Brandon Payton
Brandon Payton
This PR ... - Adds support for PCRE and PCRE2 match limits as a last line of defense against ReDoS. Match limits are applied per PCRE invocation and **do not**...
This PR adds support for reopening log files by: * Exposing an `msc_rules_reopen_audit_log(rules, error)` function to trigger audit log reopen for a given rules set * Adding a `reopen(error)` method...
ModSecurity-nginx assumes `ngx_http_request_t.request_body` is never NULL and encounters a segfault when the `request_body` is in fact NULL. We have seen this happen when ModSecurity-nginx is used in conjunction with [lua-nginx-module](https://github.com/openresty/lua-nginx-module)....
This is a PR that uses SpiderLabs/ModSecurity#2304 to support audit log rotation when nginx reloads config or reopens log files. Thanks to @defanator for [providing a proof-of-concept](https://github.com/SpiderLabs/ModSecurity-nginx/issues/121#issuecomment-442416602)! I tested this...
There are two race conditions that affect ActionScheduler_QueueRunner: 1. https://github.com/woocommerce/action-scheduler/blob/d9362151fbdb47620ccbe322ae42bddc004a0f2c/classes/ActionScheduler_QueueRunner.php#L103-L105 is a race because of the time between checking whether there is already a lock and attempting to obtain the...
When switching between many different open source code bases, it can be cumbersome to constantly change editor settings in order to respect a given project's basic style preferences. EditorConfig is...
This updates the `modsecurity` directive to allow the use of variables in the directive value. We use it so that ModSecurity-nginx can be enabled or disabled per request based on...
When switching between many different open source code bases, it can be cumbersome to constantly change editor settings in order to respect a given project's basic style preferences. EditorConfig is...
As a user, we would like to skip the cost of ModSecurity rule processing for requests that are rate-limited by nginx. Today, the ModSecurity header phase is processed before the...
This PR adds text wrapping for regular text fields to help address issue #1418. It adds text wrapping support for thread parts like authors, subject, and content but not for...