ModSecurity is announcing the release of versions 2.9.6 and 3.0.8: trustwave.com/en-us/resource… Watch for more info in the days ahead.

ModSecurity is announcing the release of version 2.9.7: trustwave.com/en-us/resource…

ModSecurity is announcing the release of version 3.0.9: trustwave.com/en-us/resource…

ModSecurity has released version 3.0.10: github.com/SpiderLabs/Mod…

ModSecurity is announcing the release of version 3.0.11: trustwave.com/en-us/resource…

.Trustwave #Spiderlabs has transferred ModSecurity to @OWASP on Jan 25. The preliminary website of #OWASP #ModSecurity is at owasp.org/www-project-mo… The repo is at github.com/owasp-modsecur… OWASP ModSecurity will release version 3.0.12 later today (security fix).

The new #OWASP ModSecurity team is happy to report that we successfully published libModSecurity 3.0.12. The first release done by the new organization. This is a fix for #CVE 2024-1019. Details and all the links at owasp.org/www-project-mo…

.theMiddle describes CVE-2024-1019 in greater detail and points out how #ModSecurity v2 users can be affected by a related problem depending on the rules being used. blog.sicuranext.com/modsecurity-pa…

Valentine’s Day present from the first Core Rule Set chat of 2024: #CRS v4 to be released on Wednesday, February 14! In other news: due to a lack of capacity, CRS will skip this year’s Google Summer of Code. See the chat agenda with decisions here: github.com/coreruleset/co…

Congratulations on version 3.1.0 Coraza WAF!

Hear our project co-lead Christian Folini / @[email protected] talk about the dramatic story that lead ModSecurity to @OWASP. This is an online presentation later this week on Thu 15th, 7pm CET with the OWASP® Foundation_NL chapter.

Congratulations on a great #CRS4 release, @coreruleset. It's awesome to live under the same #OWASP roof.

Our co-lead Christian Folini / @[email protected] will do an online OWASP ModSecurity presentation today at 19:00 CET with the OWASP Netherlands chapter. You can watch this live at youtube.com/watch?v=G_av5t… It's the first account of how ModSecurity moved under the OWASP roof and what the plans of the new team are.

Technical problems with Youtube for my OWASP ModSecurity presentation starting now. Organizers invite everybody directly into zoom call: us06web.zoom.us/j/85452777497?…

Core Rule Set #CRS is largely underestimated by new OpSec. Thanks for your work ;-)

This is a bit of a portrait of the #OWASP #WAF projects I am co-leading. Translation should be easy if you do not read German. CC @coreruleset, ModSecurity

Please save the date: we would like to organize a mini-event on June 5, 2024, where we can meet everyone in person and discuss future tasks. The venue is Leuven, Belgium - the exact location has yet to be determined. We will meet around 13:00 and will leave about 18:00.

The CRS project has released version 4.6.0 for CRS 4 and version 3.3.6 for CRS 3. The new releases tackle two multipart file upload bypass methods. All users are requested to update to the new releases. Read more and get the new releases: coreruleset.org/20240829/crs-v…

modsecurity.org/20240830/modse… After a long period, the modsecurity.org website is available again with renewed content and form.

New versions of ModSecurity have been released, see the blog post: modsecurity.org/20240903/new-v…