ModSecurity Breach

ModSecurity Blog

« ModSecurity In Solaris | Main | ModSecurity Party at Black Hat »

Transformation Caching Unstable, Fixed, But Deprecated

We have just released ModSecurity 2.5.6 to address several issues with transformation caching: the subsystem is unstable, can crash your server server, and is even susceptible to evasion in certain circumstances. Although the issues have all been fixed in 2.5.6 we have decided to deprecate the entire subsystem because there has been too many problems with it. If you are using the 2.5.x branch of ModSecurity you are advised to turn transformation caching off (it is on by default until 2.5.6) until you upgrade. You can do this with:

SecCacheTransformations Off

On the positive side, ModSecurity 2.5.6 is the first version to use the previously discussed licensing exception, which allows ModSecurity to be combined with other open source projects.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e5512c9d3a883300e553e41cb28834

Listed below are links to weblogs that reference Transformation Caching Unstable, Fixed, But Deprecated:

Please note that this workaround is only needed if you are running 2.5.0 - 2.5.5 as there was no transformation cache prior to ModSecurity 2.5.

-B

The comments to this entry are closed.

Calendar

November 2010
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

Feeds

Atom Feed

Search

Categories

Recent Entries

Archives