Thing is, a ton of people are indeed still using 1.3. cPanel, a major and widely used web host control panel only supports apache 1.3 at the moment, and as a result, mod_security 1.9. <br><br>This is the only reason I'm still stuck in
1.3 land - it's because it's the only land there is in cPanel at the moment.<br><br>(Note: Apache 2 support is slated for release this month in cPanel)<br><br><div><span class="gmail_quote">On 8/5/07, <b class="gmail_sendername">
Mike Cardwell</b> <<a href="mailto:modsecurity@lists.grepular.com">modsecurity@lists.grepular.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Michael Shinn wrote:<br>> We are working out some neat new features, due to a whole new attack<br>> vector we ran into the other day and want to make sure its good to go<br>> for the rules.<br>><br>> Is anyone using
2.5 yet? We have been working on a massive rewrite<br>> built around 2.5, but I'd like to get a sense of what everyone is using<br>> so we can allocate resources to each version.<br><br>At a guess, most people are like me and use the latest version that they
<br>can find a package for their OS for, rather than compiling from scratch.<br>I'm running Apache2 on Debian Etch, and stuck this in my apt/sources.list:<br><br>deb <a href="http://etc.inittab.org/~agi/debian/libapache-mod-security2">
http://etc.inittab.org/~agi/debian/libapache-mod-security2</a> ./<br><br>This presently gives me version 2.1.1. I'll be willing to upgrade to 2.5<br>manually if/when a compelling reason rears it's head.<br><br>Just took a look at:
<a href="http://www.modsecurity.org/download/index.html">http://www.modsecurity.org/download/index.html</a> and<br>found that it lists a debian package repository of<br><a href="http://ftp.debian-unofficial.org/debian/pool/main/liba/libapache-mod-security/">
http://ftp.debian-unofficial.org/debian/pool/main/liba/libapache-mod-security/</a><br>which only contains mod_security v1 packages...<br><br>> Now that we have a solution to the load issue with 2.5, it won't be a<br>
> problem to start putting out daily releases again. But its really<br>> important to us to know who is running boxes that can not run 2.5<br>> (apache 1.x) and those that can not update for now. Just need some
<br>> sense of what everyones needs are so I can plan my time accordingly.<br><br>Apache 2 was released over 5 years ago now. I don't see how anyone could<br>expect you to continue further development for the 1.3 branch if they
<br>themselves wont take the time to upgrade. There will come a point when<br>support for 1.3 needs to stop. If this were my project, that point would<br>have been reached by now ;)<br><br>Mike<br>_______________________________________________
<br>Modsecurity mailing list<br><a href="mailto:Modsecurity@gotroot.com">Modsecurity@gotroot.com</a><br><a href="http://lists.gotroot.com/mailman/listinfo/modsecurity">http://lists.gotroot.com/mailman/listinfo/modsecurity
</a><br></blockquote></div><br><br clear="all"><br>-- <br>Daniel McAlonan<br>Proud Webmaster of MsBetas.org and ProxySauce.com