zimmerle
commented
6 years ago Typo fixed at: c2bc6952651707f773280b7b8188db814aa11718
Open zimmerle opened 6 years ago
zimmerle
commented
6 years ago Typo fixed at: c2bc6952651707f773280b7b8188db814aa11718
Veszner
commented
2 years ago Hi, is there an update on this feature, when can we expect it? Is it currently planned for v3.1.1?
martinhsv
commented
2 years ago Hello @Veszner ,
The current plan is to implement some sanitization support in v3 a little later this year -- not in the currently-active v3.0.7, but in the v3 work immediately thereafter.
AnnoyingTechnology
commented
1 year ago Any news on this issue ?
todd-richmond
commented
1 year ago this keeps slipping, but is a blocker for anyone who requires password or other masking in logs. Can't upgrade from v2 w/o it
martinhsv
commented
1 year ago Hello @todd-richmond ,
Regarding "Can't upgrade from v2 w/o it" ...
The lack of sanitization capability is considered a gap in current v3 functionality -- and one that is desirable to fill.
But there is no particular reason to view migrating from ModSecurity v2 to ModSecurity v3 as important or highly desirable.
ModSecurity v2 continues to be the maintained version of the software that is suitable for use with Apache HTTP Server (and IIS), while ModSecurity v3 is the maintained version that is suitable for use with nginx.
fardarter
commented
1 year ago @martinhsv Do you not recommend people use 3.x?
AnnoyingTechnology
commented
11 months ago Any news on that matter ? Password (non)removal from logs is a serious security concern, especially for a security product.
zadros4psa
commented
9 months ago is there any plan for this to be solved?
As listed at #715 the Sanitize actions are not yet working on v3.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#sanitiseArg