Description of problem: After switching to F23 and perl 5.22, I get warnings about unescaped left brace in regex on lines 232 and 237 of /usr/bin/websec. Version-Release number of selected component (if applicable): perl-5.22.0-349.fc23.x86_64 websec-1.9.0-18.fc23.noarch How reproducible: Every time Steps to Reproduce: 1. websec Actual results: (On standard error:) Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE ([^}]+)}/ at /usr/bin/websec line 232. Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE ([^}]+)}/ at /usr/bin/websec line 237. Expected results: Nothing on standard error, a log on standard out. (The log still appears as expected. Additional info: I'm not familiar with perl, but I googled the message, and it seems adding a backslash in front of each curly brace might solve the problem. I tried it, and websec doesn't complain any more. And websec still works, at least in a few simple cases. But perl is a special language, and maybe I broke something on the way.
I'm seeing the same thing. According to the Perl 5.22 documentation: "A literal "{" should now be escaped in a pattern If you want a literal left curly bracket (also called a left brace) in a regular expression pattern, you should now escape it by either preceding it with a backslash ("\{") or enclosing it within square brackets "[{]", or by using \Q; otherwise a deprecation warning will be raised. This was first announced as forthcoming in the v5.16 release; it will allow future extensions to the language to happen." I don't know Perl either but I've escaped the curly brackets on lines 232 and 237 in /usr/bin/websec plus all the curly brackets in /usr/share/doc/websec/examples/ignore.list. These were all the places where I could find curly brackets being used as a literal.
websec-1.9.0-19.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-3880374dd1
websec-1.9.0-19.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update websec' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-3880374dd1
websec-1.9.0-19.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.