Unclaimed project

Are you a maintainer of ModSecurity? Claim this project to take control of your public changelog and roadmap.

Changelog

ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

owasp-modsecurity/ModSecurity·

9.6k1.7kC++Apache-2.0

·Website

apacheapache2modsecuritynginxwaf

Last updated 18 days ago

Back to changelog

NewJuly 1, 2025

v2.9.11

Changes in v2.9.11:

There is a DoS vulnerability in previous versions, see CVE 2025-52891. This release includes a fix for it.

Full list of changes:

fix: prevent segmentation fault if the XML node is empty [PR from private repo - @theseion, @fzipi, @RedXanadu, @airween; fixed CVE-2025-52891]
Plug memory leak when msre_op_validateSchema_execute() exits normally (validateSchema) [Issue #3401 - @nic-prgs]
chore: bump version in MSI installer.wxs [Issue #3400 - @airween]
Fix resource leaks in msc_status_engine_mac_address [Issue #3391 - @amezin]