|
|
|
|
@ -22,6 +22,16 @@ releases.
|
|
|
|
|
(0.10th resp. IPv6 relevant only, amend for gh-1479)
|
|
|
|
|
* config/pathes-freebsd.conf
|
|
|
|
|
- Fixed filenames for apache and nginx log files (gh-1667)
|
|
|
|
|
* filter.d/sshd.conf
|
|
|
|
|
- new aggressive rules (gh-864):
|
|
|
|
|
- Connection reset by peer (multi-line rule during authorization process)
|
|
|
|
|
- No supported authentication methods available
|
|
|
|
|
- single line and multi-line expression optimized, added optional prefixes
|
|
|
|
|
and suffix (logged from several ssh versions), according to gh-1206;
|
|
|
|
|
* filter.d/suhosin.conf
|
|
|
|
|
- greedy catch-all before `<HOST>` fixed (potential vulnerability)
|
|
|
|
|
* Filter tests extended with check of all config-regexp, that contains greedy catch-all
|
|
|
|
|
before `<HOST>`, that is hard-anchored at end or precise sub expression after `<HOST>`
|
|
|
|
|
|
|
|
|
|
### New Features
|
|
|
|
|
* New Actions:
|
|
|
|
|
@ -71,15 +81,6 @@ ver. 0.9.6 (2016/12/10) - stretch-is-coming
|
|
|
|
|
- optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
|
|
|
|
|
- eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
|
|
|
|
|
- optional port part after host (see gh-1533, gh-1581)
|
|
|
|
|
- new aggressive rules (gh-864):
|
|
|
|
|
- Connection reset by peer (multi-line rule during authorization process)
|
|
|
|
|
- No supported authentication methods available
|
|
|
|
|
- single line and multi-line expression optimized, added optional prefixes
|
|
|
|
|
and suffix (logged from several ssh versions), according to gh-1206;
|
|
|
|
|
* filter.d/suhosin.conf
|
|
|
|
|
- greedy catch-all before `<HOST>` fixed (potential vulnerability)
|
|
|
|
|
* Filter tests extended with check of all config-regexp, that contains greedy catch-all
|
|
|
|
|
before `<HOST>`, that is hard-anchored at end or precise sub expression after `<HOST>`
|
|
|
|
|
|
|
|
|
|
### New Features
|
|
|
|
|
* New Actions:
|
|
|
|
|
|
sebres
8 years ago