Changes in v2.9.11: There is a DoS vulnerability in previous versions, see CVE 2025-52891. This release includes a fix for it. Full list of changes: fix: prevent segmentation fault if the XML node is empty [PR from private repo - @theseion , @fzipi , @RedXanadu , @airween ; fixed CVE-2025-52891] Plug memory leak when msre_op_validateSchema_execute() exits normally (validateSchema) [Issue #3401 - @nic-prgs ] chore: bump version in MSI installer.wxs [Issue #3400 - @airween ] Fix resource leaks in msc_status_engine_mac_address [Issue #3391 - @amezin ]
v2.9.11
Inhalt
Verknuepfte CVEs
| CVE-ID | Severity (CVE.org) | CVSS (CVE.org) | EPSS | EPSS-% | Veroeffentlicht (CVE.org) |
|---|---|---|---|---|---|
| MEDIUM | 6.5 | - | - | 2025-07-02 |
Quellen-Details
| Bezeichnung | Name | Kategorie | Tags | Zielgruppe | Sprache | Feed-URL |
|---|---|---|---|---|---|---|
| OWASP ModSecurity Releases | vendor_advisory | waf, modsecurity, owasp | - | de | https://github.com/owasp-modsecurity/ModSecurity/releases.atom |