modsecurity/3.0.13 package update #27701

octo-sts · 2024-09-06T00:02:52Z

Signed-off-by: wolfi-bot <[email protected]>

github-actions · 2024-09-06T00:09:40Z

Package modsecurity: Click to expand/collapse

Package modsecurity:
Added: /usr/lib/libmodsecurity.so.3.0.13
Modified: /usr/bin/modsec-rules-check
Modified: /usr/include/modsecurity/actions/action.h
Modified: /usr/include/modsecurity/anchored_set_variable_translation_proxy.h
Modified: /usr/include/modsecurity/anchored_variable.h
Modified: /usr/include/modsecurity/modsecurity.h
Modified: /usr/include/modsecurity/rule.h
Modified: /usr/include/modsecurity/rule_message.h
Modified: /usr/include/modsecurity/rule_with_actions.h
Modified: /usr/include/modsecurity/rule_with_operator.h
Modified: /usr/include/modsecurity/rules_set.h
Modified: /usr/include/modsecurity/rules_set_properties.h
Modified: /usr/include/modsecurity/transaction.h
Modified: /usr/include/modsecurity/variable_origin.h
Modified: /usr/include/modsecurity/variable_value.h
Modified: /usr/lib/pkgconfig/modsecurity.pc
Deleted: /usr/lib/libmodsecurity.so.3.0.12

Package modsecurity-static: Click to expand/collapse

Package modsecurity-static:
Modified: /usr/lib/libmodsecurity.a

Package modsecurity-config: Click to expand/collapse

Package modsecurity-config:
Modified: /etc/modsecurity/modsecurity.conf-concurrent
Modified: /etc/modsecurity/modsecurity.conf-recommended

bincapz found differences: Click to expand/collapse

Deleted: modsecurity/usr/lib/libmodsecurity.so.3.0.12 [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	evasion/base64/decode	decode base64 strings	base64_decode
-MEDIUM	net/download	download files	- Failed to download
-MEDIUM	net/http/cookies	access HTTP resources using cookies	Cookie HTTP
-MEDIUM	net/http/form/upload	upload content via HTTP form	POST application/x-www-form-urlencoded
-MEDIUM	net/http/post	submit content to websites	HTTP POST http
-MEDIUM	net/ip/parse	parses IP address (IPv4 or IPv6)	inet_pton
-MEDIUM	net/ip/string	converts IP address from byte to string	inet_ntoa
-MEDIUM	net/upload	uploads files	UPLOAD_DIR UPLOAD_FILE_LIMIT UPLOAD_FILE_MODE UploadFileLimit UploadKeepFiles
-MEDIUM	net/url/encode	encodes URL, likely to pass GET variables	urlencode
-MEDIUM	ref/words/intercept	References interception	intercepted
-LOW	crypto/aes	Supports AES (Advanced Encryption Standard)	AES
-LOW	encoding/base64	Supports base64 encoded strings	base64
-LOW	fs/directory/create	creates directories	mkdir
-LOW	fs/file/delete	deletes files	unlink
-LOW	fs/permission/modify	modifies file permissions	fchmod
-LOW	hash/md5	Uses the MD5 signature format	md5:
-LOW	kernel/platform	system identification	uname
-LOW	net/hostport/parse	Network address and service translation	freeaddrinfo getaddrinfo
-LOW	net/http/request	makes HTTP requests	User-Agent
-LOW	net/socket/listen	listen on a socket	accept socket
-LOW	net/url	Handles URL strings	RequestURI
-LOW	process/thread_local_storage	Uses glibc thread local storage	__tls_get_addr
-LOW	process/userid/set	set real and effective user ID of current process	setuid
-LOW	random/insecure	generate random numbers insecurely	srand
-LOW	ref/words/password	references a 'password'	sp_password

Deleted: modsecurity-static/var/lib/db/sbom/modsecurity-static-3.0.12-r1.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/download	download files	downloadLocation
-LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/5ea1ec3a09df123b119ccded7e91

Deleted: modsecurity/var/lib/db/sbom/modsecurity-3.0.12-r1.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/download	download files	downloadLocation
-LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/8d92cdc2e3a8937b976cb876c317

Added: modsecurity/usr/lib/libmodsecurity.so.3.0.13 [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	evasion/base64/decode	decode base64 strings	base64_decode
+MEDIUM	net/download	download files	- Failed to download DOWNLOADING
+MEDIUM	net/http/cookies	access HTTP resources using cookies	Cookie HTTP
+MEDIUM	net/http/form/upload	upload content via HTTP form	POST application/x-www-form-urlencoded
+MEDIUM	net/http/post	submit content to websites	HTTP POST http
+MEDIUM	net/ip/parse	parses IP address (IPv4 or IPv6)	inet_pton
+MEDIUM	net/ip/string	converts IP address from byte to string	inet_ntoa
+MEDIUM	net/upload	uploads files	UPLOAD_DIR UPLOAD_FILE_LIMIT UPLOAD_FILE_MODE UploadFileLimit UploadKeepFiles
+MEDIUM	net/url/encode	encodes URL, likely to pass GET variables	urlencode
+MEDIUM	ref/words/intercept	References interception	intercepted
+LOW	crypto/aes	Supports AES (Advanced Encryption Standard)	AES
+LOW	encoding/base64	Supports base64 encoded strings	base64
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/file/delete	deletes files	unlink
+LOW	fs/permission/modify	modifies file permissions	fchmod
+LOW	hash/md5	Uses the MD5 signature format	md5:
+LOW	kernel/platform	system identification	uname
+LOW	net/hostport/parse	Network address and service translation	freeaddrinfo getaddrinfo
+LOW	net/http/request	makes HTTP requests	User-Agent
+LOW	net/socket/listen	listen on a socket	accept socket
+LOW	net/url	Handles URL strings	RequestURI
+LOW	process/thread_local_storage	Uses glibc thread local storage	__tls_get_addr
+LOW	process/userid/set	set real and effective user ID of current process	setuid
+LOW	random/insecure	generate random numbers insecurely	srand
+LOW	ref/words/password	references a 'password'	sp_password

Added: modsecurity/var/lib/db/sbom/modsecurity-3.0.13-r0.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/download	download files	downloadLocation
+LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/3ca1c55bd7afde62d50440175977

Moved: modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.12-r1.spdx.json -> /tmp/wolfictl-apk-3935564753/modsecurity-static/var/lib/db/sbom/modsecurity-static-3.0.13-r0.spdx.json (similarity: 0.90)

Moved: modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.12-r1.spdx.json -> /tmp/wolfictl-apk-3935564753/modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.13-r0.spdx.json (similarity: 0.98)

philroche · 2024-09-06T08:38:42Z

Changes summay:
Total files changed: 300

Total changes: 16395
Total additions: 5832
Total deletions: 10563

Total commits: 236

Add editorconfig to help OSS contributors

Brandon Payton ([email protected]) @ 2023-05-05T13:15:27Z
fix: makes uri decode platform independent

Matteo Pace ([email protected]) @ 2023-11-08T16:32:41Z
Fix small comment spell

wangkai19 ([email protected]) @ 2023-12-14T09:30:11Z
Merge pull request prometheus-postgres-exporter/0.13.0 package update #3027 from StarryVae/comment-spell-fix

Marc Stern ([email protected]) @ 2024-02-01T09:50:38Z
Bump the C++ version from C++11 to C++17

Mirko Dziadzka ([email protected]) @ 2024-02-09T20:57:31Z
Logical, syntax and cosmetic fixes on test cases

Ervin Hegedus ([email protected]) @ 2024-02-11T09:14:40Z
Add new condition to test case

Ervin Hegedus ([email protected]) @ 2024-02-12T10:55:17Z
Revert "Add new condition to test case"

Ervin Hegedus ([email protected]) @ 2024-02-12T15:54:48Z
Merge pull request prometheus/2.45.0 package update #3080 from airween/v3/testfixes

Marc Stern ([email protected]) @ 2024-02-14T08:05:55Z
chore: update bug-report-for-version-3-x.md

Felipe Zipitría ([email protected]) @ 2024-02-20T14:01:32Z
chore: update bug-report-for-version-2-x.md

Felipe Zipitría ([email protected]) @ 2024-02-20T14:02:28Z
Merge pull request s2n-tls/1.3.46 package update #3086 from fzipi/patch-1

Ervin Hegedus ([email protected]) @ 2024-02-20T14:42:19Z
Merge pull request aws-cli/1.27.160 package update #3087 from fzipi/patch-2

Ervin Hegedus ([email protected]) @ 2024-02-20T15:09:33Z
fix: Change 'SecEngineStatus' to Off by default

Ervin Hegedus ([email protected]) @ 2024-02-22T13:03:04Z
docs: Add info about modification

Ervin Hegedus ([email protected]) @ 2024-02-22T13:04:49Z
Merge pull request vim/9.0.1656 package update #3092 from airween/v3/secstatusengoff

Christian Folini ([email protected]) @ 2024-02-22T17:47:21Z
Replace obsolete macros

Ervin Hegedus ([email protected]) @ 2024-02-25T21:01:07Z
Clean up 'return' never will be executed.

gberkes ([email protected]) @ 2024-02-26T08:49:05Z
Marked the process_request() function with the [[noreturn]] attribute, as pthread_exit() does not return.

gberkes ([email protected]) @ 2024-02-26T15:38:39Z
Merge pull request vim/9.0.1658 package update #3095 from airween/v3/buildmacros

Marc Stern ([email protected]) @ 2024-02-27T14:47:48Z
Merge pull request cilium-cli/0.14.8 package update #3079 from MirkoDziadzka/mirko-bump-c++-version

Ervin Hegedus ([email protected]) @ 2024-02-27T18:34:48Z
Refactor: Use pthread_exit(nullptr) instead of pthread_exit(NULL) for type safety.

gberkes ([email protected]) @ 2024-02-27T19:21:58Z
Merge pull request wolfi-bot/cilium-cli #3096 from gberkes/v3/sonar_return_never_will_be_executed

Ervin Hegedus ([email protected]) @ 2024-02-27T21:25:05Z
src/actions/transformations/hex_decode.cc: reduce the scope of variable in a for () loop

Elia Pinto ([email protected]) @ 2024-02-21T12:50:51Z
src/operators/verify_cc.cc: reduce the scope of variable in a for () loop

Elia Pinto ([email protected]) @ 2024-02-21T12:50:51Z
src/request_body_processor/multipart.cc: reduce the scope of variable in a for () loop

Elia Pinto ([email protected]) @ 2024-02-21T12:50:51Z
src/utils/acmp.cc: reduce the scope of variable in a for () loop

Elia Pinto ([email protected]) @ 2024-02-21T12:50:51Z
Merge pull request wolfi-bot/vulkan-headers #3098 from devzero2000/ep/scoped-for

Ervin Hegedus ([email protected]) @ 2024-03-01T20:43:00Z
Update CHANGES

Ervin Hegedus ([email protected]) @ 2024-03-01T20:55:21Z
Update CHANGES

Ervin Hegedus ([email protected]) @ 2024-03-01T21:25:55Z
Merge pull request vim/9.0.1660 package update #3101 from airween/v3/updatechanges

Christian Folini ([email protected]) @ 2024-03-02T09:41:37Z
Merge pull request Add py3-charset-normalizer #3016 from M4tteoP/uri_decode_invalid

Ervin Hegedus ([email protected]) @ 2024-03-05T15:11:01Z
Merge pull request fix: xtrans on x86_84 has a BAD signature #2898 from brandonpayton/add-editorconfig

Ervin Hegedus ([email protected]) @ 2024-03-05T15:13:07Z
Fix memleak in regression.cc

Ervin Hegedus ([email protected]) @ 2024-03-27T10:45:05Z
Fix memleak in rules-check.cc

Ervin Hegedus ([email protected]) @ 2024-03-27T10:45:36Z
Replace putenv by setenv

Ervin Hegedus ([email protected]) @ 2024-03-27T12:14:11Z
Code refactorization

Ervin Hegedus ([email protected]) @ 2024-03-27T15:19:38Z
Use make_unique to create unique ptr

Ervin Hegedus ([email protected]) @ 2024-03-27T15:33:05Z
Replaced variable type to 'auto'

Ervin Hegedus ([email protected]) @ 2024-03-27T15:39:32Z
Deleted redundant code in 'ModSecurity::serverLog(...)'.

gberkes ([email protected]) @ 2024-03-28T19:12:30Z
Changed 'euqal_range()' + loop by 'find()' in resolveFirst() methods

Ervin Hegedus ([email protected]) @ 2024-03-29T15:32:34Z
Optimized variable handling

Ervin Hegedus ([email protected]) @ 2024-03-31T12:14:45Z
fix(rbl): typo in rbl check selector

Felipe Zipitria ([email protected]) @ 2024-04-22T13:23:28Z
Merge pull request iproute2/6.4.0 package update #3127 from fzipi/fix-rbl-check

Ervin Hegedus ([email protected]) @ 2024-04-22T13:56:25Z
fix: update submodule url

Felipe Zipitria ([email protected]) @ 2024-04-22T18:56:40Z
Merge pull request maven/3.9.3 package update #3128 from fzipi/update-submodules

Ervin Hegedus ([email protected]) @ 2024-04-23T08:54:30Z
Enable inline suppressions in cppcheck

Eduardo Arias ([email protected]) @ 2024-04-28T02:25:53Z
Fixed memory leak in examples/reading_logs_via_rule_message

Eduardo Arias ([email protected]) @ 2024-04-28T14:42:05Z
Removed unnecessary cppcheck suppression and r-value reference as copy should be avoidded by RVO

Eduardo Arias ([email protected]) @ 2024-04-27T21:00:28Z
Minor updates to simplify code and remove cppcheck suppressions

Eduardo Arias ([email protected]) @ 2024-04-28T15:01:20Z
Address cppcheck suppressions in lmdb

Eduardo Arias ([email protected]) @ 2024-04-28T15:43:02Z
Removed unnecessary break after return

Eduardo Arias ([email protected]) @ 2024-04-28T15:50:58Z
Removed unmatchedSuppression entries

Eduardo Arias ([email protected]) @ 2024-04-28T16:08:39Z
Inline cppcheck suppressions

Eduardo Arias ([email protected]) @ 2024-04-28T14:34:37Z
Removed unused suppresion and avoid copy of logPath

Eduardo Arias ([email protected]) @ 2024-04-28T17:36:18Z
Removed unused suppressions

Eduardo Arias ([email protected]) @ 2024-04-28T17:37:56Z
Replace final three suppressions entries with line numbers

Eduardo Arias ([email protected]) @ 2024-04-30T01:28:42Z
Implement sonarcloud suggestions

Eduardo Arias ([email protected]) @ 2024-04-28T21:12:49Z
Merge pull request zarf/0.28.0 package update #3134 from eduar-hte/inline-cppcheck-suppressions

Ervin Hegedus ([email protected]) @ 2024-05-03T12:43:51Z
Updated included headers to support compilation on Windows (using Visual C++)

Eduardo Arias ([email protected]) @ 2024-04-23T14:46:29Z
Replaced usage of usleep (not available in Visual C++) with C++11's std::this_thread::sleep_for & std::chrono::microseconds.

Eduardo Arias ([email protected]) @ 2024-04-23T15:23:53Z
Replaced usage of apr_snprintf with snprintf (already in Windows exclusive code block)

Eduardo Arias ([email protected]) @ 2024-04-23T15:40:47Z
setenv is not available in Windows build, replaced with _putenv_s

Eduardo Arias ([email protected]) @ 2024-04-23T15:43:22Z
mkstemp is not available in Windows build, replaced with _mktemp_s plus _open.

Eduardo Arias ([email protected]) @ 2024-04-24T14:01:32Z
Minor changes to debug_log_writer

Eduardo Arias ([email protected]) @ 2024-04-23T15:57:28Z
On Windows use the operating system's native CA store for certificate verification of https requests.

Eduardo Arias ([email protected]) @ 2024-04-23T16:00:19Z
Added support for expandEnv, createDir & cpu_seconds on Windows

Eduardo Arias ([email protected]) @ 2024-04-23T17:55:39Z
Minor changes related to std::shared_ptr usage in RuleWithActions

Eduardo Arias ([email protected]) @ 2024-04-23T19:22:58Z
Updated references to coreruleset repository

Eduardo Arias ([email protected]) @ 2024-04-23T19:35:37Z
Fixed use after free in ModSecurity::processContentOffset

Eduardo Arias ([email protected]) @ 2024-04-23T20:10:47Z
Updated Env::evaluate to support case-insensitive environment variable names in Windows

Eduardo Arias ([email protected]) @ 2024-04-23T20:40:24Z
Added support to lock files on Windows and major rewrite to reintroduce reference counting and remove unused code.

Eduardo Arias ([email protected]) @ 2024-04-23T20:52:25Z
Added Windows build scripts using Build Tools for Visual Studio 2022 (MSVC compiler & CMake) and Conan package manager

Eduardo Arias ([email protected]) @ 2024-04-24T13:51:07Z
Updated case of winsock header files

Eduardo Arias ([email protected]) @ 2024-04-26T13:28:39Z
Use default keyword to implement constructor/destructor

Eduardo Arias ([email protected]) @ 2024-04-26T13:35:01Z
Replaced the use of "new" in find_resource

Eduardo Arias ([email protected]) @ 2024-04-26T13:50:24Z
Add link to Rust bindings in README (Add binutils-2.39 configuration #1)

Rohan Krishnaswamy ([email protected]) @ 2024-05-13T01:49:02Z
Configure test fixture using CTest for Windows build

Eduardo Arias ([email protected]) @ 2024-05-11T14:52:32Z
Added GitHub workflow to build libModSecurity on Windows.

Eduardo Arias ([email protected]) @ 2024-05-13T20:37:24Z
Add support to turn 3rd party dependencies off

Eduardo Arias ([email protected]) @ 2024-05-14T20:42:20Z
Merge pull request aws-cli/1.27.161 package update #3132 from eduar-hte/windows-port

Ervin Hegedus ([email protected]) @ 2024-05-15T13:00:16Z
Merge pull request newrelic-infrastructure-agent/1.43.2 package update #3141 from rkrishn7/v3/master

Ervin Hegedus ([email protected]) @ 2024-05-15T13:22:15Z
Add options nounistd & never-interactive to seclang-scanner.ll

Eduardo Arias ([email protected]) @ 2024-05-19T16:38:03Z
Added support to run regression tests without libxml2

Eduardo Arias ([email protected]) @ 2024-05-15T13:34:34Z
Separate workflow to run check-static (cppcheck) build step

Eduardo Arias ([email protected]) @ 2024-05-05T16:25:46Z
Update actions/checkout version to avoid deprecation warnings on GH workflow

Eduardo Arias ([email protected]) @ 2024-05-15T13:54:13Z
Update Windows build information after PR aws-cli/1.27.161 package update #3132

Eduardo Arias ([email protected]) @ 2024-05-19T21:10:25Z
Use SRC_DIR argument

Eduardo Arias ([email protected]) @ 2024-05-19T21:12:34Z
Updated .gitignore to ignore files generated in builds

Eduardo Arias ([email protected]) @ 2024-05-23T01:38:15Z
Updated GH Unix build configurations

Eduardo Arias ([email protected]) @ 2024-05-15T13:39:14Z
Merge pull request prometheus-postgres-exporter/0.13.1 package update #3144 from eduar-hte/gh-workflow-updates

Ervin Hegedus ([email protected]) @ 2024-05-23T12:53:09Z
Merge pull request stakater-reloader/1.0.28 package update #3146 from eduar-hte/seclang-scanner-nounistd

Ervin Hegedus ([email protected]) @ 2024-05-23T12:56:26Z
chore: add PR template

Felipe Zipitria ([email protected]) @ 2024-05-30T12:45:02Z
Merge pull request keycloak/21.1.2 package update #3160 from fzipi/v3/add-pull-request-template

Ervin Hegedus ([email protected]) @ 2024-05-30T13:36:53Z
Update libinjection to version v3.9.2-92-gb9fcaaf

Eduardo Arias ([email protected]) @ 2024-05-24T13:46:11Z
Replace Mbed TLS source code in repository with a submodule

Eduardo Arias ([email protected]) @ 2024-05-24T01:53:24Z
Merge pull request weaviate/1.19.10 package update #3161 from eduar-hte/others-update

Ervin Hegedus ([email protected]) @ 2024-07-10T14:35:40Z
Update README.md: use submodule and use benchmark tool

Ervin Hegedus ([email protected]) @ 2024-07-11T20:07:16Z
Content improve

Ervin Hegedus ([email protected]) @ 2024-07-12T07:15:19Z
Typo fixes

Ervin Hegedus ([email protected]) @ 2024-07-12T09:28:52Z
Typo fixes

Ervin Hegedus ([email protected]) @ 2024-07-12T16:09:33Z
Improve performance of VariableOrigin instances

Eduardo Arias ([email protected]) @ 2024-06-01T14:54:49Z
Removed unnecessary usage of heap-allocated VariableValue (m_var)

Eduardo Arias ([email protected]) @ 2024-06-01T18:37:37Z
Add script to download OWASP CRS v4 to run benchmark

Eduardo Arias ([email protected]) @ 2024-06-01T23:11:47Z
Merge pull request terraform/1.5.2 package update #3164 from eduar-hte/variable-origin

Ervin Hegedus ([email protected]) @ 2024-07-17T21:08:30Z
simplify submodules checkout (but fetch tags for git describe to work)

Eduardo Arias ([email protected]) @ 2024-07-17T23:19:10Z
fixed typo

Eduardo Arias ([email protected]) @ 2024-07-17T23:22:09Z
Fixing typo in Dockerfile

Behzad Eslami Tehrani ([email protected]) @ 2024-07-22T06:39:27Z
Merge pull request libwebp/1.3.1 package update #3189 from bitbehz/fix/typo-build-win32-dockerfile

Ervin Hegedus ([email protected]) @ 2024-07-25T16:08:08Z
Merge pull request nuclei was added #3185 from eduar-hte/git-describe

Ervin Hegedus ([email protected]) @ 2024-07-25T16:10:52Z
Provide a function to set 'hostname' field in log

Ervin Hegedus ([email protected]) @ 2024-07-29T20:07:26Z
Fix typos

Ervin Hegedus ([email protected]) @ 2024-07-31T12:23:52Z
Merge pull request prometheus-mysqld-exporter/0.15.0 package update #3117 from airween/v3/eualrangebyfind

Ervin Hegedus ([email protected]) @ 2024-07-31T13:46:54Z
Merge pull request Fix grype scan not getting subpackage name #3182 from airween/v3/readmeupdate

Ervin Hegedus ([email protected]) @ 2024-07-31T14:41:55Z
Merge branch 'owasp-modsecurity:v3/master' into v3/sethostname

Ervin Hegedus ([email protected]) @ 2024-08-01T20:35:44Z
Merge pull request add swaks #3203 from airween/v3/sethostname

Ervin Hegedus ([email protected]) @ 2024-08-02T07:44:13Z
Merge pull request fix subpackage names for libjpeg-turbo #3116 from gberkes/v3/remove_this_conditional_structure

Ervin Hegedus ([email protected]) @ 2024-08-02T14:33:07Z
Add PR's to CHANGES

Ervin Hegedus ([email protected]) @ 2024-08-03T14:23:26Z
Refactor: Ensure safe error handling by removing isolated throw; statements.

gberkes ([email protected]) @ 2024-08-04T20:04:07Z
Document the usage and the importance of assertions.

gberkes ([email protected]) @ 2024-08-04T20:13:58Z
Build System: Introduce Configurable Assertion Handling

gberkes ([email protected]) @ 2024-08-04T20:47:15Z
Fixed missing whitespace.

gberkes ([email protected]) @ 2024-08-04T20:55:42Z
Fixed extra whitespace.

gberkes ([email protected]) @ 2024-08-04T21:00:39Z
Merge pull request protobuf/3.23.3 package update #3207 from gberkes/v3/remove_this_throw_call_transaction_h_mk2

Ervin Hegedus ([email protected]) @ 2024-08-05T07:30:08Z
Update CHANGES

Ervin Hegedus ([email protected]) @ 2024-08-05T07:32:40Z
Merge branch 'v3/master' into v3/sonarmemleakfix

Ervin Hegedus ([email protected]) @ 2024-08-05T12:04:04Z
Add _putenv() in case of WIN32 port instead of setenv()

Ervin Hegedus ([email protected]) @ 2024-08-05T12:30:26Z
Build on macOS 14 arm64

Eduardo Arias ([email protected]) @ 2024-05-20T21:41:12Z
Added methods to free buffers allocated by ModSecurity APIs

Eduardo Arias ([email protected]) @ 2024-05-03T17:33:02Z
Fixed potential memory leak when there is an intervention and log or url is set.

Eduardo Arias ([email protected]) @ 2024-08-05T17:39:40Z
Fixed shared files deadlock in a multi-threaded Windows application

Eduardo Arias ([email protected]) @ 2024-08-05T15:49:06Z
Merge pull request traefik/2.10.3 package update #3208 from eduar-hte/macos-apple-silicon

Ervin Hegedus ([email protected]) @ 2024-08-06T12:40:34Z
Merge pull request weaviate/1.19.11 package update #3209 from eduar-hte/cleanup_api

Ervin Hegedus ([email protected]) @ 2024-08-06T13:40:48Z
Add newest changes

Ervin Hegedus ([email protected]) @ 2024-08-06T13:43:39Z
Merge pull request dgraph/23.0.0 package update #3210 from eduar-hte/shared-files-deadlock

Ervin Hegedus ([email protected]) @ 2024-08-06T15:35:41Z
Update CHANGES - added PR 3210

Ervin Hegedus ([email protected]) @ 2024-08-06T15:37:52Z
Do not assume ModSecurityIntervention argument to transaction::intervention has been initialized/cleaned

Eduardo Arias ([email protected]) @ 2024-08-05T18:18:35Z
Minor performance improvements setting up intervention's log

Eduardo Arias ([email protected]) @ 2024-08-06T13:32:52Z
Simplify parser error detection in testcase

Eduardo Arias ([email protected]) @ 2024-08-06T21:29:17Z
Merge pull request Compiling PHP with shared extensions #3211 from eduar-hte/secremoterules-regression

Ervin Hegedus ([email protected]) @ 2024-08-07T07:56:08Z
Refactor: moved 3 #include directives to the top of the file.

gberkes ([email protected]) @ 2024-08-07T08:39:06Z
Refactor: used the init-statement to declare "pos" inside the if statement.

gberkes ([email protected]) @ 2024-08-07T11:05:02Z
Merge pull request keda/2.11.1 package update #3213 from gberkes/v3/sonar_move_these_3_includes_to_the_top_of_the_file

Ervin Hegedus ([email protected]) @ 2024-08-07T12:29:34Z
Merge pull request goreleaser/1.19.1 package update #3214 from gberkes/v3/Use_the_init-statement_to_declare_pos_inside_the_if_statement

Ervin Hegedus ([email protected]) @ 2024-08-07T12:33:02Z
Update CHANGES; added newest PR's

Ervin Hegedus ([email protected]) @ 2024-08-07T12:40:56Z
Refactor: replaced 3 declarations with 3 structured binding declarations.

gberkes ([email protected]) @ 2024-08-07T15:55:30Z
Suppress cppcheck false positive unassignedVariable warning.

gberkes ([email protected]) @ 2024-08-07T19:05:47Z
Avoid duplicate definition of --enable-assertions=yes configure flag on Unix builds

Eduardo Arias ([email protected]) @ 2024-08-08T15:16:14Z
Merge pull request add libxkbfile #3212 from eduar-hte/defensive-intervention

Ervin Hegedus ([email protected]) @ 2024-08-08T15:45:34Z
Added PR add libxkbfile #3212

Ervin Hegedus ([email protected]) @ 2024-08-08T15:52:14Z
Merge pull request withdraw cdparanoia as release failed on arm #3217 from gberkes/v3/sonarcloud_Replace_this_declaration_by_a_structured_binding_declaration

Ervin Hegedus ([email protected]) @ 2024-08-08T15:55:09Z
Added PR withdraw cdparanoia as release failed on arm #3217

Ervin Hegedus ([email protected]) @ 2024-08-08T15:56:14Z
Simplifiy configuration to build libModSecurity with std C++17

Eduardo Arias ([email protected]) @ 2024-05-24T13:08:53Z
Creating a std::string with a null pointer is undefined behaviour.

Eduardo Arias ([email protected]) @ 2024-05-21T21:02:25Z
Merge pull request wolfi-bot/perl-http-negotiate #3114 from airween/v3/sonarmemleakfix

Ervin Hegedus ([email protected]) @ 2024-08-08T19:02:15Z
Added PR wolfi-bot/perl-http-negotiate #3114

Ervin Hegedus ([email protected]) @ 2024-08-08T19:03:10Z
Removed unnecessary dynamic_casts

Eduardo Arias ([email protected]) @ 2024-05-18T20:32:21Z
Initialize variable in if statement to avoid doing dynamic_cast twice

Eduardo Arias ([email protected]) @ 2024-08-08T19:49:48Z
Merge pull request add gst-plugins-base #3218 from eduar-hte/remove-dynamic-casts

Ervin Hegedus ([email protected]) @ 2024-08-09T15:24:55Z
Merge pull request cdparanoia add this back, tested locally after removing configure opt… #3219 from eduar-hte/cpp17

Ervin Hegedus ([email protected]) @ 2024-08-09T15:34:02Z
Merge pull request wolfi-bot/llvm-libunwind #3220 from eduar-hte/string-null

Ervin Hegedus ([email protected]) @ 2024-08-09T15:37:47Z
Added PR 3218, 3219, 3220

Ervin Hegedus ([email protected]) @ 2024-08-09T15:40:33Z
Prevent concurrent access to data structure in resolve methods

Eduardo Arias ([email protected]) @ 2024-08-07T15:33:03Z
Turn off LMDB by default in Windows build to align with defaults for other platforms

Eduardo Arias ([email protected]) @ 2024-08-07T18:50:55Z
Removed usage of pthreads and replaced with std C++ features

Eduardo Arias ([email protected]) @ 2024-08-07T20:54:58Z
Adding multithreaded example from issue pulumi/3.73.0 package update #3054 (by airween)

Eduardo Arias ([email protected]) @ 2024-08-09T17:56:36Z
toupper/tolower is already receiving a copy, so it doesn't need to create a new one to transform it

Eduardo Arias ([email protected]) @ 2024-04-29T00:45:34Z
Avoid creating a new std::string on the heap to create VariableValue

eduar-hte ([email protected]) @ 2024-05-18T16:55:41Z
Removed unnecessary copies

Eduardo Arias ([email protected]) @ 2024-05-30T16:32:16Z
Inline string functions

Eduardo Arias ([email protected]) @ 2024-05-25T00:11:21Z
Removed unused overload of dash_if_empty that sonarcloud flags as potential buffer overflow

Eduardo Arias ([email protected]) @ 2024-08-09T21:02:40Z
Fix regression test result; Add test to main test-suite list

Ervin Hegedus ([email protected]) @ 2024-08-12T16:46:19Z
Merge pull request fix -dev subpkg #3224 from airween/v3/sethostnametestfix

Ervin Hegedus ([email protected]) @ 2024-08-12T18:39:30Z
Avoid std::string copy in ssplit argument

Eduardo Arias ([email protected]) @ 2024-08-12T13:18:20Z
Check if the MP header contains invalid character

Ervin Hegedus ([email protected]) @ 2024-08-13T16:26:18Z
Merge pull request hugo-extended/0.115.0 package update #3222 from eduar-hte/remove-copies

Ervin Hegedus ([email protected]) @ 2024-08-13T17:25:11Z
Merge pull request Revert "add cdparanoia" #3216 from eduar-hte/inmemory-collection-shared-mutex

Ervin Hegedus ([email protected]) @ 2024-08-13T17:30:14Z
Update CHANGES

Ervin Hegedus ([email protected]) @ 2024-08-13T17:35:14Z
Removed unnecessary lock to call acmp_process_quick in Pm::evaluate

Eduardo Arias ([email protected]) @ 2024-08-09T16:41:37Z
Replace usage of std::ctime, which is not safe for use in multithreaded contexts

Eduardo Arias ([email protected]) @ 2024-08-12T14:58:06Z
Calculate sizes of strftime buffers based on format strings

Eduardo Arias ([email protected]) @ 2024-08-12T15:47:04Z
Added support to run unit tests in a multithreaded context

Eduardo Arias ([email protected]) @ 2024-08-09T13:54:35Z
Merge pull request ruby3.2-bundler/2.4.15 package update #3225 from airween/v3/mpinvcharreqbody

Ervin Hegedus ([email protected]) @ 2024-08-14T07:06:14Z
Added PR ruby3.2-bundler/2.4.15 package update #3225

Ervin Hegedus ([email protected]) @ 2024-08-14T07:07:33Z
Merge pull request hugo/0.115.0 package update #3221 from eduar-hte/unittest-multithreaded

Ervin Hegedus ([email protected]) @ 2024-08-14T10:18:07Z
Merge pull request ruby3.0-bundler/2.4.15 package update #3227 from eduar-hte/pm-operator-multithreading

Ervin Hegedus ([email protected]) @ 2024-08-14T10:36:54Z
Added PR ruby3.0-bundler/2.4.15 package update #3227

Ervin Hegedus ([email protected]) @ 2024-08-14T10:37:33Z
Merge pull request spirv-headers/1.3.250.1 package update #3228 from eduar-hte/asctime-multithread

Ervin Hegedus ([email protected]) @ 2024-08-14T12:55:53Z
Added PR spirv-headers/1.3.250.1 package update #3228

Ervin Hegedus ([email protected]) @ 2024-08-14T12:56:42Z
Restore pthread LDFLAG.

Eduardo Arias ([email protected]) @ 2024-08-14T15:46:30Z
Merge pull request syft/0.84.1 package update #3229 from eduar-hte/pthread-makefile

Ervin Hegedus ([email protected]) @ 2024-08-14T20:07:24Z
Individual test result should not be printed for automake output

Eduardo Arias ([email protected]) @ 2024-08-17T22:36:30Z
Adjusted pthread LDFLAG in examples required for multithreading.

Eduardo Arias ([email protected]) @ 2024-08-16T12:59:38Z
Lua::run: Move logging of str parameter to higher log level.

David Kirstein ([email protected]) @ 2024-08-26T06:38:48Z
Merge pull request add freerdp #3232 from eduar-hte/failed-unit-tests-automake-output

Ervin Hegedus ([email protected]) @ 2024-08-26T19:47:32Z
Added PR add freerdp #3232

Ervin Hegedus ([email protected]) @ 2024-08-26T19:48:46Z
Updated Transformation::evaluate signature to allow for in-place updates, removing unnecessary heap allocated copies.

Eduardo Arias ([email protected]) @ 2024-05-14T01:47:59Z
Perform ParityEven7bit, ParityOdd7bit & ParityZero7bit transformations in-place

Eduardo Arias ([email protected]) @ 2024-08-19T01:48:38Z
Perform CmdLine transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T14:09:26Z
Perform CompressWhitespace transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T14:14:11Z
Perform RemoveNulls & RemoveWhitespace transformations in-place

Eduardo Arias ([email protected]) @ 2024-08-19T14:21:22Z
Perform ReplaceNulls transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T15:41:18Z
Perform RemoveCommentsChar, RemoveComments & ReplaceComments transformations in-place

Eduardo Arias ([email protected]) @ 2024-08-19T14:30:11Z
Perform Trim, TrimLeft & TrimRight transformations in-place

Eduardo Arias ([email protected]) @ 2024-08-19T14:45:16Z
Perform SqlHexDecode transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T14:55:41Z
Perform LowerCase & UpperCase transformations in-place

Eduardo Arias ([email protected]) @ 2024-08-19T15:06:00Z
Perform HexDecode transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T15:12:00Z
Perform CssDecode transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T15:24:31Z
Perform EscapeSeqDecode transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T15:28:04Z
Perform JsDecode transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T15:32:27Z
Perform HtmlEntityDecode transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T16:04:42Z
Perform UrlDecodeUni & UrlDecode transformations in-place

Eduardo Arias ([email protected]) @ 2024-08-19T16:12:12Z
Perform Utf8ToUnicode transformation in-place

Eduardo Arias ([email protected]) @ 2024-08-19T17:15:12Z
Perform NormalisePath & NormalisePathWin transformations in-place

Eduardo Arias ([email protected]) @ 2024-08-19T17:20:12Z
Remove unnecessary heap-allocation & copy in Transaction::extractArguments

Eduardo Arias ([email protected]) @ 2024-06-01T21:59:16Z
Pass RuleWithActions::executeTransformation arguments by reference

Eduardo Arias ([email protected]) @ 2024-08-09T20:03:34Z
Refactored base64 utils to share implementation and reduce code duplication.

Eduardo Arias ([email protected]) @ 2024-08-19T17:25:36Z
Refactored sha1 & md5 utils to share implementation and reduce code duplication.

Eduardo Arias ([email protected]) @ 2024-08-19T17:34:00Z
Simplified initialization of Transformation's action_kind

Eduardo Arias ([email protected]) @ 2024-08-19T18:26:56Z
Replaced VALID_HEX, ISODIGIT & NBSP macros in string.h

Eduardo Arias ([email protected]) @ 2024-08-17T00:53:54Z
Removed multiple heap-allocated copies in parse_pm_content

Eduardo Arias ([email protected]) @ 2024-08-09T20:01:37Z
Merge pull request add doc and dev subpkgs #3233 from eduar-hte/remove-copies-pm-operator

Ervin Hegedus ([email protected]) @ 2024-08-28T11:31:02Z
Merge pull request kaniko/1.12.1 package update #3231 from eduar-hte/remove-copies-transformations

Ervin Hegedus ([email protected]) @ 2024-08-28T12:33:59Z
Added PR's add doc and dev subpkgs #3233 and kaniko/1.12.1 package update #3231

Ervin Hegedus ([email protected]) @ 2024-08-28T12:34:58Z
Merge pull request wolfi-bot/kaniko #3240 from frozenice/patch-1

Ervin Hegedus ([email protected]) @ 2024-08-28T12:36:36Z
Added PR wolfi-bot/kaniko #3240

Ervin Hegedus ([email protected]) @ 2024-08-28T12:37:56Z
Adjust reference to modsecurity::utils::string::VALID_HEX

Eduardo Arias ([email protected]) @ 2024-08-28T13:13:12Z
Added new tests to op @pm

Ervin Hegedus ([email protected]) @ 2024-08-28T13:17:38Z
Merge pull request Fix guacd telnet and vnc plugins. #3243 from eduar-hte/valid-hex-fix

Ervin Hegedus ([email protected]) @ 2024-08-28T14:07:44Z
Added PR Fix guacd telnet and vnc plugins. #3243

Ervin Hegedus ([email protected]) @ 2024-08-28T14:08:23Z
Merge branch 'owasp-modsecurity:v3/master' into v3/release2408

Ervin Hegedus ([email protected]) @ 2024-08-28T14:37:12Z
Finalize CHANGES

Ervin Hegedus ([email protected]) @ 2024-09-02T20:23:19Z
Format fix

Ervin Hegedus ([email protected]) @ 2024-09-03T05:45:09Z
Merge pull request envoy/1.26.2 package update #3206 from airween/v3/release2408

Ervin Hegedus ([email protected]) @ 2024-09-03T13:20:34Z
Change release version to v3.0.13

Ervin Hegedus ([email protected]) @ 2024-09-03T13:24:29Z
Merge pull request task/3.27.0 package update #3247 from airween/v3/master

Ervin Hegedus ([email protected]) @ 2024-09-03T13:44:47Z

GitHub compare URL: owasp-modsecurity/ModSecurity@5f44383...580fe19

philroche

This is a patch version bump.

All checks pass.

modsecurity/3.0.13 package update

00b8802

Signed-off-by: wolfi-bot <[email protected]>

octo-sts bot added request-version-update request for a newer version of a package automated pr labels Sep 6, 2024

octo-sts bot added service:bincapz/pass tests/missing labels Sep 6, 2024

philroche self-assigned this Sep 6, 2024

philroche approved these changes Sep 6, 2024

View reviewed changes

philroche merged commit dde4efc into main Sep 6, 2024

philroche deleted the wolfictl-cae61c57-eaf5-4a8c-9719-b12d30fa3061 branch September 6, 2024 08:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

modsecurity/3.0.13 package update #27701

modsecurity/3.0.13 package update #27701

Uh oh!

octo-sts bot commented Sep 6, 2024

Uh oh!

github-actions bot commented Sep 6, 2024

Deleted: modsecurity/usr/lib/libmodsecurity.so.3.0.12 [⚠️ MEDIUM]

Deleted: modsecurity-static/var/lib/db/sbom/modsecurity-static-3.0.12-r1.spdx.json [⚠️ MEDIUM]

Deleted: modsecurity/var/lib/db/sbom/modsecurity-3.0.12-r1.spdx.json [⚠️ MEDIUM]

Added: modsecurity/usr/lib/libmodsecurity.so.3.0.13 [⚠️ MEDIUM]

Added: modsecurity/var/lib/db/sbom/modsecurity-3.0.13-r0.spdx.json [⚠️ MEDIUM]

Moved: modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.12-r1.spdx.json -> /tmp/wolfictl-apk-3935564753/modsecurity-static/var/lib/db/sbom/modsecurity-static-3.0.13-r0.spdx.json (similarity: 0.90)

Moved: modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.12-r1.spdx.json -> /tmp/wolfictl-apk-3935564753/modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.13-r0.spdx.json (similarity: 0.98)

Uh oh!

philroche commented Sep 6, 2024

Uh oh!

philroche left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

modsecurity/3.0.13 package update #27701

modsecurity/3.0.13 package update #27701

Uh oh!

Conversation

octo-sts bot commented Sep 6, 2024

Uh oh!

github-actions bot commented Sep 6, 2024

Deleted: modsecurity/usr/lib/libmodsecurity.so.3.0.12 [⚠️ MEDIUM]

Deleted: modsecurity-static/var/lib/db/sbom/modsecurity-static-3.0.12-r1.spdx.json [⚠️ MEDIUM]

Deleted: modsecurity/var/lib/db/sbom/modsecurity-3.0.12-r1.spdx.json [⚠️ MEDIUM]

Added: modsecurity/usr/lib/libmodsecurity.so.3.0.13 [⚠️ MEDIUM]

Added: modsecurity/var/lib/db/sbom/modsecurity-3.0.13-r0.spdx.json [⚠️ MEDIUM]

Moved: modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.12-r1.spdx.json -> /tmp/wolfictl-apk-3935564753/modsecurity-static/var/lib/db/sbom/modsecurity-static-3.0.13-r0.spdx.json (similarity: 0.90)

Moved: modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.12-r1.spdx.json -> /tmp/wolfictl-apk-3935564753/modsecurity-config/var/lib/db/sbom/modsecurity-config-3.0.13-r0.spdx.json (similarity: 0.98)

Uh oh!

philroche commented Sep 6, 2024

Uh oh!

philroche left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants