diff --git a/ChangeLog b/ChangeLog index 6f9d8069..e8a8491e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,16 @@ releases. (0.10th resp. IPv6 relevant only, amend for gh-1479) * config/pathes-freebsd.conf - Fixed filenames for apache and nginx log files (gh-1667) +* filter.d/sshd.conf + - new aggressive rules (gh-864): + - Connection reset by peer (multi-line rule during authorization process) + - No supported authentication methods available + - single line and multi-line expression optimized, added optional prefixes + and suffix (logged from several ssh versions), according to gh-1206; +* filter.d/suhosin.conf + - greedy catch-all before `` fixed (potential vulnerability) +* Filter tests extended with check of all config-regexp, that contains greedy catch-all + before ``, that is hard-anchored at end or precise sub expression after `` ### New Features * New Actions: @@ -71,15 +81,6 @@ ver. 0.9.6 (2016/12/10) - stretch-is-coming - optimized failregex to match all of "Failed any-method for ... from " (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) - - new aggressive rules (gh-864): - - Connection reset by peer (multi-line rule during authorization process) - - No supported authentication methods available - - single line and multi-line expression optimized, added optional prefixes - and suffix (logged from several ssh versions), according to gh-1206; -* filter.d/suhosin.conf - - greedy catch-all before `` fixed (potential vulnerability) -* Filter tests extended with check of all config-regexp, that contains greedy catch-all - before ``, that is hard-anchored at end or precise sub expression after `` ### New Features * New Actions: