ModSecurity

There is an improper error handling in previous versions, see CVE 2025-54571. This release includes a fix for it.

Full list of changes:

• fix: Improper error handling [PR from private repo - @orangetw, @pgajdos, @ylavic, @theseion, @fzipi, @airween fixed CVE-2025-54571]
• fix: mod_security2's regression tests [Issue #3425 - @airween]
• fix: remove unused condition from msc_status_engi...

Changes in v2.9.11:

There is a DoS vulnerability in previous versions, see CVE 2025-52891. This release includes a fix for it.

Full list of changes:

• fix: prevent segmentation fault if the XML node is empty [PR from private repo - @theseion, @fzipi, @RedXanadu, @airween; fixed CVE-2025-52891]
• Plug memory leak when msre_op_validateSchema_execute() exits normally (validateSche...

Changes in v2.9.10:

There is a DoS vulnerability in previous versions, see CVE 2025-48866. This release includes a fix for it.

• fix: DoS vulnerability [PR from private repo - @theseion, @fzipi, @airween; fixed CVE-2025-48866]

Changes in v2.9.9:

There is a DoS vulnerability in previous versions, see CVE 2025-47947. This release includes a fix for it.

• fix: DoS vulnerability [PR from private repo - @theseion, @fzipi, @airween; fixed CVE-2025-47947]
• chore: log error codes for global mutex failure modes. [Issue #3387 - @airween]
• chore: refactor build system to use PCRE2 [Issue #3383 - @airween]
• f...

Major changes in v3:

• changed t:htmlEntityDecode transformation; fixed CVE-2025-27110
• add value checking to @validateByteRange operator
• fixed build library on OSX without GeoIP brew package
• aligned TIME_MON variable's behavior
• Leverage std::make_unique & std::make_shared to create objects in the heap
• Simplified handling of RuleMessage by removing usage of `std::shared_...