Availability of ModSecurity 2.7.4: Nginx Stable Release
The ModSecurity Development Team is pleased to announce the availability of . This release includes many bug fixes and the NGINX module version is now labled as STABLE.
Important Security Fix - There is a security issue fixed with this release, please check for more information. Upgrading is high recommended.
We also added support for the library as a new operator called . I will be doing a separate blog post on libinjection as it deserves more attention.
Please see the release notes included in the file. For known problems and more information about bug fixes, please see the . You can optionally report any bug to .
Google Summer of Code Participation
OWASP is again participating Organization in program which provides stipends to student developers to write code for approved open source projects. I am excited to announce that one of OWASP's GSoC slots was awarded to who will be working on a ! Here is the ABSTRACT:
The goal of this GSOC project is to have a ModSecurity version that can be used within Java servers (e.g. Tomcat). In order to achieve this, the standalone C code will be wrapped using the JNI framework and the resulting ModSecurity Java project will be used as a module for Tomcat server. Also, we will collaborate with the OWASP WebGoat team in order to integrate ModSecurity for Java into it.
Mihai's complete submission is . The main problem this project solves is that you will no longer have to front-end your Java app servers with a reverse proxy in order to gain ModSecurity protections! ModSecurity standalone code will use JNI to hook into Java servers (Tomcat, Spring, Stuts, etc...) as a Servlet Filter.
If you want to follow along with our GSoC development over the summer, you can check out .