Open zimmerle opened 6 years ago
Typo fixed at: c2bc6952651707f773280b7b8188db814aa11718
Hi, is there an update on this feature, when can we expect it? Is it currently planned for v3.1.1?
Hello @Veszner ,
The current plan is to implement some sanitization support in v3 a little later this year -- not in the currently-active v3.0.7, but in the v3 work immediately thereafter.
Any news on this issue ?
this keeps slipping, but is a blocker for anyone who requires password or other masking in logs. Can't upgrade from v2 w/o it
Hello @todd-richmond ,
Regarding "Can't upgrade from v2 w/o it" ...
The lack of sanitization capability is considered a gap in current v3 functionality -- and one that is desirable to fill.
But there is no particular reason to view migrating from ModSecurity v2 to ModSecurity v3 as important or highly desirable.
ModSecurity v2 continues to be the maintained version of the software that is suitable for use with Apache HTTP Server (and IIS), while ModSecurity v3 is the maintained version that is suitable for use with nginx.
@martinhsv Do you not recommend people use 3.x?
Any news on that matter ? Password (non)removal from logs is a serious security concern, especially for a security product.
is there any plan for this to be solved?
As listed at #715 the Sanitize actions are not yet working on v3.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#sanitiseArg