- Server operating system version
- Almalinux 9.8
- Plesk version and microupdate number
- 18.0.79
Hi,
The OWASP CRS team is pleased to announce three coordinated releases today: v4.28.0 (main branch), v4.25.1 (v4 LTS), and v3.3.10 (v3 LTS). All three fix the same two high-severity security vulnerabilities that affect all previous CRS releases. Users on any supported branch are strongly encouraged to update.
CRS versions 4.28.0, 4.25.1 LTS, and 3.3.10 released
Modsecurity 2.9.14 (Security Fix)
Modsecurity 3.0.16 (Security Fix)
modsecurity.org
The OWASP CRS team is pleased to announce three coordinated releases today: v4.28.0 (main branch), v4.25.1 (v4 LTS), and v3.3.10 (v3 LTS). All three fix the same two high-severity security vulnerabilities that affect all previous CRS releases. Users on any supported branch are strongly encouraged to update.
CRS versions 4.28.0, 4.25.1 LTS, and 3.3.10 released
Modsecurity 2.9.14 (Security Fix)
Modsecurity 3.0.16 (Security Fix)
About CVE-2026-52747 and 2026-52761
We would like to share our take on CVE-2026-52747 and CVE-2026-52761, which were published on June 29, 2026.