Open AdamJCavanaugh opened 10 months ago
The announcement on https://www.modsecurity.org/ was the reason we weren't including mod_security from the start on AL2023, as it lead us to very much want to wait and see what happened with the upstream project.
If there's places you can point to that contain good information on the current and future state of the upstream project, that would be valuable.
I understand sponsorship of ModSecurity has ended, but the open source project continues to receive updates. I won't pretend to understand any of the state of the project with or without Trustwave. I was having TLS 1.3 issues in AL2 and hoped an upgrade to AL2023 might be the answer.
If an update from the mod_security project on their future is needed for the package to be added, then I'm fine for this issue to be closed.
Any updates? The missing mod_security package is blocking me to upgrade to AL2023 which I was really looking forward to.
Same as above; cannot upgrade to AL2023 unless you provide security packages like mod sec and fail2ban. Will soon move to Huawei temporarily unless there is imminent news.
See the announcement from OWASP here
By formally assuming custodianship of the entire project, OWASP can now steer ModSecurity’s development with a holistic view, fostering even tighter integration between the core rule set and the underlying framework. Trustwave, while stepping down from its custodial role, expresses immense gratitude for its time with ModSecurity.
The future of ModSecurity is brighter than ever. Under OWASP’s stewardship, this powerful WAF is poised to further solidify its position as a cornerstone of web application security, protecting countless websites against the ever-evolving threat landscape. We, as an industry, can all stand to benefit from this open-source collaboration, empowering developers, and security professionals alike to build and maintain safer applications in the years to come.
Can we please get an update here? This is a very important package and should be included.
What package is missing from Amazon Linux 2023? Please describe and include package name. Security module for the Apache HTTP Server
Is this an update to existing package or new package request? New package request
Is this package available in Amazon Linux 2? If it is available via external sources such as EPEL, please specify. Yes
Any additional information you'd like to include. (use-cases, etc) Allow pretty straightforward upgrade from AL:2 to AL:2023