is it fine to keep 2.9.3 and owasp 3.2.2 ? or it is urgent and important to use 2.9.6 and 3.3.4 asap ?
are following correct ?
1. that is OWASP CRS's security issue,not modsecurity ?
2. September 19, 2022 release both 3.3.3 and 3.2.2 to fix the secure issue,
and September 20, 2022 release 3.3.4/3.2.3 to fix 3.3.3/3.2.2's bug ?
CRS Version 3.3.3 and 3.2.2 (covering several CVEs) – OWASP ModSecurity Core Rule Set
CRS Version 3.3.4 and 3.2.3 fix a regression – OWASP ModSecurity Core Rule Set
3. no matter 3.3.3 or 3.3.4,
all need ModSecurity 2.9.6 to apply,
but cpanel only support ModSecurity 2.9.3 and CRS 3.3.2 now,
that is why we can not apply CRS 3.3.4,correct ?
Don't feel too bad.Hi cPRex,
Isn't it that the developers have forgotten?
|Thread starter||Similar threads||Forum||Replies||Date|
|In Progress CPANEL-41695 - Modsecurity Geo Database||Security||6|
|I||ModSecurity Tools showing server ip as source ip||Security||6|
|ModSecurity Traditional Mode or Anomaly Score||Security||1|
|ModSecurity: Transformation Caching Unstable, Fixed, But Deprecated||Security||2|