DoS vulnerability: CVE-2025-52891 - 2025 July
We would like to share our take on CVE-2025-52891, which was published on July 1, 2025.
Blogs
DoS vulnerability: CVE-2025-48866 - 2025 June
We would like to share our take on CVE-2025-48866, which was published on June 2, 2025.
ModSecurity-nginx connector - new release: v1.0.4
The OWASP ModSecurity team is pleased to announce the release of ModSecurity-nginx connector version 1.0.4. This version includes a mixture of new features and bug fixes.
Possible DoS vulnerability: CVE-2025-47947 - 2025 May
We would like to share our take on CVE-2025-47947, which was published on May 21, 2025.
HTML Entity Decoding Regression: CVE-2025-27110 - 2025 February
We would like to share our take on CVE-2025-27110, which was published on February 25, 2025.
Use PCRE2 as default - 2025 February
It’s time to switch to using the PCRE library.
About CVE-2024-46292 - 2024 October
We would like to share our take on CVE-2024-46292, which was published on October 9 2024.
New versions - 2024 September
The OWASP ModSecurity team is pleased to announce the release of versions 2.9.8 and 3.0.13. These versions both include a mixture of new features and bug fixes.
ModSecurity.org: website available again
After a long period, the modsecurity.org website is available again with renewed content and form.
Save the date: developers meeting on 5th of June, 2024 - Leuven, Belgium
When the transfer of control took place at the end of January, the interim management stated that they wanted a one-on-one meeting with developers interested in maintaining ModSecurity. It’s time. Please save the date: we would like to organize a mini-event on June 5, 2024, where we can meet everyone in person and discuss future tasks. The venue is Leuven, Belgium - the exact location has yet to be determined. We will meet around 13:00 and will leave about 18:00.