selection should not be case-sensitive + * Fix: Only delete Multipart tmp files after rules have run + * Fixed MatchedVar on chained rules + * Fix IP address logging in Section A + * Fix: rx: exit after full match (remove /g emulation); ensure + capture groups occuring after unused groups still populate TX vars + * Fix rule-update-target for non-regex + * Fix Security Impacting Issues: + * Handle URI received with uri-fragment, CVE-2020-15598 + +------------------------------------------------------------------- Old: ---- modsecurity-v3.0.4.tar.gz New: ---- modsecurity-v3.0.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ modsecurity.spec ++++++ --- /var/tmp/diff_new_pack.pST4c4/_old 2022-06-01 17:35:00.690765579 +0200 +++ /var/tmp/diff_new_pack.pST4c4/_new 2022-06-01 17:35:00.698765589 +0200 @@ -1,7 +1,7 @@ # # spec file for package modsecurity # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: modsecurity -Version: 3.0.4 +Version: 3.0.6 Release: 0 Summary: Web application firewall engine License: BSD-2-Clause ++++++ modsecurity-v3.0.4.tar.gz -> modsecurity-v3.0.6.tar.gz ++++++ ++++ 58820 lines of diff (skipped)