Closed skrlance closed 2 years ago
Hi, sure I'll bump libmodsecurity to 3.0.6, I thought I already did it! It should be in the stable repo in the next few days.
Packages are now in the testing repo:
[root@68b82ac3a93d ~]# dnf --enablerepo=aeris-testing update nginx-more libmodsecurity
Last metadata expiration check: 0:01:06 ago on Thu May 19 17:11:02 2022.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================================================
Upgrading:
libmodsecurity x86_64 3.0.6-1.el8 aeris-testing 597 k
nginx-more x86_64 1.20.2-4.el8 aeris-testing 6.2 M
nginx-more-module-modsecurity x86_64 1.20.2-4.el8 aeris-testing 24 k
Transaction Summary
=========================================================================================================================================================================================================================================================================
Upgrade 3 Packages
I shall wait for the stable ones
Libmodsecurity v3.0.6 support configurable limit on depth of JSON parsing i.e. possible DoS issue was fixed on this version.
Can we get this update to fix the security issue?
Thanks!