Hi
The new version of mod_security (2.7.4) includes a 3rd party code: libinjection
an SQL/SQL injection tokenizer parser analyzer, according to the parser
developer, libinjection is supposed to be embedded into your code [1]
and does not seem to be compiled as shared lib.
In mod_security this library is used as an alternative approach for
detecting SQL injection (vs. regex-based whitelist/blacklist).
My question is: do we consider this code as a Copylibs or I should
proceed with unbundling it from mod_security code.
[1]
https://github.com/client9/libinjection#embedding
PS.
I'm one of mod_security maintainer, ccing Peter and Daniel
Thanks.
-- Athmane