18 May 2011 - 2.6.0
-------------------

 * Added SecWriteStateLimit for Slow Post DoS mitigation.

 * Fix problem when buffering in input filter.

 * Fix memory leak when use MATCHED_VAR_NAMES.


2 May 2011 - 2.6.0-rc2
-------------------

 * Added code optimizations - thanks Diego Elio.

 * Added support to AIX and HPUX in the build system (untested).

 * Renamed decodeBase64Ext to base64DecodeExt.

 * Build system improvements - thanks Diego Elio.

 * Improvements on gsblookup parser.

 * Fixed input filter bug when upload files and SecStreamInBodyInspect is enabled.

 * Logging improvements and bug fix.

 * Remove extra useless files when make clean and maintainer-clean


18 Apr 2011 - 2.6.0-rc1
-------------------

 * Replaced previous GPLv2 License to Apachev2.

 * Added Google Safe Browsing lookups operator and directive. It should be
   used to extract and lookup urls from http packets.

 * Added Data Modification operator. It must be used with STREAM_* variables
   to replace/add/edit any data from http bodies.

 * Added STREAM_OUPUT_BODY and STREAM_INPUT_BODY variables to work with data
   modification operators.

 * Added fast ip address operator. It supports partial ip address, cidr for
   IPv4 and IPv6. Thanks Tom Donovan.

 * Added new sensitive data tracking verifyCPF and verifySSN.

 * Added MATCHED_VARS and MATCHED_VARS_NAMES. It is similiar to MATCHED_VAR,
   but now we should see all matched variables.

 * Added UNIQUE_ID variable. It holds the data created my mod_unique_id.

 * Added new tranformation cmdline. Thanks Mark Stern.

 * Added new exception handling operators and directives. It should help users
   reduce FN and FPs. The directives SecRuleUpdateTargetById, SecRuleRemoveByTag
   and its ctl actions were included.

 * Added SecStreamOutBodyInspection and SecStreamInBodyInspection to enable STREAM_*
   variables.

 * Added SecGsbLookupDB used to load Google Safe Browsing malware databse into
   memory.

 * Added the directive SecInterceptOnError to control what to do if a rule returns
   values less than zero.

 * Improvements in DetectionOnly engine mode. Also added SecRequestBodyLimitAction
   to control what to do if the engine receive a http request over a hard limit.
   Note that there is now many combinations with SecRuleEngine and the limit action
   directives for response and request data. Please see the reference manual.

 * Improvements under RBL operator. It now will parse return code values for some
   RBL lists.

 * Added new Log Part J. It should log some informations about uploaded files.

 * Added new sanitizeMatchedBytes action. It will give more flexibilty for user to sanitize
   logged data, also improving peformance when sanitize big amount of data.

 * Improvements on Logging phase. It is possible now see full chains, distinguish between
   simple rules, chain starters and chain nodes.

 * Improvements on AutoTools usage.

 * Improvements on pattern matching operators, pmf, pm and strmatch now supports more flexible
   input data allowing any kind of special char.

 * Improvements on SecRuleUpdateActionById to update chain nodes.

 * Many bugs were fixed. Please see the ModSecurity Jira for more details

 * Added SecDisableBackendCompression, which disabled backend compression
   while keeping the frontend compression enabled (assuming mod_deflate
   in installed and configured in the proxy). [Ivan Ristic]

 * Added REQUEST_BODY_LENGTH, which contains the number of request body
   bytes read. [Ivan Ristic]

 * Integrate with mod_log_config using the %{VARNAME}M format string.
   (MODSEC-108) [Ivan Ristic]

 * Replaced the previous time-measuring mechanism with a new one, which
   provides the following information: request time, request duration,
   phase duration (for all 5 phases), time spent dealing with persistent
   storage, and time spent on audit logging. The new information is now
   available in the Stopwatch2 audit log header. The Stopwatch header
   remains for backward compatiblity, although it now only includes
   the request time and request duration values. Added the following
   variables: PERF_COMBINED, PERF_PHASE1, PERF_PHASE2, PERF_PHASE3,
   PERF_PHASE4, PERF_PHASE5, PERF_SREAD, PERF_SWRITE, PERF_LOGGING,
   PERF_GC. [Ivan Ristic]

 * Added DURATION, which contains the time ellapsed since the beginning
   of the current transaction, in milliseconds. [Ivan Ristic]

 * Adjusted phase 5 to execute just prior to mod_log_config. This should
   allow phase 5 rules to to implement conditional logging, as well as
   pave support for allowing access to all ModSecurity variables from
   mog_log_config. [Ivan Ristic]

 * Added the URLENCODED_ERROR flag, which is raised whenever invalid URL
   encoding is encountered in the query string or in the request body
   (but only if URLENCODED request body processor is used). (MODSEC-111)
   [Ivan Ristic]

 * Removed the obsolete PDF UXSS functionality. (MODSEC-96) [Ivan Ristic]

 * Renamed normalisePath to normalizePath and normalisePathWin to
   normalizePathWin. Kept the previous names for backward compatibility.
   (MODSEC-103) [Ivan Ristic]

 * Moved phase 1 to be run in the same Apache hook as phase 2. This means
   that you can now have phase 1 rules in <Location> tags and, more
   importantly, override server configuration in <Location> and others.
   (MODSEC-98) [Ivan Ristic]

 * Renamed the sanitise family of actiont to sanitize. Kept the old variants
   for backward compatibility. (MODSEC-95) [Ivan Ristic]

 * Improve the logging of the ctl action. (MODSEC-99) [Ivan Ristic]

 * Cleanup build files that were from the Apache source.
