Christian Folini
Christian Folini
I agree. If it can be made more narrow without compromising security, then cool.
This does not sound good. Thank you for bringing this to the attention @mikelolasagasti.
Thank you for this very valuable input @berrange. That puts the replacement discussion on a far better base.
There are a few subtle behavior quirks of yajl that should be examined for alternative libraries too. And then documented in case. The behavior with empty request body for example....
My take where I do not agree with original proposal. * `move av-scanning to its own repository.` Why? We have a plugin and the plugin is better than this cruft....
I feel your pain @Orgoth, but ModSec 2.9 is definitely suitable for production. Which does not mean it's free from bugs. What you are encountering is tough. Have not seen...
Very good. Unfortunately, I can not help you fix the code - @marcstern is in the best position to do that. But I can help you dig down on this....
Yes. Strange but while I have seen application servers segfault on this, ModSec is usually coping. Or am I wrong?
Ah no, a Heisenbug! But good luck, keeping my fingers crossed for you!
Thanks for contributing a plugin. This is very welcome. Especially in this area where CRS has removed functionality for CRS4. Yet I have a few question marks around your implementation....