We have just released ModSecurity 2.5.6 to address several issues with transformation caching: the subsystem is unstable, can crash your server server, and is even susceptible to evasion in certain circumstances. Although the issues have all been fixed in 2.5.6 we have decided to deprecate the entire subsystem because there has been too many problems with it. If you are using the 2.5.x branch of ModSecurity you are advised to turn transformation caching off (it is on by default until 2.5.6) until you upgrade. You can do this with:
SecCacheTransformations Off
On the positive side, ModSecurity 2.5.6 is the first version to use the previously discussed licensing exception, which allows ModSecurity to be combined with other open source projects.
