[Modsecurity] Sorry for the delays - update still coming

Daniel McAlonan cooldude7273 at gmail.com
Sun Aug 5 16:14:20 EDT 2007 

Thing is, a ton of people are indeed still using 1.3. cPanel, a major and
widely used web host control panel only supports apache 1.3 at the moment,
and as a result, mod_security 1.9.

This is the only reason I'm still stuck in 1.3 land - it's because it's the
only land there is in cPanel at the moment.

(Note: Apache 2 support is slated for release this month in cPanel)

On 8/5/07, Mike Cardwell <modsecurity at lists.grepular.com> wrote:
>
> Michael Shinn wrote:
> > We are working out some neat new features, due to a whole new attack
> > vector we ran into the other day and want to make sure its good to go
> > for the rules.
> >
> > Is anyone using 2.5 yet?  We have been working on a massive rewrite
> > built around 2.5, but I'd like to get a sense of what everyone is using
> > so we can allocate resources to each version.
>
> At a guess, most people are like me and use the latest version that they
> can find a package for their OS for, rather than compiling from scratch.
> I'm running Apache2 on Debian Etch, and stuck this in my apt/sources.list:
>
> deb http://etc.inittab.org/~agi/debian/libapache-mod-security2 ./
>
> This presently gives me version 2.1.1. I'll be willing to upgrade to 2.5
> manually if/when a compelling reason rears it's head.
>
> Just took a look at: http://www.modsecurity.org/download/index.html and
> found that it lists a debian package repository of
>
> http://ftp.debian-unofficial.org/debian/pool/main/liba/libapache-mod-security/
> which only contains mod_security v1 packages...
>
> > Now that we have a solution to the load issue with 2.5, it won't be a
> > problem to start putting out daily releases again.  But its really
> > important to us to know who is running boxes that can not run 2.5
> > (apache 1.x) and those that can not update for now.  Just need some
> > sense of what everyones needs are so I can plan my time accordingly.
>
> Apache 2 was released over 5 years ago now. I don't see how anyone could
> expect you to continue further development for the 1.3 branch if they
> themselves wont take the time to upgrade. There will come a point when
> support for 1.3 needs to stop. If this were my project, that point would
> have been reached by now ;)
>
> Mike
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
>



-- 
Daniel McAlonan
Proud Webmaster of MsBetas.org and ProxySauce.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gotroot.com/pipermail/modsecurity/attachments/20070805/43483637/attachment.html

More information about the Modsecurity mailing list