Control Web Panel

Security => Mod_Security => Topic started by: Starburst on August 07, 2025, 06:51:29 PM

Title: ModSecurity Updated to 2.9.12
Post by: Starburst on August 07, 2025, 06:51:29 PM

A new version of ModSecurity came out 2 days ago that fixes a CVE, and some other minor things.

You can download directly at:
https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.12 (https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.12)

Or from our KB download site at:
https://dl.starburst.help/ModSecurity/2.9.12/ (https://dl.starburst.help/ModSecurity/2.9.12/)

There is also an update script for CWP if you want an easier way to update:
https://dl.starburst.help/ModSecurity/2.9.12/Update_Script_CWP/ (https://dl.starburst.help/ModSecurity/2.9.12/Update_Script_CWP/)

Title: Re: ModSecurity Updated to 2.9.12
Post by: overseer on August 07, 2025, 11:46:20 PM

Does your script preserve pre-existing disabled rules? (Sorry, being lazy...)
/usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf

Title: Re: ModSecurity Updated to 2.9.12
Post by: Starburst on August 08, 2025, 06:17:21 AM

No, it just replaces ModSecurity and copies over a new mod_security2.so to /usr/local/apache/modules
Which at that point it will ask you to overwrite the existing file.

It a really simple script, 10 lines long, and if you do make & make install, it would be 9 lines.
But I like to double space so it's easier to read.  ;)