Bug 2143207

Summary: [RFE] upgrade mod_security to 2.9.6
Product: Red Hat Enterprise Linux 8 Reporter: Luboš Uhliarik <luhliari>
Component: mod_securityAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: icesalov
Severity: unspecified Docs Contact: Lenka Špačková <lkuprova>
Priority: unspecified    
Version: 8.8CC: jorton
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
.`mod_security` rebased to version 2.9.6 The `mod_security` module for the Apache HTTP Server has been updated to version 2.9.6, which provides new features, bug fixes, and security fixes over the previously available version 2.9.2. Notable enhancements include: * Adjusted parser activation rules in the `modsecurity.conf-recommended` file. * Enhancements to the way `mod_security` parses HTTP multipart requests. * Added a new `MULTIPART_PART_HEADERS` collection. * Added microsec timestamp resolution to the formatted log timestamp. * Added missing Geo Countries.
 Story Points: ---
Clone Of:
: 2143211 (view as bug list) Environment:
Last Closed: 2023-05-16 08:38:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2143211    

Description Luboš Uhliarik 2022-11-16 10:59:41 UTC 
Description of problem:

Based on https://bugzilla.redhat.com/show_bug.cgi?id=2141432 request, we need to rebase also mod_security at least to 2.9.6, because newer mod_security_crs requires mod_security >= 2.9.6.

Rebased mod_security_crs and mod_security are already present in Fedora - https://bodhi.fedoraproject.org/updates/FEDORA-2022-85a85c84b3


Version-Release number of selected component (if applicable):
mod_security-2.9.6

How reproducible:
install the latest mod_security and mod_security_crs

Steps to Reproduce:
1. mod_security_crs-3.3.0-5.el8

Actual results:
mod_security-2.9.2-9.el8
mod_security_crs-3.3.0-5.el8


Expected results:
mod_security-2.9.6
mod_security_crs-3.3.4

Additional info:
Comment 15 errata-xmlrpc 2023-05-16 08:38:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (mod_security bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:2845