LevelBlue

LevelBlue + SentinelOne Partner to Deliver AI-Powered Managed Security Operations and Incident Response. Learn More

Submit RFP Request a Demo

ModSecurity Updates: Nginx Stable Release and Google Summer of Code Participation

Change theme to light
1 Minute Read by Ryan Barnett

Availability of ModSecurity 2.7.4: Nginx Stable Release

11158_ab5f5df8-84e2-41ee-8017-29e5e8fd1711The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.7.4 Stable Release. This release includes many bug fixes and the NGINX module version is now labled as STABLE.

Important Security Fix - There is a security issue fixed with this release, please check CVE-2013-2765 for more information. Upgrading is high recommended.

We also added support for the libinjection library as a new operator called @detectSQLi. I will be doing a separate blog post on libinjection as it deserves more attention.

Please see the release notes included in the CHANGES file. For known problems and more information about bug fixes, please see the ModSecurity Jira. You can optionally report any bug to mod-security-developers@lists.sourceforge.net.

Google Summer of Code Participation

11277_b14a0dcf-18fc-4a52-aa5f-36f36e9013ecOWASP is again participating Organization in Google's Summer of Code (GSoC) program which provides stipends to student developers to write code for approved open source projects. I am excited to announce that one of OWASP's GSoC slots was awarded to Mihai Pitu who will be working on a Java port of ModSecurity! Here is the ABSTRACT:

The goal of this GSOC project is to have a ModSecurity version that can be used within Java servers (e.g. Tomcat). In order to achieve this, the standalone C code will be wrapped using the JNI framework and the resulting ModSecurity Java project will be used as a module for Tomcat server. Also, we will collaborate with the OWASP WebGoat team in order to integrate ModSecurity for Java into it.

Mihai's complete submission is here. The main problem this project solves is that you will no longer have to front-end your Java app servers with a reverse proxy in order to gain ModSecurity protections! ModSecurity standalone code will use JNI to hook into Java servers (Tomcat, Spring, Stuts, etc...) as a Servlet Filter.

If you want to follow along with our GSoC development over the summer, you can check out Mihai's GitHub repo.

ABOUT LEVELBLUE

LevelBlue secures what's next with intelligence-led security delivering visibility and speed to stop threats faster. As the world’s largest and most analyst-recognized pure-play managed security services provider, our AI-powered managed services and cyber expertise across managed, advisory, and incident response services help clients operate with confidence. Learn more about us.

https://www.levelblue.com/resources/blogs/internal-blog/how-to-create-a-blog-post/

Latest Intelligence

The Device Code Phishing Tsunami: What We’re Seeing in the Wild
macOS ClickFix Social Engineering Campaigns
ClickFix Is Now Hiring: From Job Platform Impersonation to Python-Based RAT Delivery

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
© Copyright 2026