v6.1.6 LTS

[6.1.6] - 2021-10-10 UTC+0800

Fixed

• Sometimes the connection is closed prematurely.

• Sometimes the request body is read incompletely.

• Failed to inherit Referer blacklist different contexts.

• Fixed a default rule of URL.

---

[6.1.6] - 2021-10-10 UTC+0800

修复

• 有时连接会被过早地关闭。

• 有时没有读取完整的请求体。

• 未能正确继承上层配置块的 Referer 黑名单。

• 修复了一条默认的 URL 黑名单规则。

v9.0.4 Current

[9.0.4] - 2021-09-29 UTC+0800

Fixed

• All inspections are incorrectly skipped when the directive rewrite causes an internal redirect.

---

[9.0.4] - 2021-09-29 UTC+0800

修复

• 当指令 rewrite 造成内部重定向时会错误地跳过所有检测。

v6.1.5 LTS

[6.1.5] - 2021-09-29 UTC+0800

Fixed

• All inspections are incorrectly skipped when the directive rewrite causes an internal redirect.

---

[6.1.5] - 2021-09-29 UTC+0800

修复

• 当指令 rewrite 造成内部重定向时会错误地跳过所有检测。

v9.0.3 Current

[9.0.3] - 2021-09-28 UTC+0800

Changed

• More debug logs.

Fixed

• Failed to display the CAPTCHA page.

---

[9.0.3] - 2021-09-28 UTC+0800

变动

• 更多的调试日志。

修复

• 验证码页面不能正常显示。

v9.0.2 Current

[9.0.2] - 2021-09-25 UTC+0800

Fixed

• Sometimes the value of the built-in variable $waf_blocking_log is wrong.

---

[9.0.2] - 2021-09-25 UTC+0800

修复

• 内置变量 $waf_blocking_log 的值有时会出错。

v9.0.1 Current

[9.0.1] - 2021-09-24 UTC+0800

Fixed

• Failed to load rules of ModSecurity.

---

[9.0.1] - 2021-09-24 UTC+0800

修复

• 未能正确读取 ModSecurity 的规则。

v9.0.0 Current

[9.0.0] - 2021-09-23 UTC+0800

NOTE

If you would like to upgrade to this version, please see the documentation for guidelines on upgrading across versions.

Added

• Compatible with ModSecurity.

• Added two directives: waf_modsecurity and waf_modsecurity_transaction_id.

• Added parameter MODSECURITY to directive waf_priority.

Removed

• Removed some parameters for directive waf_mode: LIBINJECTION, LIBINJECTION-SQLI, LIBINJECTION-XSS and ADV.

• Removed the parameter ADV from the directive waf_priority.

• Removed dependency libinjection.

Fixes

• No longer returns a 404 status code when the captcha succeeds, but a 204 status code instead.

• Sometimes a complete inspection of the request body is not performed.

---

[9.0.0] - 2021-09-23 UTC+0800

注意

如果您想要升级到此版本，请查看文档中的跨版本升级的指南。

新增

• 兼容了ModSecurity 的规则。

• 增加了两个指令：waf_modsecurity 和 waf_modsecurity_transaction_id。

• 为指令 waf_priority 增加了参数 MODSECURITY。

移除

• 删除了指令 waf_mode 的一些参数：LIBINJECTION、LIBINJECTION-SQLI、LIBINJECTION-XSS 和 ADV。

• 删除了指令 waf_priority 的参数 ADV。

• 删除了依赖 libinjection。

修复

• 当验证码通过时不再返回 404 状态码，而是返回 204 状态码。

• 有时不会完整地检查请求体。

v8.0.3 Current

[8.0.3] - 2021-08-27 UTC+0800

Fixed

• Memory leak.

• A field of a structure is not initialized, so you will see a lot of malloc(size) failed (12: Out of memory) in the error log.

---

[8.0.3] - 2021-08-27 UTC+0800

修复

• 内存泄露

• 一个没有初始化的结构体字段，会导致错误日志中出现大量的 malloc(size) failed (12: Out of memory)。

v8.0.2 Current

[8.0.2] - 2021-08-27 UTC+0800

Fixed

• nginx crashes(segmentation fault) after enabling CAPTCHA because the directive waf_captcha was not properly merged with different contexts.

• CAPTCHA page cannot be displayed because the directive waf_captcha was not properly merged with different contexts.

• If the directive proxy_pass is used, neither Under-Attack-Mode nor CAPTCHA will work properly.

---

[8.0.2] - 2021-08-27 UTC+0800

修复

• 开启验证码后 nginx 崩溃（段错误），原因是未能正确合并不同级别的 waf_captcha 指令。

• 不能显示验证码页面，原因是未能正确合并不同级别的 waf_captcha 指令。

• 如果使用了 proxy_pass 指令，Under-Attack-Mode 和验证码均不能正常工作。

v6.1.4 LTS

[6.1.4] - 2021-08-27 UTC+0800

修复

• Memory leak.

---

[6.1.4] - 2021-08-27 UTC+0800

修复

• 内存泄露。